What is the most effective way to fight this? I suppose we need to let the printer companies know that we have no intrest in purchasing watermarking printers.
Also, the whenever a printer company releases a new printer someone needs to find out if they have included watermarking.. and post it to slashdot if they have.. one would hope that we could make enough commotion regarding the printer to cost the company money.
Do any printers corrently on the market support these features? It seems to me we need to send a message to the companies that going allong with the Gov. will cost them money.
It is also a good idea to get out information on how to preform the hardware modifications to change the serial number as quickly as possible. It seems to me giving the script-kiddies the ability to get someone falsly convicted of counter fitting just by examining a page the someone printed out will go a long way towards killing these things.. and will force people to only purchase printers which do not use watermarks.
Any more suggestions?
Jeff
BTW> Actually, the false convictions thing is an excellent way to fight many of the `ID the public' government programs.
Yes, you can do all those things in ASM and the guy writing the OS I was talking about did because there were no acceptable high level languages. The point is that in ASM you must do them all by hand. High level langauges will eventually surpass ASM because the compilers will do most of the tricks for you and provide a more meaningful way to think about writing the program. The problems of optimising will eventually become so complex that you will need machine aid to do it efficently. If you have a hard numerical / symbol menipulation problem to solve it is better to have a computer solve it then a human, period.
Many of you people must be living in the dark ages.. what the hell is all this talk about "it scares the hell out of me". That is like saing computers scare the hell out of me for whatever reason.
Understanding/Knowledge is inherently a good thing.. shure it can be used in harmful ways (like a computer virus).. but that is just part of the deal. These are very worth while risks because we have so much to gain.
If you don't want to evolve go live in montana or something.. the rest of us will continue about our buisness of becomming gods. I am just so sick of this fear of technology, science, and the unknown bullshit.. wether it is computers, genetics, etc.
I normally like Katz articles about hell-mouth or whatever.. I just don't read much of them because they are way too long winded.. but this one is just stupid. I suppose I should take on a few of Katz points directly:
a) What if they make a maistake and a whole generation of people is born with an undetected genetic problem? This is unlikely since people will test for a long time before making anything really widespread and even then it will not be everyone, but just a small piece of one generation, i.e. a small part of the total population. Hell, even if we do fuck ourselves up we have plenty of healthy genetic stock in countries which are too poor to afford genetic engenering.
b) What genetic engenering creates a cast system? Implicit in the statment is the idea that people will place too much importence on genetics and to litle on personality. This is highly unlikely given our current cultural climate. Psychologiest do seems to understand how importent non-genetic criteria is in determining a persons abilities. Now, if the upper casts dominance is really based on actually being able to achive more and think better then more power to them.. it is wonderful compaired to our current seperation of the classes. What would you rather a system where people's intelegence was crippled because it would be unfair to others?
c) What if Gov. controls it and uses it to make doscile people? This is unlikely for a variety of reasons. It is more likely that increased intelegence and the discrimination against members of the genetically engenered minority will create a group of people which know which way to rebel and how to do so effectivly.
Now, there are a few things to be worried about.. like the patenting of genes.
It may be writen in assembly.. and they may have put some effort into optimising it.. but I doubt they have put they have put the kind of effort that some other people have. There was one project a long time ago where this guy wrote a microkernel which used self modifing code (well actually just higher order functions) to beat out all the monolithic kerenls---instead of giving you a file handle it gave you a whole set of functions which were optimised for the way you opened the file. I think the guy achieved an order of magnitude speed increase. The coolest thing about this aproach was that most of it could have been done in a high level langauge that supportted higher order functions.
What this all means for this guy is: Assembler is not the answer to over all high speed.. compilers which allow you to take advantage of self modifing code in a structured way would be the really fast solution. Unfortunatly, people generally do not add higher order functions to fast imperitive langauge like C.
I should mention that there may be a programmer time cost associated to using these sorts of tricks in an imperitive langauge, but the functional langauges which allow the programmer to seamlessly take advantage of these things generally have other compiler problems, but it is possible that one day the functional programmers will langauge at how slow everybody elses code is because their compilers can do tricks like this and everybody else has to do a lot more work to get the same things.
Another option is this network protocoll someone is working on (i forget who or what it is called) which allows information to move arround as people get interested in it, but if no one stays interested in it then it dies out, i.e. you have a directory of mp3s which you have lissened to, but maybe don't care about. They will eventually be deleted, but people can request them before then.. and those people wil host the requested files themselves for a while. Coupled with some sort of advertising built into the mp3 this could be the best solution for good artists.. everyone sees your stuff because it's the stuff that dose not disapear from the network (people have it in their permenent directories).. and people who like it will still come to your web site and buy CDs, shirts, and other mp3s.
