The only question is: will this sendmail be included in the next RedHat. The issue is not the availability of cryptography, but making cryptography the default.
Actaully, it would be cool to write a convincing form letter saing "I'm sorry this server refuses to process any non encrypted emails. Here is how you get encypted email." This would not really be true, but people could reply with this message when they did not want to recieve the email. It might convince more people to switch to this sendmail (even if it was not true).
It would be nice to deliver a political message (like this one) with the mp3s that collage students are pirating. We need to be thinking about how to win these people (who really only pirate to get free shit) over to the political cause of "fair use," reasonable copyright expiration, and reduced intelectual property restrictions.
But the fact is, the record company has invested in marketing and promoting - are you saying they don't deserve to reap some rewards from that investment?
If they market crap so they should not be compensated for marketing crap. If they market a good band then I'm just rewarding them for rewarding the artist. Why shouldn't I just reward the artist directly?
You could claim that I should be rewarding them for picking a good band to market, so that they will pick a good band in the future, but I do not buy this argument. The marketing a good band was a fluke. They will just market more crap in the future because there is more money in marketing crap.
Now it's reasonable to say, "I won't support any RIAA label bands (I will just pirate their shit and not send them any money), but I will send money to local/internet bands." since the RIAA label bands are making most of their money from the system, but the independent artists can really be influenced by recieving 5 grad of donations from their fans.
My solution: support local, independent artists. Go to your local clubs, see some of these up-and-coming bands (if you're in Saskatoon, SK go see Old Guard Road). Buy one of their CDs if you like them. If you don't like them, hey, you're in a club - keep drinking until the music sounds better.:-) Don't buy major label CDs, turn the radio off (or at least change to a community or college station). Change is coming, slowly but surely.
Clearly, these are good things to do (clubs & live music are fun), but remember "local bands != internet bands." that local band you support by going to the concerts may sell you out by getting a recording contract and suing Napster (or the next new technology). You should really support artists who seem commited to internet/mp3 marketing and promotion (like Sunscream, Negitiveland, etc.). We want the bands who hate the RIAA more then we do, to be the ones to mkae it big. Local artists are importent because they can become internet bands, but they are not necissarily the good guys yet.
There is an easy way to do this without modifing a HD.. install StegFS (for Linux).
StegFS encrypts your drive with multiple levels (diffrent passwords). You give them the password to a level with no mp3s. They con not prove you have more levels which you are not releasing.
Now they can still watch you trade them on the internet, but that's a seperate problem.
they couldn't be more wrong (but then the ACLU is seldom right...)
I suppose they were wong to sue the government into letting U.S. troops take the bible with them to the Gulf War? I suppose they were wong to defent the rights of christians who feal that it's a sin to have their picture on their driverse licence? I hate it when some ignorant moron who knows nothing about the history of the ACLU spouts off about "the horrible thinks those liberals are doing."
Now there is a really good solution to pornography on the internet, but it is not a one size fits all solution. Specifically, libraries and homes need diffrent types of censorship which I will try to esxplain.
Libraries need a least restrictive blocking solution. Specifically, they need to move the computers out into the open where anyone can see when someone is looking at pornography. There are various technological versions of this idea (where the jpgs from the netscape caches are flashed on some screen behind the circulation desk). This solution would be thousands of times more effective then any current censorware or legislation at preventing kids from incountering pornography inside the library.
Actually, this solution would prevent the "my kid walked into the library, closed the netscape window, and their was porn on the desktop" since it can detect porn independent of URL. No censorware or legislation can claim this.
Unfortunatly, parents do not have this wonderful solution available to them, since their children's home internet usage is unsupervised. Traditional censorware is the only solution to the home problem, but parents and unfairly blocked sites should have a recourse when sites are unfairly blocked. Censorware will only become a viable solution for families when parents can sue the censorware companies for inconvienencing their childs research into a school project on the history of gay right in America. This will forcet he censorware companies to be honest about what they block and what they do not, i.e. some parents would want the gay rights sites to be blocked, some would not.
Finally, porn spam is a totally seperate issue. I agree that we need good anti-spam laws. I would even agree that porn spam should be treaded more seriously then non-porn spam, but the law shouyld be essentially the same thing.
GNUwatch is a bad idea for many reasons. You are correct that an open source version of a traditional censorware product would not work, i.e. people like to program, but no one wants to enter the URLs of porn sites all day. It might be possible to invent an AI porn monitor service which detected probable porn, refered the page to a center where a human verifies the content is pornography (quickly/under 5 seconds), and can discuss the page with the person who requested it, but such a system would be a bad idea for many other reasons.
I would go so far as to say we do not want a good porn detection system at all. Actaully, we should try to patent up the good ideas about using AI for detecting porn to prevent the censorware people from using these ideas.
It's worth pointing out that Libraries have a good porn filter.. put the computer out where everyone can see what your browsing.. and ask people to leave when they bring up porn.
To respond, I don't think free software should have to pay for patents, if the cost is 0, and I don't see that as a problem.
I agree that traditional free software (and university researchers) should not pay for patents (and I would not mind seing most of today's patent holders loose their patent protectin), but what about Internet explorer? They give it away for free too. Should microsoft need to pay for their implementation of RSA in Internet Explorer? What about a shrink wrap RedHat distribution? The only point I was making is that the patent law *can* be ammended to allow for free development without a total revolution in intelectual property, i.e. if your really not making any mony directly from it then you do not need to pay for the patent, but people who use it to directly make money must stil pay for the patent.
I'd rather that price be set in a more natural, market oriented way.
Ok, I probable did not read your post well enough. I though I was the one arguing forthe more market oriented approach.:)
Seriously, it seems reasonable to force MS to license a patent which makes up 1% of the value of a copy of windows for 1% of the OEM price for windows.. when the goverment grants you a monopoly the goverment *should* have the power to fix prices.. just like the phone/gas/electric company.
I agree that my arguments do not seem very politically likely, but I would (nievly) think that they stood a little bit of a chance becuase they are based on presendent.
Could you expand on why you think it would be a big mess?
The only problem with your sugestion is that it wants to arbitrate the cost of a patent initially (at time of patent application). This seems unreasonable for corperations ("malishious" (sp?) entities) because (a) the cost of a patent is likely to change based on future technology and (b) the examiners do not understand the technology until after it has impacted society, i.e. it has the same patent examiner problem as modern patents.
My proposal was to allow decission about cost after the fact, i.e. once the patent becomes obvious. The bigest problem with my proposal is that the guy with the big lawyers has an advantage (just like todays system). My proposal would be a big mess too, but more people would understand what was happening.
