Does AMI plan any "community outreach" programs to help explain to the Linux, BSD, etc (non-proprietary, non-commercial) operating system community the benefits of developing for/using TCPA-enabled hardware? It would seem that TCPA is designed to prevent the small developer from playing on the same field with the "big boys". Is this the view AMI is taking ("you little folk aren't worth us wasting our time") or is there a place in the TCPA-only world for a small developer to play?
Or, maybe rephrase that as "Why shouldn't the average Linux user respond as if AMI just declared war on us?"
Can you explain how a TCPA-enabled motherboard would benefit software development engineers and their employers over a non-TCPA-enabled version? In order to test my TCPA-requiring features, I will obviously need to be testing only on TCPA-enabled hardware, but won't I also have to have every alpha, every beta, every nightly build, every proposed patch, etc, TCPA evaluated and signed in order to run my testcases? Or will there be a mechanism whereby an 'un-certified' build will be treated by the hardware as being certified (even though it's not) to facilitate software testing?
And doesn't the availability of that feature place the security of the whole TCPA platform in question?
If someone (attempts to) breaks into your home (in the USA), you are allowed to shoot that person in self defense.
If they're only breaking into your home, then you do not have the right to "shoot in self defense". Your home would need to have the right to shoot in self defense (which we don't recognise for inanimate objects), and it would have to fire the shot itself (which is, I suppose, at least possible). Neither of these really make make much sense.
If they are breaking into your home and you fear for your life then you have the right to kill in self defense. Thus, it depends on what you were feeling, or perhaps on what you claim you were feeling, or by extension, what you can convince the jury you were feeling. Thus, in a way, it could be said that while you may or may not have the right to shoot an intruder, the U.S. Second Amendment (right to bear arms) guarantees you have the power to shoot an intruder. And while the former is what matters to the Courts, the latter is what's likely to keep me out of your house, because even if you don't have the right to shoot me, I'll be just as dead.
(Contrast this with the DMCA, where the law guarantees you the right to fair use, but denies you the power to exercise your right.)
It does pose an interesting question, though. Our roadside mailbox has recently become a favorite target for vandalism of the "mailbox baseball" variety. (drive by, hit the box with a baseball bat, drive off...) I wonder what my liability would be for replacing my aluminum mailbox with one specially constructed from cast iron and concrete. Would I be liable for the broken bones of someone attempting to commit vandalism on my property and failing to understand the...um...consequences of their actions?
This technology is designed to address the general problem "How do I know that I can trust what is running on the computer?".
You can use this technology to verify, for example, that some software (for example, DVD viewing software) you want to run has not been altered by a virus to perform functions other than those you choose. Functions like spyware, worm propagation, etc.
The down side is that it enables anyone else to perform the same verification. This could be used (again, for example) by the MPAA to ensure that the DVD viewing software you want to run has not been altered (by you) to perform functions other than those they choose. Functions like allowing the movie to be saved as a file or played on a non-compliant display device.
The fear is that eventually content providers will refuse to offer any content to your general-purpose computing device unless you allow them to verify the software you are running on it. Which will, by economic necessity, require that you be running one of a very limited set of "approved" configurations to get the approval you would need. In essence, your "general-purpose computing device" will need to become a "single purpose computing device". Digital content marketers are probably drooling over the thought of some souped-up Windows system which plays DVD's and Digital Audio and games (and what not) and never lets anyone pirate the content. Instead, it will likely become something more like: Insert the DVD-Player CDROM and reboot to turn your PC into a DVD player, insert the Digital Audio Player CDROM and reboot to turn your PC into a Digital Audio player...
But the fear is misplaced. The real use is not in protecting digital content, but rather in allowing someone who doesn't own a piece of hardware to reliably use the processing power of that piece of hardware.
In reality, however, none of this will come to pass. The world of hardware is nowhere near as clean as the software world. Hardware designers have to make all kinds of assumptions, like assuming that the clock is accurate, assuming that supply voltage remains within spec, assuming at no one tied that patricular bus line to Vcc at the exaxt instant when the "failed" result was being relayed, etc. As soon as there is a hint that someone, somewhere has hacked their hardware enough to create a untrustable trusted system, no content provider will will accept any trusted system as trustable ever again.
How is MS guilty for crappy code in other people's drivers now?
Microsoft became responsible for other people's code the moment they got into the business of signing other people's code.
If Microsoft wants me to believe that drivers which have been approved and signed by Microsoft are any more trustworthy than drivers which haven't been signed and approved by Microsoft, then Microsoft need to accept responsibility for ensuring that is the case.
You can't say "don't use that code, I haven't approved it. Use this one instead..." and then say "well it's not my fault if the code I demand you use is broken, I didn't write it!"
