The FEC hasn't published any real testing standards, so it's not terribly useful to say that the code was testing against the FEC standards. Also, it's not useful to say that the code is in excrow, or audited, unless the code in production is built from the code in escrow and audited, because otherwise you haven't proven anything other than that the same company that produced the voting system you're running also produced some code that passed your audit and went into escrow. That is, there's no reason to believe that it's the same code, so the audit doesn't prove anything about the code in production.
And, of course, we all know after the last few decades that "security through obscurity" doesn't work as well as "security through peer revew".
And I don't know what the Secretary of State's ability to intimidate one critic proves, since several other security audits of proprietary voting systems have revealed massive security flaws.
A Q/A transcribed (by me) from the scanned manuals distributed to poll workers:
"what about the issue of Open Source Code?"
Diebold's ballot tabulation source code is checked extensively by an independent testing authority which tests according to voting software standards developed by the Federal Election Commission. Once this test process is successfully completed, the source code is placed in an escrow facility.
Source Code is not open to the public to protect not only the companies intellectual property, but also to prevent the possibility of tampering or other fraudulent manipulation of the tabulation program.
in Georgia, the Secretary of State challenged a citizen to try to tamper with the ballot tabulation program after this citizen made claims about the program's vulnerability. When the citizen learned the source code was not available, she abandoned the effort to tamper with the program.
Yeah, I just saw one of these at TED. There's something to be said for having a peripheral with a 20 watt laser. I didn't print on paper with it, but it worked great on wood.
action shot. That's a laser that's just burned my kids' names onto the wood, and is cuttig the piece out. The guys who showed it to me were James Rabideau, who works for the company that sells this beast, and Daniel Dubno - CBS News. Daniel crazy, but in a good sort of way. The laser cuts wood, marble, steel... pretty much everything that they could fit into it.
Automakers are fighting the legislation; they believe the real goal is to obtain proprietary 'calibration codes'"
So what's the connection between the unlock codes (that allow third-party mechanics to work on your car), and calibration codes (that allow third-party manufacturers to duplicate OEM parts)? Other than the word "codes" they don't seem to have anything to do with each other. I think that the auto manufacturers just stuck the word "codes" into the second one to confuse people -- I've never heard spec's called "codes" before.
"So yes, Apple is good. But not that good (unless you pony up even more cash), and the assumption that it is superior to Linux for these sorts of tasks is premature at best, and certainly not a given."
Well, I think that you're in for an unpleasant surprise. I'm sure that you could author a DVD under Linux if you really work at it, pretty much everyone doing professional video and DVD production is using Mac's. Yes, there are exceptions, and it's possible to do this work under Windows as well, but in general the best, most predictable tools for getting this sort of work done are on the Mac.
As far as DVD-R's that burn but don't play on a DVD player, you should keep in mind that some DVD players won't play DVD-R's, the same way that a few years back some CD players wouldn't play CD-R's, but that has nothing to do with the authoring platform - DVD-R's are optically slightly different from pressed DVD's, and some players can't deal with it. So you might want to check a few different players, and a few different brands of DVD-R's, to see if there's a combination that works more reliably for you. It's a pain, but a symptom of the relative immaturity of the DVD-R market (like CD-R's a few years back). Changing to Linux, etc., won't help with media and reader optics. And DVD+R is less compatible with DVD players, so no joy there.
I don't know what has been causing your problems burning DVD's, as they don't sound typical, but my experience is that using Mac's for this sort of work is far more productive than PC's. Yes, Mac's aren't perfect, but Wintel's are (for this task) less perfect. And trying to cobble together a solution under Linux just sounds like torture unless you're really into doing everything yourself. Linux is great for a lot of things (web servers, render farms, some desktop app's) but video editing is pretty far ahead of the curve.
So if you get it working, as a Linux fan, I'd love to hear about it. IMO, while it's fair to complain that DVD authoring is still a bit immature, my advice would be to tough it out on the platform you've got, since it's better than the alternatives, and make sure that you install all of the OS and app updates and read sites like MacFixIt to see if anyone else is having the problems you're having.
This "interview" was amazing. With any luck it will establish that this guy is a buffoon.
Most striking was the self-aggrandizing hot air about how many wonderful "channels" and "patents" he's created. If he's that wonderful, you'd think that someone would have heard of him, or that he could name any major deal he's done.
