So is an exact duplicate of that derivative copy a derivation of the original?
My opinions only, here, of course. An exact duplicate of the analogue derivative is not protected under the Home Recording Act. An analogue derivative of the analogue derivative would be. Clear as mud, huh?
So is the infringement making a copy of the (derivative) copy or making another derivative copy of the original?
There is no strong defense against the posession of an exact (digital) duplicate of a recording somebody else owns. If you're getting it off the net, that's what you have. You'd have to fudge an awful lot of bits in the mp3 to convince a judge it was a true analogue rather than a copy with very slight modifications. Then again, true analog duplication does this seamlessly, is protected under the Home Recording Act, and most people can't tell the difference.
The best loophole I can see would be to use an analog connection to rip your CD's. Send a digital copy of that analog derivative to one (and only one) friend, and destroy your copy of the analog derivative as soon as it is sent. If you want to send it to a different friend, you'd have to make another analog derivative, because if friend A and friend B have identical duplicates of the same analog derivative, somebody has comitted an infringment. Of course, once you've sent the file to friend A, there's nothing you can do to prevent him from making a digital duplicate for friend B. That would be an infringment, it wouldn't be you comitting the infringment, but if there's watermarking in the recording pointing to your original, you'll likely get skewered for it anyway.
Everything I've seen seems to indicate the RIAA and the like don't get actionably mad until people who don't own the original wind up with exact (digital) copies of stuff other people have. If you're offering digital copies to (or pulling copies from) other people, you're almost certaintly infringing. You may be able to claim a Fair Use exemption if the other person is "your friend" and the copying is clearly non-commercial, but neither of those are generally true for p2p style downloaders.
And as far as the "it's stealing" arguments go, it's only stealing if we agree to call it stealing. Just like when they kill our people inside our country it's terrorism, but when we kill their people inside their country, we're just "getting rid of the tryants".
Why should the type of copy matter when the action is the same?
Understand the distinction between copy and analogue. An analogue is what you get when you make an analog copy of an audio recording. It's not an exact duplicate. The presumption is that some "quality" is lost in the process. An n-th generation duplicate would become unplayable. A copy is identical to the original.
...they have no proof of who downloaded the copyright infringed files...
You are deluding yourself.
It is only in the digital world of computers and the Internet that we can claim to be able to know exactly who was logged into which computer at which time, who initiated the transaction, and exactly how many bytes traversed the connection.
Don't think that just because it's a jumbled mess to everyone who doesn't understand it that it's a jumbled mess to everyone. There are people alive today who built this Internet thing. None of them understand all of it, but every piece of it is understood in completeness by someone.
This is the part which I find incomprehensible; after two decades there are still people who think the Internet is like quantum physics or bio-engineering; that we're still trying to figure out how it works. We built this; we know how it works. The only stuff we don't know on the Internet is the stuff we don't care about. I would have thought everyone would understand that by now.
It's very likely, as you say, that the level of logging and record keeping required to figure out who did what and when was not kept in the case of these schools. But to conclude with certainty that "they have no proof" is stretching it. They probably don't. Not this time.
If the CD was purchased and then shared. How is the sharer committing copyright infringement.
Are we talking about sharing the purchased CD, or about sharing a copy of the purchased CD?
You can share a CD you own.
You can share an analog copy of a CD you own, but only with "friends", and you can't do it for commercial gain.
You can't make a digital copy of a CD and share it without seriously risking infringment.
Under this reading, sharing an MP3 ripped from a CD with friends is fine, as long as it is an analogue of the original. If an exact duplicte of it turns up anywhere else, you're toast.
It would also mean forcing more programers to do their jobs right...
Once you get beyond trivial programs, there's no such thing as fault-free software.
The reason for this is that software does not exist in a vacuum; the "correctness" of the behavior of any software is always evaluated through the eyes of the person using it.
This is why software which is considered bug-free today can become bug-ridden tomorrow if an exploit is discovered which exposes some previously hidden undesirable behavior. The software has not changed, but our expectations have changed.
Programmers cannot be expected to know what our expectations will become tomorrow. They cannot even be expected to fully understand our expectations today. That is why so much effort is put into understanding and defining the requirements. It is why very complex software (of the multi-billion-dollar government-contract type) often fails before delivery. It's why the 1.0 version is often considered more "buggy" than subsequent versions (where the users have a better understanding of how it's "supposed" to work).
It's also why two different people can have differing views of the "bugginess" of the same software; each has different expectations and exercises differing features.
And they say you can't test quality into software. Bollocks! Testing is the only way to get quality into software, because only the user can decide what quality means.
And, if you'll forgive the rant, it's why Microsoft hasn't got a prayer against FOSS. The beauty of Free/Open Source Software is that each user can correct the behavior of the software to fit their own definition of bug free. And each user test it themself. If the behavior isn't what they wanted, they fix it themself, ask the developer to fix it, or move on to something else.
Currently, we live in a world where Microsoft gets to define what the correct behavior of software is. If you don't like it, tough. But the world is quickly becomming more educated about what software is capable of, and more people are demanding that their computers adapt, rather than accepting that they must adapt to their computers.
Microsoft tried to define executable attachments as acceptable, then had to redefine that behavior as the filter through which we use Microsoft's software (not the software itself) changed. Windows 95(unpatched) today runs just like it did back in the middle of last decade, but no one would consider it a functional piece of software today.
In a way, Microsoft's operating systems are more buggy than anything else simply because there are more people making up their minds about wether it works the way they think it should work.