The lion approached the wolf and the fox, and suggested that they form a partnership for the purpose of hunting game. The lion explained that each had particular talents that would lend themselves to such a partnership. The fox was wily and could trick the quarry into the open; and the wolf was swift of foot, so that he could direct the quarry to where the lion lay in wait to complete the kill. After some discussion, the wolf and the fox agreed to enter into a partnership with the lion. All went as planned and a deer was killed, but when the wolf and the fox tried to share in the kill, the lion challenged them. They stood by, helplessly, and watched the lion devour the entire carcass. Afterward, they asked the lion why he had only left them a few scraps. The lion replied, "All I took was the lion's share."
what we haven't told you, however, is that this merge will allow us to provide high-end DSL service to residences across the country for less than $10 / mo. we will be able to do this due to the fact that there will be no middle-man provider.
There's quite a lot of other stuff you aren't telling. There is currently little regulation keeping you from providing that service right now, provided you offer the same to the middlemen as well. What's stopping the deployment is not the middlemen, but the desire to lock those "middlemen" out of the market.
Whetever you eventually deploy for ~$10/mo is NOT going to allow anyone to become your competitor on your own network (which is what this discussion is all about).
First, the client-side services will be restricted. EULA's will prevent serving web pages or offering P2P shares.
Next, the central services will be restricted. Your customers will be able to play on-line games, but only through "approved" servers. In order to become an "approved" server, a company will need to pay a usage fee to the network owner, which means services like BattleNet will become subscription(fee) based, or will cease to exist.
Finally, even sites not on your network will be required to become corporate partners or access will be denied. That means trying to use Google or cnn.com or Ebay or amazon will be impossible unless it's profitable to your corporation.
Of coures the other solution is equally unworkable. The proposal (requiring all network providers to carry all content equally ) would leave us in a world where SPAM becomes "must deliver" content. Who wants that?
The only good thing about the (proposed) legislation and rule changes are that it causes change, which can only accellerate the dissolution of the Internet as we know it, making way for the next new thing.
I hope the parody site (whoever owns dowethics) hasn't made a stoopid mistake with the copyright notice at the bottom. Unless I'm wrong, they are not allowed to claim copyright by "The Dow Company" unless they own a registered trademark to that name (unlikely), and if they've falsely attributed the copyright they could lose their copyright to their parody page and be subject to hefty fines for their false claims.
Losing copyright to the page would make defense of the page (as a parody) more difficult in several ways...
Even if I was a lawyer, you would be foolish to believe I'm licensed to practice law in whatever jurisdiction you currently reside.
...she can sue your ass for libel, and rightfully so (assuming you don't have real proof that she is, of course).
Technically speaking, you don't need to have real proof that she is to be safe; you are safe without the proof so long as she really is.
Yes, it's a nit-pick technicality. Just like it's a technicality that even if she is, she can still sue your ass for libel, which by extension means you are not safe.
Without making any comment on (or passing any judgment about) your desire to take up arms against the U. S. government, the purist in me must point out that your proposal is bad from both a tactical and a legalistic assessment. Do not battle an opponent of the terms he chooses, but rather you should play to your own strengths.
If you read, study, and understand the RFC's you'll begin to understand that The Internet does not exist as a thing; but rather it is a concept for organizing the interconnection of computers in such a way as to (as much as possible) guarantee the maintenance of communications.
Each time I hear a new proposal to "block" or "monitor" or "centralize" or "control" those communications, I'm not thinking about how this damages The Internet, but rather how the implementation of such a proposal would leave what we currently, popularly, refer to as The Internet in a state which leaves it less able to achieve the ideals laid out in the RFCs.
Yes, we love our broadband, and our Google, and our MP3's, and our Slashdot, and our weblogs, and our mailing lists (I could go on...) but we need to keep focused on those parts of internetworking which allow these, the parts which are, in the final analysis, most critical to the culture which produced the things we love.
Think for a moment; if there were but one Internet provider (think AOL, for example, or perhaps MSN) any you refused to use it (because of "centralized control", or "official monitoring", or "institutionalized censorship", or "philosophical differences", or "lameness" or whatever), would you still be able to have all the things you love about the Internet? If not, which of those would you be willing to give up?
I submit that we will lose (or have already lost) The Internet. I submit that we are seeing today, in the bursting of the Internet Bubble, the first whiffs of the stench of gangrene the above proposals will create. I submit that proposals like this (and others) will eventually create an internet, The Internet, which is at once more completely controlling, more completely profitable, more completely monitorable and blockable and censorable, and at the same time more completely useless.
But take heart, because the slow destruction of The Internet will allow the creation of a new way of internetworking which will still provide much of what you loved about The Internet (and many new things which are not possible now in the shadow of The Internet) but, true to the RFCs, still provides the core functionality of end-to-end, stupid network, guaranteed (as much as possible) communications.
But this new internetworking will not be built by those who have control (or centralization or monitoring or blocking or profit) as their goal, but rather by those who remain true to the cause.
But it can be built, and it will be built. And building it will be legal and challenging and fun, and no one will have to get shot doing it.
You're welcome to make your stand here, and try to defend The Internet from the onslaught. If you choose to employ violence in making your stand, please try to avoid harming the innocents or (heaven forbid) your allies. (That would be another tactical mistake). Your determination, bravery, and sacrifices (is it okay to use those terms to describe someone who posts anonymously?) are honorable, but in the end I fear they will be fruitless.