Anyway, if the end product is free, then a percentage of that is 0, right? So, I don't understand your example with Windows. If a free product uses a windows patent, you don't pay a tax based on the cost of windows, you pay a tax based on the cost of the product, which was free.
Sorry, I did a poor job of communicating my idea. I was proposing two seperate things:
(a) Free software developers never pay anything for any patent, but users (and shrink wrap distributors) of free software can be forces to pay for the copies of the patent which they use (sell).
(b) Actually, I was proposing that "If a free product uses a windows patent, you don't pay a tax based on the cost of windows," but remember it's the users paying this, not the developer. The theory here is "If I buy a copy of windows then I have a right to use one copy of *every* patent used in windows." This would be formalized by forcing companies to say what portion of the value of the product comes from each patent.. any patents used and not mentioned are now permenently free. Technically, I could buy copies of windows, destroy them, and sell the patent lisencess, but no one would do this sincem icrosoft would be required to sell the patents at the sam price.
The standard complaint about your system is that RedHat can sell software using any patent they want without paing anything. I do not consider this a bad thing, but the people with the big money lobiest do. Now they would not like my system either, but I think my system can be sold to people who support intelectual property as monopoly busting.
I think we agree that "those who make no money from a patent should not be forced to pay for it." Actually, your or my system could pass congress as a "research execption" for real scientists, but they the courts interpret it to include free software which claims to have been writen for the purpose of research. It's just an issue of convincing congress that these big bad companies are strangling american research.
Hey, I'd love to get your opinion on this idea too: after the fact patents. A researcher develops an idea and publishes it. The idea make some company millions (and the research sees nothing). The research has the right to convince the IRS that he "could have patented this and developed it on government money." The IRS takes money from the company and rewards the researcher with a nice grant. The point is to make patent help the little guy (what they were originally supposed to do).
This would be a big mess, but it's kinda the right direction. A first step would be to forbid patent monopolies. This would mean that the patent holder must licenss the patent at a reasonable cost (research plus a little) to anyone who wants to use it. It would work just like the phone companies common carrier status (you could sue them to make them lower their price).
This would solve the big company vs. small company problem, but it would not solve the OSS problem, so we need another reform for open poducts. Specifically, if you want to give a product away for free then your *users* bear the responcibility of paying for the patent. This would mean that Linus dosn't need to pay anyone shit to use a patent in the Linux kernel, but VA must pay for distribution rights to distribute the kernel. Universities and pure research institutions might recienve even stronger freedom from patents.
Also, a patent's cost is determined by it's cost in products for end users. Example: Assume I am an end user of a free product which uses a patent microsoft uses in windows. This means I must pay microsoft the percentage of windows value which comes from the patent. Clearly, the percentages of value from diffrent patents must not add up to more then 100%..:)
Anywho, the point is to break the monopolies that patents create. I suppose it woul be simpler to just make it a criminal offence to abuse patents, but we all know that criminal law dose not really apply to heads of big companies very effectivly.
IANAL but I think this only happens when the judges feals the law suit is pointless. I suspect that it depends on the situation, but there are a few things you can do to help:
1) explain it very clearly that they agree to pay you $500 dollars whenever they transfer your name to anyone outside of their immediate company nd you bank or send you spam themelves. I would say that you need to attach a cover letter and write the message on the related documents (like the check).
2) explain that they may call you to discuss the matter further, i.e. you might be willing to return the item you purchesed (and get you money back) to remove yourselve from their spam list, but that they must request this. I'm pretty shure that contracts need to be negotiable, i.e. they shold not be required to change their whole database just because a clerk was too stupid to read the fine print.
3) You must be able to show that they were the source which leaked your infrmation to the spamers. A P.O. box would work pretty well, but I'm not shure how much the court would like things like fake names. It would be nice to have the post office log all the mail recieved by the P.O. box.
Can anyone think of any other objections? I'm pretty shure a jury would be very favorable to such an anti-spam suit (i'd vote to make them pay), but it may be hard to get a jury for small claims court. I suppose you could get a judge who gets lots of spam too..:)
Well it's time to call the members of the Senate Judiciary Subcommittee on Technology, Terrorism and Government Information and tell them that this bill is a bad idea. Here is the contact information for the subcommittee. Actualy, you may as well tell the Judiciary committee that this is a bad idea too. Their contact information is here.
The following senators are members of the subcommittee:
Sen. Jon Kyl, R-Ariz. Chair (cosponcer) Sen. Charles Schumer, D-N.Y. (cosponcer) Sen. Orrin Hatch (R-UT) Sen. Charles Grassley (R-IA) Sen. Mike DeWine (R-OH) Sen. Dianne Feinstein (D-CA) Rnk. Mem Sen. Joseph Biden Jr. (D-DE) Sen. Herbert Kohl (D-WI)
For instance despite all this talk about steganography no one seems to have come up with a mathematically secure algorithm for hiding the existance of data.
Wrong. It depends on the specifics of your problem. We have very good plausable deniability algorithms (i.e. yes mr. police man it's encrypted.. here's my key.. snicker snicker I gave you the wrong key and you can never prove I did not) which are provably correct. I do not know about more traditional steganography, but I assume there are some information theoretic and statistical results which are useful for making "mostly" correct algorithms. Specifically, I would expect that near maximal compression would remove almost all statistical information from the data. You could encrypt the compressed data with an algorithm which preserves maximal information (i.e. dose not make the message any longer). Finally, you would use hide result as physicaly reasonable perterbations. Now this last step is a scientific step and not a mathematical one. This means someone who dose better experements on the physical effect you are simulating might notice. We should not expect this last step to be mathematically correct. We should expect it to be physically reasonable.
It's very likely that the internet piracy of music will be benifitial for consumers and fair use rights, which is a very good thing, but we really do not know how it will effect musicians. Clearly, it's not an issue of stealing. There is not music without musicians, so without perfesional musicians there is not professional music period. This means musicians will survive, but the BIG question is "Will they do better then under the recording industry monopoly on promotion?"
Clearly, Napster and Gnutella give them a chance to do better then they did under the recording industry promotion monopoly, but remember Napster and MP3.com are going to exploit the musicians too. No, I'm not saing that Napster and mp3.com beam-it are exploiting musician, but I am saing that Napster and mp3.com will try to monopolize internet promotion.
MP3.com is pretty much "just another label." The only real point to putting your stuff on mp3.com is for free bandwidth. I predict Napster will ry to monopolize internet promotion by selling "high placement in search results to bands with the money, i.e. $10,000 will buy you the first 10 serch results (and 75% of the total search results) for your song will point to copies containing advertising for your site (or someone elses) and 1% of al search results show the versions of your songs containing advertising.