And, as the article points out, announcing patches for certain behaviors only highlights the fact that a significant number of their customers believe the original behavior is wrong ( == exploitable).
Do you want to do something real to stick it to Microsoft? Go Educate Somebody.
Who says the machine can't print out "You voted for A" and internally tally B?
It can. Both intentionally and unintentionally.
And if the margin of B over A is enough, but not too much, who'll ever go back and recount all those paper ballots?
By most definitions, requiring a voter-verified paper trail implies that the voter-verified paper trail will be used for the counting. If you are't going to use the paper to get your tally, you're just killing trees.
So it wouldn't be "re-counting" all those paper ballots, until you go back to count them again.
The general consensus for voter-verified paper trail voting requires that the voters' preference be recorded in a physical form (for example, a mark on a ballot) which the voter can himself verify for correctness (usually by looking at the ballot) before commiting the ballot to the count (by dropping the ballot into a box). A mistake (of any kind) in completing the ballot which results in a completed ballot which fails to represent the voters' preference is simply never committed. (Instead, the ballot is destroyed and replaced by a fresh one.) Most of the traditional "mechanical lever" voting systems thus fail the definition in multiple ways.
The point is that if the internals of the machine aren't open to examination, we don't know.
But if the internals of the machine aren't trusted, we don't care. We don't have to.
trusting that a paper printout is an accurate representation of your vote has simple attacks as well (print A, count B).
Yes it does. Which is why, if you want secure voting, you don't trust a paper printout. Insteadi, you demand that the voter verifies his own paper ballot before comitting, and you demand that the comitted voter-verified paper ballots are the only thing counted.
The only way you can get around that attack is to use the printed ballots as the primary source, in which case - why not just use paper ballots and hand-count them?
Yup. Now you've got it! It's a simple system, very inexpensive, tried-and-true technology, very resilient against attacks (at least the technological kind), does not require an army of clued and motivated (and trustworthy) geek to verify software, haredare, compilers, data channels, etc.
But to answer your question, there are reasons why a system of paper ballots and hand counting might not be desirable.
It depends on the voter being able to comprehend how the ballot should be marked to indicate his preference. Paper ballots don't work seamlessly for those who are completely visually impaired.
It depends on the voter being able to express his preference. Paper ballots aren't the greatest solution for the physically handicapped, who may be unable to hold a pencil, or may lack enough motor control to express their preference in a completely unambiguous way.
It depends on the voting process being able to tolerate some delay after the polls close while the votes are counted and before the results are certified. Since the close-to-certify delay is generally in the period of weeks (plenty of time to count by hand all the ballots which are cast by hand on a single day) this hasn't traditionally been a problem.
These are real problems which paper ballots don't well address. But for most of the voters who cannot be well-served by paper ballots, a machine-assisted voting system fares little better. Most still require the ability to see (although some allow those who cannot see, but who can hear) and to be able to hit the correct button or touch the correct spot on the screen.
And for those applications where it might be desirable to have a device (be it mechanical, electronic, or canine) assist in the creation of a paper ballot, there's no
The paper trail is worthless if the machine is rigged...
Yes it is. That's why it has to be a voter-verifiable paper trail. You inadvertently left out that part of my original message.
A crooked machine might be able to claim that someone voted for candidate A when that someone really voted for candidate B, but only if we trust the machine. It won't be able to get most voters to submit their own ballot for candidate A if they mean to vote for candidate B no matter how crooked the machine is. That's why we have each voter verify his own vote before casting it. It eliminates having to trust the computer; if the print out is wrong, it's blatantly obvios at that point. And that point is the only point that matters.
Look, if you're interested in seeing source code, there are gallons of it on places like sourceforge. If you'd like, I'll even claim all of it is the source code to some voting box somewhere. But that doesn't mean any of it will actually get loaded onto a vote box somewhere, and neither does some claim by some vote box manufacturing company.
Both paper and electronics need to be secure and proper to be usable.
Security and trust do not go hand-in-hand; they are enemies. If you trust me that means you don't enforce your security against me. If you want a system to be secure, then you should not trust it, you should verify it.
The entire process needs to be public; the hardware, the software, the procedures.
Saying that you want something to be "public" implies that you don't trust it. That's good. But then you have to follow through and verify it, or you're just bluffing. Any time (or money) you spend verifying the hardware is time (or money) you can't spnd verifying the software, or the procedures, etc. If you want to spend your time going over somebody's source code, I can't stop you. But I am saddened that you won't be joining me in demanding a voter-verifiable paper trail with 100% of your effort.
The mechanism for ensuring that bug fixes are rolled back in is that, presumably, they will continue to keep their source open; when they hit their next release, they will open it, and the community can verify bug fixes.
This only allows us to verify that the bugfix made it into the source they're distributing. There's still no way to ensure the binary which gets put onto the box contains the fix.
Publicly visible source to the software...with voter-verifiable receipts...are all needed.
If the system employs voter verifable receipts, then it doesn't matter if the device which generated those receipts is an x86 box running FOSS, an embedded tablet running compromised closed source code, or a pencil manufactured by a bunch of terrorists plotting the overthrow of our government. The second requirement (paper trail) completely absorbs the first.
Try this thought experiment; write me some voting software, make it as fair or as crooked as you want. I'll compile it and load it onto some hardware, then you and a few of your friends can hold a ballot. If the outcome of the ballot trusts the vote box I put together, I'll guarantee you my candidate will win, because you'll have no way to verify that the executable I load onto the box has any relationship to the source you gave to me. Maybe I'll edit the source pre-compile, maybe I'll use a trojaned compiler, maybe I'll run it on a specially-crafted operating system, or maybe I'll just use compromised hardware. As long as you trust me, you're powerless.
