Bad news, dude. This one is a stupid capitalist
restriction. The reason they're doing it is, as
it says in the original post, that they've sold
exclusive coverage "rights" to big news
organizations for big money.
Why do some vulnerabilities get trumpeted
all over the press, and some get ignored? It's
not Microsoft favoritism... for the most part,
the press likes
to bash Microsoft as much as the next
institution.
It's a matter of whether
it's a slow news day and of whether somebody
issues a press release. ISS issued a press
release about the Piranha thing, and probably
had PR people calling up reporters. This
is much more effective in getting press
attention than posting something to
NTBUGTRAQ, because most reporters aren't
reading NTBUGTRAQ, and don't understand what
they're reading if they are.
The story
had "legs" because it could be used to "attack
the myth of open source invulnerability"
(it means zero to a reporter whether
anybody actually believes a "myth"). This
undoubtedly helped to get some of the mags
to pick it up. Once a few pick it up, a feeding
frenzy always ensues.
The bad actor here, if there is one, is ISS, which
is a company that seems to be mostly in business
to call attention to itself by picking random
vulnerabilities, often widely known to others,
and screaming about them. As far as I can tell,
ISS is largely a firm of media whores. Not that
that doesn't describe much of the rest of the
security industry just as well.
The problem on the press side is lazy, ignorant,
sloppy reporters eager to grab some bogus
issue and make a big deal out of it, not
malevolent ones eager to kiss Microsoft's ass.
Ever think about why we have stable governments in the West?
Ever think that maybe it's because people perceive those governments as:
Relatively fair?
Able to take criticism without throwing people in jail?
More protective of rights than destructive of them?
Willing, at least once in a while, to follow moral principles?
Prepared to abide by their own constitutions?
Maybe those are the reasons that the governments are allowed to stand, rather than having a revolution once a week, eh?
I submit that it's very possible the places you mention suck so much partly because they have idiotic, repressive ways of dealing with dissent. If you look at places like that, they've usually been police states for a long time... over several changes of government.
And the idea that the 1950s were any more "trying times" for the United States than, say, the 1940s or the 1960s, is just idiotic. As is the idea that Communists in the 1950s were any threat to the stability of the US government.
Not that I'm saying that present Western government practices are really safe or acceptable, mind you.
I used to do security for the products of a major Internet equipment vendor. I spent a lot of time talking to people at other vendors.
The vendors know some ways to make things more secure, but they've learned that their customers don't really want them to do it. Customers (ISPs, businesses, whoever), talk about wanting more security, but when it comes down to a choice between better security and more new features, they always pick the features. If you take the time to make your product more secure, you get killed in the marketplace.
I know of a commercial UNIX workstation vendor that tightened up default security... things like making the user set a root password at login, and not allowing rsh access to every machine on the network by default. The first time they did it, their customers made them undo it, because it was too much work to configure things right, and it was easier to just leave everything open.
It's so bad that one guy who had a job like the one I had, Mark Graff from Sun, has publicly called for government regulation to force people to release secure systems... not because the vendors don't want to release secure systems, but because the competition was making it impossible for them to do so.
There's hope, though. People are starting to really care. Another couple of years of this, and customers may start really demanding security, instead of just giving it lip service. Someday, that hosting company with the "seal of approval" may actually have a competitive advantage, because the guy in the next rack will know that it's less likely the whole data center will get shut down.
Cisco's document entitled "Improving Security on Cisco Routers" covers this.
By the way, although it's true that there's some performance impact from filtering, it's not nearly as much as the ISP folklore (and a lot of the posters here) would have you believe. I've turned on filtering on very heavily loaded routers and had it work fine.
Yes, there is a high probability that naively encrypted e-mail will be detected, if not now, then in the foreseeable future... and they're not going to announce when they develop that capability. If it's detected, then you want to hope it's blocked, since if they don't block it, it probably means they're investigating you and planning something nasty.
People have suggested steganography. It's a good idea, but it is detectable. Present steganographic methods will not protect you against anybody who's investigating you specifically and has any real sophistication. You can tell if a message has been watermarked into an image, for instance.
And, as somebody else pointed out, even a pattern of large images passing back and forth is suspicious if you're visible enough to be watched at all. Eventually, they might get bulk techniques for detecting most kinds of steganography. Use with extreme caution.
Somebody suggested an offshore drop. Probably the safest thing, but use with caution.
Whatever crypto or steganographic software you use, make sure you know the consequences of getting caught with the software itself. I don't know what they are, but I'd suspect there might be some, especially if they wanted an excuse to nail you.
Iran
It depends on who you want to collect donations from. If you really want to take credit cards, it can be tricky to get a merchant account. One trick is to use a Web shopping-cart billing service, although they'll skim a lot of money from you.
Where to host: How about HavenCo? They're giving out free hosting for qualified human rights people. They should be pretty hard to get at.
It shouldn't be too difficult to get the money into a US bank account, perhaps in the name of a local sympathizer. It's probably a bad idea to put her own real name on the account.
Transfer of funds is the hard part. Setting up some kind of bogus commercial transaction might work. Probably not enough money there to make it worthwhile to smuggle cash, and that's mondo expensive, anyway. Be careful about running into US (or wherever) "money laundering" authorities... they have very sophisticated surveillance on this, and I wouldn't put it past them to let the information fall into the hands of the Iranian government.
There are specialists in this sort of thing. It's a good idea to seek out a good one. I've probably already said more than I'm competent to say.
I don't see any copyright issue as long as you have the author's permission (assuming the author hasn't sold the rights to anybody else).