I particularly liked him arguing that a "small company" like Red Hat doesn't have the resources to stay in the OS business because they only had a few $100M in the bank, ignoring the comparison with SCO, also in the OS business and with much less in the bank. Of course, Red Hat also has a growing, profitable business with products, customers and revenue, while SCO pretty much only has former customers and lawsuits. By his logic, shouldn't SCO shut down because it doesn't have enough money to survive even a fraction of one settlement?
And what was that bit about the GPL pushing liability onto the users? I thought that was what the EULA was for.
Astounding that someone so incoherent could actually make a living.
It seems that everyone changes sides on the "piracy" debate depending on what's better for them personally. When the US was founded, all "IP" was rigidly controlled by Europeans, so the US had fairly loose patent and copyright laws, and it was common for US publishers to "pirate" European authors. And the companies that are now the media giants all got their starts retelling existing stories (e.g. Disney's retellings of every fable ever). Now that the US has lots of "IP" we believe in strong IP laws, completely contrary to those laid out when the country was founded, and the media companies advocate laws that would have made it impossible for them to have gotten their start.
So when people say that they believe in "strong IP protection" I take it with a huge grain of salt, and append the phrase "because that makes me money." Not that making money is bad, but perhaps too cynically, I believe that if the same person who is attacking piracy in the US was in business in China instead, they'd be advocating piracy just as strongly.
Someone just modded the parent post "flamebait," and I'm mystified as to why.
I'm pretty sure that if a post is relevant to the discussion and true, and politely phrased, it isn't "flamebait". Admittedly I did state my personal opinion as to the motivations in the conclusion, but that seems pretty reasonable.
Or was the moderator objecting to the "This is bullshit" that I quoted from the message I replied to? I'll just point out that the first two paragraphs are quoting the message I replied to so that readers would have context.
Just curious. Whoever moderated that post as flamebait, I'd love to know why...
(OK, mod me offtopic now. But I don't know how/where else to ask the question, since moderation is anonymous).
"This is bullshit. The ACLU and NAACP wanted shorter lines and a felon list that included only, you know, felons.
No. The list included people with *misdemeanors* from outside the state of Florida. The decision to throw out their votes was that of data mining company ChoicePoint, a private entity."
The problem with the 'felon list' in Florida is that it had several errors that caused it to illegally exclude many voters. For example: - People who were felons who had their right to vote restored (35 states allow felons to vote once they've served their time, and you retain that even if you move to Florida). - People with similar names, age and race as a felon from another state. Yes, if any white male named something like "John Smith" around the age of 30 was arrested anywhere, all similar John Smith's in Florida lost their votes. - They initially matched anyone who was a rough match, which was then supposed to be "scrubbed" by DBT (the private contractor) calling the person to verify their identity and status. DBT was told by the state not to actually call any "felons" but blocked all possible matches from the lists.
The result was that a huge number of non-felons (who happened to have the wrong name) and ex-felons who were legally allowed to vote were denied their votes. For example, Madison County's elections supervisor Linda Howell... found her own name on it, and "The one county that checked each of the 694 names on its local list could verify only 34 as actual felony convicts."
Given the documentation provided by the private contractor (they warned that the list had significant overcounting, and were told by the state not to attempt to cross-check or call the "felons" in order to eliminate false records) I personally suspect that this was an intentional attempt by the state to eliminate a significant number of likely Democratic voters.
Hey, the 5200 was OK, but the 7800 was was amazing when it was first designed and manufactured (not long after the 5200). The problem was that Tramiel didn't want to pay the company that designed the graphics chips (General Computer, I used to work there), so the units sat in a warehouse for three years while lawyers battled, and 7800 went from being the coolest thing around to old hat. The astounding thing is that in order to save at most a few bucks a unit, Tramiel completely destroyed Atari's videogame business. If the 7800 had shipped a year before the NES (and it had better spec's, better brand recognition, etc.) Atari might still be around.
"In order to really emulate the experience, it comes with a bottle of epoxy to glue your PDA's battery in place so you can't ever replace it."
The irony of this comment is that the software is shown running on the iPaq, which has a permanently sealed battery that is, if anything, harder and more expensive to replace than the iPod's. So not only is the poster complaining about a battery problem that doesn't exist (the iPod's battery is fairly cheap to replace), the same "problem" exists in the PDA.