If you have the evidence, the testimony offers no value. And if you demand something which offers no value, you're taking a step down the wrong road.
I refuse to be distracted by offers of some source. I will continue to demand that a voter-verifiable paper trail is used so that evidence of the vote (instead of just testimony) is available. I'm glad we see eye-to-eye on this.
That's the point I was slyly trying to make. If a person ever got to the point where they were making enough money off of EverQuest trading to actually pay the bills, the IRS would want to tax that as income.
But doesn't that mean that if I dump a load of money into trying to build an on-line EverQuest venture which can produce enough money to live on, I can claim those expenses <losses> as a tax deduction?
I'm pretty sure I can claim those losses for trying to build a business selling ice cubes to eskimos (or something just as stupid) so why not if I legitimately believe I can get rich playing my faviorite on-line game.
Of course, I'd have to start paying taxes if I ever turned a profit....
One wonders how long it will be before game players are required to claim online income (or allowed to claim on-line losses) on their taxes.
I for one wouldn't want to have to cough up 6.5% VAT when I sell my +5 Vorpal. (But I'd rather do that than try to explain how I came into posession of it in the first place...)
... right now, we can't even verify that they've caught the obvious bugs.
You are asserting this to be a problem. I'll agree. But showing us something which they claim (but we have no way of proving is) the source does nothing to address the problem. Even if we had a way of proving all the bugs (obvious and non-obvious alike) had been caught in the software they are offering, there's no mechanism to ensure that the bug fixes are rolled back into the source, or that other new ones were not introduced in the process.
But there are a few people, on Slashdot and elsewhere, who believe that having access to some source code is an automatic fix for software vulnerabilities. It would appear this source offering is done in the hopes of quieting those individuals. No doubt some will fall for it, and to the extent that anyone does, it's damaging to the cause of people who insist the fault lies not in the software but in the protocol.
And that is why I assert we are no better off than we were before, and this source offering is meaningless.
We may have taken a step down a road, but it doesn't matter if we've taken a step down the wrong road.
It's definitely NOT open source (unlike OVC) but it's still a step in the right direction."
No it's not a "step in the right direction" and you're not helping to fix things by claiming that it is.
Having a copy of some source code is not a "step in the right direction" if you can't understand it. Most people can't read source code.
Having a copy of some source code is not a "step in the right direction" if you can't have complete confidence it's implemented correctly. If it's at all complex, there's a good chance the are bugs in it. If the manufacturer ever admits they've fixed a bug in it, then they are admitting even their engineers who designed it didn't understand it enough to spot all the bugs. Will Joe Voter spend as much time reviewing the code? (If they never admit to a bug in it, then they are in denial.)
Having a copy of some source code is not a "step in the right direction" if you can't be sure the source you have is the same one used to compile the binary runninng on the machine you're casting your vote on.
Having a copy of some source code is not a "step in the right direction" if you can't be sure the compiler wasn't trojaned. Or the hardware itself.
Unless you have evidence of a ballot cast, the best you can claim is heresay testimony of a ballot cast. Are you willing to accept that as a basis of your next government?
I said I would have my system check if there was a message on the sending server. I didn't say I would spend brain cycle doing that. I would write a python script to do that for me.
I see. So the only messages (as opposed to notifications) which would be delivered to your inbox are the ones which really exist. Is this an improvement? How many non-existant spam messages to you get in a day?
Now, that's a fisrt line of defense, After that, the usual spam/virus filter is applied, with automatic notification to authorities and abuse@server.com and all related entities with the name and IP of the server the mail came from. up and up the isp chain.
Which means, after adding this level of complexity to the end-to-end email system, you wind up having to do exactly the same thing you do today. Except now, instead of complaining that the evil spammer is abusing your download bandwidth, the evil spammer can just say "if you don't like it, then don't ask to download the spam from my server..."
Of course, enough people doing that would mean that nobody would ever check mail on blacklisted servers...
Nobody, that is, except those people who actually buy from the spammers... Let's remember who's keeping these guys in business.
...and they would just hold mail until they got full or until expiration of the mail-holding. On second thought, a spammer with a couple of 250 gig hds could hold out a long time.
And you're still making the assumption that spammers use their own domains, care about how loaded the rooted relays are, keep the messages on their own disks, and choose to play by the rules. They don't.
...look for any messages like "250 message accepted for delivery"...
That works for small-scale systems, but when dealing with the larger service providers it fails. A system like AOL will routinely "accept for delivery" every message, and only later figure out if the mail can actually be delivered locallyi, and send back a delivery failed (if appropriate) to the (forged) sending address. Well, at least that's how it's supposed to work.
... check that for every notification there is an actual matching message body at the originating server.
And why wouldn't there be, especially in the case of spam?
Ignoring the fact that you may be making 100K "actual matching message body" checks a day, you should realize that as soon as you ask the originating server if the message body exists, you've already lost the game.
There are two basic types of communication: channelized and broadcast. Your eyes are a crude example of a channelized communication: you only receive information from the thing you're looking at. Your ears monitor broadcast communication.
Email started life serving the needs of broadcast communication: we accepted email from everyone. Whitelists in their various forms are an attempt to channelize that communication. But so long as we as recipients of the communication want to listen to broadcast communication, there's always an opportunity for disrespectful individuals to make noise.