Despite the hype, mp3.com (and others) are just places to to put music so people can find them, they are NOT a record label.
Then perhaps what we need is a way to make it easier to sort through the crap.. Maybe a review system of some sorts?
Another idea I had: If we had a standard for packaging mp3s and a web page together and the player suported it (maybe just a tar file with a button to spawn a web browser) then artists could include visual art and information on how to purchas their CDs in the mp3.. it might make the whole exposure through mp3s thing a little more practical.
..might be for a few of you who have no good reason not to use this guys ISP (maybe yours pisses you off and you have been meaning to switch) to actually ask him if he has much of a back bone for this sort of stuff now (FBI threats) and switch to his ISP if you believe that he dose.. and tell him so../. may have made his life miserable for a little bit, but if he is really one of the good guy there is no reason that we can't make shure that he ends up better off for it (financially).
I seem to remember that the artist lives in New Jersey? Is the ISP located in NJ too? and dose it matter where he is located, i.e. dose he do web hosting. I would definitly talk to the guy about switching.. execpt that I'm in school and I get everything for free.
Regardless, if the guy really is more protecting of people's rights now, then someone out there sould definitly figure this out (by talking to him) and switch to his service. If people were to switch to him specifically for freedom based reasons then the FBI is the only looser here.. and we can all home happy.
If the FBI wants to try to surpress this then lets make shure that they can not. We need more mirrors in other countries and we need to let Mike Z. put his whole site up, not just the flick. We can spread this thing without the artists help, but then the FBI has been at least partially successful since the artist recieves less benifit from his work. If someone knows the artist please incurage him to take advantage of some the new hosting opertunities.
ERP is one of the prefect applications for open source since, as you said, so much of the logic is in the implementation.. and more money then I care to think about has been lost due to the lack of an open source ERP package.
Ironically, the soultion to one of the biggest problems with ERP packages could be exactly what would make an open source ERP package's development possible.. modularisation.
My limited experence with ERP packages is that they are these monserous programs which do a few things you need, so you must write your own system for the critical part and take advantage of the ERP program for some steps. It seems to me that an orginized effort to develop the necissary modules could provide us with a library that would get anyone who needed ERP a large part of the way to a working system.
I suspect that the cost of writing more code vs. implementing more SAP work-arrounds would eventually even out.. and the resulting product would be MUCH better suited to the needs of it's users.
The big question here is what should the modules. It is pretty straight forward to seperate some parts of the process like international tax handling, but some other parts may require a little more though as to how they sould be seperated from the rest of the system. It might be a reasonable vaporware open-source to just try and figure out what needs to be done and make a list of jobs?
I suspect that it would be extreamly profitable for a company to donate employies to wrok on bits of an open source ERP package because those developers will eventually be the best imaginable implementors of your companies ERP system.
Napster may go down the tube, but thisissorta their own fault for notmaking it open source. If it was an open source project the RIAA could not kill it since other people would pick it up or they could continue working on it in secret.
I would like to urge the people behind Napster to open source the project before it is too later.. or at least give the source out to trust worthy people with a lisence which GPLs the current Napster source if the company if forces to stop distributing it.
The good news is that now everyone knows about Napster and many many more people are probable using it now, so maybe the RIAA will actually cost themselves big time with this.. and even if they do shut down Napster an open source alternative may take it's place (though the running under Windows is importent for this type of program).
Finally, I believe it is time for those of us who wish topirate to begin developing technologies which aid in piracy. Napster is definitly the right approach since it makes it easy to make data available.
Jeff
BTW> A system that could deliver delayedmessages and make requests from your actual CD collection might be better for those hard to find songs though, i.e. it acts as a CD player too, but it records the songs allongwith your list of mp3s which are then made available. People can request that you rip a song for them and the ripiing process is almost totally automated, i.e. Napster or whatever would ask you to insert the CD for 5min.
What you are talking about is plausable deniability. The SegFS filesystem (compatible with ext2) will do a better job then the test.file mathod. It provides multiple layers of encryption and it is impossible to prove a higher layer exists from a lower layer since it puts random crap in any block that it erases.
My guess is that, by the end of next year, we could see FreeSWAN, GPG, OpenSSH and OpenSSL all getting similar cash injections.
Only if the developers live in Germany.. so if you live in Germany and are interested in working on these projects.. this might be a really good time to start. It might take a few years of major contribution to get the name, but if you are interestedanyway then that sould be worth it.