Napster is one of the good guys now, but remember they designed a system with a centralized server specifically to maintain this sort of control. I'm very glad to see people like Chuck D supporting them now because it will make it harder for them to do things like sell favoritism later. The future of all musicians depens on awair musicians watching the bigwigs (labels or internet companies) very closely.
I'm pretty shure the ACLU opposes the DMCA and UCITA (link), but there are several reasons why they are not dedicating many resources to the fight: (a) The ACLU normally focus more resources on people who can not defend themselves, (b) the intelectual property debate is realitivly new so their is no momentum within the orginisation (the EFF took all the lawyers who really care a lot about these issues), and (c) they see censorship and privcy as more importent (link).
a) GNUtella is overrated. Have you actually USED it yourself to acquire things you are looking for? I have, it's more trouble than it's worth for me. While my standards may be higher than most, I can tell you it's not going to hold up for most college kids.
b) It sucks now, and it has yet to face any real barriers.
c) My script would absolutely work against GNUtella.
I have not disagreed with these statments (Actually, I agree with them). I've frequently said "Gnutella clone" or "Gnutella like," but I don't really give a rats ass about the current Gnutella. Really, I'm only interested in the academic situation.. the "threat model."
There resistance you have seen to napster and company thus far is NOTHING, RIAA has yet to feel a significant pinch from this kind of piracy, but when and if they do, you can be sure heads will start rolling. In any case, time will tell.
Yes, people are capable of amazing things when they are loosing billions of dollars..:) A better way to say this would be "It is possible that the pirates will just be too lazy to fight the RIAA with code."
This is a psychological issue, not a mathematical or computer science one, so I do not really know how to answer it. I've argued for the hackers because I was impressed at how quickly Napster, Gnutella, and clones came out, but I made the mistake of letting my confidence about the academic side of the discussion bleed over into the psychological side. (Thanks for making me think about this importent point)
Promotion is the real monopoly of the music industry, so we hope that online promotion will allow artist who are not industry-ass-lickers to get big without the industry (ala Ani Defranco before the internet).
Unfortunatly, the artists may miss the opertunity to throw off their industry masters and control their own lives. Remember, the music industry got into this sorry shape because the artists were not goo buisness men and/or did not effectivly unionize. It's really hard to say what will happen.
I'd like to say that all our retorc about how evil the music industry is wil influence fans to move to non-industry on-line bands, but it's way too early to tell.
The only way "free music" could ever work is by the honor system - you listen to one of their songs, you give them $0.50 for each song.
No, this is not the only way free music will work. There a million "partially" free buisness models.
My personaly favorit is "music as a service," i.e. people subscribe to songs of the week services (with an archive and a way for members to review and discuss songs). Now people would pirate these things like crazy, but who cares.. it's free promotion! Your real fans will pay for access to your whole archive (with song reviewes from fans).
There would be too damn many songs in the archive for 99% of pirates to carry. Now a very small percentage of pirates would try to pirate the song of the week and the whole archive, but there would be few of these people, so you could sue them.
Anyway, lets say 1% of the people who would buy your CD pay you $20 for a year of access to the fan club song of the week service. If you did your own web page and mixing then you don't need to give this money to anyone else, so your making the same ammount of money as you would selling the CD. Plus, you have a captive audience of lisseners who visit your site every week who you can try and sell more stuff to!
Now It's a lot of work to put out a song every week, but you could get a group of musicians together to share the site. They could all put up live preformances, good jam sessions, etc. People love that shit and it don't need to be perfect, your giving them a new batch of songs next week! You sell them the perfect songs on CD from the site. There will already be 50 million songs of the same name floating arround on the pirate sites making it impossible to find the one from the CD, so they will need to buy your CD.
So please buy the CD - pay the people who deserve to make a living.
Oh yeah, buy the CD, give the music industry $15.90 and give the artist $0.10. That's really an efficent way to reward creativity.
I think it's morally reprehensable to buy a CD and support such a corupt industry. If it's a choice between riping the artist off and supporting the industry then I'll choose to rip the artist off period. Now I don't mind buying an Ani Defranco CD since she did it her self and dosn't support the industry.
The fundamental truth here is: there is no music without artists and lisseners.. we can have music without labels, music investors, CD pressing plants, busses, clubs, lighting crews, T-shirts, but we can not have music without artists and fans period. This means that no matter what kind of piracy we do the smart artists will eventually make money.
The Gay community is probable pretty effective as "getting the word out." It would be nice for people to stage a "Pink Paper subscrition cancelation athon" to punnish them for this attack on the rest of the gay press. It's always good to see a company which dose something nasty get fucked over. I suppose the most effective way to do this would be to get some of the Gay community's leaders to attack the Pink Paper and support your paper.
It does not cost schools all that much money to change firewall rules and the like
No, it dose not cost the schools much money to change teh firewalls to block or unblock a specific set based on a preset list of parameters like port, but when the firewall actaully need to start running a script to process the packets the firewall is fucked. I can make a Gnutella clone which piggybacks all traffic on an encrypted HTTP or SSH conenction with a key size which can not be cracked within a year.
Now you are about to say something stupid like "they can block HTTP access sicne students do not need to run webservers." No one said the client was opening the conenction and the server needed to be outside of a firewall. It's just as easy to route a "call me" request throug the existing network connections to the guy behind the firewall, i.e. what Gnutella dose to avoid firewalls execpt the network is piggybacked on HTTP or SSH. Now this breaks down when ALL collages implement firewalls which prevent students from running servers, but this seems unlikely.
These things are obvious to anyone who knows anything about encryption. The "threat model" for the firewall idea sucks. Now you can watch bandwidth consumtion, like I have said a hundered times, but that is a diffrent story.
With my previously mentioned perl script, which logs into the "distribution network" (whatever it may happen to be at the time), and reports the students at each offending institution, for any action the school wishes (e.g., automated network disconnect/firewall for offending student for a day), the costs are negligible. I could write it once for every instutition in a few minutes, and there is no forseeable way students can avoid this.
No, I explained that this could be prevented with a localized network topology and/or a node authentication and reputation system.
The localized network topology would limit the number of hosts ANYONE had access to. This would require the RIAA to have f(total network size) nodes on the network (f would probable be a logarithm or multiplication by a small constant). This would mean spending a crapload of money on computer systems and bandwidth. Now a localized network topology would limit your ability to find some rare songs, but when you look at detail of the problem it becomes clear, i.e. how many britney spears hits do you really need.
The authentication and reputation system would prevent the RIAA network nodes from gaining much knoledge of the network without actaully contributing something to the network.
The story remains: the RIAA is fucked. The only question is "how much work are they going to make the programmers do so that we can get our mp3s?"
And that java code must come from somewhere, each popular java code server could be firewalled or shutdown before students begin to use it.