All the comments about communication for China apply, only more so.
Um, you do know that corporations are themselves creations of government, right? It's not an either-or thing. They're part of the same power structure.
Where some libertarians fall down is in not realizing that the whole corporate form is about weakening the legal responsibility of stockholders for the actions of the corporations they own. This creates huge, unaccountable entities which are NOT part of the sort of individualistic thinking that underlies most libertarianism.
One reason that libertarians often miss the fact that corporations are artificial creations of government (and are therefore without natural rights), is that their opponents on the left spend so much time attacking the whole concept of property rights, whether individual or corporate. The distinction between the rights of a person and the rights of an artificial entity gets lost in the noise, and both sides forget about it.
... is to cut all of France off. From all of Yahoo. Until they're invited back. Seriously. If they bend over for this, everybody is going to start doing it.
Of course, they're not gonna have the guts to do that.
I didn't respond intelligently to your central point.
I'm not sure that the GPL's permission to create derivative works really matters, but if it does, it wouldn't be hard to modify the GPL to allow modifications to everything but the hack that forced release of modified source.
Somebody else has pointed out that there may be philosophical objections to doing this. I could buy that, but I think the law would let you do it if you chose to do it.
Re:You might be able to use the DMCA, anyway...
on
Thus Spake Stallman
·
· Score: 3
The DMCA seems like a reasonable and fair document if you actually read it...
Trust me, I've read it. I read the drafts of it. I argued with a bunch of lobbyists about it. It's not as disastrous as it might have been. It's still a horrible law.
First of all, no, users do not "still have the right to crack software they have lawfully purchased". Not in general. They can do it to reverse engineer for interoperability, they can do it for certain research in cryptography. They can't do it just for their own convenience.
Secondly, even the permission to do it for interoperability is screwed up. Take DVDs. You can analyze CSS to figure out how it works, for the purpose of creating a DVD player app. You cannot actually distribute the app... the exception applies only to your own circumvention, not to the separate provisions on distributing tools. Not only that, but you can't actually use your crack to watch DVDs... you can only try to figure out interoperability.
As I've mentioned elsewhere, the anticircumvention provisions are also bad in that, once you've put in place a measure to protect your copyright, you can start using it to enforce other restrictions that break fair use. Take CSS again. It's illegal to crack it because it prevents copying. It also enforces region coding. DVD producers have no legal right to tell users where they can play the disks... but, under the DMCA, users can't bypass region coding, because that requires bypassing the CSS, which is also a copy protection scheme, and is also protected.
There are lots of other practical problems with the DMCA... like the fact that it outlaws trying to reverse the encryption on a virus to figure out how it works. These things often look "fair and reasonable" until you actually think about how they can be applied.
Re:You might be able to use the DMCA, anyway...
on
Thus Spake Stallman
·
· Score: 1
Um, the DMCA provisions in question aren't about license agreements. They're about copy protection measures... and about other measures that do similar things, like determining how many times you can view a movie.
A copyright holder has certain legal rights even if no license exists. Any technological measure that enforces any of those rights is automatically protected from circumvention; there doesn't have to be a license of any kind.
If the technological measure also enforces a bunch of obnoxious policy, the user still can't circumvent it, even if the user hasn't accepted the license. That's the "trojan horse" aspect of the DMCA... you create a measure that protects you from copying, and then use that same measure to put all kinds of other restrictions on fair use.
The DMCA actually doesn't say anything at all about click-through or shrink-wrap licenses. The interesting parts of the DMCA are about technological protection measures and about the liability of Web service providers.
You might be able to use the DMCA, anyway...
on
Thus Spake Stallman
·
· Score: 4
RMS sez:
They allow copyright owners to restrict the mere running of a program--but only if some sort of hard-to-bypass license manager or access control enforces the restrictions. The freedom of free software means that even if we did put such artificial restriction into a program, the user could easily bypass them--and that's a good thing! But it means that new legal power is not available for use for copyleft.
I think this is a misreading of the DMCA. The protection measure does not need to be "hard to bypass". People think that it does because the DMCA talks about measures that "effectively protect" rights of copyright holders... but if you look at the text more closely, you'll discover that "effectively protects" is redefined to mean nothing that any rational person would recognize.
A measure "effectively protects" something if, in the course of its normal operation, the measure enforces some kind of policy. It doesn't matter how trivial it is to bypass the measure... it's still effective by this definition.
I think (IANAL) that you could very probably enforce the DMCA against anybody who tried to bypass (say) a makefile hack that e-mailed any modified source to the FSF whenever it was compiled. It's that broad.
Looks like Zero Knowledge picked an inopportune time to update their Web site.
They run a network that's like a proxy on steroids. They even try to protect you against traffic analysis. Everything is encrypted. Everything goes through three servers, chosen by the user from a long list. The server operators are all independent of each other.
Each server knows only the hop before it and the hop after it. The first server has your IP address, but not the address of the site you're visiting, let alone the URL. It only knows how to send the data to the second server. The second server knows only the other two, and doesn't know who you are or what site you're hitting. The third server knows the URL, and how to send the data back via the second server, but not who's hitting it. You can theoretically use longer chains. You can pick servers in different countries. Etc, etc.
A future version of the system is supposed to send "cover traffic" to screw up traffic analysis.
The software runs on Windows; Linux version due RSN, so they say.
50 bucks buys you 5 pseudonyms for a year. Hizonner says check it out (when the Web site comes back up).
Thank you for parroting moronic platitude number 37. Your toaster will be arriving by US mail.
Even if you assume that the state generally implements the will of the majority (a tough assumption to defend), the idea that a majority can speak for everybody is morally indefensible.