I'm not convinced that shutting down all broadcast-style communication is a good thing. That's too much isolation for even this hermit to handle. But short of that, the only solution for the behavior which manifests itself in email as spam, is to convert the disrespectful individuals into respectful ones, which will require patience, tolerance, and time.
And I'm not sure there's enough of any of those left on the Internet.
...only the notification of mail is sent, not the mail itself.
Good lateral thinking, but I don't think it would ultimately stop spam. I'd love to see more details.
It would prevent a spammer from dumping a 100Kb email message into your inbox, but it wouldn't prevent him from dumping 100K of 1b "notification" messages in there, and it would be all the same to him. It would make it much harder to sort between the two.
And under the current system, the spammer doesn't know anything about the recipient (or even that the email address is valid) unless he does something stupid like reply or click on a web link. Under this system, the spammer would know which addresses were valid by watching which messages were picked up.
Personally, I'm convinced we'll see no solution to the spam problem until society stops tolerating the selfish behavior spammers represent.
There must be more to this proposal than you've related here. This sounds more like an off-the-cuff suggestion that the usually sound thinking of our qmail friend.
Would you add a new Internet tax that everybody should pay?
Don't call it an "Internet" tax. I'm sure you'd like to be paid even if people aren't trading your copyrighted material on the Internet.
If we as a society value the tunes artits (including you Independent types) create, then we should agree to compensate you. (Although Free Market type could also argue "If you don't like what you're gettin' pain, get a new job...")
Currently, we are already being taxed for these creative works. Copyright is a form of Tax (everybody but the scofflaws has to pay) paid by us and 95 years of our childern and grandchildren.
Many of the arguments I've heard boil down into complaints that it's too easy for scofflaws to shift the tax burden to the rest of us, complaints that the tax burden (95 years, or so) is too heavy, and complaints that the taxes which are being collected are primarily benefiting the publishers, rather than compensating the artists who's creative work we actually value.
don't have any amswers to add here. I was just hoping that seeing the problem form a different perspective might shed some light others could use.
I'll replay to this one as the most concise summary I've seen. (with kudos to the author)
Your right to net freedom ends where my inbox begins.
Absolutely. I'd say it stops at the dmarc of your network, but I think we agree at least.
The point is that running a spambot is bothering other people.
...but now your talking about bothing other people. And that's where you (and the multituds of other posters) have crossed the line. And it's that tendency to cross the line which I find so disturbing.
If I'm spamming your inbox, you've got fair reason to LART me whether I'm using some sort of spambot to do it or not. On the other hand, you have no cause of action against me no matter how many spambots I'm running so long as I'm not touching your inbox. You have no right to say what I'm sending to someone elses inbox is spam; they need to decide that for themsleves.
And yes, it's all SPAM, and nobody wants to get it, except that if that were true spammers wouldn't bother sending spam in the first place. They do because some people incomprehensibly READ spam, reply to spam, and mail off their credit cards to make a purchase, too. In short, we have a problem with spam because we tolerate it.
When you decide for others what is or isn't spam, you run the risk of having others make the same decision for you.
Some rhetorical questions here:
Do you get upset when someone else decides that you won't be allowed to see the contents of a web page because you're not running the latest Internet Explorer?
...or that you must be a music pirate because you're running a p2p app?
...or that you must be a DVD pirate (and a felon, too) because you downloaded DeCSS?
...or that yuu should be sued as a DirecTV satellite signal pirate because you purchased a smart card programmer?
...or that you shouldn't be allowed to run a certain game because you have some other CD ghosting software installed?
...or that you can't play StarCraft (with legitimate copies) on a free Bnetd server because you might be planning to play pirated WarCraftIII games as well?
...or that you won't be allowed to send legitimate email directly to a friend at another ISP because you'd need to use port 25 (which everyone knows is only used by evil spammers...
These are all manifestations of the same "thought crime" logic which our system of innocent until proven guilty evolved to combat.
The strength of the Internet lies in that it doesn't necessarily have to be SMTP just because it's travelling on port 25. That means, for example, trying to stop spam by blocking port 25 will both a) block a lot of stuff which isn't spam, and b) fail even to block spam effectively. We can't stop spam if we shoot before we know it's really spam, and only the end user can make that decision.
The alternative is a rat race we can, at best, lose slowly. There are many forces seeking to divide-up the Internet into smaller and smaller (and thus more locally profitable) pieces. Yes, we can block port 25 to everywhere, which will force spammers to peddle their wares over IM. We can spend a couple months (or years, or decades) blocking that exchange protocol (like we're doing with email) or we can abandon the protocol as a spam wasteland (as we've had to do with USENET) but in the end we'll lose a portion of the Internet's functionality either way.
The only way out of this I see is to educate people to the point where spam is no longer effective. And despite what many people want or believe, masking the problem with simple technological solutions like these is not helping to solve the problem. It's a hard thing to do, it might take years (we've been fighting spam for a decade at least) and it may require re-wiring the Internet from the ground up, but it's not going to get done unti
However, these users were disconnected because they failed to police themselves.
How do you know that?
I had thought one of the things us enlightened slashdotters loved about the Internet was that we could set up our machines to do whatever we wanted them to do without approval from our ISP. While I hate spam and spammers as much as I hate Illinois Nazis, I've always accepted that a free Internet demanded that we allow people to configure, mis-configure, or allow to become misconfigured any way they wanted to.
This is yet another bad precedent we're being encouraged to believe is good for us.
Freedom demands eternal vigilance, and you just gotta do it for yourself. That doesn't mean you can demand others apply that vigilance to their own lives; their concept of Freedom might just be different than yours.