As an alternative, you can do what geeks are best at, play to your strengths, and help to build the internetworking to preserve those elements without which Freedom and Democracy itself are threatened.
Or, as another poster put it so succinctly: "Go Freenet!"
You *could* still write the same book, you just couldn't profit from it nor distribute it.
In one sense you are correct. Declaring murder illegal does not stop all people from murdering. I trust this was not the sense into which your reply was made.
If you meant in a legal sense, then I'm afraid you are mistaken. The owner of a copy right has the legal authority to prevent you from making a copy of his work. The fact that the copy you make does not profit you and the fact that the copy you make is not distributed weigh heavily in your favor if you claim a "fair use" exemption (so heavily, in fact, that most copyright owners would not choose to pursue you) makes no difference. The power of copy right is the power to prevent others from duplicating ones work.
That's why, technically, you have to ask permission of the copyright owner before you can sing "Happy Birthday" to your kids. It does not matter that you are not paid to sing it, nor that your performance is not for commercial purposes.
You're arguement is silly though for the simple reason of: Why would you want to create the same words as someone else EXCEPT to make profits? Saying it's for 'altruistic reasons' is facetious.
Reverse it and you'll understand. My copyright (in a work I've created) exists even if I make no profit from it, and do not publish it. I can prevent you from making copies (at least for the time my copy right remains in force) simply because I created the work.
Think about unpublished personal letters from a famous author. Copyright has been used by the heirs of such an author to prevent publication of copies of such letters for scholarly research reasons.
Can someone explain this argument to me? I honestly do not get it.
In a nutshell: Copyright law boils down to an exclusive right (granted by Congress, granted to an author, granted for a limited time) to "speak" certain works. If you write a book, then for the period of time during which your copy right exists, I am not free to also write the same book. My speech is infringed. Copyright is fundamentally in conflict with free speech. The Framers justified this by saying the benefit to society gained by having you share your writing was worth more than the cost of prohibiting me (and others) from writing the same thing during the copy right period. Again, this is "in a nutshell".
DMCA, so the argument goes, runs afowl of at least the spirit of copyright (and free speech) in several respects. For one, the copy right protection period granted by a technological mechanism is esssentially "forever", and not a limited time. Additionally, Dimitri/Elcomsoft did not publish anything infringing anothers copy right, but rather published a tool which could allow (some would say "was designed to allow") it's purchasers an opportunity to violate another's copy right.
Free speech can be restricted in cases where the government can show a "compelling interest". Your "fire in a theatre" example is one of these; clearly the harm from such speech outweighs the societal benefit of hearing your rendition of "Fire!".
One thing which can be drawn from the result of this trial (whatever it should be) is whether the goverment finds a more compelling interest in promoting technological advancement or in protecting the bottom line of some major campaign contributors.
Making the argument that publishing an eBook extractor is a malicious act seems akin to accusing a man of being a thief because he posesses hands with which to steal. Even within the letter of the DMCA, there are certain circumstances under which using an eBook extractor to access the content of an encrypted eBook would be undeniably legal.
It's important to remember that the market for a web browser is not the set of web surfers, but rather the set of web site providers. A browser doesn't gain market share by being less costly or more feature-rich, but rather by being usable at the most sites.
Web surfers might want a web browser which offers them more control of their surfing experience (privacy enhancements, for example), but web site purveyors want to see features which take control away from the surfer (such as unclosable pop-under windows).
The result of the collision of those two trends is that browsers (such as opera) which offer ad-blocking and privacy enhancing features are going to be discriminated against as opposed to browsers (such as IE) which offer web content providers a rich set of features. And the more empowering (to the user) the browser is, the more quickly web sites will move to degrade support for that browser.
Its' a shame, but phenomenon like this are going to kill the Internet as we know it, or reduce it to something nobody wants to waste their time on (like broadcast television.)
You're showing a very common misconception about the point of the Thompson article. The problem is much, much deeper than your post suggests.
Yes, the issues run much deeper than I've touched on here. And if I appear to have misconceptions about the article, it's probably because the article contains so much to conceive that I've surely missed something.
For example, what if you did create your own compiler in machine language, entering each bit by hand into the EEPROM with a logic probe. (I've done this, but certaintly not for a whole compiler.) How do you know you can trust the hardware, unless you've also built that yourself? (Been there, done that, too.)
But asking the hard questions doesn't really bring us much closer to the answers.
One strategy for increasing the security of some aspect of a system is to increase the interdependence on other systems. One example of this is to use two ropes to lash cargo onto the roof of your car, rather than just one, such the both ropes would have to fail for the cargo to become insecure.
In our compiler example, this would mean a solution like compiling your (self written) compiler with as many different third-party compilers as possible (with all optimizations turned off, etc) and comparing the results. Unless they have all been compromised in the exact same way, the results should be very similar.
Another example (as I alluded to earlier) was to wedge the priority of comprimising a compiler against the priority of good benchmark results, making ties into the marketing layer. When the PHB's start asking why a compettitor's compiler is faster than their own, some engineer may become very motivated to look for trojan code.