And yes, I own both an iPod and an iPaq. The iPod's battery is fine. The (much older) iPaq's battery is dead. You wouldn't believe how tricky it is to replace an iPaq's battery...
"I am not sure what the system does when you fill in the arrow for "other" and write a candidate's name down."
Usually the write-ins are counted and set aside, to be examined if the number of write-ins is large enough to potentially change the result of the election. Of course, every locale has its own rules...
It's somewhat amazing to me that over the months of negotiations that were supposedly going on the sherrif's department didn't make a mirror or backup of the site. That's pretty stupid, since it guaranteed that they'd have the worst possible negotiation position -- complete dependence on the the guy they're negotiating with. A few minutes with wget would have saved them a lot of pain.
Also, if they make the formal request, they could almost certainly take control of the domain away from the ISP.
Sounds to me like the sherrif's department set themselves up, were stupid about it, then panicked and decided to throw their weight around without knowing what their legitimate options are. If they weren't the sherrif's department, I think they'd be in serious legal trouble...
"Nothing like a hotmail.com address to inspire confidence in your professionalism or legitimacy"
Because domain administrator contact data is public, many people use "forged" contact information in order to avoid getting spammed. So I wouldn't worry too much about that one.
"If customer is in France, and is not professionnal, and it is commerce at distance () sorry, don't know exact translation), he has 7 days to say : "In fact, I don't like it". He then return it, and the provider must reimburse everything except postage."
It's true. And for buying mass produced stuff, this is very cool. But one business where this law causes terrible trouble is auctions -- someone in France can buy something in an online auction, then return it days later, and the auction's blown, costing the seller more than just losing the sale, but wastig everyone's time. The result is that Sothebys.com, for example, simply didn't do business in France (back when I was the CTO there). The rest of the UE has similar consumer protection laws, but has an exception for auctions.
"d/ling and then processing each song, then doing a lookup just to let a song go through would be horribly bandwidth and cpu intensive"
Good point. Perhaps the songs could be checked before sharing rather than after downloading. That way the checking could be asynchronous, but would have the same effect of removing copyrighted music from the network.
"it undoubtedly wouldn't be used with alternative forms of transfer available"
There's that. But from a purely tech perspective, it's interesting to try to figure out how to solve scalable distributed copyright checking.
"this would reduce p2p into an exclusive list of things which only copyright owners are allowed to opt-in data for the network"
Perhaps it's a glass half full/empty thing, but I see it the other way -- everything would by default be allowed to be shared on the p2p networks, unless someone has copyrighted it and added it to a "block" list, which puts the onus on the copyright holder to actively monitor the network for their copyrighted material and to request that it be blocked.
The situation you describe would be the case if the p2p network blocked everything unless it was in a "permitted" list. That would indeed be evil.
Oops. Can I claim that I was using a zero-based array?:-)
"I'n not sure if the hash solution for files will quite work here"
There are lots of ways to tackle this -- my point was the more general point that you don't need a centralized "copyright server" but can distribute the problem to the edges of the network.
You're right -- hash value checking is easy to implement, but not as powerful as Audible Magic's acoustical fingerprinting. Using that, the clients could generate the fingerprints for all of their files, then check them against a fingerprint database in the supernodes, which is a bit more work than blocking the hash values.
I can also imagine a solution where someone monitors the network for copyrighted music (using Audible's technology), sending out a database of hash values into the network so that the network nodes are simply checking against that list. This is in some ways less efficient, though -- hash values are smaller than acoustical fingerprints, but there will be many of them for each track.
"It'll be interesting to see how they plan to work around modified clients that send bogus "harmonic data" back to the servers/supernodes"
Yep. One technique I've seen (in network games that want to keep bots and hacked clients out) is that to join the network the client has to answer a challenge/response, where the response is a function of the binary code of the application (e.g. reponse is a function of a CRC of the executable), so that if the executable is modified in any way the challenge fails.
Of course, it's also possible to address this by doing searches for copyrighted material, etc., to find people who hack clients to cheat.
"even *with* the filtering, there's no way for this to work properly. Why? Because the filter still can't determine copyright"
The technology identifies copies of the same recording (i.e. at different bit rates, compression algorithms, etc.). If two different bands play the same song, they'll sound different and it'll be identified as two different recordings, so if one is copyrighted and the other isn't, they'll be handled properly. And for each different recording, they have a different copyright status in their database of music fingerprints. It's a pretty big database...