There are valid reasons why I shouldn't run a spambot. But are there any valid reasons why I shouldn't be allowed to run a spambot?
First: Microsoft must have knowledge about vulnerabilities which they are not releasing patches for. Unless the next monthly patch (or Service Pack) is the last one ever released, it means they chose not to release a patch they currently know about, or they didn't know about/didn't have a patch for the vulnerabilities which next month's Service Pack fixes.
Second: They are admiting that any machine which is not patched current has vulnerabilities; including machines with fresh installs, and the ones sitting on store shelves/warehouses waiting to be sold. Since these machines are already admitted vulnerably, and since patches are now being release monthly (or more frequently) we can conclude Microsoft Operating systems have a maximum warrantable period of 30 days, and recalls should be done for all previously delivered software, since the manufacturer is admitting the fault at this point.
The other part of the DMCA says stripping copyright information or other identifying marks from a copyrighted work in an attempt to avoid proper attribution is also a violation.
It's in that part none of us got really upset about because most of us (even those who "pirate" regularly) still think the creator should get credit (just not control).
I've always found that if you act calm and composed with an officer of the law, they will usually treat you as a human being.
Excellent advice. I understand that was the tactic Jeffrey Dalhmer used to convinve the two cops to return the kid to him....so he could eat him.
Cops usually hav a good feel for situations, but cops can make mistakes, too, and cops need to understand that. That's why even cops have certain rules they have to follow. What are those rules? That's the question the Supreme Court is being asked to answer.
he had a report of a fight at that location so the officer had every right to ask for ID.
"Sir, we've had reports, from confidential sources, that there may be some Terrorist activity occuring somewhere within the United States (although we're not ruling out other countries, either), so I have every right to demand your papers..."
I remember an interesting thing one of my California Surfer friends pointed out: most cops are smart enough not to ask for ID from someone who's only wearing a bathing suit. If Surfers aren't required to carry ID (I suppose even if someone reports "a fight" at Del Mar) they why should the rest of us be required?
Slashdot Mirror
My opinions only, here, of course. An exact duplicate of the analogue derivative is not protected under the Home Recording Act. An analogue derivative of the analogue derivative would be. Clear as mud, huh?
There is no strong defense against the posession of an exact (digital) duplicate of a recording somebody else owns. If you're getting it off the net, that's what you have. You'd have to fudge an awful lot of bits in the mp3 to convince a judge it was a true analogue rather than a copy with very slight modifications. Then again, true analog duplication does this seamlessly, is protected under the Home Recording Act, and most people can't tell the difference.
The best loophole I can see would be to use an analog connection to rip your CD's. Send a digital copy of that analog derivative to one (and only one) friend, and destroy your copy of the analog derivative as soon as it is sent. If you want to send it to a different friend, you'd have to make another analog derivative, because if friend A and friend B have identical duplicates of the same analog derivative, somebody has comitted an infringment. Of course, once you've sent the file to friend A, there's nothing you can do to prevent him from making a digital duplicate for friend B. That would be an infringment, it wouldn't be you comitting the infringment, but if there's watermarking in the recording pointing to your original, you'll likely get skewered for it anyway.
Everything I've seen seems to indicate the RIAA and the like don't get actionably mad until people who don't own the original wind up with exact (digital) copies of stuff other people have. If you're offering digital copies to (or pulling copies from) other people, you're almost certaintly infringing. You may be able to claim a Fair Use exemption if the other person is "your friend" and the copying is clearly non-commercial, but neither of those are generally true for p2p style downloaders.
And as far as the "it's stealing" arguments go, it's only stealing if we agree to call it stealing. Just like when they kill our people inside our country it's terrorism, but when we kill their people inside their country, we're just "getting rid of the tryants".
Understand the distinction between copy and analogue. An analogue is what you get when you make an analog copy of an audio recording. It's not an exact duplicate. The presumption is that some "quality" is lost in the process. An n-th generation duplicate would become unplayable. A copy is identical to the original.
The actions are not the same.
You are deluding yourself.
It is only in the digital world of computers and the Internet that we can claim to be able to know exactly who was logged into which computer at which time, who initiated the transaction, and exactly how many bytes traversed the connection.
Don't think that just because it's a jumbled mess to everyone who doesn't understand it that it's a jumbled mess to everyone. There are people alive today who built this Internet thing. None of them understand all of it, but every piece of it is understood in completeness by someone.
This is the part which I find incomprehensible; after two decades there are still people who think the Internet is like quantum physics or bio-engineering; that we're still trying to figure out how it works. We built this; we know how it works. The only stuff we don't know on the Internet is the stuff we don't care about. I would have thought everyone would understand that by now.
It's very likely, as you say, that the level of logging and record keeping required to figure out who did what and when was not kept in the case of these schools. But to conclude with certainty that "they have no proof" is stretching it. They probably don't. Not this time.
But next time....
Are we talking about sharing the purchased CD, or about sharing a copy of the purchased CD?
You can share a CD you own.
You can share an analog copy of a CD you own, but only with "friends", and you can't do it for commercial gain.
You can't make a digital copy of a CD and share it without seriously risking infringment.
Under this reading, sharing an MP3 ripped from a CD with friends is fine, as long as it is an analogue of the original. If an exact duplicte of it turns up anywhere else, you're toast.
Once you get beyond trivial programs, there's no such thing as fault-free software.
The reason for this is that software does not exist in a vacuum; the "correctness" of the behavior of any software is always evaluated through the eyes of the person using it.