In both of these, the methods employed in open source projects offer an advantage over closed source development in that a trojan would have to hide in a place no one looks, and there's no way for the author of such an exploit to predict where the masses will be looking (or not looking).
The point of the article isn't just that you can't trust code you (and the open source community) haven't personally examined. You can't trust code unless you've personally built the entire compilation and execution environment using trusted code, from the ground up.
If you truly can't trust anyone but yourself, then this is the correct attitude to take. (But if that's the case, it makes me wonder if your trust in yourself isn't a bit misplaced?;-)
As an alternative, you can trust that the competing interests and motivations of the multitudes of uncooperative parties will keep everyone honest, or at least (as you've pointed out) provide for a forum for the complainers to raise a red flag. Since not everyone who uses GCC is interested in using it the same way, if someone proposes a change which will 'shave a clock cycle off the execution time at the expense of using an extra byte of stack space' there's sure to be someone else who compalins. In an environment like that, trying to insert something as major as a back door is sure to raise alarms even if no one is 'in charge' of making sure a back door isn't inserted. As long as we don't become complacent, we should be fine.
Chances are that we all got our systems up and running from some public Linux distro.
Guilty as charged. But then again, most of us running Linux then immediately went in and started changing things (after all, we are engineers, aren't we?) and tried to understand everything it does. Any one of us could be the one who posts the question "why is my box trying to connect to 212.146.0.34:1963 when i rebuild Libpcap?" and raises the flag on the next trojan.
(Which is why modding posts as off-topic, or telling newbies to go away, or refusing to help someone learn is so damaging, to ourselves as a community, but that's another thread...)
If getting your software from a bunch of hackers makes you nervous, getting it from Microsoft should, in my opinion, terrify you.
Because all the authors of software written by a single commercial organization share at least one common motivation: they want to keep their jobs. If it comes to a choice between writing software which will exclude a remote exploit and run faster or writing software which will do what their boss demands and allow them to keep their job, too many people will opt to keep their job, and just hope that no one ever finds out.
And with closed source, they're at least fairly safe.
Actually, for all you know maybe every version of gcc ever allows RMS and Torvalds into your box...
There was one flaw in this 'undetectable backdoor'; it was dependent on everyone using a trojaned compiler. This was a fairly safe assumption back when only a handful of people had ever written one, but it no longer holds true today (and largly because of the open source phenemon) where everybody and his brother writes a compiler in some third year programming class.
Of course, it doesn't have to stop there; a clever (and well-funded) adversary could trojan the microprocessor hardware (in the BIOS, for example) to accomplish the same thing, but then you begin to run into economics problems; a processor streamlines to process 'just the facts' is always gonna blow the pants off any processor which is both running the latest benchmarking program and checking to see if it should be inserting a back door into the program it's running.
Open source makes it very difficult to predict how your users will see (or use) your software, which make it difficult to correctly 'keep up the apperance' that everything is kosher.
Anyone who believes that closed source is more secure from trojans than open source is simply blind (or ignoring) the truth.
...if I buy a copy of windows, I own the license and if I own something, I don't see any reason why I cannot sell it.
A license is a right to do something. You don't automatically have a right to sell your rights.
Do you have a driver's license? Can you sell me your drivers license (if I've lost mine?) You could sell me the piece of plastic it's printed on, but you would not be selling me the privlege to drive, and if I were pulled over the authorities would not allow me to use your drivers license to assert your privleges for myself.
(On the other hand, if all I needed was a piece of plastic to pick my teeth with, I could buy the plastic which represents your drivers license and use it as I see fit.)
The analogy to the sale of Microsoft products on Ebay fails only because (unlike the traffic cop) Microsoft has no effective way to tie the "License to Use" to a person (or a computer) and instead ties it to the media. Having the media allows you to "fool" the enforcement mechanism and assert a privlege to use the license in a way which (Microsoft claims) you do not have.
But that's where all the Passport, Palladium and.NET stuff comes in. Once they know that Mr. Ebay Seller's license number is tied to Mr. Ebay Seller's passport account, they can prevent Mr. Ebay Buyer from making use of the license he bought on Ebay. Mr. Buyer will instead have to buy a new license from Microsoft.
It makes me wonder; perhaps they already have that information and all the people who bought M$ software on Ebay (or obtained it through other license transfers) will one day wake up to find they can no longer use their license, and must buy a new one. Or the related question; if Microsoft asserted that my license key was registered to someone else, (and thus, I had no license) would I be able to prove they were wrong? Even if you bought the software legitimately, are you sure no one copied-down the license key before you received it?
Let's hope Senators Hollings and Berman are paying attention.
No, let's hope not. Personally, I'd rather see them maintain their delusions until they're no longer in office. After that, they can delude as they see fit.
... e-mail, IM, the Web, etc, are NOT P2P...they are Client server...
I guess that just shows how a difference in perception can result from a difference in heritage. You may be right that most of these are (or are considered to be) client/server, but almost none of them have to be.