"Get enough bands to play a public domain work, and you're going to end up having a hash conflict"
Yes, if there are such similar recordings that people can't hear the difference, then a psychoacoustic approach might also think they're the same song. I'm not sure that this is a technical problem, and seems a rather obscure case.
"up until the point they start licensing out the technology the p2p networks can't pull off the nature of filtering necessary"
Audible Magic is in the business of licensing the technology to identify copyrighted music already. For example, CD manufacturers run CD masters through their tools to make sure that they're not inadvertently manufacturing copyrighted tracks without the rights.
"In a de-centralized network this beast wouldn't work"
Two comments:
1) The file sharing networks don't have to be completely de-centralized. Napster, for example, was far more efficient and scalable than any of the distributed p2p file sharing systems because it had a centralized search index. The reason for de-centralization is legal, not technical.
2) You don't have to centralize the copyright checking -- you could distribute the list to check against to the edges of the network and check there. One way to solve this, for example, would be that in FastTrack (e.g. KaZaA) every file has a fingerprint (hash) in the protocol, and you could replicate a database of fingerprints of the copyrighted works out to the supernodes (1% of the network nodes that control everything) and they could perform all of the filtering. And I bet that the p2p networks could distribute that file quite efficiently.
3) Who's going to foot the bill for the database and server? I bet (IANAL) the argument would be that the p2p networks are required to provide filtering in order to avoid lawsuits, so the p2p networks have to find the best/cheapest way to do it. They're clever folks; I bet that they could find a way to filter efficiently if they had/wanted to.
The p2p companies have been claiming that it's impossible to implement this filtering. The point of the demo isn't to have p2p companies implement filtering, it's to establish (legally) that the p2p companies could implement the filtering and choose not to.
Slashdot Mirror
OK, now my reaction to that Q/A:
The FEC hasn't published any real testing standards, so it's not terribly useful to say that the code was testing against the FEC standards. Also, it's not useful to say that the code is in excrow, or audited, unless the code in production is built from the code in escrow and audited, because otherwise you haven't proven anything other than that the same company that produced the voting system you're running also produced some code that passed your audit and went into escrow. That is, there's no reason to believe that it's the same code, so the audit doesn't prove anything about the code in production.
And, of course, we all know after the last few decades that "security through obscurity" doesn't work as well as "security through peer revew".
And I don't know what the Secretary of State's ability to intimidate one critic proves, since several other security audits of proprietary voting systems have revealed massive security flaws.
A Q/A transcribed (by me) from the scanned manuals distributed to poll workers:
"what about the issue of Open Source Code?"
Diebold's ballot tabulation source code is checked extensively by an independent testing authority which tests according to voting software standards developed by the Federal Election Commission. Once this test process is successfully completed, the source code is placed in an escrow facility.
Source Code is not open to the public to protect not only the companies intellectual property, but also to prevent the possibility of tampering or other fraudulent manipulation of the tabulation program.
in Georgia, the Secretary of State challenged a citizen to try to tamper with the ballot tabulation program after this citizen made claims about the program's vulnerability. When the citizen learned the source code was not available, she abandoned the effort to tamper with the program.
Yeah, I just saw one of these at TED. There's something to be said for having a peripheral with a 20 watt laser. I didn't print on paper with it, but it worked great on wood. action shot. That's a laser that's just burned my kids' names onto the wood, and is cuttig the piece out. The guys who showed it to me were James Rabideau, who works for the company that sells this beast, and Daniel Dubno - CBS News. Daniel crazy, but in a good sort of way. The laser cuts wood, marble, steel ... pretty much everything that they could fit into it.
Automakers are fighting the legislation; they believe the real goal is to obtain proprietary 'calibration codes'"
So what's the connection between the unlock codes (that allow third-party mechanics to work on your car), and calibration codes (that allow third-party manufacturers to duplicate OEM parts)? Other than the word "codes" they don't seem to have anything to do with each other. I think that the auto manufacturers just stuck the word "codes" into the second one to confuse people -- I've never heard spec's called "codes" before.
"So yes, Apple is good. But not that good (unless you pony up even more cash), and the assumption that it is superior to Linux for these sorts of tasks is premature at best, and certainly not a given."