The rummor is that ths announcment did not really have much influence on RedHat's stock, but as the investors become more clueful over time we may even begin to see open source announcment have an effect on stock price. My question is:
The Law regulates what the CEO, etc. do with their stock to make a quick buck, but do these laws say anything about somebody not even imployed by the company? i.e. If some open source project I am quietly working on is going to bump up RedHat stock assuming I release it with optimal timing and lots of fanfair.. is there anyhting to keep me from casing in on the jump in stock price?
I know currently the release of open source projects appears to have no influence n stock prices, but this could change.. and with improvments to especially relivant programs like Apache, Samba, or the Kernel this is not impossible.
You do not understand.. the issues are not so much technical (though that part has to be done correctly) as social. Statistically safe dose not mean that the feds can not bust everyone.. it mearly means that they must bust most of the people to shut it down, i.e. everyone using the network participates as pears instead of using centralized servers. This is sufficent as long as the damage you incure by being brough to trial times the probability of you really being brought to trial is low.
Yes, an efficent version of the network I was describing would not send the large datafiles though the network. There are two approaches to solving this problem:
1) It would deposit them elseware on the internet.. like usenet groups, free web hosting sites, free email hosting sites, anonymous email, etc. Users of the software who wanted to avoid having direct connections to their own machine would need to keep updated scripts to exploit the anonymous resources available on the internet for such things.
2) Don't worry about it and just make the probabilities work out better, i.e. instead of making a seperate daemon which few people will use, integrate the network with a user friendly application. This is the best solution when you need to draw from a large unskilled pirate community for original source material.. like music in mp3 format. Example: Write a CD/MP3 player which keeps a browse list of other player with which it has come in contact and will trade browse lists with other players. Now, the player tracks your CD collection so anyone can request anything in your CD collection and the player will rip it for you if you put in the CD. This system's real power commes from the fact that soo many people will use it and they are all worthless to take to trial since none of them really supply that many more people then anyone else. This system is even resistant to scare prosecution since it will just make people thin out their connectivity (by starting over on another port or soemthing) thus making it harder to tell how much piracy you have prevented. Plus, you can implement various social things like allowing people to put out recomendations and stuff.
The essence of the above example is that "user friendliness" is a VERY importent a security precausion.
If you take all the factors into account you find that things really work in the small time pirates favor.. as we see in the real world. The ONLY real problem with modern real world piracy is the time it requires. Systems like the above example which trade a little bit of security for a lot of time and are user friendly could really bring out piracy. I would like to see such a system implemented while large portions of the world's population (China) do not vaule intelectual property, as this will insure the streangth of the pirate community.
Security is only as powerful as the people included. You can encrypt, but that doesn't stop anyone from just joining the network, gathering IP adresses and becoming a nark.
You do not understand.. He is not talking about security through obscurity. He is talking about a system where *statistical* security is inherent, i.e. there is nothing I can do to keep them from busting me, but the system is such that it dose them no more good to bust me then anyone else and it requires a LOT of work for them to bust everyone.
Example 1: My friends and I all run daemons which talk to each other and broadcast lists of Warez/MP3s that are available. Now, my friens have friends who I don't know and I can requests files from their lists through my friends, but I do not know the identity of the system from which I am ultimatly requesting a file.. just the ``direction'' it lies in, i.e. which one of my friens I need to send the request to. It is a network with a totally local network routing system. Finding everyone on the network is craploats of social engenering.. hell if you don't mind it being a bandwidth hog you can set it up so that there is not even any way to count how man systems are on the network.
Example 2: Move files at random between diffrent machines.. anyone can put any file into the network and anyone can take a file off the network when it is physically sitting on your machine, but no one can prove that you put a file on or removed it. Now, you the sysadmin should be protected by common carrier status since there is no way for you to monitor the traffic that moves through your site.. well.. execpt for those 50 burned CDs of music you leeched of the network as it moved through your system.. but hey your shit is your problem.. encrypt it or soemthing.
Piracy can be made safe.. and it's not really to hard.. the hard part is making it safe and user friendly. Maybe Example 1 + a CDs catologer for people to make requests for you to rip CDs you own.. now that would be cool.. especially if it was all automated. The daemon just requests that you insert bla and it rips it.
By authenticating the application you could guarantee that a certain daemon is actually THAT daemon and not a hacked telnetd for instance. Is that possible or does it make no sense at all?
This is not a good idea in general.. as it slows inovation and really removes all the benifits of open source. The better approach is to simply desgn the protocolls so that it dose not matter if you hack the daemon. SSH is a perfect example. If I replace you sshd I can not obtain your password.. only your public key, which dose me no good and I could obtain anyway if I had access to replace the daemon.