The email system I grew up with (sendmail on UNIX) was always designed around peer to peer communication. Email was sent directly from my host to your host, and stored there until you logged into your account and read the mail with your MUA. Of course this depends on my host and your host being always up, always on, always connected systems.
Instead of IM, we had talkd, which was peer to peer. Some people today still don't realize that you can look at files on your own computer using your web browser, even if you aren't running IIS or apache. (Who's the client and who's the server there?).
Nowadays, everyone thinks of email as something where you use your Outlook client to create the message on someone's Exchange server, where it's then sent to soneone elses' Exchange server for me to read with my Outlook client. (That, or it's created in a web client connected to the Hotmail server...)
This appears to have come about with the advent of low-powered, low cost "work stations" which were not always well maintained and therefore could not always be guaranteed to be up and available. It's kinda strange; we finally have inexpensive always-up network connections, cheap hardware which is powerful enough for low-bandwidth jobs like email and operating systems which can maintain multi-month uptimes. So what do we do? Convert everything to the client/server model where you can't send a message to your friend without AOL's server knowing about it.
A server is generally considered to be an "always up, always available" host; the same is not true of a client. No one (but you) will be inconvenienced if you decide to shut down your client, but someone might be inconvenienced if I shut down my server.
Or maybe that's the true difference between people who use UNIX and people who use Windows: UNIX people see their machines as ialways-up servers, Windows people see their machines as temporarily up clients.
Also, a client always knows who it's server will be before the session begins (because it initiates the session), a server does enjoy the same luxury. It does not know who it's clients will be before the session is initiated. It also strikes me as interesting how the most damaging viruses in the world are client machines which have been turned into servers.
Slashdot Mirror
Or, maybe rephrase that as "Why shouldn't the average Linux user respond as if AMI just declared war on us?"
And doesn't the availability of that feature place the security of the whole TCPA platform in question?
If they're only breaking into your home, then you do not have the right to "shoot in self defense". Your home would need to have the right to shoot in self defense (which we don't recognise for inanimate objects), and it would have to fire the shot itself (which is, I suppose, at least possible). Neither of these really make make much sense.
If they are breaking into your home and you fear for your life then you have the right to kill in self defense. Thus, it depends on what you were feeling, or perhaps on what you claim you were feeling, or by extension, what you can convince the jury you were feeling. Thus, in a way, it could be said that while you may or may not have the right to shoot an intruder, the U.S. Second Amendment (right to bear arms) guarantees you have the power to shoot an intruder. And while the former is what matters to the Courts, the latter is what's likely to keep me out of your house, because even if you don't have the right to shoot me, I'll be just as dead.
(Contrast this with the DMCA, where the law guarantees you the right to fair use, but denies you the power to exercise your right.)
It does pose an interesting question, though. Our roadside mailbox has recently become a favorite target for vandalism of the "mailbox baseball" variety. (drive by, hit the box with a baseball bat, drive off...) I wonder what my liability would be for replacing my aluminum mailbox with one specially constructed from cast iron and concrete. Would I be liable for the broken bones of someone attempting to commit vandalism on my property and failing to understand the...um...consequences of their actions?
You can use this technology to verify, for example, that some software (for example, DVD viewing software) you want to run has not been altered by a virus to perform functions other than those you choose. Functions like spyware, worm propagation, etc.
The down side is that it enables anyone else to perform the same verification. This could be used (again, for example) by the MPAA to ensure that the DVD viewing software you want to run has not been altered (by you) to perform functions other than those they choose. Functions like allowing the movie to be saved as a file or played on a non-compliant display device.
The fear is that eventually content providers will refuse to offer any content to your general-purpose computing device unless you allow them to verify the software you are running on it. Which will, by economic necessity, require that you be running one of a very limited set of "approved" configurations to get the approval you would need. In essence, your "general-purpose computing device" will need to become a "single purpose computing device". Digital content marketers are probably drooling over the thought of some souped-up Windows system which plays DVD's and Digital Audio and games (and what not) and never lets anyone pirate the content. Instead, it will likely become something more like: Insert the DVD-Player CDROM and reboot to turn your PC into a DVD player, insert the Digital Audio Player CDROM and reboot to turn your PC into a Digital Audio player...
But the fear is misplaced. The real use is not in protecting digital content, but rather in allowing someone who doesn't own a piece of hardware to reliably use the processing power of that piece of hardware.
In reality, however, none of this will come to pass. The world of hardware is nowhere near as clean as the software world. Hardware designers have to make all kinds of assumptions, like assuming that the clock is accurate, assuming that supply voltage remains within spec, assuming at no one tied that patricular bus line to Vcc at the exaxt instant when the "failed" result was being relayed, etc. As soon as there is a hint that someone, somewhere has hacked their hardware enough to create a untrustable trusted system, no content provider will will accept any trusted system as trustable ever again.
Game over.
Microsoft became responsible for other people's code the moment they got into the business of signing other people's code.
If Microsoft wants me to believe that drivers which have been approved and signed by Microsoft are any more trustworthy than drivers which haven't been signed and approved by Microsoft, then Microsoft need to accept responsibility for ensuring that is the case.
