If the bill permitted bringing down a router or releasing virii, the analogy would hold. However, it only really allows for DoS-like attacks, so anything with that much blood and guts just looks like hyperbole. One of RW's major defenses, and he is correct on this, is that the bill is broadly misunderstood and misportrayed in the media. The problem is that the people who do understand it and see its flaws are drowned out by the hype. That's why I've struggled to form an analogy that explains the collateral damage which necessarily occur with that sort of attack. If the bill does actually come back to life, I may try to work out something involving filling a water main with mud to prevent one customer from tapping the pipe. Otherwise, I'm going to focus my rants elsewhere, particularly on trying to get his support for the Digital Media Consumers Bill of Rights, but of course, that has to first be reintroduced also!
I do not agree with their reasoning (I've elaborated at least one reason why elsewhere on this thread) but there is a sort of logic to it. It is an attempt to address the problem of millions of technology-facilitated acts of copyright infringement with a technological solution that can only be enacted if normal laws about interfering with computers are suspended.
Assuming you define "hack" very narrowly as disruption of illegal traffic on P2P networks, that is pretty much exactly what the bill says, although there are numerous safeguards against abuse written into it. Specifically, the copyright holder is not authorized to do any damage to a network or computer, only to disrupt their ability to share the copyrighted material. It also explicitly disallows affecting any user that is not participating in the filesharing, which makes the entire act paradoxical because there is no kind of disruption that can be applied without, at minimum, reducing quality-of-service on the Internet as a whole by virtue of the extra packets required to launch the attack.
I just wish they'd pass a law that says I can divide by zero. That would save me a lot of compiler errors...
I have exchanged numerous emails with my congressman (Rep Robert Wexler, 19th district FL) on this topic, as he is a cosigner of the bill. As recently as this weekend, I received another message from him indicating his ongoing support for the legislation. Perhaps if Berman drops it, this will be the end of the discussion. Nonetheless,/.ers may find this humorous:
I have repeatedly criticised the bill to him on the grounds that it is prima facie impossible for a P2P vigilante to launch an attack against a file trader without collateral damage to innocents on the same network who necessarily suffer loss of quality of service simply by virtue of having to share bandwidth with one more person (the vigilante). In spite of several attempts to put this idea into much simpler terms than presented here, the message never seemed to get through to him. He remains confident that by writing the law to explicitly forbid damages to nonparticipating networks or computers, that this will somehow make it so. It sort of reminds me of the legends of a proposal in the Indiana legislature (though this is probably just a Kentuckian joke) that pi should be exactly 22/7. It may be physically impossible, but goldurnit, we're gonna write the law anyway!
So, basically what they would do is pass a law that made it legal for copyright owners to disrupt P2P networks, but write it in such a way that it would be impossible for the vigilantes to exercise that right because they couldn't do so without engaging in prohibited activity: namely reduction in QoS for users who were not participating in the exchange. It's either a fantastic example of pure congressional ignorance of technological (heck, basic physical) reality, or evidence of a level of cynicism previously unimagined; that they would spend all this time tossing a bone to the *AAs with a rubber band attached.
Not really. Remember that for this advice to be effective, I would have to warn myself before I did any of those things. Ergo, you can only safely conclude that I was a wild thirteen year old.:-)
About the only example I can think of would be a Web mail or similar application that a user would refresh at intervals. Perhaps an attacker could watch many sessions and, once a recurring pattern is noticed in one, could zero in on that one for the timing attack?
This is all very hypothetical, and I agree that it is unlikely to work in the field. IMAP is a much better target.
Precisely. IMAP is a particularly good example of a target because the same block of text is sent on a predictable interval when the mailer is set to check for mail every n ticks. I can't think off hand of that many password-protected web apps that refresh with the regularity of an IMAP client/server exchange, but you're right in noting that anythng using SSL and repeating an exchange is vulnerable.
Apparantly the flow only affects webmail and not banking or credit card payments
The linked article reports a timing-based attack that could be used to identify passwords when the encrypted message is repeated, as in the case of communicating with an IMAP server. IMAP is not webmail, it is a mail protocol (a popular alternative to POP3) that is frequently secured with SSL/TLS. Once the password is cracked, it could be used to compromise other resources if the IMAP server and those other resources share the same password. It may not be likely that your bank provides your IMAP server, but it is not as unlikely that an IMAP account might share a password with other network functions that you'd want to keep secured...