The state is not the citizens. The state is an organization with its own dynamics, set up to implement an at-best-poor approximation to the consensus desires of a (possibly large, possibly small) subset of the citizens.
In the case of schools in the US, this includes systematically inculcating consensus ideas, many of which are nonsense, and systematically suppressing independent thought.
There isn't really a bright line between employers and government nowadays in a lot of places.
Most employers are corporations. We tend to forget that corporations are not natural persons; they are creations of government. The reason they were created is that pure voluntary associations of natural persons, without the rather unnatural liability protection that defines the corporate form, would not end up being like corporations, nor acting like corporations. We should all be careful of them, including libertarians... there is no purely libertarian argument for corporations in their present form to exist at all. As somebody else pointed out, they concentrate power.
Worse, corporations are amoral, and they have to be amoral. If you are a moral person managing a corporation, you have a duty to your shareholders to maximize profits. As part of the deal you struck when you took your job, you have to suppress your own values in all but the most extreme situations. Basically, you've agreed to do whatever the law will allow, however disgusting, to make a buck. Notice that that wouldn't necessarily be the case with other forms one could imagine for large enterprises.
Corporations were created to concentrate power and insulate people from consequences. They should be watched closely, and it's not clear that they should have the same unrestricted property rights as real people have, and that includes the right to monitor all use of their property.
Less radical, but still real: a huge amount of the employer monitoring that goes on is encouraged or required by government. Drug testing, for example, in some industries.
US harassment laws, as another example, are deliberately designed to make employers do things, or to encourage them to do things, that would obviously be unconstitutional if the government tried to do them itself. I'd guess those laws are responsible for 80 percent of the e-mail and Web monitoring in the US.
This is related to the point above. Among other things, the laws skirt the constitution by deliberately playing off of management's duty to make a profit above all else. Employers are encouraged to go way beyond the actual requirements of the law, because it's cheaper than considering each case for real. Here, the government has created a pliable organization, then pushed it to do its "Big Brother" work for it.
Another area of interest is intellectual property. IP laws are increasingly structured to let companies, both in their capacities as sellers, and in their capacities as employers, get away with murder. Non-compete agreements are perhaps defensible, but remember that they do amount to indentured servitude.
The DMCA is not defensible. Why do we have the DMCA? Because a lot of "good corporate citizens" asked for it. Why are they "good corporate citizens"? Because they cooperate with the government, and with individual politicians, in lots of ways, ranging from campaign contributions to "free" assistance with government programs to just plain not raising a stink at Orwellian stuff like that mentioned above.
Hell, even income tax withholding is an example of employers being recruited as agents of the government.
To sum up, in most of the rich industrialized countries, corporations, which are themselves artificial creations of the government, are coerced or encouraged to act as agents of the government (often by invading privacy). In return, those corporations are (partially) immunized from the consequences, and also get lots of "free rides" and chances to stomp on the rights of others. Where's the line?
No, not my right to be free of them, but the rights of the victims. The act of producing an illegal movie can't be divorced from it's distribution.
Er, why not? They're clearly separate acts, in their nature and in their consequences. You yourself are discussing them separately. There is certainly a connection between the two, but they are not the same act.
In fact, distributing erotic pictures and movies of minors who can't or haven't legally give their consent is, in my mind, unquestionably a violation of their rights
I have some sympathy for the victims in this case, but I reject the idea that they have a privacy right so strong that it overrides anybody's right to free expression or to freely seek information. I would reject the idea of such a right for adults who had not consented to being photographed, and I reject it equally for minors.
... and you're still assuming that any victims exist. I gave examples of cases where the material under discussion could be produced with no victims at all.
The opressed, whistleblowers and activists can generally contact someone who's sympathetic and out of harms way through PGP'd emails or some other method.
... and where did they get their copies of PGP, or of their steganographic tools, or of the plans for their satellite transmitters, or of any of a thousand other things that might reasonably be distributed through this system under a regime hostile enough to ban their overt distribution?
... but that's really beside the point...
This network will not give them any new killer tool to get their word out.
It may or may not be a really good propaganda tool... but saying that it's not important because it's not a "killer tool" is bogus. It's still a tool they may find useful. Anyway, I could say that the Worldwide Web didn't give catalog retailers any new "killer tools", either. They could always get their word out through US mail...
This network is overkill for the sharing of thoughts, which is generally through text.
Ignoring the issue of distributing software tools, I must disagree with your claim that media other than text are not important modes of expression for thoughts... and even more important modes of expression for persuasion. Nobody denies that movies, for example, are an effective propaganda tool. Whistleblowing, as another example, frequently involves distributing long documents, and could easily involve multimedia in the future.
On the other hand, it *COULD* make the lives of those sharing illegal multimedia files much easier.
It undoubtedly will make their lives easier... just as it will be an easier way for "positive" users to do things.
You forget about the right of privacy of the victims.
A good point. I'm not used to arguing utility, so I miss things. However, in a pure utilitarian system, this still wouldn't matter if they didn't know about it. Whereas in my real system, which is not utilitiarian, I see the right to privacy as distinctly inferior to the right to free interchange of information.
What if it was *you* as an eight year old child on Usenet? What if it was a daughter or son? What if it was your best friend getting assaulted in an.mpg? None of these people gave consent.
If it was me, I'd honestly find it pretty amusing. In the other cases, I'd probably be awfully angry, at least if the victims were angry as well. I hope I would still not be asking for the network to be turned off, nor for anybody to be thrown in jail for posting the video (as opposed to for participating in the rape, assault, etc.).