You can't say "don't use that code, I haven't approved it. Use this one instead..." and then say "well it's not my fault if the code I demand you use is broken, I didn't write it!"
There's quite a lot of other stuff you aren't telling. There is currently little regulation keeping you from providing that service right now, provided you offer the same to the middlemen as well. What's stopping the deployment is not the middlemen, but the desire to lock those "middlemen" out of the market.
Whetever you eventually deploy for ~$10/mo is NOT going to allow anyone to become your competitor on your own network (which is what this discussion is all about).
First, the client-side services will be restricted. EULA's will prevent serving web pages or offering P2P shares.
Next, the central services will be restricted. Your customers will be able to play on-line games, but only through "approved" servers. In order to become an "approved" server, a company will need to pay a usage fee to the network owner, which means services like BattleNet will become subscription(fee) based, or will cease to exist.
Finally, even sites not on your network will be required to become corporate partners or access will be denied. That means trying to use Google or cnn.com or Ebay or amazon will be impossible unless it's profitable to your corporation.
Of coures the other solution is equally unworkable. The proposal (requiring all network providers to carry all content equally ) would leave us in a world where SPAM becomes "must deliver" content. Who wants that?
The only good thing about the (proposed) legislation and rule changes are that it causes change, which can only accellerate the dissolution of the Internet as we know it, making way for the next new thing.
Losing copyright to the page would make defense of the page (as a parody) more difficult in several ways...
Even if I was a lawyer, you would be foolish to believe I'm licensed to practice law in whatever jurisdiction you currently reside.
Technically speaking, you don't need to have real proof that she is to be safe; you are safe without the proof so long as she really is.
Yes, it's a nit-pick technicality. Just like it's a technicality that even if she is, she can still sue your ass for libel, which by extension means you are not safe.
Funny how that works, ain't it?
Without making any comment on (or passing any judgment about) your desire to take up arms against the U. S. government, the purist in me must point out that your proposal is bad from both a tactical and a legalistic assessment. Do not battle an opponent of the terms he chooses, but rather you should play to your own strengths.
If you read, study, and understand the RFC's you'll begin to understand that The Internet does not exist as a thing; but rather it is a concept for organizing the interconnection of computers in such a way as to (as much as possible) guarantee the maintenance of communications.
Each time I hear a new proposal to "block" or "monitor" or "centralize" or "control" those communications, I'm not thinking about how this damages The Internet, but rather how the implementation of such a proposal would leave what we currently, popularly, refer to as The Internet in a state which leaves it less able to achieve the ideals laid out in the RFCs.
Yes, we love our broadband, and our Google, and our MP3's, and our Slashdot, and our weblogs, and our mailing lists (I could go on...) but we need to keep focused on those parts of internetworking which allow these, the parts which are, in the final analysis, most critical to the culture which produced the things we love.
Think for a moment; if there were but one Internet provider (think AOL, for example, or perhaps MSN) any you refused to use it (because of "centralized control", or "official monitoring", or "institutionalized censorship", or "philosophical differences", or "lameness" or whatever), would you still be able to have all the things you love about the Internet? If not, which of those would you be willing to give up?
I submit that we will lose (or have already lost) The Internet. I submit that we are seeing today, in the bursting of the Internet Bubble, the first whiffs of the stench of gangrene the above proposals will create. I submit that proposals like this (and others) will eventually create an internet, The Internet, which is at once more completely controlling, more completely profitable, more completely monitorable and blockable and censorable, and at the same time more completely useless.
But take heart, because the slow destruction of The Internet will allow the creation of a new way of internetworking which will still provide much of what you loved about The Internet (and many new things which are not possible now in the shadow of The Internet) but, true to the RFCs, still provides the core functionality of end-to-end, stupid network, guaranteed (as much as possible) communications.
But this new internetworking will not be built by those who have control (or centralization or monitoring or blocking or profit) as their goal, but rather by those who remain true to the cause.
But it can be built, and it will be built. And building it will be legal and challenging and fun, and no one will have to get shot doing it.
You're welcome to make your stand here, and try to defend The Internet from the onslaught. If you choose to employ violence in making your stand, please try to avoid harming the innocents or (heaven forbid) your allies. (That would be another tactical mistake). Your determination, bravery, and sacrifices (is it okay to use those terms to describe someone who posts anonymously?) are honorable, but in the end I fear they will be fruitless.
As an alternative, you can do what geeks are best at, play to your strengths, and help to build the internetworking to preserve those elements without which Freedom and Democracy itself are threatened.
Or, as another poster put it so succinctly: "Go Freenet!"
And if you'd get out of my face and leave me alone like you've done with Pioneer 10, I'd be able to get some work done, too!
In one sense you are correct. Declaring murder illegal does not stop all people from murdering. I trust this was not the sense into which your reply was made.
If you meant in a legal sense, then I'm afraid you are mistaken. The owner of a copy right has the legal authority to prevent you from making a copy of his work. The fact that the copy you make does not profit you and the fact that the copy you make is not distributed weigh heavily in your favor if you claim a "fair use" exemption (so heavily, in fact, that most copyright owners would not choose to pursue you) makes no difference. The power of copy right is the power to prevent others from duplicating ones work.