I never said the code came from a centralized server! It's prety fucking obvious that it would travel throug the network. I mean it's a fucking file sharing network! There is low security risk because the authentication handles the security (it's easy to distribute the authentication keys too; pgp keyservers are one method). Actually, you could piggyback the Java authentication on the node authentication, i.e. send out "yeah, I looked at the source and it's clean messages". If the network did get shutdown then people would just forward the newest Java module arround via email.
You do not really seem to under stand what I'm saing. I do not care about the specifics of the "tit for tat" between universities/RIAA and students. I'm arguing that the "threat model" favors the students, i.e. it coses the school a lot of money and the school reacts slow, but it costs the students very little (a few kids getting in trouble) and the students react very fast (just look at how old Gnutella is realitive to the collages attacking Napster).
Remember that napster is more than just software and a server, it is good because the barriers to entry (for newbies) are low and because it already has a certain "velocity"
This is an importent consideration, but as the arms race progresses the reaction time of students will decrease. Also, it did not take Napster long to get it's current network.
Example: I could write a Gnutella clone whose network engin was Java driven, thus allowing students to *automatically* upgrade their stealth and participate in new networks with fundamentally better topologies. These Java modules could do all sorts of crazy thing. Now no one will write this system unless the RIAA makes us, but once writen it would kill the RIAA's chances of a technological prevention like you have been discussing.
Note: The RIAA could use Java module trojans, but this would be more illegal then copyright infringlment and it would be simple to prevent the modules from doing most nasty things.. they only need network access! Now the trojen modules might still be able to report the machine to the RIAA, but you could have an authentication chain for the Java modules to prevent the automatic use of bad ones.
Actually, why we are on the subject of malisious software. You could write a virus installer for Gnutella which also fetched some mp3s for you. The existance of this virus would provide plausable deniablility to students who run Gnutella.
Anyway, if you really consider the general trends of the arms race you will see that the technology seems to converge to "the RIAA is fucked."
BTW> The schools are not necissarily exposing themselves to legal action by ignoring piracy. The IANAL's here seems to think that the school get common carrier protection when they do nothing, but might loose common carrier protection when they "proactivly" remove the information. I think they are stil lrequired to remove any illegal information people point out, but activly looking for copyright infringment may mean they are also required to look for child porn, defimation, national security information, etc.
Regardless, common carrier protection would probable prevent the RIAA from forcing schools to spend money looking for Gnutella.. just as it prevents the RIAA from suing the phone companies over mp3s on DSL machines.
even if they can't decipher gnutella from "legitimate" connections, they can filter all incoming HTTP connections to student machines. Only a select few students run servers, fewer really "need" or desire to, and they could always ennumerate those few incoming connections.
This hurts the schools CS program.. and runs countrary to the academic mission of the school. Also, this dose not help since Gnutella servers can currently get arround firewalls. Now all universities doing this would cause Gnutella a problem, but a user friendly IRC front end could avoid these problems too. Banning IRC would be really stupid for the school, but you can get arround that by using free hosting/email services. Yes, you could write a user friendly front end to opening accounts with these services.
Although there might always be a way to get around, that does not mean that most students will have an effective way to get around most of the time that is within their means.
The whole point is that most students do not need to get arround the protections. It only takes one guy to write a user friendly interface like Gnutella.. and this one student has the open source Gnutella clones as a starting point. Hell, you could even write a user friendly interface to downloading the latest user friendly solutions to the blocking.
I have yet to read the entire protocol, rather than trying to constantly find a signature of the latest and greatest software, I see no reason why the music industry, a university, or a coalition of them, can't write a script in perl (or whatever) to search WITHIN the entire database all day long, and just create a list every day of hosts (read: students) who serve files
The current systems are vulnerable to this attack, but the legal effort to stop the students is currently prohibitive. Also, the PR results for schools are very serious.
Plus, It is probable possible to design a "localized" network which requires the music industry to have a O(network size) connections to the network for serious monitoring. This would make monitoring the network prohibitivly expencive.
Actually, automated (user friendly) authentication system ("Yeah, I got good shit from this guy") would do a btter job at preventing network monitoring then localizing the network topology, but the network topology question is a sexy math problem.
Why would a school commit to this arms race when they can just bill the kids for the extra network usage?
However, all the university has to do is block all packets that their routers can't decipher. Kind of extreme, but this may be something that may happen in the future. Of course, the routers will have to be able to handle this. Universities will not like the increase cost of upgrading their routers.
This would be ineffective since Gnutella could hid as HTML and would hurt the quality of the schools CS program.
The short-term solution is to enact draconian measures. Another thing would be to just ban Napster, Gnutella, etc... from the campus internet connection. Get the student to sign an decipherable legal document that says yada yada yada, NO!
There will *always* be a newer cooler Gnutella with avoids detection. It dose not matter what the students sign, once they start getting away with it the school will need to make examples out of a lot of people to stop it.
The only real solution is to help the students pirate via a caching server which reduces the outside internet traffic which you really pay for and/or to just charge students for extra bandwidth. I think it's pretty safe to say they will charge for bandwidth. It's loose money fighting Gnutella or make money from people using Gnutella.
It cost a lot of money to sue people, it pisses people off, and it makes people find stealther ways to share files. My friends and I were plotting an anonymous email based "statistically" anonymous system a year ago. We concluded that Gnutella/Napster's simplicity is nicer since it brings more people into the pirating community, but essentially anything the record companies do can be beaten by protocoll revisions. This means the record companies will lose an arms race since Gnutella clones have zero developement cost.
Lets pull some numbers our of our ass. Lets say it costs 20-100 million dollars to kill a Gnutella style network by suing people (US/international lawyers/lobiests, detectives, software development, managers, etc.). Lets say it takes 6 months for a kid to modify the protocoll to protect Gnutella's users. Lets say this happens every years for 5 years. This just cost our RIAA buddies 1-5 billion dollars, a lot of bad press, a lot of pissed off independent artists, etc.
Anywho, it dose not seem profitable for the RIAA to really commit to a serious fight with Gnutella. If they can get government to spend the money then they can fight, but not if they spend their own money.
This would be easy to fix, build an authentication system into gnutella which says "I've got good shit from this guy." A chain of trust would lead back to yourself, so you would know it was cool stuff.
Actually, it would make the Gnutella network stronger since you could use the authentication system to refuse to give shit to people who did not contribute anything. Leeches who do not run their servers 24/7 are the biggest problem with Gnutella today.
They can kill the Napster or Gnutella community, but there are software solutions to software attacks. This means the RIAA will lose an arms race since Gnutella has zero development cost. I hope they try.. I'd like to see them spend billions.. only to improve the file sharing software technology.
Slashdot Mirror
The only question is: will this sendmail be included in the next RedHat. The issue is not the availability of cryptography, but making cryptography the default.