How are *you* damaged by Proctor & Gamble selling your personal details to American Express without your permission, even if you don't expressly know about it? Why is it ok for an individual to violate the right of privacy of another individual, and not a company?
I believe that they have every right to swap whatever information they can collect on me, at least as long as they haven't agreed otherwise. I personally do not support any restrictions on them whatsoever. Where do you get the idea that I do?
I, of course, have a right to attempt to stop them from collecting information, and I am open to the idea that I might have a right to restrict them by contract from distributing that information.
What is the essential GOOD of anonymity? You claim not to be a utilitarian. Arguing that whistleblowers and so on won't come forward without an impenetrable shield of anonymity is a pretty utilitarian argument. Ideally, shouldn't people stand up for what they beleive in with or without the fear of reprisal?
I was presenting a utilitiarian argument because I was asked for an argument by somebody whom I perceived to be a utilitiarian. By the way, I use the word "utilitarian" in the strict hedonistic sense.
My own personal position is that the most important human activity, and the most important human right, is to think and feel freely. This is a moral postulate for me. I see freedom of information interchange (meaning information in the broadest sense, not just data, but art as well) as derived from that; one cannot think and feel fully without both receiving input and expressing output. Freedom of speech is a special case of the freedom of information interchange.
I believe that one should be able to interchange information an absolute minimum of restriction... usually none at all, because that's a part of the process of thinking and feeling, which is itself an unqualified good. I am prepared, for practical purposes, to accept a very few restrictions if they can be shown to be absolutely necessary to the survival of the species... and even then I don't feel good about it morally.
As far as anonymity goes, I believe, first, that the burden of proof for restricting any form of activity lies on those who would restrict it. I don't have to show the good of anonymity. You have to show the evil.
Furthermore, once you do that, we get into what is in fact a quasi-utilitiarian argument. You assert that anonymity should be restricted because it damages certain rights. I claim that it should not be restricted because it encourages the interchange of information, and therefore free thought and feeling, and is therefore good.
It's nice to say that we should all stand up for our beliefs, but remember that people have been killed for that, and still are being killed for it. If there's a way to reduce that, I think it's a good thing.
The reason Ralph Merkle sounded like he knew what he was talking about is that he, and a lot of his very smart friends, have spent a huge fraction of their time thinking and talking about this problem for the last 15 years, whereas Bill Joy just woke up to it a year and a half ago, and has decided to get all sensationalistic based on a relatively cursory analysis of the problem, done in a vacuum.
This does not, by the way, mean that Joy is a complete crackpot. It just means that he's advocating "solutions" that other people have already thought about, and pretty much proved to themselves won't work.
To get access to the 15-year tradition Merkle is working from, hook up with the Foresight Institute at http://www.foresight.org.
Everybody keeps saying that CSS is useless in preventing bit-for-bit copying. Guess what, folks. It's not. I'm amazed at how people are running down the design without bothering to understand it.
CSS keeps the key information for a disk in a special block on the disk. This block will not be writable on consumer DVD-R blanks... you will NOT be able to duplicate a DVD using these blanks. Writable blanks will be hard to find, and IIRC they will require special commercial equipment; you won't be able to write them in your DVD-R drive.
Now, obviously, this will not be an issue for commercial pirates, who will find a way to get commercial blanks and commercial production equipment. However, it will be an issue for the person making small-scale copies to give (or sell) to friends. The motion picture industry is just as interested in that kind of copying as it is in commercial-scale copying. The commercial blanks will be hard to get, and the equipment to write them will not be in everybody's living room, at least for a while.
As I recall, the first time I saw a description of all this was around a year ago; I think it was in some IEEE magazine. Even then, there was a clear explanation that the whole thing was not aimed at commercial-scale copying. It was aimed at consumer copying.
Now, it's true that the weak crypto they used made it almost certain that the system would be cracked, making the whole bit-copying issue irrelevant. It's fine to point out that it was silly for them to think it wouldn't be cracked. But this idea that they didn't even think about the bit-copying issue is just stupid. The only real problem with the system is in the crypto.
In fact, they even gave some thought to how to make it harder to get drives that will give you the encrypted files for cracking... although, unfortunately for them, the early drives don't have those restrictions.
Making drives enforce the system really does help from their point of view. Sure, you can burn a new PROM for a drive, but how many people are actually going to do that? They're hoping that people will either have to spend money or manually hack hardware; that will reduce copying to a level they can live with... especially since they were (and to some degree are) probably expecting the Digital Millenium Copyright Act's ridiculously draconian penalties to prevent the spread of any hacks.
Pure software cracks are what they really worry about... and the reason they're so upset is that they didn't expect one to come out so soon.
CSS isn't perfect, and I tend to share the prevailing Slashdot view that it wasn't worth their trouble to do it in the first place. Certainly I think that the lawsuit is crap, and I like the fact that the law doesn't give them infinite rights.
Do not, however, make the mistake of thinking that the designers, and their corporate masters, didn't think about the obvious ways the system could be cracked. Their goal was to reduce piracy; they've always realized they couldn't eliminate it. They are being stupid, but not as brain-dead as the bit-copying argument makes them out to be. Don't underestimate your opponents...
I can't hijack Main Street, but I can blow it up. I can hijack a bus (and it's just about as useful as hijacking a plane, since the only thing you get out of hijacking a plane is usually publicity). Hijacking planes was trendy for a while, and everybody paniced, so we've got airport security.