Speaking as a Democrat (generally for lack of better options), I have observed that our Democratic reps generally just sell out a different set of our interests to a different set of corporations, e.g. Copyright instead of Oil cartels.
As documented in your citation, slippery slope is an informal fallacy that rests on uncertainty in the premises in what is otherwise a deductively valid argument. It would make the debate more productive, if not easier, if you would address the premises rather than regurgitating your first semester logic course.
Not making any value judgement here (which would make me a hypocrite because I too was involved in some backyard munitions back in the day) but what you were doing - making warheads for the rockets - was against model rocketry association rules and probably already illegal at the time. Laws to prevent weaponizing what is otherwise a valuable scientific (and fun) toy are arguably reasonable, but I agree with other posts that banning the rockets themselves is about as sensible as banning soap.
Thanks for the clarification. I didn't miss it, but in my experience "such as" usually means that one expects any option not specified to be similiar in nature to those that are. As I hadn't read the related preamble, I slipped into a dangerous assumption, taking the text out of context.
Thank [substitute metaphysical authority here, I'm not starting one of those threads] for folks like you keeping a diligent eye on the law! I suppose it's best I stick to engineering...
Interesting, but if I read that statute correctly, don't the enumerated factors apply only when the use is for "criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research" as stated in the opening paragraph?
I'm not sure this example can be generalized to higher volume businesses. You really can't compare, say, WB to Folkways.
A more relevant problem is that RIAA labels hold up the copyrights on old material, keeping it inaccessible to small labels who could do a bustling business in one-off discs like this. Honestly, if the business opportunity isn't great enough for them, why don't they let go and let people get the music they want?
Oh, wait... Those Conch shell recordings compete for the same consumer dollars as the latest from Korn. Riiiigght...
Slashdot Mirror
... someone jumps in to tell us that patents have no authority until they are successfully defended against a challenge, blah blah blah...
Dang. Just when I thought e was making a retro-chic comeback.
Sorry. I apparently forgot to :-) when I said that...
No, but collections of facts apparently are. I imagine that's the legal basis on which anubi would make the claim...
I am seriously impressed (assuming you're right, I haven't checked) but how are you with e?
If the bill permitted bringing down a router or releasing virii, the analogy would hold. However, it only really allows for DoS-like attacks, so anything with that much blood and guts just looks like hyperbole. One of RW's major defenses, and he is correct on this, is that the bill is broadly misunderstood and misportrayed in the media. The problem is that the people who do understand it and see its flaws are drowned out by the hype. That's why I've struggled to form an analogy that explains the collateral damage which necessarily occur with that sort of attack. If the bill does actually come back to life, I may try to work out something involving filling a water main with mud to prevent one customer from tapping the pipe. Otherwise, I'm going to focus my rants elsewhere, particularly on trying to get his support for the Digital Media Consumers Bill of Rights, but of course, that has to first be reintroduced also!
I do not agree with their reasoning (I've elaborated at least one reason why elsewhere on this thread) but there is a sort of logic to it. It is an attempt to address the problem of millions of technology-facilitated acts of copyright infringement with a technological solution that can only be enacted if normal laws about interfering with computers are suspended.
Assuming you define "hack" very narrowly as disruption of illegal traffic on P2P networks, that is pretty much exactly what the bill says, although there are numerous safeguards against abuse written into it. Specifically, the copyright holder is not authorized to do any damage to a network or computer, only to disrupt their ability to share the copyrighted material. It also explicitly disallows affecting any user that is not participating in the filesharing, which makes the entire act paradoxical because there is no kind of disruption that can be applied without, at minimum, reducing quality-of-service on the Internet as a whole by virtue of the extra packets required to launch the attack.
I just wish they'd pass a law that says I can divide by zero. That would save me a lot of compiler errors...
I have exchanged numerous emails with my congressman (Rep Robert Wexler, 19th district FL) on this topic, as he is a cosigner of the bill. As recently as this weekend, I received another message from him indicating his ongoing support for the legislation. Perhaps if Berman drops it, this will be the end of the discussion. Nonetheless, /.ers may find this humorous:
I have repeatedly criticised the bill to him on the grounds that it is prima facie impossible for a P2P vigilante to launch an attack against a file trader without collateral damage to innocents on the same network who necessarily suffer loss of quality of service simply by virtue of having to share bandwidth with one more person (the vigilante). In spite of several attempts to put this idea into much simpler terms than presented here, the message never seemed to get through to him. He remains confident that by writing the law to explicitly forbid damages to nonparticipating networks or computers, that this will somehow make it so. It sort of reminds me of the legends of a proposal in the Indiana legislature (though this is probably just a Kentuckian joke) that pi should be exactly 22/7. It may be physically impossible, but goldurnit, we're gonna write the law anyway!