Actaully, it would be cool to write a convincing form letter saing "I'm sorry this server refuses to process any non encrypted emails. Here is how you get encypted email." This would not really be true, but people could reply with this message when they did not want to recieve the email. It might convince more people to switch to this sendmail (even if it was not true).
It would be nice to deliver a political message (like this one) with the mp3s that collage students are pirating. We need to be thinking about how to win these people (who really only pirate to get free shit) over to the political cause of "fair use," reasonable copyright expiration, and reduced intelectual property restrictions.
But the fact is, the record company has invested in marketing and promoting - are you saying they don't deserve to reap some rewards from that investment?
:-) Don't buy major label CDs, turn the radio off (or at least change to a community or college station). Change is coming, slowly but surely.
If they market crap so they should not be compensated for marketing crap. If they market a good band then I'm just rewarding them for rewarding the artist. Why shouldn't I just reward the artist directly?
You could claim that I should be rewarding them for picking a good band to market, so that they will pick a good band in the future, but I do not buy this argument. The marketing a good band was a fluke. They will just market more crap in the future because there is more money in marketing crap.
Now it's reasonable to say, "I won't support any RIAA label bands (I will just pirate their shit and not send them any money), but I will send money to local/internet bands." since the RIAA label bands are making most of their money from the system, but the independent artists can really be influenced by recieving 5 grad of donations from their fans.
My solution: support local, independent artists. Go to your local clubs, see some of these up-and-coming bands (if you're in Saskatoon, SK go see Old Guard Road). Buy one of their CDs if you like them. If you don't like them, hey, you're in a club - keep drinking until the music sounds better.
Clearly, these are good things to do (clubs & live music are fun), but remember "local bands != internet bands." that local band you support by going to the concerts may sell you out by getting a recording contract and suing Napster (or the next new technology). You should really support artists who seem commited to internet/mp3 marketing and promotion (like Sunscream, Negitiveland, etc.). We want the bands who hate the RIAA more then we do, to be the ones to mkae it big. Local artists are importent because they can become internet bands, but they are not necissarily the good guys yet.
There is an easy way to do this without modifing a HD.. install StegFS (for Linux).
StegFS encrypts your drive with multiple levels (diffrent passwords). You give them the password to a level with no mp3s. They con not prove you have more levels which you are not releasing.
Now they can still watch you trade them on the internet, but that's a seperate problem.
they couldn't be more wrong (but then the ACLU is seldom right...)
I suppose they were wong to sue the government into letting U.S. troops take the bible with them to the Gulf War? I suppose they were wong to defent the rights of christians who feal that it's a sin to have their picture on their driverse licence? I hate it when some ignorant moron who knows nothing about the history of the ACLU spouts off about "the horrible thinks those liberals are doing."
Now there is a really good solution to pornography on the internet, but it is not a one size fits all solution. Specifically, libraries and homes need diffrent types of censorship which I will try to esxplain.
Libraries need a least restrictive blocking solution. Specifically, they need to move the computers out into the open where anyone can see when someone is looking at pornography. There are various technological versions of this idea (where the jpgs from the netscape caches are flashed on some screen behind the circulation desk). This solution would be thousands of times more effective then any current censorware or legislation at preventing kids from incountering pornography inside the library.
Actually, this solution would prevent the "my kid walked into the library, closed the netscape window, and their was porn on the desktop" since it can detect porn independent of URL. No censorware or legislation can claim this.
Unfortunatly, parents do not have this wonderful solution available to them, since their children's home internet usage is unsupervised. Traditional censorware is the only solution to the home problem, but parents and unfairly blocked sites should have a recourse when sites are unfairly blocked. Censorware will only become a viable solution for families when parents can sue the censorware companies for inconvienencing their childs research into a school project on the history of gay right in America. This will forcet he censorware companies to be honest about what they block and what they do not, i.e. some parents would want the gay rights sites to be blocked, some would not.
Finally, porn spam is a totally seperate issue. I agree that we need good anti-spam laws. I would even agree that porn spam should be treaded more seriously then non-porn spam, but the law shouyld be essentially the same thing.
GNUwatch is a bad idea for many reasons. You are correct that an open source version of a traditional censorware product would not work, i.e. people like to program, but no one wants to enter the URLs of porn sites all day. It might be possible to invent an AI porn monitor service which detected probable porn, refered the page to a center where a human verifies the content is pornography (quickly/under 5 seconds), and can discuss the page with the person who requested it, but such a system would be a bad idea for many other reasons.
I would go so far as to say we do not want a good porn detection system at all. Actaully, we should try to patent up the good ideas about using AI for detecting porn to prevent the censorware people from using these ideas.
It's worth pointing out that Libraries have a good porn filter.. put the computer out where everyone can see what your browsing.. and ask people to leave when they bring up porn.
To respond, I don't think free software should have to pay for patents, if the cost is 0, and I don't see that as a problem.
:)
I agree that traditional free software (and university researchers) should not pay for patents (and I would not mind seing most of today's patent holders loose their patent protectin), but what about Internet explorer? They give it away for free too. Should microsoft need to pay for their implementation of RSA in Internet Explorer? What about a shrink wrap RedHat distribution? The only point I was making is that the patent law *can* be ammended to allow for free development without a total revolution in intelectual property, i.e. if your really not making any mony directly from it then you do not need to pay for the patent, but people who use it to directly make money must stil pay for the patent.
I'd rather that price be set in a more natural, market oriented way.
Ok, I probable did not read your post well enough. I though I was the one arguing forthe more market oriented approach.
Seriously, it seems reasonable to force MS to license a patent which makes up 1% of the value of a copy of windows for 1% of the OEM price for windows.. when the goverment grants you a monopoly the goverment *should* have the power to fix prices.. just like the phone/gas/electric company.
I agree that my arguments do not seem very politically likely, but I would (nievly) think that they stood a little bit of a chance becuase they are based on presendent.
oops! I meant to say "if a free product uses a windows patent, you DO pay a tax based on the cost of windows."
Could you expand on why you think it would be a big mess?
The only problem with your sugestion is that it wants to arbitrate the cost of a patent initially (at time of patent application). This seems unreasonable for corperations ("malishious" (sp?) entities) because (a) the cost of a patent is likely to change based on future technology and (b) the examiners do not understand the technology until after it has impacted society, i.e. it has the same patent examiner problem as modern patents.
My proposal was to allow decission about cost after the fact, i.e. once the patent becomes obvious. The bigest problem with my proposal is that the guy with the big lawyers has an advantage (just like todays system). My proposal would be a big mess too, but more people would understand what was happening.