As for the "private property" argument, you're full of shit. Airport searches are imposed by governments. They were not voluntarily initiated by the airlines, although I admit that the airlines don't really seem to mind. I suspect that competition would quickly produce some non-searching airlines if the searches weren't required.
The "private jet" analogy is just silly. I wouldn't let random strangers in my car, either, but nobody searches you when you get on a city bus.
Well, Millivision is already selling a thingie that can detect your heartbeat through a wall, and the cops are making drug busts based on through-the-wall infrared images, so I guess the future is here.
Sigh. Personally, I routinely hang out (ahem) in places where everybody is naked. Other than the danger of being arrested, I'd have no problem with wandering around in an airport stark naked.
The issue, from my point of view, is that a bunch of people have decided they can make me submit to any kind of search they want, any time they want, and justify to them anything I may be carrying, for reasons which are more or less totally bogus.
These scanners are nothing fundamentally new, but they extend the already-evil airport search regime.
That's the first use. Such scanners are definitely going to be used for other things, in airports and probably elsewhere, at least if the people selling them have their way. This whole thing has been under discussion for a couple of years now.
That would be true, except that neither customs searches nor airport security searches are imposed by the airlines.
It's true that the airlines conduct security searches. However, they are required to conduct those searches by massive FAA pressure.
In a real market, I could go to a competing airline that didn't do searches if I didn't like searches. There very probably would be such an airline... maybe most airlines. That option is not available to me because of government regulation.
The airlines and I are being deprived of the right to freely negotiate a contract, and that is a right that we definitely do have.
It doesn't work. Airport security, including this system, exists primarily to make people feel safe. It has limited effect in actually making them be safe. Even if these systems couldn't usually be evaded even in the airports (and they can), all they would do is to cause people to do their evil deeds in the hundreds of other places that have equivalent crowds and less security... many of which places aren't securable in any reasonable way, so you can't just "fix the problem" by adding more security there.
It's obnoxious and not worth it, even if it did work. I come from a pretty radical place on this... as far as I'm concerned, all customs searches are unacceptable, as are all routine airport searches. Think about it... if they can search you at the airport, why shouldn't they be able to search you as you're walking down the street? What is the real difference?
Slashdot Mirror
Bad news, dude. This one is a stupid capitalist restriction. The reason they're doing it is, as it says in the original post, that they've sold exclusive coverage "rights" to big news organizations for big money.
What an idiot.
And I say that as a capitalist.
It's a matter of whether it's a slow news day and of whether somebody issues a press release. ISS issued a press release about the Piranha thing, and probably had PR people calling up reporters. This is much more effective in getting press attention than posting something to NTBUGTRAQ, because most reporters aren't reading NTBUGTRAQ, and don't understand what they're reading if they are.
The story had "legs" because it could be used to "attack the myth of open source invulnerability" (it means zero to a reporter whether anybody actually believes a "myth"). This undoubtedly helped to get some of the mags to pick it up. Once a few pick it up, a feeding frenzy always ensues.
The bad actor here, if there is one, is ISS, which is a company that seems to be mostly in business to call attention to itself by picking random vulnerabilities, often widely known to others, and screaming about them. As far as I can tell, ISS is largely a firm of media whores. Not that that doesn't describe much of the rest of the security industry just as well.
The problem on the press side is lazy, ignorant, sloppy reporters eager to grab some bogus issue and make a big deal out of it, not malevolent ones eager to kiss Microsoft's ass.
Ever think that maybe it's because people perceive those governments as:
Maybe those are the reasons that the governments are allowed to stand, rather than having a revolution once a week, eh?
I submit that it's very possible the places you mention suck so much partly because they have idiotic, repressive ways of dealing with dissent. If you look at places like that, they've usually been police states for a long time... over several changes of government.
And the idea that the 1950s were any more "trying times" for the United States than, say, the 1940s or the 1960s, is just idiotic. As is the idea that Communists in the 1950s were any threat to the stability of the US government.
Not that I'm saying that present Western government practices are really safe or acceptable, mind you.
The vendors know some ways to make things more secure, but they've learned that their customers don't really want them to do it. Customers (ISPs, businesses, whoever), talk about wanting more security, but when it comes down to a choice between better security and more new features, they always pick the features. If you take the time to make your product more secure, you get killed in the marketplace.
I know of a commercial UNIX workstation vendor that tightened up default security... things like making the user set a root password at login, and not allowing rsh access to every machine on the network by default. The first time they did it, their customers made them undo it, because it was too much work to configure things right, and it was easier to just leave everything open.
It's so bad that one guy who had a job like the one I had, Mark Graff from Sun, has publicly called for government regulation to force people to release secure systems... not because the vendors don't want to release secure systems, but because the competition was making it impossible for them to do so.
There's hope, though. People are starting to really care. Another couple of years of this, and customers may start really demanding security, instead of just giving it lip service. Someday, that hosting company with the "seal of approval" may actually have a competitive advantage, because the guy in the next rack will know that it's less likely the whole data center will get shut down.
Let's hope...
By the way, although it's true that there's some performance impact from filtering, it's not nearly as much as the ISP folklore (and a lot of the posters here) would have you believe. I've turned on filtering on very heavily loaded routers and had it work fine.
Yes, there is a high probability that naively encrypted e-mail will be detected, if not now, then in the foreseeable future... and they're not going to announce when they develop that capability. If it's detected, then you want to hope it's blocked, since if they don't block it, it probably means they're investigating you and planning something nasty.
People have suggested steganography. It's a good idea, but it is detectable. Present steganographic methods will not protect you against anybody who's investigating you specifically and has any real sophistication. You can tell if a message has been watermarked into an image, for instance.