Well, I think that you're in for an unpleasant surprise. I'm sure that you could author a DVD under Linux if you really work at it, pretty much everyone doing professional video and DVD production is using Mac's. Yes, there are exceptions, and it's possible to do this work under Windows as well, but in general the best, most predictable tools for getting this sort of work done are on the Mac.
As far as DVD-R's that burn but don't play on a DVD player, you should keep in mind that some DVD players won't play DVD-R's, the same way that a few years back some CD players wouldn't play CD-R's, but that has nothing to do with the authoring platform - DVD-R's are optically slightly different from pressed DVD's, and some players can't deal with it. So you might want to check a few different players, and a few different brands of DVD-R's, to see if there's a combination that works more reliably for you. It's a pain, but a symptom of the relative immaturity of the DVD-R market (like CD-R's a few years back). Changing to Linux, etc., won't help with media and reader optics. And DVD+R is less compatible with DVD players, so no joy there.
I don't know what has been causing your problems burning DVD's, as they don't sound typical, but my experience is that using Mac's for this sort of work is far more productive than PC's. Yes, Mac's aren't perfect, but Wintel's are (for this task) less perfect. And trying to cobble together a solution under Linux just sounds like torture unless you're really into doing everything yourself. Linux is great for a lot of things (web servers, render farms, some desktop app's) but video editing is pretty far ahead of the curve.
So if you get it working, as a Linux fan, I'd love to hear about it. IMO, while it's fair to complain that DVD authoring is still a bit immature, my advice would be to tough it out on the platform you've got, since it's better than the alternatives, and make sure that you install all of the OS and app updates and read sites like MacFixIt to see if anyone else is having the problems you're having.
"Astounding that someone so incoherent could actually make a living."
I wonder if he has a farrarri laptop that goes "vroom!" when it boots up. That's be so cool in meetings.
This "interview" was amazing. With any luck it will establish that this guy is a buffoon.
Most striking was the self-aggrandizing hot air about how many wonderful "channels" and "patents" he's created. If he's that wonderful, you'd think that someone would have heard of him, or that he could name any major deal he's done.
I particularly liked him arguing that a "small company" like Red Hat doesn't have the resources to stay in the OS business because they only had a few $100M in the bank, ignoring the comparison with SCO, also in the OS business and with much less in the bank. Of course, Red Hat also has a growing, profitable business with products, customers and revenue, while SCO pretty much only has former customers and lawsuits. By his logic, shouldn't SCO shut down because it doesn't have enough money to survive even a fraction of one settlement?
And what was that bit about the GPL pushing liability onto the users? I thought that was what the EULA was for.
Astounding that someone so incoherent could actually make a living.
Wow, it's up to +2 informative and -2 flamebait. You've gotta love the way slashdot moderation works.
"Well, of course they [the companies] do. For the simple reason that they're pragmatic, instead of altruistic"
My point, exactly!
It seems that everyone changes sides on the "piracy" debate depending on what's better for them personally. When the US was founded, all "IP" was rigidly controlled by Europeans, so the US had fairly loose patent and copyright laws, and it was common for US publishers to "pirate" European authors. And the companies that are now the media giants all got their starts retelling existing stories (e.g. Disney's retellings of every fable ever). Now that the US has lots of "IP" we believe in strong IP laws, completely contrary to those laid out when the country was founded, and the media companies advocate laws that would have made it impossible for them to have gotten their start.
So when people say that they believe in "strong IP protection" I take it with a huge grain of salt, and append the phrase "because that makes me money." Not that making money is bad, but perhaps too cynically, I believe that if the same person who is attacking piracy in the US was in business in China instead, they'd be advocating piracy just as strongly.
Someone just modded the parent post "flamebait," and I'm mystified as to why.
I'm pretty sure that if a post is relevant to the discussion and true, and politely phrased, it isn't "flamebait". Admittedly I did state my personal opinion as to the motivations in the conclusion, but that seems pretty reasonable.
Or was the moderator objecting to the "This is bullshit" that I quoted from the message I replied to? I'll just point out that the first two paragraphs are quoting the message I replied to so that readers would have context.
Just curious. Whoever moderated that post as flamebait, I'd love to know why...
(OK, mod me offtopic now. But I don't know how/where else to ask the question, since moderation is anonymous).