So, basically what they would do is pass a law that made it legal for copyright owners to disrupt P2P networks, but write it in such a way that it would be impossible for the vigilantes to exercise that right because they couldn't do so without engaging in prohibited activity: namely reduction in QoS for users who were not participating in the exchange. It's either a fantastic example of pure congressional ignorance of technological (heck, basic physical) reality, or evidence of a level of cynicism previously unimagined; that they would spend all this time tossing a bone to the *AAs with a rubber band attached.
Not really. Remember that for this advice to be effective, I would have to warn myself before I did any of those things. Ergo, you can only safely conclude that I was a wild thirteen year old. :-)
Nope. Had I known then what I know now, I would know the second was a much better choice!
I'd respond, but I can't make ad hominem attacks unless I know who the hominem is.
Given that, at 12, I was entering that period of life where I would do pretty much exactly the opposite of what anyone advised:
1. Don't take algebra, there's no practical use for that stuff.
2. Do all the cocaine you can get your hands on. The eighties will be much more fun that way...
3. Rush out and get laid by the first girl who will do it.
That's a pretty good start...
About the only example I can think of would be a Web mail or similar application that a user would refresh at intervals. Perhaps an attacker could watch many sessions and, once a recurring pattern is noticed in one, could zero in on that one for the timing attack?
This is all very hypothetical, and I agree that it is unlikely to work in the field. IMAP is a much better target.
Precisely. IMAP is a particularly good example of a target because the same block of text is sent on a predictable interval when the mailer is set to check for mail every n ticks. I can't think off hand of that many password-protected web apps that refresh with the regularity of an IMAP client/server exchange, but you're right in noting that anythng using SSL and repeating an exchange is vulnerable.
The linked article reports a timing-based attack that could be used to identify passwords when the encrypted message is repeated, as in the case of communicating with an IMAP server. IMAP is not webmail, it is a mail protocol (a popular alternative to POP3) that is frequently secured with SSL/TLS. Once the password is cracked, it could be used to compromise other resources if the IMAP server and those other resources share the same password. It may not be likely that your bank provides your IMAP server, but it is not as unlikely that an IMAP account might share a password with other network functions that you'd want to keep secured...
Speaking as a Democrat (generally for lack of better options), I have observed that our Democratic reps generally just sell out a different set of our interests to a different set of corporations, e.g. Copyright instead of Oil cartels.
s/slippery slope/incrementalism/
Does that make you happy?
As documented in your citation, slippery slope is an informal fallacy that rests on uncertainty in the premises in what is otherwise a deductively valid argument. It would make the debate more productive, if not easier, if you would address the premises rather than regurgitating your first semester logic course.
Not making any value judgement here (which would make me a hypocrite because I too was involved in some backyard munitions back in the day) but what you were doing - making warheads for the rockets - was against model rocketry association rules and probably already illegal at the time. Laws to prevent weaponizing what is otherwise a valuable scientific (and fun) toy are arguably reasonable, but I agree with other posts that banning the rockets themselves is about as sensible as banning soap.
Don't forget that this line will be pay-by-incident...
Thanks for the clarification. I didn't miss it, but in my experience "such as" usually means that one expects any option not specified to be similiar in nature to those that are. As I hadn't read the related preamble, I slipped into a dangerous assumption, taking the text out of context.
Thank [substitute metaphysical authority here, I'm not starting one of those threads] for folks like you keeping a diligent eye on the law! I suppose it's best I stick to engineering...
Cheers
Interesting, but if I read that statute correctly, don't the enumerated factors apply only when the use is for "criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research" as stated in the opening paragraph?
I'm not sure this example can be generalized to higher volume businesses. You really can't compare, say, WB to Folkways.
A more relevant problem is that RIAA labels hold up the copyrights on old material, keeping it inaccessible to small labels who could do a bustling business in one-off discs like this. Honestly, if the business opportunity isn't great enough for them, why don't they let go and let people get the music they want?
Oh, wait... Those Conch shell recordings compete for the same consumer dollars as the latest from Korn. Riiiigght...
Why should they be held to a higher standard than RIAA, who don't have to label copy-protected discs that won't play in my PC?
Thank you for saving me the time I would have wasted responding to that numbnut...