Anyway, if the end product is free, then a percentage of that is 0, right? So, I don't understand your example with Windows. If a free product uses a windows patent, you don't pay a tax based on the cost of windows, you pay a tax based on the cost of the product, which was free.
Sorry, I did a poor job of communicating my idea. I was proposing two seperate things:
(a) Free software developers never pay anything for any patent, but users (and shrink wrap distributors) of free software can be forces to pay for the copies of the patent which they use (sell).
(b) Actually, I was proposing that "If a free product uses a windows patent, you don't pay a tax based on the cost of windows," but remember it's the users paying this, not the developer. The theory here is "If I buy a copy of windows then I have a right to use one copy of *every* patent used in windows." This would be formalized by forcing companies to say what portion of the value of the product comes from each patent.. any patents used and not mentioned are now permenently free. Technically, I could buy copies of windows, destroy them, and sell the patent lisencess, but no one would do this sincem icrosoft would be required to sell the patents at the sam price.
The standard complaint about your system is that RedHat can sell software using any patent they want without paing anything. I do not consider this a bad thing, but the people with the big money lobiest do. Now they would not like my system either, but I think my system can be sold to people who support intelectual property as monopoly busting.
I think we agree that "those who make no money from a patent should not be forced to pay for it." Actually, your or my system could pass congress as a "research execption" for real scientists, but they the courts interpret it to include free software which claims to have been writen for the purpose of research. It's just an issue of convincing congress that these big bad companies are strangling american research.
Hey, I'd love to get your opinion on this idea too: after the fact patents. A researcher develops an idea and publishes it. The idea make some company millions (and the research sees nothing). The research has the right to convince the IRS that he "could have patented this and developed it on government money." The IRS takes money from the company and rewards the researcher with a nice grant. The point is to make patent help the little guy (what they were originally supposed to do).
This would be a big mess, but it's kinda the right direction. A first step would be to forbid patent monopolies. This would mean that the patent holder must licenss the patent at a reasonable cost (research plus a little) to anyone who wants to use it. It would work just like the phone companies common carrier status (you could sue them to make them lower their price).
:)
This would solve the big company vs. small company problem, but it would not solve the OSS problem, so we need another reform for open poducts. Specifically, if you want to give a product away for free then your *users* bear the responcibility of paying for the patent. This would mean that Linus dosn't need to pay anyone shit to use a patent in the Linux kernel, but VA must pay for distribution rights to distribute the kernel. Universities and pure research institutions might recienve even stronger freedom from patents.
Also, a patent's cost is determined by it's cost in products for end users. Example: Assume I am an end user of a free product which uses a patent microsoft uses in windows. This means I must pay microsoft the percentage of windows value which comes from the patent. Clearly, the percentages of value from diffrent patents must not add up to more then 100%..
Anywho, the point is to break the monopolies that patents create. I suppose it woul be simpler to just make it a criminal offence to abuse patents, but we all know that criminal law dose not really apply to heads of big companies very effectivly.
IANAL but I think this only happens when the judges feals the law suit is pointless. I suspect that it depends on the situation, but there are a few things you can do to help:
:)
1) explain it very clearly that they agree to pay you $500 dollars whenever they transfer your name to anyone outside of their immediate company nd you bank or send you spam themelves. I would say that you need to attach a cover letter and write the message on the related documents (like the check).
2) explain that they may call you to discuss the matter further, i.e. you might be willing to return the item you purchesed (and get you money back) to remove yourselve from their spam list, but that they must request this. I'm pretty shure that contracts need to be negotiable, i.e. they shold not be required to change their whole database just because a clerk was too stupid to read the fine print.
3) You must be able to show that they were the source which leaked your infrmation to the spamers. A P.O. box would work pretty well, but I'm not shure how much the court would like things like fake names. It would be nice to have the post office log all the mail recieved by the P.O. box.
Can anyone think of any other objections? I'm pretty shure a jury would be very favorable to such an anti-spam suit (i'd vote to make them pay), but it may be hard to get a jury for small claims court. I suppose you could get a judge who gets lots of spam too..
Well it's time to call the members of the Senate Judiciary Subcommittee on Technology, Terrorism and Government Information and tell them that this bill is a bad idea. Here is the contact information for the subcommittee. Actualy, you may as well tell the Judiciary committee that this is a bad idea too. Their contact information is here.
The following senators are members of the subcommittee:
Sen. Jon Kyl, R-Ariz. Chair (cosponcer)
Sen. Charles Schumer, D-N.Y. (cosponcer)
Sen. Orrin Hatch (R-UT)
Sen. Charles Grassley (R-IA)
Sen. Mike DeWine (R-OH)
Sen. Dianne Feinstein (D-CA) Rnk. Mem
Sen. Joseph Biden Jr. (D-DE)
Sen. Herbert Kohl (D-WI)
For instance despite all this talk about steganography no one seems to have come up with a mathematically secure algorithm for hiding the existance of data.
Wrong. It depends on the specifics of your problem. We have very good plausable deniability algorithms (i.e. yes mr. police man it's encrypted.. here's my key.. snicker snicker I gave you the wrong key and you can never prove I did not) which are provably correct. I do not know about more traditional steganography, but I assume there are some information theoretic and statistical results which are useful for making "mostly" correct algorithms. Specifically, I would expect that near maximal compression would remove almost all statistical information from the data. You could encrypt the compressed data with an algorithm which preserves maximal information (i.e. dose not make the message any longer). Finally, you would use hide result as physicaly reasonable perterbations. Now this last step is a scientific step and not a mathematical one. This means someone who dose better experements on the physical effect you are simulating might notice. We should not expect this last step to be mathematically correct. We should expect it to be physically reasonable.
It's very likely that the internet piracy of music will be benifitial for consumers and fair use rights, which is a very good thing, but we really do not know how it will effect musicians. Clearly, it's not an issue of stealing. There is not music without musicians, so without perfesional musicians there is not professional music period. This means musicians will survive, but the BIG question is "Will they do better then under the recording industry monopoly on promotion?"
Clearly, Napster and Gnutella give them a chance to do better then they did under the recording industry promotion monopoly, but remember Napster and MP3.com are going to exploit the musicians too. No, I'm not saing that Napster and mp3.com beam-it are exploiting musician, but I am saing that Napster and mp3.com will try to monopolize internet promotion.
MP3.com is pretty much "just another label." The only real point to putting your stuff on mp3.com is for free bandwidth. I predict Napster will ry to monopolize internet promotion by selling "high placement in search results to bands with the money, i.e. $10,000 will buy you the first 10 serch results (and 75% of the total search results) for your song will point to copies containing advertising for your site (or someone elses) and 1% of al search results show the versions of your songs containing advertising.