This is why software which is considered bug-free today can become bug-ridden tomorrow if an exploit is discovered which exposes some previously hidden undesirable behavior. The software has not changed, but our expectations have changed.
Programmers cannot be expected to know what our expectations will become tomorrow. They cannot even be expected to fully understand our expectations today. That is why so much effort is put into understanding and defining the requirements. It is why very complex software (of the multi-billion-dollar government-contract type) often fails before delivery. It's why the 1.0 version is often considered more "buggy" than subsequent versions (where the users have a better understanding of how it's "supposed" to work).
It's also why two different people can have differing views of the "bugginess" of the same software; each has different expectations and exercises differing features.
And they say you can't test quality into software. Bollocks! Testing is the only way to get quality into software, because only the user can decide what quality means.
And, if you'll forgive the rant, it's why Microsoft hasn't got a prayer against FOSS. The beauty of Free/Open Source Software is that each user can correct the behavior of the software to fit their own definition of bug free. And each user test it themself. If the behavior isn't what they wanted, they fix it themself, ask the developer to fix it, or move on to something else.
Currently, we live in a world where Microsoft gets to define what the correct behavior of software is. If you don't like it, tough. But the world is quickly becomming more educated about what software is capable of, and more people are demanding that their computers adapt, rather than accepting that they must adapt to their computers.
Microsoft tried to define executable attachments as acceptable, then had to redefine that behavior as the filter through which we use Microsoft's software (not the software itself) changed. Windows 95(unpatched) today runs just like it did back in the middle of last decade, but no one would consider it a functional piece of software today.
In a way, Microsoft's operating systems are more buggy than anything else simply because there are more people making up their minds about wether it works the way they think it should work.
And, as the article points out, announcing patches for certain behaviors only highlights the fact that a significant number of their customers believe the original behavior is wrong ( == exploitable).
Do you want to do something real to stick it to Microsoft? Go Educate Somebody.
It can. Both intentionally and unintentionally.
By most definitions, requiring a voter-verified paper trail implies that the voter-verified paper trail will be used for the counting. If you are't going to use the paper to get your tally, you're just killing trees.
So it wouldn't be "re-counting" all those paper ballots, until you go back to count them again.
The general consensus for voter-verified paper trail voting requires that the voters' preference be recorded in a physical form (for example, a mark on a ballot) which the voter can himself verify for correctness (usually by looking at the ballot) before commiting the ballot to the count (by dropping the ballot into a box). A mistake (of any kind) in completing the ballot which results in a completed ballot which fails to represent the voters' preference is simply never committed. (Instead, the ballot is destroyed and replaced by a fresh one.) Most of the traditional "mechanical lever" voting systems thus fail the definition in multiple ways.
But if the internals of the machine aren't trusted, we don't care. We don't have to.
Yes it does. Which is why, if you want secure voting, you don't trust a paper printout. Insteadi, you demand that the voter verifies his own paper ballot before comitting, and you demand that the comitted voter-verified paper ballots are the only thing counted.
Yup. Now you've got it! It's a simple system, very inexpensive, tried-and-true technology, very resilient against attacks (at least the technological kind), does not require an army of clued and motivated (and trustworthy) geek to verify software, haredare, compilers, data channels, etc.
But to answer your question, there are reasons why a system of paper ballots and hand counting might not be desirable.
These are real problems which paper ballots don't well address. But for most of the voters who cannot be well-served by paper ballots, a machine-assisted voting system fares little better. Most still require the ability to see (although some allow those who cannot see, but who can hear) and to be able to hit the correct button or touch the correct spot on the screen.
And for those applications where it might be desirable to have a device (be it mechanical, electronic, or canine) assist in the creation of a paper ballot, there's no
Yes it is. That's why it has to be a voter-verifiable paper trail. You inadvertently left out that part of my original message.
A crooked machine might be able to claim that someone voted for candidate A when that someone really voted for candidate B, but only if we trust the machine. It won't be able to get most voters to submit their own ballot for candidate A if they mean to vote for candidate B no matter how crooked the machine is. That's why we have each voter verify his own vote before casting it. It eliminates having to trust the computer; if the print out is wrong, it's blatantly obvios at that point. And that point is the only point that matters.
Look, if you're interested in seeing source code, there are gallons of it on places like sourceforge. If you'd like, I'll even claim all of it is the source code to some voting box somewhere. But that doesn't mean any of it will actually get loaded onto a vote box somewhere, and neither does some claim by some vote box manufacturing company.
Security and trust do not go hand-in-hand; they are enemies. If you trust me that means you don't enforce your security against me. If you want a system to be secure, then you should not trust it, you should verify it.
Saying that you want something to be "public" implies that you don't trust it. That's good. But then you have to follow through and verify it, or you're just bluffing. Any time (or money) you spend verifying the hardware is time (or money) you can't spnd verifying the software, or the procedures, etc. If you want to spend your time going over somebody's source code, I can't stop you. But I am saddened that you won't be joining me in demanding a voter-verifiable paper trail with 100% of your effort.
This only allows us to verify that the bugfix made it into the source they're distributing. There's still no way to ensure the binary which gets put onto the box contains the fix.
If the system employs voter verifable receipts, then it doesn't matter if the device which generated those receipts is an x86 box running FOSS, an embedded tablet running compromised closed source code, or a pencil manufactured by a bunch of terrorists plotting the overthrow of our government. The second requirement (paper trail) completely absorbs the first.