"This is bullshit. The ACLU and NAACP wanted shorter lines and a felon list that included only, you know, felons.
... found her own name on it, and "The one county that checked each of the 694 names on its local list could verify only 34 as actual felony convicts."
No. The list included people with *misdemeanors* from outside the state of Florida. The decision to throw out their votes was that of data mining company ChoicePoint, a private entity."
The problem with the 'felon list' in Florida is that it had several errors that caused it to illegally exclude many voters. For example:
- People who were felons who had their right to vote restored (35 states allow felons to vote once they've served their time, and you retain that even if you move to Florida).
- People with similar names, age and race as a felon from another state. Yes, if any white male named something like "John Smith" around the age of 30 was arrested anywhere, all similar John Smith's in Florida lost their votes.
- They initially matched anyone who was a rough match, which was then supposed to be "scrubbed" by DBT (the private contractor) calling the person to verify their identity and status. DBT was told by the state not to actually call any "felons" but blocked all possible matches from the lists.
The result was that a huge number of non-felons (who happened to have the wrong name) and ex-felons who were legally allowed to vote were denied their votes. For example, Madison County's elections supervisor Linda Howell
Given the documentation provided by the private contractor (they warned that the list had significant overcounting, and were told by the state not to attempt to cross-check or call the "felons" in order to eliminate false records) I personally suspect that this was an intentional attempt by the state to eliminate a significant number of likely Democratic voters.
Hey, the 5200 was OK, but the 7800 was was amazing when it was first designed and manufactured (not long after the 5200). The problem was that Tramiel didn't want to pay the company that designed the graphics chips (General Computer, I used to work there), so the units sat in a warehouse for three years while lawyers battled, and 7800 went from being the coolest thing around to old hat. The astounding thing is that in order to save at most a few bucks a unit, Tramiel completely destroyed Atari's videogame business. If the 7800 had shipped a year before the NES (and it had better spec's, better brand recognition, etc.) Atari might still be around.
"In order to really emulate the experience, it comes with a bottle of epoxy to glue your PDA's battery in place so you can't ever replace it."
The irony of this comment is that the software is shown running on the iPaq, which has a permanently sealed battery that is, if anything, harder and more expensive to replace than the iPod's. So not only is the poster complaining about a battery problem that doesn't exist (the iPod's battery is fairly cheap to replace), the same "problem" exists in the PDA.
And yes, I own both an iPod and an iPaq. The iPod's battery is fine. The (much older) iPaq's battery is dead. You wouldn't believe how tricky it is to replace an iPaq's battery...
"I am not sure what the system does when you fill in the arrow for "other" and write a candidate's name down."
Usually the write-ins are counted and set aside, to be examined if the number of write-ins is large enough to potentially change the result of the election. Of course, every locale has its own rules...
It's somewhat amazing to me that over the months of negotiations that were supposedly going on the sherrif's department didn't make a mirror or backup of the site. That's pretty stupid, since it guaranteed that they'd have the worst possible negotiation position -- complete dependence on the the guy they're negotiating with. A few minutes with wget would have saved them a lot of pain.
Also, if they make the formal request, they could almost certainly take control of the domain away from the ISP.
Sounds to me like the sherrif's department set themselves up, were stupid about it, then panicked and decided to throw their weight around without knowing what their legitimate options are. If they weren't the sherrif's department, I think they'd be in serious legal trouble...
"Nothing like a hotmail.com address to inspire confidence in your professionalism or legitimacy"
Because domain administrator contact data is public, many people use "forged" contact information in order to avoid getting spammed. So I wouldn't worry too much about that one.
"If customer is in France, and is not professionnal, and it is commerce at distance () sorry, don't know exact translation), he has 7 days to say : "In fact, I don't like it". He then return it, and the provider must reimburse everything except postage."
It's true. And for buying mass produced stuff, this is very cool. But one business where this law causes terrible trouble is auctions -- someone in France can buy something in an online auction, then return it days later, and the auction's blown, costing the seller more than just losing the sale, but wastig everyone's time. The result is that Sothebys.com, for example, simply didn't do business in France (back when I was the CTO there). The rest of the UE has similar consumer protection laws, but has an exception for auctions.