And, as somebody else pointed out, even a pattern of large images passing back and forth is suspicious if you're visible enough to be watched at all. Eventually, they might get bulk techniques for detecting most kinds of steganography. Use with extreme caution.
Somebody suggested an offshore drop. Probably the safest thing, but use with caution.
Whatever crypto or steganographic software you use, make sure you know the consequences of getting caught with the software itself. I don't know what they are, but I'd suspect there might be some, especially if they wanted an excuse to nail you.
Iran
It depends on who you want to collect donations from. If you really want to take credit cards, it can be tricky to get a merchant account. One trick is to use a Web shopping-cart billing service, although they'll skim a lot of money from you.
Where to host: How about HavenCo? They're giving out free hosting for qualified human rights people. They should be pretty hard to get at.
It shouldn't be too difficult to get the money into a US bank account, perhaps in the name of a local sympathizer. It's probably a bad idea to put her own real name on the account.
Transfer of funds is the hard part. Setting up some kind of bogus commercial transaction might work. Probably not enough money there to make it worthwhile to smuggle cash, and that's mondo expensive, anyway. Be careful about running into US (or wherever) "money laundering" authorities... they have very sophisticated surveillance on this, and I wouldn't put it past them to let the information fall into the hands of the Iranian government.
There are specialists in this sort of thing. It's a good idea to seek out a good one. I've probably already said more than I'm competent to say.
I don't see any copyright issue as long as you have the author's permission (assuming the author hasn't sold the rights to anybody else).
All the comments about communication for China apply, only more so.
Um, you do know that corporations are themselves creations of government, right? It's not an either-or thing. They're part of the same power structure.
Where some libertarians fall down is in not realizing that the whole corporate form is about weakening the legal responsibility of stockholders for the actions of the corporations they own. This creates huge, unaccountable entities which are NOT part of the sort of individualistic thinking that underlies most libertarianism.
One reason that libertarians often miss the fact that corporations are artificial creations of government (and are therefore without natural rights), is that their opponents on the left spend so much time attacking the whole concept of property rights, whether individual or corporate. The distinction between the rights of a person and the rights of an artificial entity gets lost in the noise, and both sides forget about it.
Of course, they're not gonna have the guts to do that.
I'm not sure that the GPL's permission to create derivative works really matters, but if it does, it wouldn't be hard to modify the GPL to allow modifications to everything but the hack that forced release of modified source.
Somebody else has pointed out that there may be philosophical objections to doing this. I could buy that, but I think the law would let you do it if you chose to do it.
Trust me, I've read it. I read the drafts of it. I argued with a bunch of lobbyists about it. It's not as disastrous as it might have been. It's still a horrible law.
First of all, no, users do not "still have the right to crack software they have lawfully purchased". Not in general. They can do it to reverse engineer for interoperability, they can do it for certain research in cryptography. They can't do it just for their own convenience.
Secondly, even the permission to do it for interoperability is screwed up. Take DVDs. You can analyze CSS to figure out how it works, for the purpose of creating a DVD player app. You cannot actually distribute the app... the exception applies only to your own circumvention, not to the separate provisions on distributing tools. Not only that, but you can't actually use your crack to watch DVDs... you can only try to figure out interoperability.
As I've mentioned elsewhere, the anticircumvention provisions are also bad in that, once you've put in place a measure to protect your copyright, you can start using it to enforce other restrictions that break fair use. Take CSS again. It's illegal to crack it because it prevents copying. It also enforces region coding. DVD producers have no legal right to tell users where they can play the disks... but, under the DMCA, users can't bypass region coding, because that requires bypassing the CSS, which is also a copy protection scheme, and is also protected.
There are lots of other practical problems with the DMCA... like the fact that it outlaws trying to reverse the encryption on a virus to figure out how it works. These things often look "fair and reasonable" until you actually think about how they can be applied.
A copyright holder has certain legal rights even if no license exists. Any technological measure that enforces any of those rights is automatically protected from circumvention; there doesn't have to be a license of any kind.
If the technological measure also enforces a bunch of obnoxious policy, the user still can't circumvent it, even if the user hasn't accepted the license. That's the "trojan horse" aspect of the DMCA... you create a measure that protects you from copying, and then use that same measure to put all kinds of other restrictions on fair use.
The DMCA actually doesn't say anything at all about click-through or shrink-wrap licenses. The interesting parts of the DMCA are about technological protection measures and about the liability of Web service providers.
I think this is a misreading of the DMCA. The protection measure does not need to be "hard to bypass". People think that it does because the DMCA talks about measures that "effectively protect" rights of copyright holders... but if you look at the text more closely, you'll discover that "effectively protects" is redefined to mean nothing that any rational person would recognize.
A measure "effectively protects" something if, in the course of its normal operation, the measure enforces some kind of policy. It doesn't matter how trivial it is to bypass the measure... it's still effective by this definition.
I think (IANAL) that you could very probably enforce the DMCA against anybody who tried to bypass (say) a makefile hack that e-mailed any modified source to the FSF whenever it was compiled. It's that broad.
They run a network that's like a proxy on steroids. They even try to protect you against traffic analysis. Everything is encrypted. Everything goes through three servers, chosen by the user from a long list. The server operators are all independent of each other.
Each server knows only the hop before it and the hop after it. The first server has your IP address, but not the address of the site you're visiting, let alone the URL. It only knows how to send the data to the second server. The second server knows only the other two, and doesn't know who you are or what site you're hitting. The third server knows the URL, and how to send the data back via the second server, but not who's hitting it. You can theoretically use longer chains. You can pick servers in different countries. Etc, etc.