Napster is one of the good guys now, but remember they designed a system with a centralized server specifically to maintain this sort of control. I'm very glad to see people like Chuck D supporting them now because it will make it harder for them to do things like sell favoritism later. The future of all musicians depens on awair musicians watching the bigwigs (labels or internet companies) very closely.
I'm pretty shure the ACLU opposes the DMCA and UCITA (link), but there are several reasons why they are not dedicating many resources to the fight: (a) The ACLU normally focus more resources on people who can not defend themselves, (b) the intelectual property debate is realitivly new so their is no momentum within the orginisation (the EFF took all the lawyers who really care a lot about these issues), and (c) they see censorship and privcy as more importent (link).
a) GNUtella is overrated. Have you actually USED it yourself to acquire things you are looking for? I have, it's more trouble than it's worth for me. While my standards may be higher than most, I can tell you it's not going to hold up for most college kids.
:) A better way to say this would be "It is possible that the pirates will just be too lazy to fight the RIAA with code."
b) It sucks now, and it has yet to face any real barriers.
c) My script would absolutely work against GNUtella.
I have not disagreed with these statments (Actually, I agree with them). I've frequently said "Gnutella clone" or "Gnutella like," but I don't really give a rats ass about the current Gnutella. Really, I'm only interested in the academic situation.. the "threat model."
There resistance you have seen to napster and company thus far is NOTHING, RIAA has yet to feel a significant pinch from this kind of piracy, but when and if they do, you can be sure heads will start rolling. In any case, time will tell.
Yes, people are capable of amazing things when they are loosing billions of dollars..
This is a psychological issue, not a mathematical or computer science one, so I do not really know how to answer it. I've argued for the hackers because I was impressed at how quickly Napster, Gnutella, and clones came out, but I made the mistake of letting my confidence about the academic side of the discussion bleed over into the psychological side. (Thanks for making me think about this importent point)
Promotion is the real monopoly of the music industry, so we hope that online promotion will allow artist who are not industry-ass-lickers to get big without the industry (ala Ani Defranco before the internet).
Unfortunatly, the artists may miss the opertunity to throw off their industry masters and control their own lives. Remember, the music industry got into this sorry shape because the artists were not goo buisness men and/or did not effectivly unionize. It's really hard to say what will happen.
I'd like to say that all our retorc about how evil the music industry is wil influence fans to move to non-industry on-line bands, but it's way too early to tell.
The only way "free music" could ever work is by the honor system - you listen to one of their songs, you give them $0.50 for each song.
No, this is not the only way free music will work. There a million "partially" free buisness models.
My personaly favorit is "music as a service," i.e. people subscribe to songs of the week services (with an archive and a way for members to review and discuss songs). Now people would pirate these things like crazy, but who cares.. it's free promotion! Your real fans will pay for access to your whole archive (with song reviewes from fans).
There would be too damn many songs in the archive for 99% of pirates to carry. Now a very small percentage of pirates would try to pirate the song of the week and the whole archive, but there would be few of these people, so you could sue them.
Anyway, lets say 1% of the people who would buy your CD pay you $20 for a year of access to the fan club song of the week service. If you did your own web page and mixing then you don't need to give this money to anyone else, so your making the same ammount of money as you would selling the CD. Plus, you have a captive audience of lisseners who visit your site every week who you can try and sell more stuff to!
Now It's a lot of work to put out a song every week, but you could get a group of musicians together to share the site. They could all put up live preformances, good jam sessions, etc. People love that shit and it don't need to be perfect, your giving them a new batch of songs next week! You sell them the perfect songs on CD from the site. There will already be 50 million songs of the same name floating arround on the pirate sites making it impossible to find the one from the CD, so they will need to buy your CD.
So please buy the CD - pay the people who deserve to make a living.
Oh yeah, buy the CD, give the music industry $15.90 and give the artist $0.10. That's really an efficent way to reward creativity.
I think it's morally reprehensable to buy a CD and support such a corupt industry. If it's a choice between riping the artist off and supporting the industry then I'll choose to rip the artist off period. Now I don't mind buying an Ani Defranco CD since she did it her self and dosn't support the industry.
The fundamental truth here is: there is no music without artists and lisseners.. we can have music without labels, music investors, CD pressing plants, busses, clubs, lighting crews, T-shirts, but we can not have music without artists and fans period. This means that no matter what kind of piracy we do the smart artists will eventually make money.
The Gay community is probable pretty effective as "getting the word out." It would be nice for people to stage a "Pink Paper subscrition cancelation athon" to punnish them for this attack on the rest of the gay press. It's always good to see a company which dose something nasty get fucked over. I suppose the most effective way to do this would be to get some of the Gay community's leaders to attack the Pink Paper and support your paper.
It does not cost schools all that much money to change firewall rules and the like
No, it dose not cost the schools much money to change teh firewalls to block or unblock a specific set based on a preset list of parameters like port, but when the firewall actaully need to start running a script to process the packets the firewall is fucked. I can make a Gnutella clone which piggybacks all traffic on an encrypted HTTP or SSH conenction with a key size which can not be cracked within a year.
Now you are about to say something stupid like "they can block HTTP access sicne students do not need to run webservers." No one said the client was opening the conenction and the server needed to be outside of a firewall. It's just as easy to route a "call me" request throug the existing network connections to the guy behind the firewall, i.e. what Gnutella dose to avoid firewalls execpt the network is piggybacked on HTTP or SSH. Now this breaks down when ALL collages implement firewalls which prevent students from running servers, but this seems unlikely.
These things are obvious to anyone who knows anything about encryption. The "threat model" for the firewall idea sucks. Now you can watch bandwidth consumtion, like I have said a hundered times, but that is a diffrent story.
With my previously mentioned perl script, which logs into the "distribution network" (whatever it may happen to be at the time), and reports the students at each offending institution, for any action the school wishes (e.g., automated network disconnect/firewall for offending student for a day), the costs are negligible. I could write it once for every instutition in a few minutes, and there is no forseeable way students can avoid this.
No, I explained that this could be prevented with a localized network topology and/or a node authentication and reputation system.
The localized network topology would limit the number of hosts ANYONE had access to. This would require the RIAA to have f(total network size) nodes on the network (f would probable be a logarithm or multiplication by a small constant). This would mean spending a crapload of money on computer systems and bandwidth. Now a localized network topology would limit your ability to find some rare songs, but when you look at detail of the problem it becomes clear, i.e. how many britney spears hits do you really need.
The authentication and reputation system would prevent the RIAA network nodes from gaining much knoledge of the network without actaully contributing something to the network.
The story remains: the RIAA is fucked. The only question is "how much work are they going to make the programmers do so that we can get our mp3s?"
And that java code must come from somewhere, each popular java code server could be firewalled or shutdown before students begin to use it.