Also, remember that the person running the blessed binary controls it's enviroment and jsut because I'm taling to a blessed binary dose not mean that it can not be tricked into doing something nasty. Example: write a fake X server and a fake libc network interface which interacts with your blessed netrek client to make it do ubernasty things, but if the protocoll had been designed with appropriate constraints this woud not matter. Generally, it is much harder or imossible to design a program to be secure in a hostile eniroment.. so just do all you sensitive stuf in a frendly enviroment.
This is one of the wonderful way in which the internet community is influencing society.. I would be currious to hear projection for how much intrest the movie industry generated in this program just by threatening legal action. It is hard to gague how much intrest there was in DeCSS before this news came out, but my suspicion is that the movie industry just creaded a much bigger monster then they had to deal with before.
Now, we should realize that DLing the software today dose not necissarily impact future piracy, but it dose a) increase people's awarness of the software for when they eventually want to copy a movie and b) may attract addiotnal codders.
I think this could be a really interesting studdy.. Email interview the developers of software like DeCSS, the Game simulators, etc. and try to determin how many of them would have gotten into it in the first place and how many go into it because of soemthing like this. Maybe this could be expanded from developers to people who run the sites. I suspect it will be hard to get good statistical sampels regardless of which groups you use, but it would still be a very interesting studdy.. and it might strike fear into the hearts of some of the corperate badies too. Anyone have personal stories to post?
They were LESS liable for the behaviour of their students BEFORE they started snooping. Now that they've set a precedent of editorial control over content on their network, they will have to keep monitoring for and removing copyright violations (or potential violations, or libel, or obscenity, or any other forbidden-speech-du-jour) from now on.
This gives me an idea for a great legal system hack that someone who really wanted to ``get them back'' could use. ``Find'' a kiddy porn site hosted at CMU.. and sue them. Nope, sorry, no common carrier status. That would be just wonderful.
This has given me another idea for a way to pirate legally.. by taking advantage of the common carrier status. Use a daemon to run network of moving files (not all MP3s). I would never know what I had on my system as that would change all the time and anyone could put files into the system, so I could claim common carrier status (since I have never erased anyhting) and there would be no logs to prove that any MP3s originatted from my system. I'm not shure how well this would work in practice since people might fill it up, but I suspect it would provide some legal protection.. especially if the files you actually use for yourself (i.e. not on the network because you dont want them randomly deleted) are kept on a partiation encrypted with a plausible deniability system (SegFS) AND there were probable legal uses for the system.
His point is completely valid. I'm not defending.MP3 pirates, if they were truly running a public site they knew what they were doing was wrong. HOWEVER, I could easily see someone making the read-only password for their own.MP3 directory "MP3" so they could remember it more easily. The fact that a password isn't a good one does not make it legal to break in.
I agree totally and I would suspect that the courts would see it this way too, but I would like to hear from someone with some legal credentials.
So what can these people do about it? Can they sue or prosecute CMU for hacking into their systems? How dose one go about prosecuting these sorts of hacking attempts?
Also, is there anything we can do to encurage the victimised students to prosecute CMU? Or are there web sites to report hacking attempts to the athorities that will at least make life difficult for the people at CMU while they are investigated?
One last question.. Can someone post more information or links regarding the specifics of these hack attempts? Like maybe the names of the hackers, i.e. CMU IT personel who ran the passxword cracking program.
Standford revoked many people's access for running Linux last year.. but people easily go arround it by running port scan detectors. I think serious people will just move to that sort of system now, i.e. deny access to all on camopus computer execpt ones that lie in blocks wired to dorm rooms. This creas an interesting idea: I wonder how easy it would be to keep an updated list of RIAA and co. IP blocks? I know they can always get a short term dialup account, but that can not be as efficent as looking for people from their own systems. Any ideas?
It will take a little more work to make Piracy really safe for the windows users, but most of the time the people looking for piracy don't check out SMB shares anyway.
Speaking of making piracy safe, here is an interesting idea: use a daemon (using a random port selected at install time and automatic portscan detector) to create a network were each person's computer shares it's list of MP3s but only talked to their friends systems for everyday sorts of contact (well execpt for actually transmitting the MP3s). Sorta like an old BBS style network.. execpt with no global network map. This could go a long way to making it impossible to effectivly bust pirates. I mean they could always go after the one guy who was pirating a specifi thin (like a movie) but it would be uneconomical to just go take out the popular since every site would be equally popular and tere would be no way (short of DLing all the MP3s on the network) to KNOW that you had them all. just a though..
Why do I need my fridge networked? Why? It's not networked now and my food stays cold. All the time.