A future version of the system is supposed to send "cover traffic" to screw up traffic analysis.
The software runs on Windows; Linux version due RSN, so they say.
50 bucks buys you 5 pseudonyms for a year. Hizonner says check it out (when the Web site comes back up).
Disclaimer: I want to work for these guys.
http://www.freedom.net
Thank you for parroting moronic platitude number 37. Your toaster will be arriving by US mail.
Even if you assume that the state generally implements the will of the majority (a tough assumption to defend), the idea that a majority can speak for everybody is morally indefensible.
The state is not the citizens. The state is an organization with its own dynamics, set up to implement an at-best-poor approximation to the consensus desires of a (possibly large, possibly small) subset of the citizens.
In the case of schools in the US, this includes systematically inculcating consensus ideas, many of which are nonsense, and systematically suppressing independent thought.
The state may be you. The state is not me.
Most employers are corporations. We tend to forget that corporations are not natural persons; they are creations of government. The reason they were created is that pure voluntary associations of natural persons, without the rather unnatural liability protection that defines the corporate form, would not end up being like corporations, nor acting like corporations. We should all be careful of them, including libertarians... there is no purely libertarian argument for corporations in their present form to exist at all. As somebody else pointed out, they concentrate power.
Worse, corporations are amoral, and they have to be amoral. If you are a moral person managing a corporation, you have a duty to your shareholders to maximize profits. As part of the deal you struck when you took your job, you have to suppress your own values in all but the most extreme situations. Basically, you've agreed to do whatever the law will allow, however disgusting, to make a buck. Notice that that wouldn't necessarily be the case with other forms one could imagine for large enterprises.
Corporations were created to concentrate power and insulate people from consequences. They should be watched closely, and it's not clear that they should have the same unrestricted property rights as real people have, and that includes the right to monitor all use of their property.
Less radical, but still real: a huge amount of the employer monitoring that goes on is encouraged or required by government. Drug testing, for example, in some industries.
US harassment laws, as another example, are deliberately designed to make employers do things, or to encourage them to do things, that would obviously be unconstitutional if the government tried to do them itself. I'd guess those laws are responsible for 80 percent of the e-mail and Web monitoring in the US.
This is related to the point above. Among other things, the laws skirt the constitution by deliberately playing off of management's duty to make a profit above all else. Employers are encouraged to go way beyond the actual requirements of the law, because it's cheaper than considering each case for real. Here, the government has created a pliable organization, then pushed it to do its "Big Brother" work for it.
Another area of interest is intellectual property. IP laws are increasingly structured to let companies, both in their capacities as sellers, and in their capacities as employers, get away with murder. Non-compete agreements are perhaps defensible, but remember that they do amount to indentured servitude.
The DMCA is not defensible. Why do we have the DMCA? Because a lot of "good corporate citizens" asked for it. Why are they "good corporate citizens"? Because they cooperate with the government, and with individual politicians, in lots of ways, ranging from campaign contributions to "free" assistance with government programs to just plain not raising a stink at Orwellian stuff like that mentioned above.
Hell, even income tax withholding is an example of employers being recruited as agents of the government.
To sum up, in most of the rich industrialized countries, corporations, which are themselves artificial creations of the government, are coerced or encouraged to act as agents of the government (often by invading privacy). In return, those corporations are (partially) immunized from the consequences, and also get lots of "free rides" and chances to stomp on the rights of others. Where's the line?
Er, why not? They're clearly separate acts, in their nature and in their consequences. You yourself are discussing them separately. There is certainly a connection between the two, but they are not the same act.
I have some sympathy for the victims in this case, but I reject the idea that they have a privacy right so strong that it overrides anybody's right to free expression or to freely seek information. I would reject the idea of such a right for adults who had not consented to being photographed, and I reject it equally for minors.
It may or may not be a really good propaganda tool... but saying that it's not important because it's not a "killer tool" is bogus. It's still a tool they may find useful. Anyway, I could say that the Worldwide Web didn't give catalog retailers any new "killer tools", either. They could always get their word out through US mail...
Ignoring the issue of distributing software tools, I must disagree with your claim that media other than text are not important modes of expression for thoughts... and even more important modes of expression for persuasion. Nobody denies that movies, for example, are an effective propaganda tool. Whistleblowing, as another example, frequently involves distributing long documents, and could easily involve multimedia in the future.
It undoubtedly will make their lives easier... just as it will be an easier way for "positive" users to do things.
A good point. I'm not used to arguing utility, so I miss things. However, in a pure utilitarian system, this still wouldn't matter if they didn't know about it. Whereas in my real system, which is not utilitiarian, I see the right to privacy as distinctly inferior to the right to free interchange of information.If it was me, I'd honestly find it pretty amusing. In the other cases, I'd probably be awfully angry, at least if the victims were angry as well. I hope I would still not be asking for the network to be turned off, nor for anybody to be thrown in jail for posting the video (as opposed to for participating in the rape, assault, etc.).
I believe that they have every right to swap whatever information they can collect on me, at least as long as they haven't agreed otherwise. I personally do not support any restrictions on them whatsoever. Where do you get the idea that I do?
I, of course, have a right to attempt to stop them from collecting information, and I am open to the idea that I might have a right to restrict them by contract from distributing that information.
I was presenting a utilitiarian argument because I was asked for an argument by somebody whom I perceived to be a utilitiarian. By the way, I use the word "utilitarian" in the strict hedonistic sense.My own personal position is that the most important human activity, and the most important human right, is to think and feel freely. This is a moral postulate for me. I see freedom of information interchange (meaning information in the broadest sense, not just data, but art as well) as derived from that; one cannot think and feel fully without both receiving input and expressing output. Freedom of speech is a special case of the freedom of information interchange.