"d/ling and then processing each song, then doing a lookup just to let a song go through would be horribly bandwidth and cpu intensive"
Good point. Perhaps the songs could be checked before sharing rather than after downloading. That way the checking could be asynchronous, but would have the same effect of removing copyrighted music from the network.
"it undoubtedly wouldn't be used with alternative forms of transfer available"
There's that. But from a purely tech perspective, it's interesting to try to figure out how to solve scalable distributed copyright checking.
"this would reduce p2p into an exclusive list of things which only copyright owners are allowed to opt-in data for the network"
Perhaps it's a glass half full/empty thing, but I see it the other way -- everything would by default be allowed to be shared on the p2p networks, unless someone has copyrighted it and added it to a "block" list, which puts the onus on the copyright holder to actively monitor the network for their copyrighted material and to request that it be blocked.
The situation you describe would be the case if the p2p network blocked everything unless it was in a "permitted" list. That would indeed be evil.
"That's three coments by the way ;)"
:-)
Oops. Can I claim that I was using a zero-based array?
"I'n not sure if the hash solution for files will quite work here"
There are lots of ways to tackle this -- my point was the more general point that you don't need a centralized "copyright server" but can distribute the problem to the edges of the network.
You're right -- hash value checking is easy to implement, but not as powerful as Audible Magic's acoustical fingerprinting. Using that, the clients could generate the fingerprints for all of their files, then check them against a fingerprint database in the supernodes, which is a bit more work than blocking the hash values.
I can also imagine a solution where someone monitors the network for copyrighted music (using Audible's technology), sending out a database of hash values into the network so that the network nodes are simply checking against that list. This is in some ways less efficient, though -- hash values are smaller than acoustical fingerprints, but there will be many of them for each track.
"It'll be interesting to see how they plan to work around modified clients that send bogus "harmonic data" back to the servers/supernodes"
Yep. One technique I've seen (in network games that want to keep bots and hacked clients out) is that to join the network the client has to answer a challenge/response, where the response is a function of the binary code of the application (e.g. reponse is a function of a CRC of the executable), so that if the executable is modified in any way the challenge fails.
Of course, it's also possible to address this by doing searches for copyrighted material, etc., to find people who hack clients to cheat.
"even *with* the filtering, there's no way for this to work properly. Why? Because the filter still can't determine copyright"
The technology identifies copies of the same recording (i.e. at different bit rates, compression algorithms, etc.). If two different bands play the same song, they'll sound different and it'll be identified as two different recordings, so if one is copyrighted and the other isn't, they'll be handled properly. And for each different recording, they have a different copyright status in their database of music fingerprints. It's a pretty big database...
"Get enough bands to play a public domain work, and you're going to end up having a hash conflict"
Yes, if there are such similar recordings that people can't hear the difference, then a psychoacoustic approach might also think they're the same song. I'm not sure that this is a technical problem, and seems a rather obscure case.
"up until the point they start licensing out the technology the p2p networks can't pull off the nature of filtering necessary"
Audible Magic is in the business of licensing the technology to identify copyrighted music already. For example, CD manufacturers run CD masters through their tools to make sure that they're not inadvertently manufacturing copyrighted tracks without the rights.
"In a de-centralized network this beast wouldn't work"
Two comments:
1) The file sharing networks don't have to be completely de-centralized. Napster, for example, was far more efficient and scalable than any of the distributed p2p file sharing systems because it had a centralized search index. The reason for de-centralization is legal, not technical.
2) You don't have to centralize the copyright checking -- you could distribute the list to check against to the edges of the network and check there. One way to solve this, for example, would be that in FastTrack (e.g. KaZaA) every file has a fingerprint (hash) in the protocol, and you could replicate a database of fingerprints of the copyrighted works out to the supernodes (1% of the network nodes that control everything) and they could perform all of the filtering. And I bet that the p2p networks could distribute that file quite efficiently.
3) Who's going to foot the bill for the database and server? I bet (IANAL) the argument would be that the p2p networks are required to provide filtering in order to avoid lawsuits, so the p2p networks have to find the best/cheapest way to do it. They're clever folks; I bet that they could find a way to filter efficiently if they had/wanted to.
The p2p companies have been claiming that it's impossible to implement this filtering. The point of the demo isn't to have p2p companies implement filtering, it's to establish (legally) that the p2p companies could implement the filtering and choose not to.
If I had mod points now, the parent post would have +1 informative. Thanks!