No, silly.. it's because Enlightenment needs to know you have beer in the fridge when it compiles. I know Geoff (Mandrake) pretty much always had beer in his fridge when he lived in Atlanta, but I have had to go out and buy it once or twice when I upgraded E.
Seriously, people will not bother with things like fridges.. unless they had some sort of bar-code scanning inventory device, but even then it wouldn't need to control the temp.. But some people will use other network controlled things. How many of you use cron/at for your allarm clock now? Hell, I even use atjobs insteal of setting the timer for the stove. It's kinda nice to have a unix like control of more of your world.
Security issues will probable have been worked out by the time personal things work there way down to the general public.. especially since the more dnagerous devices, like stoves, will be some of the least useful things to have on the network.
The only real problem I would expect to see is people hacking into networked phones or home security systems and spying on people.. it would be VERY useful to have a computerized phone or home security system which queued up say 30min. of footage and sent it to the cops if something happened (or was in gernal programable).
Prediction: We will see some hacking of systems at busnesses (ex: why not make elivators programmable so that the exec can cal them from his office and not need to wait) and we will probable see some privacy invasion (hell there is porable someone reading this who has evesdroped on another door room using someones soundcard).
I have seen people saing that this is a bad thing because it will be the ``special intrest groups'' which get this power. This is a pretty stupid statment because it presupposes ``all special intrest groups are bad.'' Specail intrest groups are extreamly diverse group and everyone likes some of them and dislikes some others.. so please lets talk about specific examples when we make statments like that.
Example: 1) Industry special intrest groups may loose a LOT of power since they hold power by making direct campain contrabutions, but this is by no means clear since advertising (internet or otherwize) will remain extreamly importent. 2) The Pro- and Anti- Gun Lobys which are primarily people based (as far as I know) will pobable both be effected in the same way.. which will not shift the balance of power.
Special Intrest Groups are here to say.. and many of them, like the ACLU and EFF, are extreamly importent to the future of this country. These groups are especially importent when you consider the homogonous polytical landscape that the two party system creates.
I think the answer is really to take advantage of the specail intrest groups by doing thing like making it easier for them to express their ideas to the voters. The internet voting system could provide links to special intrest group score card pages which assessed the candidates. This would be a wonderful research tool for voters who were tring to make a decission about candidates. These groups have a much longer memory then individuals and can tell you all sorts of things that you need to know. Ok, so some of them can be pretty moronic, but one would hope that people would notice eventually.
See what I mean? Patents cost MONEY. Money that people involved in OSS projects simply don't have to spend. So, what if some less-than-well-intentioned people with lots of money (say, around 100 billion for example:) ouch what a cheap shot...) start getting patents for things that are being developed as OSS projects? Can you even start to think about the ramifications of this? That's why software-patents-ARE-BAD(tm) and everyone should oppose them.
What can we do to prevent this? There have been a few ideas about making lots of prior art, but I believe there are more direct way to fight this possibility. The bigest one being internationalization of open source projects. It gets a LOT more expenciive to sue people if there are people in multiple countries working on a project. Plus, Joe GNU who gets a cease and desist letter can always continue the project.. just giving the credit to someone else.
Perhaps the EFF or some other somewhat international orginisation could host CVS servers in diffent countries. If a company harasses Joe then he just talks to the operator of a CVS server in a country which will make life difficult for the company and gets a numbered account with no ties to himself. We could also add a transport mechinism for CVS to allow you to connect to the CVS server WITHOUT it knowing where you were comming from. Now, the company needs a searh warent to see if the account login information is on his sytem and Joe can use a plausable deniability encryption System to make search warents useless (like SegFS). Hell, the patent ass wholes may stir up intrest in any project they attack, so there is NO WAY to prove that just because some anonymous person is contributing to the project means that Joe is.
I think Slashdot should adopt a policy of posting mirroring and contribution information whenever OSS project is (specifically) attacked with software patents. They know they are not going to make any money off of the guy, but the though that hundreds of geeks would suddenly take an interest in the guys project is probable enough to kep the layers at bay. I would be curious to know how many people have contributed to the Console Game Simulators because there interest was pirked by Nintendo's legal mess. (This is probable one of the best solutions)
..is not what you lissen to, but how you lissen to it. If you have a large collection of MP3s then there is a good chance that you spend a LARGE amount of time skipping songs.
Example: Song you are not in the mood for comes on, so you stop work for a second and press skip and go back to work, but just before your brain switches back to code mode another song you don't want to here right now comes on and you must stop work again.