Try this thought experiment; write me some voting software, make it as fair or as crooked as you want. I'll compile it and load it onto some hardware, then you and a few of your friends can hold a ballot. If the outcome of the ballot trusts the vote box I put together, I'll guarantee you my candidate will win, because you'll have no way to verify that the executable I load onto the box has any relationship to the source you gave to me. Maybe I'll edit the source pre-compile, maybe I'll use a trojaned compiler, maybe I'll run it on a specially-crafted operating system, or maybe I'll just use compromised hardware. As long as you trust me, you're powerless.
If you have the evidence, the testimony offers no value. And if you demand something which offers no value, you're taking a step down the wrong road.
I refuse to be distracted by offers of some source. I will continue to demand that a voter-verifiable paper trail is used so that evidence of the vote (instead of just testimony) is available. I'm glad we see eye-to-eye on this.
That's the point I was slyly trying to make. If a person ever got to the point where they were making enough money off of EverQuest trading to actually pay the bills, the IRS would want to tax that as income.
But doesn't that mean that if I dump a load of money into trying to build an on-line EverQuest venture which can produce enough money to live on, I can claim those expenses <losses> as a tax deduction?
I'm pretty sure I can claim those losses for trying to build a business selling ice cubes to eskimos (or something just as stupid) so why not if I legitimately believe I can get rich playing my faviorite on-line game.
Of course, I'd have to start paying taxes if I ever turned a profit....
I for one wouldn't want to have to cough up 6.5% VAT when I sell my +5 Vorpal. (But I'd rather do that than try to explain how I came into posession of it in the first place...)
You are asserting this to be a problem. I'll agree. But showing us something which they claim (but we have no way of proving is) the source does nothing to address the problem. Even if we had a way of proving all the bugs (obvious and non-obvious alike) had been caught in the software they are offering, there's no mechanism to ensure that the bug fixes are rolled back into the source, or that other new ones were not introduced in the process.
But there are a few people, on Slashdot and elsewhere, who believe that having access to some source code is an automatic fix for software vulnerabilities. It would appear this source offering is done in the hopes of quieting those individuals. No doubt some will fall for it, and to the extent that anyone does, it's damaging to the cause of people who insist the fault lies not in the software but in the protocol.
And that is why I assert we are no better off than we were before, and this source offering is meaningless.
We may have taken a step down a road, but it doesn't matter if we've taken a step down the wrong road.
No it's not a "step in the right direction" and you're not helping to fix things by claiming that it is.
Having a copy of some source code is not a "step in the right direction" if you can't understand it. Most people can't read source code.
Having a copy of some source code is not a "step in the right direction" if you can't have complete confidence it's implemented correctly. If it's at all complex, there's a good chance the are bugs in it. If the manufacturer ever admits they've fixed a bug in it, then they are admitting even their engineers who designed it didn't understand it enough to spot all the bugs. Will Joe Voter spend as much time reviewing the code? (If they never admit to a bug in it, then they are in denial.)
Having a copy of some source code is not a "step in the right direction" if you can't be sure the source you have is the same one used to compile the binary runninng on the machine you're casting your vote on.
Having a copy of some source code is not a "step in the right direction" if you can't be sure the compiler wasn't trojaned. Or the hardware itself.
Unless you have evidence of a ballot cast, the best you can claim is heresay testimony of a ballot cast. Are you willing to accept that as a basis of your next government?
I see. So the only messages (as opposed to notifications) which would be delivered to your inbox are the ones which really exist. Is this an improvement? How many non-existant spam messages to you get in a day?
Which means, after adding this level of complexity to the end-to-end email system, you wind up having to do exactly the same thing you do today. Except now, instead of complaining that the evil spammer is abusing your download bandwidth, the evil spammer can just say "if you don't like it, then don't ask to download the spam from my server..."
Nobody, that is, except those people who actually buy from the spammers... Let's remember who's keeping these guys in business.
And you're still making the assumption that spammers use their own domains, care about how loaded the rooted relays are, keep the messages on their own disks, and choose to play by the rules. They don't.
That works for small-scale systems, but when dealing with the larger service providers it fails. A system like AOL will routinely "accept for delivery" every message, and only later figure out if the mail can actually be delivered locallyi, and send back a delivery failed (if appropriate) to the (forged) sending address. Well, at least that's how it's supposed to work.
And why wouldn't there be, especially in the case of spam?
Ignoring the fact that you may be making 100K "actual matching message body" checks a day, you should realize that as soon as you ask the originating server if the message body exists, you've already lost the game.
There are two basic types of communication: channelized and broadcast. Your eyes are a crude example of a channelized communication: you only receive information from the thing you're looking at. Your ears monitor broadcast communication.
Email started life serving the needs of broadcast communication: we accepted email from everyone. Whitelists in their various forms are an attempt to channelize that communication. But so long as we as recipients of the communication want to listen to broadcast communication, there's always an opportunity for disrespectful individuals to make noise.
I'm not convinced that shutting down all broadcast-style communication is a good thing. That's too much isolation for even this hermit to handle. But short of that, the only solution for the behavior which manifests itself in email as spam, is to convert the disrespectful individuals into respectful ones, which will require patience, tolerance, and time.
And I'm not sure there's enough of any of those left on the Internet.
Good lateral thinking, but I don't think it would ultimately stop spam. I'd love to see more details.
It would prevent a spammer from dumping a 100Kb email message into your inbox, but it wouldn't prevent him from dumping 100K of 1b "notification" messages in there, and it would be all the same to him. It would make it much harder to sort between the two.