I believe that one should be able to interchange information an absolute minimum of restriction... usually none at all, because that's a part of the process of thinking and feeling, which is itself an unqualified good. I am prepared, for practical purposes, to accept a very few restrictions if they can be shown to be absolutely necessary to the survival of the species... and even then I don't feel good about it morally.
As far as anonymity goes, I believe, first, that the burden of proof for restricting any form of activity lies on those who would restrict it. I don't have to show the good of anonymity. You have to show the evil.
Furthermore, once you do that, we get into what is in fact a quasi-utilitiarian argument. You assert that anonymity should be restricted because it damages certain rights. I claim that it should not be restricted because it encourages the interchange of information, and therefore free thought and feeling, and is therefore good.
It's nice to say that we should all stand up for our beliefs, but remember that people have been killed for that, and still are being killed for it. If there's a way to reduce that, I think it's a good thing.
This does not, by the way, mean that Joy is a complete crackpot. It just means that he's advocating "solutions" that other people have already thought about, and pretty much proved to themselves won't work.
To get access to the 15-year tradition Merkle is working from, hook up with the Foresight Institute at http://www.foresight.org.
CSS keeps the key information for a disk in a special block on the disk. This block will not be writable on consumer DVD-R blanks... you will NOT be able to duplicate a DVD using these blanks. Writable blanks will be hard to find, and IIRC they will require special commercial equipment; you won't be able to write them in your DVD-R drive.
Now, obviously, this will not be an issue for commercial pirates, who will find a way to get commercial blanks and commercial production equipment. However, it will be an issue for the person making small-scale copies to give (or sell) to friends. The motion picture industry is just as interested in that kind of copying as it is in commercial-scale copying. The commercial blanks will be hard to get, and the equipment to write them will not be in everybody's living room, at least for a while.
As I recall, the first time I saw a description of all this was around a year ago; I think it was in some IEEE magazine. Even then, there was a clear explanation that the whole thing was not aimed at commercial-scale copying. It was aimed at consumer copying.
Now, it's true that the weak crypto they used made it almost certain that the system would be cracked, making the whole bit-copying issue irrelevant. It's fine to point out that it was silly for them to think it wouldn't be cracked. But this idea that they didn't even think about the bit-copying issue is just stupid. The only real problem with the system is in the crypto.
In fact, they even gave some thought to how to make it harder to get drives that will give you the encrypted files for cracking... although, unfortunately for them, the early drives don't have those restrictions.
Making drives enforce the system really does help from their point of view. Sure, you can burn a new PROM for a drive, but how many people are actually going to do that? They're hoping that people will either have to spend money or manually hack hardware; that will reduce copying to a level they can live with... especially since they were (and to some degree are) probably expecting the Digital Millenium Copyright Act's ridiculously draconian penalties to prevent the spread of any hacks.
Pure software cracks are what they really worry about... and the reason they're so upset is that they didn't expect one to come out so soon.
CSS isn't perfect, and I tend to share the prevailing Slashdot view that it wasn't worth their trouble to do it in the first place. Certainly I think that the lawsuit is crap, and I like the fact that the law doesn't give them infinite rights.
Do not, however, make the mistake of thinking that the designers, and their corporate masters, didn't think about the obvious ways the system could be cracked. Their goal was to reduce piracy; they've always realized they couldn't eliminate it. They are being stupid, but not as brain-dead as the bit-copying argument makes them out to be. Don't underestimate your opponents...
As for the "private property" argument, you're full of shit. Airport searches are imposed by governments. They were not voluntarily initiated by the airlines, although I admit that the airlines don't really seem to mind. I suspect that competition would quickly produce some non-searching airlines if the searches weren't required.
The "private jet" analogy is just silly. I wouldn't let random strangers in my car, either, but nobody searches you when you get on a city bus.
Well, Millivision is already selling a thingie that can detect your heartbeat through a wall, and the cops are making drug busts based on through-the-wall infrared images, so I guess the future is here.
The issue, from my point of view, is that a bunch of people have decided they can make me submit to any kind of search they want, any time they want, and justify to them anything I may be carrying, for reasons which are more or less totally bogus.
These scanners are nothing fundamentally new, but they extend the already-evil airport search regime.
That's the first use. Such scanners are definitely going to be used for other things, in airports and probably elsewhere, at least if the people selling them have their way. This whole thing has been under discussion for a couple of years now.
It's true that the airlines conduct security searches. However, they are required to conduct those searches by massive FAA pressure.
In a real market, I could go to a competing airline that didn't do searches if I didn't like searches. There very probably would be such an airline... maybe most airlines. That option is not available to me because of government regulation.
The airlines and I are being deprived of the right to freely negotiate a contract, and that is a right that we definitely do have.
Two problems:
It doesn't work. Airport security, including this system, exists primarily to make people feel safe. It has limited effect in actually making them be safe. Even if these systems couldn't usually be evaded even in the airports (and they can), all they would do is to cause people to do their evil deeds in the hundreds of other places that have equivalent crowds and less security... many of which places aren't securable in any reasonable way, so you can't just "fix the problem" by adding more security there.
It's obnoxious and not worth it, even if it did work. I come from a pretty radical place on this... as far as I'm concerned, all customs searches are unacceptable, as are all routine airport searches. Think about it... if they can search you at the airport, why shouldn't they be able to search you as you're walking down the street? What is the real difference?