The tradiotnal solution to this is playlists, but it is easy to have too many MP3s to use them effectivly.. or just not understand your own lissening habits.
The solution I came up with is to use a primitive AI (well not really, but almost) to try and learn my lissening habits for me. It also shows you the next 20 songs it is going to play and allows you to cancel them from the list BEFORE they start playing.. this makes an incredible diffrence in the ammount of time you waist skipping songs in random play mode. You can check out the Perl source to smartplay, but be forewarned it is proof of concept.. and not really all that stable or polished. Plus, it takes a while to really learn anyhitng about you, but maybe someday someone who really knows something about AI will pick up the idea.
Related to efficency: There is music out there, like Brian Eno, which is specifically designed (well.. sorta) to make you more productive (well.. sorta). The idea being that the music removes destractions (well.. sorta). I personally lissen to Techno since it seems to fit in well with the mind set required for programming. If your a Techno hater you should try lissening to it while your programming.. I've seen people made into Techno fans this way.
The big question is.. Can you implement a PGP Fone on this thing in software? i.e. Can you write software to take control of it's voice IO and is it fast enough to encrypt the voice transmission real time? This is the feature we need to really fix the privacy problems with cell phones. It must be done in software to get arround the export restrictions on encryption.
Slashdot Mirror
What is the most effective way to fight this? I suppose we need to let the printer companies know that we have no intrest in purchasing watermarking printers.
Also, the whenever a printer company releases a new printer someone needs to find out if they have included watermarking.. and post it to slashdot if they have.. one would hope that we could make enough commotion regarding the printer to cost the company money.
Do any printers corrently on the market support these features? It seems to me we need to send a message to the companies that going allong with the Gov. will cost them money.
It is also a good idea to get out information on how to preform the hardware modifications to change the serial number as quickly as possible. It seems to me giving the script-kiddies the ability to get someone falsly convicted of counter fitting just by examining a page the someone printed out will go a long way towards killing these things.. and will force people to only purchase printers which do not use watermarks.
Any more suggestions?
Jeff
BTW> Actually, the false convictions thing is an excellent way to fight many of the `ID the public' government programs.
Yes, you can do all those things in ASM and the guy writing the OS I was talking about did because there were no acceptable high level languages. The point is that in ASM you must do them all by hand. High level langauges will eventually surpass ASM because the compilers will do most of the tricks for you and provide a more meaningful way to think about writing the program. The problems of optimising will eventually become so complex that you will need machine aid to do it efficently. If you have a hard numerical / symbol menipulation problem to solve it is better to have a computer solve it then a human, period.
Jeff
Many of you people must be living in the dark ages.. what the hell is all this talk about "it scares the hell out of me". That is like saing computers scare the hell out of me for whatever reason.
Understanding/Knowledge is inherently a good thing.. shure it can be used in harmful ways (like a computer virus).. but that is just part of the deal. These are very worth while risks because we have so much to gain.
If you don't want to evolve go live in montana or something.. the rest of us will continue about our buisness of becomming gods. I am just so sick of this fear of technology, science, and the unknown bullshit.. wether it is computers, genetics, etc.
I normally like Katz articles about hell-mouth or whatever.. I just don't read much of them because they are way too long winded.. but this one is just stupid. I suppose I should take on a few of Katz points directly:
a) What if they make a maistake and a whole generation of people is born with an undetected genetic problem? This is unlikely since people will test for a long time before making anything really widespread and even then it will not be everyone, but just a small piece of one generation, i.e. a small part of the total population. Hell, even if we do fuck ourselves up we have plenty of healthy genetic stock in countries which are too poor to afford genetic engenering.
b) What genetic engenering creates a cast system? Implicit in the statment is the idea that people will place too much importence on genetics and to litle on personality. This is highly unlikely given our current cultural climate. Psychologiest do seems to understand how importent non-genetic criteria is in determining a persons abilities. Now, if the upper casts dominance is really based on actually being able to achive more and think better then more power to them.. it is wonderful compaired to our current seperation of the classes. What would you rather a system where people's intelegence was crippled because it would be unfair to others?
c) What if Gov. controls it and uses it to make doscile people? This is unlikely for a variety of reasons. It is more likely that increased intelegence and the discrimination against members of the genetically engenered minority will create a group of people which know which way to rebel and how to do so effectivly.
Now, there are a few things to be worried about.. like the patenting of genes.
Jeff
It may be writen in assembly.. and they may have put some effort into optimising it.. but I doubt they have put they have put the kind of effort that some other people have. There was one project a long time ago where this guy wrote a microkernel which used self modifing code (well actually just higher order functions) to beat out all the monolithic kerenls---instead of giving you a file handle it gave you a whole set of functions which were optimised for the way you opened the file. I think the guy achieved an order of magnitude speed increase. The coolest thing about this aproach was that most of it could have been done in a high level langauge that supportted higher order functions.