And under the current system, the spammer doesn't know anything about the recipient (or even that the email address is valid) unless he does something stupid like reply or click on a web link. Under this system, the spammer would know which addresses were valid by watching which messages were picked up.
Personally, I'm convinced we'll see no solution to the spam problem until society stops tolerating the selfish behavior spammers represent.
There must be more to this proposal than you've related here. This sounds more like an off-the-cuff suggestion that the usually sound thinking of our qmail friend.
Don't call it an "Internet" tax. I'm sure you'd like to be paid even if people aren't trading your copyrighted material on the Internet.
If we as a society value the tunes artits (including you Independent types) create, then we should agree to compensate you. (Although Free Market type could also argue "If you don't like what you're gettin' pain, get a new job...")
Currently, we are already being taxed for these creative works. Copyright is a form of Tax (everybody but the scofflaws has to pay) paid by us and 95 years of our childern and grandchildren.
Many of the arguments I've heard boil down into complaints that it's too easy for scofflaws to shift the tax burden to the rest of us, complaints that the tax burden (95 years, or so) is too heavy, and complaints that the taxes which are being collected are primarily benefiting the publishers, rather than compensating the artists who's creative work we actually value.
don't have any amswers to add here. I was just hoping that seeing the problem form a different perspective might shed some light others could use.
Absolutely. I'd say it stops at the dmarc of your network, but I think we agree at least.
If I'm spamming your inbox, you've got fair reason to LART me whether I'm using some sort of spambot to do it or not. On the other hand, you have no cause of action against me no matter how many spambots I'm running so long as I'm not touching your inbox. You have no right to say what I'm sending to someone elses inbox is spam; they need to decide that for themsleves.
And yes, it's all SPAM, and nobody wants to get it, except that if that were true spammers wouldn't bother sending spam in the first place. They do because some people incomprehensibly READ spam, reply to spam, and mail off their credit cards to make a purchase, too. In short, we have a problem with spam because we tolerate it.
When you decide for others what is or isn't spam, you run the risk of having others make the same decision for you.
Some rhetorical questions here:
These are all manifestations of the same "thought crime" logic which our system of innocent until proven guilty evolved to combat.
The strength of the Internet lies in that it doesn't necessarily have to be SMTP just because it's travelling on port 25. That means, for example, trying to stop spam by blocking port 25 will both a) block a lot of stuff which isn't spam, and b) fail even to block spam effectively. We can't stop spam if we shoot before we know it's really spam, and only the end user can make that decision.
The alternative is a rat race we can, at best, lose slowly. There are many forces seeking to divide-up the Internet into smaller and smaller (and thus more locally profitable) pieces. Yes, we can block port 25 to everywhere, which will force spammers to peddle their wares over IM. We can spend a couple months (or years, or decades) blocking that exchange protocol (like we're doing with email) or we can abandon the protocol as a spam wasteland (as we've had to do with USENET) but in the end we'll lose a portion of the Internet's functionality either way.
The only way out of this I see is to educate people to the point where spam is no longer effective. And despite what many people want or believe, masking the problem with simple technological solutions like these is not helping to solve the problem. It's a hard thing to do, it might take years (we've been fighting spam for a decade at least) and it may require re-wiring the Internet from the ground up, but it's not going to get done unti
How do you know that?
I had thought one of the things us enlightened slashdotters loved about the Internet was that we could set up our machines to do whatever we wanted them to do without approval from our ISP. While I hate spam and spammers as much as I hate Illinois Nazis, I've always accepted that a free Internet demanded that we allow people to configure, mis-configure, or allow to become misconfigured any way they wanted to.
This is yet another bad precedent we're being encouraged to believe is good for us.
Freedom demands eternal vigilance, and you just gotta do it for yourself. That doesn't mean you can demand others apply that vigilance to their own lives; their concept of Freedom might just be different than yours.
There are valid reasons why I shouldn't run a spambot. But are there any valid reasons why I shouldn't be allowed to run a spambot?
Second: They are admiting that any machine which is not patched current has vulnerabilities; including machines with fresh installs, and the ones sitting on store shelves/warehouses waiting to be sold. Since these machines are already admitted vulnerably, and since patches are now being release monthly (or more frequently) we can conclude Microsoft Operating systems have a maximum warrantable period of 30 days, and recalls should be done for all previously delivered software, since the manufacturer is admitting the fault at this point.
The other part of the DMCA says stripping copyright information or other identifying marks from a copyrighted work in an attempt to avoid proper attribution is also a violation.
It's in that part none of us got really upset about because most of us (even those who "pirate" regularly) still think the creator should get credit (just not control).
Excellent advice. I understand that was the tactic Jeffrey Dalhmer used to convinve the two cops to return the kid to him....so he could eat him.
Cops usually hav a good feel for situations, but cops can make mistakes, too, and cops need to understand that. That's why even cops have certain rules they have to follow. What are those rules? That's the question the Supreme Court is being asked to answer.
THanks for the memories. I haven't thought od Donald Duck Dunn in years. I miss Motown.
"Sir, we've had reports, from confidential sources, that there may be some Terrorist activity occuring somewhere within the United States (although we're not ruling out other countries, either), so I have every right to demand your papers..."
I remember an interesting thing one of my California Surfer friends pointed out: most cops are smart enough not to ask for ID from someone who's only wearing a bathing suit. If Surfers aren't required to carry ID (I suppose even if someone reports "a fight" at Del Mar) they why should the rest of us be required?
Scratch that state off the vacation plans. Heck, I wouldn't even want to drive through it.
Thanks for the warning, though.