I never said the code came from a centralized server! It's prety fucking obvious that it would travel throug the network. I mean it's a fucking file sharing network! There is low security risk because the authentication handles the security (it's easy to distribute the authentication keys too; pgp keyservers are one method). Actually, you could piggyback the Java authentication on the node authentication, i.e. send out "yeah, I looked at the source and it's clean messages". If the network did get shutdown then people would just forward the newest Java module arround via email.
You do not really seem to under stand what I'm saing. I do not care about the specifics of the "tit for tat" between universities/RIAA and students. I'm arguing that the "threat model" favors the students, i.e. it coses the school a lot of money and the school reacts slow, but it costs the students very little (a few kids getting in trouble) and the students react very fast (just look at how old Gnutella is realitive to the collages attacking Napster).
Remember that napster is more than just software and a server, it is good because the barriers to entry (for newbies) are low and because it already has a certain "velocity"
This is an importent consideration, but as the arms race progresses the reaction time of students will decrease. Also, it did not take Napster long to get it's current network.
Example: I could write a Gnutella clone whose network engin was Java driven, thus allowing students to *automatically* upgrade their stealth and participate in new networks with fundamentally better topologies. These Java modules could do all sorts of crazy thing. Now no one will write this system unless the RIAA makes us, but once writen it would kill the RIAA's chances of a technological prevention like you have been discussing.
Note: The RIAA could use Java module trojans, but this would be more illegal then copyright infringlment and it would be simple to prevent the modules from doing most nasty things.. they only need network access! Now the trojen modules might still be able to report the machine to the RIAA, but you could have an authentication chain for the Java modules to prevent the automatic use of bad ones.
Actually, why we are on the subject of malisious software. You could write a virus installer for Gnutella which also fetched some mp3s for you. The existance of this virus would provide plausable deniablility to students who run Gnutella.
Anyway, if you really consider the general trends of the arms race you will see that the technology seems to converge to "the RIAA is fucked."
BTW> The schools are not necissarily exposing themselves to legal action by ignoring piracy. The IANAL's here seems to think that the school get common carrier protection when they do nothing, but might loose common carrier protection when they "proactivly" remove the information. I think they are stil lrequired to remove any illegal information people point out, but activly looking for copyright infringment may mean they are also required to look for child porn, defimation, national security information, etc.
Regardless, common carrier protection would probable prevent the RIAA from forcing schools to spend money looking for Gnutella.. just as it prevents the RIAA from suing the phone companies over mp3s on DSL machines.
even if they can't decipher gnutella from "legitimate" connections, they can filter all incoming HTTP connections to student machines. Only a select few students run servers, fewer really "need" or desire to, and they could always ennumerate those few incoming connections.
This hurts the schools CS program.. and runs countrary to the academic mission of the school. Also, this dose not help since Gnutella servers can currently get arround firewalls. Now all universities doing this would cause Gnutella a problem, but a user friendly IRC front end could avoid these problems too. Banning IRC would be really stupid for the school, but you can get arround that by using free hosting/email services. Yes, you could write a user friendly front end to opening accounts with these services.
Although there might always be a way to get around, that does not mean that most students will have an effective way to get around most of the time that is within their means.
The whole point is that most students do not need to get arround the protections. It only takes one guy to write a user friendly interface like Gnutella.. and this one student has the open source Gnutella clones as a starting point. Hell, you could even write a user friendly interface to downloading the latest user friendly solutions to the blocking.
I have yet to read the entire protocol, rather than trying to constantly find a signature of the latest and greatest software, I see no reason why the music industry, a university, or a coalition of them, can't write a script in perl (or whatever) to search WITHIN the entire database all day long, and just create a list every day of hosts (read: students) who serve files
The current systems are vulnerable to this attack, but the legal effort to stop the students is currently prohibitive. Also, the PR results for schools are very serious.
Plus, It is probable possible to design a "localized" network which requires the music industry to have a O(network size) connections to the network for serious monitoring. This would make monitoring the network prohibitivly expencive.
Actually, automated (user friendly) authentication system ("Yeah, I got good shit from this guy") would do a btter job at preventing network monitoring then localizing the network topology, but the network topology question is a sexy math problem.
Why would a school commit to this arms race when they can just bill the kids for the extra network usage?
However, all the university has to do is block all packets that their routers can't decipher. Kind of extreme, but this may be something that may happen in the future. Of course, the routers will have to be able to handle this. Universities will not like the increase cost of upgrading their routers.
This would be ineffective since Gnutella could hid as HTML and would hurt the quality of the schools CS program.
The short-term solution is to enact draconian measures. Another thing would be to just ban Napster, Gnutella, etc... from the campus internet connection. Get the student to sign an decipherable legal document that says yada yada yada, NO!
There will *always* be a newer cooler Gnutella with avoids detection. It dose not matter what the students sign, once they start getting away with it the school will need to make examples out of a lot of people to stop it.
The only real solution is to help the students pirate via a caching server which reduces the outside internet traffic which you really pay for and/or to just charge students for extra bandwidth. I think it's pretty safe to say they will charge for bandwidth. It's loose money fighting Gnutella or make money from people using Gnutella.
It cost a lot of money to sue people, it pisses people off, and it makes people find stealther ways to share files. My friends and I were plotting an anonymous email based "statistically" anonymous system a year ago. We concluded that Gnutella/Napster's simplicity is nicer since it brings more people into the pirating community, but essentially anything the record companies do can be beaten by protocoll revisions. This means the record companies will lose an arms race since Gnutella clones have zero developement cost.
Lets pull some numbers our of our ass. Lets say it costs 20-100 million dollars to kill a Gnutella style network by suing people (US/international lawyers/lobiests, detectives, software development, managers, etc.). Lets say it takes 6 months for a kid to modify the protocoll to protect Gnutella's users. Lets say this happens every years for 5 years. This just cost our RIAA buddies 1-5 billion dollars, a lot of bad press, a lot of pissed off independent artists, etc.
Anywho, it dose not seem profitable for the RIAA to really commit to a serious fight with Gnutella. If they can get government to spend the money then they can fight, but not if they spend their own money.
This would be easy to fix, build an authentication system into gnutella which says "I've got good shit from this guy." A chain of trust would lead back to yourself, so you would know it was cool stuff.
Actually, it would make the Gnutella network stronger since you could use the authentication system to refuse to give shit to people who did not contribute anything. Leeches who do not run their servers 24/7 are the biggest problem with Gnutella today.
They can kill the Napster or Gnutella community, but there are software solutions to software attacks. This means the RIAA will lose an arms race since Gnutella has zero development cost. I hope they try.. I'd like to see them spend billions.. only to improve the file sharing software technology.