What this all means for this guy is: Assembler is not the answer to over all high speed.. compilers which allow you to take advantage of self modifing code in a structured way would be the really fast solution. Unfortunatly, people generally do not add higher order functions to fast imperitive langauge like C.
I should mention that there may be a programmer time cost associated to using these sorts of tricks in an imperitive langauge, but the functional langauges which allow the programmer to seamlessly take advantage of these things generally have other compiler problems, but it is possible that one day the functional programmers will langauge at how slow everybody elses code is because their compilers can do tricks like this and everybody else has to do a lot more work to get the same things.
Jeff
Another option is this network protocoll someone is working on (i forget who or what it is called) which allows information to move arround as people get interested in it, but if no one stays interested in it then it dies out, i.e. you have a directory of mp3s which you have lissened to, but maybe don't care about. They will eventually be deleted, but people can request them before then.. and those people wil host the requested files themselves for a while. Coupled with some sort of advertising built into the mp3 this could be the best solution for good artists.. everyone sees your stuff because it's the stuff that dose not disapear from the network (people have it in their permenent directories).. and people who like it will still come to your web site and buy CDs, shirts, and other mp3s.
Jeff
Despite the hype, mp3.com (and others) are just places to to put music so people can find them, they are NOT a record label.
Then perhaps what we need is a way to make it easier to sort through the crap.. Maybe a review system of some sorts?
Another idea I had: If we had a standard for packaging mp3s and a web page together and the player suported it (maybe just a tar file with a button to spawn a web browser) then artists could include visual art and information on how to purchas their CDs in the mp3.. it might make the whole exposure through mp3s thing a little more practical.
Jeff
..might be for a few of you who have no good reason not to use this guys ISP (maybe yours pisses you off and you have been meaning to switch) to actually ask him if he has much of a back bone for this sort of stuff now (FBI threats) and switch to his ISP if you believe that he dose.. and tell him so.. /. may have made his life miserable for a little bit, but if he is really one of the good guy there is no reason that we can't make shure that he ends up better off for it (financially).
I seem to remember that the artist lives in New Jersey? Is the ISP located in NJ too? and dose it matter where he is located, i.e. dose he do web hosting. I would definitly talk to the guy about switching.. execpt that I'm in school and I get everything for free.
Regardless, if the guy really is more protecting of people's rights now, then someone out there sould definitly figure this out (by talking to him) and switch to his service. If people were to switch to him specifically for freedom based reasons then the FBI is the only looser here.. and we can all home happy.
Jeff
If the FBI wants to try to surpress this then lets make shure that they can not. We need more mirrors in other countries and we need to let Mike Z. put his whole site up, not just the flick. We can spread this thing without the artists help, but then the FBI has been at least partially successful since the artist recieves less benifit from his work. If someone knows the artist please incurage him to take advantage of some the new hosting opertunities.
Jeff
ERP is one of the prefect applications for open source since, as you said, so much of the logic is in the implementation.. and more money then I care to think about has been lost due to the lack of an open source ERP package.
Ironically, the soultion to one of the biggest problems with ERP packages could be exactly what would make an open source ERP package's development possible.. modularisation.
My limited experence with ERP packages is that they are these monserous programs which do a few things you need, so you must write your own system for the critical part and take advantage of the ERP program for some steps. It seems to me that an orginized effort to develop the necissary modules could provide us with a library that would get anyone who needed ERP a large part of the way to a working system.
I suspect that the cost of writing more code vs. implementing more SAP work-arrounds would eventually even out.. and the resulting product would be MUCH better suited to the needs of it's users.
The big question here is what should the modules. It is pretty straight forward to seperate some parts of the process like international tax handling, but some other parts may require a little more though as to how they sould be seperated from the rest of the system. It might be a reasonable vaporware open-source to just try and figure out what needs to be done and make a list of jobs?
I suspect that it would be extreamly profitable for a company to donate employies to wrok on bits of an open source ERP package because those developers will eventually be the best imaginable implementors of your companies ERP system.
Jeff
Napster may go down the tube, but thisissorta their own fault for notmaking it open source. If it was an open source project the RIAA could not kill it since other people would pick it up or they could continue working on it in secret.
I would like to urge the people behind Napster to open source the project before it is too later.. or at least give the source out to trust worthy people with a lisence which GPLs the current Napster source if the company if forces to stop distributing it.