That's why, technically, you have to ask permission of the copyright owner before you can sing "Happy Birthday" to your kids. It does not matter that you are not paid to sing it, nor that your performance is not for commercial purposes.
Reverse it and you'll understand. My copyright (in a work I've created) exists even if I make no profit from it, and do not publish it. I can prevent you from making copies (at least for the time my copy right remains in force) simply because I created the work.
Think about unpublished personal letters from a famous author. Copyright has been used by the heirs of such an author to prevent publication of copies of such letters for scholarly research reasons.
In a nutshell: Copyright law boils down to an exclusive right (granted by Congress, granted to an author, granted for a limited time) to "speak" certain works. If you write a book, then for the period of time during which your copy right exists, I am not free to also write the same book. My speech is infringed. Copyright is fundamentally in conflict with free speech. The Framers justified this by saying the benefit to society gained by having you share your writing was worth more than the cost of prohibiting me (and others) from writing the same thing during the copy right period. Again, this is "in a nutshell".
DMCA, so the argument goes, runs afowl of at least the spirit of copyright (and free speech) in several respects. For one, the copy right protection period granted by a technological mechanism is esssentially "forever", and not a limited time. Additionally, Dimitri/Elcomsoft did not publish anything infringing anothers copy right, but rather published a tool which could allow (some would say "was designed to allow") it's purchasers an opportunity to violate another's copy right.
Free speech can be restricted in cases where the government can show a "compelling interest". Your "fire in a theatre" example is one of these; clearly the harm from such speech outweighs the societal benefit of hearing your rendition of "Fire!".
One thing which can be drawn from the result of this trial (whatever it should be) is whether the goverment finds a more compelling interest in promoting technological advancement or in protecting the bottom line of some major campaign contributors.
Making the argument that publishing an eBook extractor is a malicious act seems akin to accusing a man of being a thief because he posesses hands with which to steal. Even within the letter of the DMCA, there are certain circumstances under which using an eBook extractor to access the content of an encrypted eBook would be undeniably legal.
Imagine how the deaf feel about having to pay the RIAA Tax on the purchase of every CD-R?
Web surfers might want a web browser which offers them more control of their surfing experience (privacy enhancements, for example), but web site purveyors want to see features which take control away from the surfer (such as unclosable pop-under windows).
The result of the collision of those two trends is that browsers (such as opera) which offer ad-blocking and privacy enhancing features are going to be discriminated against as opposed to browsers (such as IE) which offer web content providers a rich set of features. And the more empowering (to the user) the browser is, the more quickly web sites will move to degrade support for that browser.
Its' a shame, but phenomenon like this are going to kill the Internet as we know it, or reduce it to something nobody wants to waste their time on (like broadcast television.)
Yes, the issues run much deeper than I've touched on here. And if I appear to have misconceptions about the article, it's probably because the article contains so much to conceive that I've surely missed something.
For example, what if you did create your own compiler in machine language, entering each bit by hand into the EEPROM with a logic probe. (I've done this, but certaintly not for a whole compiler.) How do you know you can trust the hardware, unless you've also built that yourself? (Been there, done that, too.)
But asking the hard questions doesn't really bring us much closer to the answers.
One strategy for increasing the security of some aspect of a system is to increase the interdependence on other systems. One example of this is to use two ropes to lash cargo onto the roof of your car, rather than just one, such the both ropes would have to fail for the cargo to become insecure.
In our compiler example, this would mean a solution like compiling your (self written) compiler with as many different third-party compilers as possible (with all optimizations turned off, etc) and comparing the results. Unless they have all been compromised in the exact same way, the results should be very similar.
Another example (as I alluded to earlier) was to wedge the priority of comprimising a compiler against the priority of good benchmark results, making ties into the marketing layer. When the PHB's start asking why a compettitor's compiler is faster than their own, some engineer may become very motivated to look for trojan code.
In both of these, the methods employed in open source projects offer an advantage over closed source development in that a trojan would have to hide in a place no one looks, and there's no way for the author of such an exploit to predict where the masses will be looking (or not looking).
If you truly can't trust anyone but yourself, then this is the correct attitude to take. (But if that's the case, it makes me wonder if your trust in yourself isn't a bit misplaced? ;-)
As an alternative, you can trust that the competing interests and motivations of the multitudes of uncooperative parties will keep everyone honest, or at least (as you've pointed out) provide for a forum for the complainers to raise a red flag. Since not everyone who uses GCC is interested in using it the same way, if someone proposes a change which will 'shave a clock cycle off the execution time at the expense of using an extra byte of stack space' there's sure to be someone else who compalins. In an environment like that, trying to insert something as major as a back door is sure to raise alarms even if no one is 'in charge' of making sure a back door isn't inserted. As long as we don't become complacent, we should be fine.
Guilty as charged. But then again, most of us running Linux then immediately went in and started changing things (after all, we are engineers, aren't we?) and tried to understand everything it does. Any one of us could be the one who posts the question "why is my box trying to connect to 212.146.0.34:1963 when i rebuild Libpcap?" and raises the flag on the next trojan.
(Which is why modding posts as off-topic, or telling newbies to go away, or refusing to help someone learn is so damaging, to ourselves as a community, but that's another thread...)
Because all the authors of software written by a single commercial organization share at least one common motivation: they want to keep their jobs. If it comes to a choice between writing software which will exclude a remote exploit and run faster or writing software which will do what their boss demands and allow them to keep their job, too many people will opt to keep their job, and just hope that no one ever finds out.
And with closed source, they're at least fairly safe.
There was one flaw in this 'undetectable backdoor'; it was dependent on everyone using a trojaned compiler. This was a fairly safe assumption back when only a handful of people had ever written one, but it no longer holds true today (and largly because of the open source phenemon) where everybody and his brother writes a compiler in some third year programming class.
Of course, it doesn't have to stop there; a clever (and well-funded) adversary could trojan the microprocessor hardware (in the BIOS, for example) to accomplish the same thing, but then you begin to run into economics problems; a processor streamlines to process 'just the facts' is always gonna blow the pants off any processor which is both running the latest benchmarking program and checking to see if it should be inserting a back door into the program it's running.
Open source makes it very difficult to predict how your users will see (or use) your software, which make it difficult to correctly 'keep up the apperance' that everything is kosher.
Anyone who believes that closed source is more secure from trojans than open source is simply blind (or ignoring) the truth.
A license is a right to do something. You don't automatically have a right to sell your rights.
Do you have a driver's license? Can you sell me your drivers license (if I've lost mine?) You could sell me the piece of plastic it's printed on, but you would not be selling me the privlege to drive, and if I were pulled over the authorities would not allow me to use your drivers license to assert your privleges for myself.
(On the other hand, if all I needed was a piece of plastic to pick my teeth with, I could buy the plastic which represents your drivers license and use it as I see fit.)
The analogy to the sale of Microsoft products on Ebay fails only because (unlike the traffic cop) Microsoft has no effective way to tie the "License to Use" to a person (or a computer) and instead ties it to the media. Having the media allows you to "fool" the enforcement mechanism and assert a privlege to use the license in a way which (Microsoft claims) you do not have.
But that's where all the Passport, Palladium and .NET stuff comes in. Once they know that Mr. Ebay Seller's license number is tied to Mr. Ebay Seller's passport account, they can prevent Mr. Ebay Buyer from making use of the license he bought on Ebay. Mr. Buyer will instead have to buy a new license from Microsoft.
It makes me wonder; perhaps they already have that information and all the people who bought M$ software on Ebay (or obtained it through other license transfers) will one day wake up to find they can no longer use their license, and must buy a new one. Or the related question; if Microsoft asserted that my license key was registered to someone else, (and thus, I had no license) would I be able to prove they were wrong? Even if you bought the software legitimately, are you sure no one copied-down the license key before you received it?
No. Software licenses are an expense, and are recorded as such on the balance sheet.
No, let's hope not. Personally, I'd rather see them maintain their delusions until they're no longer in office. After that, they can delude as they see fit.
Buckhurst's Tragedy of Ferrex and Porrex.
I guess that just shows how a difference in perception can result from a difference in heritage. You may be right that most of these are (or are considered to be) client/server, but almost none of them have to be.
The email system I grew up with (sendmail on UNIX) was always designed around peer to peer communication. Email was sent directly from my host to your host, and stored there until you logged into your account and read the mail with your MUA. Of course this depends on my host and your host being always up, always on, always connected systems.
Instead of IM, we had talkd, which was peer to peer. Some people today still don't realize that you can look at files on your own computer using your web browser, even if you aren't running IIS or apache. (Who's the client and who's the server there?).
Nowadays, everyone thinks of email as something where you use your Outlook client to create the message on someone's Exchange server, where it's then sent to soneone elses' Exchange server for me to read with my Outlook client. (That, or it's created in a web client connected to the Hotmail server...)
This appears to have come about with the advent of low-powered, low cost "work stations" which were not always well maintained and therefore could not always be guaranteed to be up and available. It's kinda strange; we finally have inexpensive always-up network connections, cheap hardware which is powerful enough for low-bandwidth jobs like email and operating systems which can maintain multi-month uptimes. So what do we do? Convert everything to the client/server model where you can't send a message to your friend without AOL's server knowing about it.
A server is generally considered to be an "always up, always available" host; the same is not true of a client. No one (but you) will be inconvenienced if you decide to shut down your client, but someone might be inconvenienced if I shut down my server.
Or maybe that's the true difference between people who use UNIX and people who use Windows: UNIX people see their machines as ialways-up servers, Windows people see their machines as temporarily up clients.
Also, a client always knows who it's server will be before the session begins (because it initiates the session), a server does enjoy the same luxury. It does not know who it's clients will be before the session is initiated. It also strikes me as interesting how the most damaging viruses in the world are client machines which have been turned into servers.