The good news is that now everyone knows about Napster and many many more people are probable using it now, so maybe the RIAA will actually cost themselves big time with this.. and even if they do shut down Napster an open source alternative may take it's place (though the running under Windows is importent for this type of program).
Finally, I believe it is time for those of us who wish topirate to begin developing technologies which aid in piracy. Napster is definitly the right approach since it makes it easy to make data available.
Jeff
BTW> A system that could deliver delayedmessages and make requests from your actual CD collection might be better for those hard to find songs though, i.e. it acts as a CD player too, but it records the songs allongwith your list of mp3s which are then made available. People can request that you rip a song for them and the ripiing process is almost totally automated, i.e. Napster or whatever would ask you to insert the CD for 5min.
What you are talking about is plausable deniability. The SegFS filesystem (compatible with ext2) will do a better job then the test.file mathod. It provides multiple layers of encryption and it is impossible to prove a higher layer exists from a lower layer since it puts random crap in any block that it erases.
jeff
My guess is that, by the end of next year, we could see FreeSWAN, GPG, OpenSSH and OpenSSL all getting similar cash injections.
Only if the developers live in Germany.. so if you live in Germany and are interested in working on these projects.. this might be a really good time to start. It might take a few years of major contribution to get the name, but if you are interestedanyway then that sould be worth it.
Jeff
The rummor is that ths announcment did not really have much influence on RedHat's stock, but as the investors become more clueful over time we may even begin to see open source announcment have an effect on stock price. My question is:
The Law regulates what the CEO, etc. do with their stock to make a quick buck, but do these laws say anything about somebody not even imployed by the company? i.e. If some open source project I am quietly working on is going to bump up RedHat stock assuming I release it with optimal timing and lots of fanfair.. is there anyhting to keep me from casing in on the jump in stock price?
I know currently the release of open source projects appears to have no influence n stock prices, but this could change.. and with improvments to especially relivant programs like Apache, Samba, or the Kernel this is not impossible.
Jeff
You do not understand.. the issues are not so much technical (though that part has to be done correctly) as social. Statistically safe dose not mean that the feds can not bust everyone.. it mearly means that they must bust most of the people to shut it down, i.e. everyone using the network participates as pears instead of using centralized servers. This is sufficent as long as the damage you incure by being brough to trial times the probability of you really being brought to trial is low.
Yes, an efficent version of the network I was describing would not send the large datafiles though the network. There are two approaches to solving this problem:
1) It would deposit them elseware on the internet.. like usenet groups, free web hosting sites, free email hosting sites, anonymous email, etc. Users of the software who wanted to avoid having direct connections to their own machine would need to keep updated scripts to exploit the anonymous resources available on the internet for such things.
2) Don't worry about it and just make the probabilities work out better, i.e. instead of making a seperate daemon which few people will use, integrate the network with a user friendly application. This is the best solution when you need to draw from a large unskilled pirate community for original source material.. like music in mp3 format. Example: Write a CD/MP3 player which keeps a browse list of other player with which it has come in contact and will trade browse lists with other players. Now, the player tracks your CD collection so anyone can request anything in your CD collection and the player will rip it for you if you put in the CD. This system's real power commes from the fact that soo many people will use it and they are all worthless to take to trial since none of them really supply that many more people then anyone else. This system is even resistant to scare prosecution since it will just make people thin out their connectivity (by starting over on another port or soemthing) thus making it harder to tell how much piracy you have prevented. Plus, you can implement various social things like allowing people to put out recomendations and stuff.
The essence of the above example is that "user friendliness" is a VERY importent a security precausion.
If you take all the factors into account you find that things really work in the small time pirates favor.. as we see in the real world. The ONLY real problem with modern real world piracy is the time it requires. Systems like the above example which trade a little bit of security for a lot of time and are user friendly could really bring out piracy. I would like to see such a system implemented while large portions of the world's population (China) do not vaule intelectual property, as this will insure the streangth of the pirate community.
Jeff
Security is only as powerful as the people included. You can encrypt, but that doesn't stop anyone from just joining the network, gathering IP adresses and becoming a nark.
You do not understand.. He is not talking about security through obscurity. He is talking about a system where *statistical* security is inherent, i.e. there is nothing I can do to keep them from busting me, but the system is such that it dose them no more good to bust me then anyone else and it requires a LOT of work for them to bust everyone.
Example 1: My friends and I all run daemons which talk to each other and broadcast lists of Warez/MP3s that are available. Now, my friens have friends who I don't know and I can requests files from their lists through my friends, but I do not know the identity of the system from which I am ultimatly requesting a file.. just the ``direction'' it lies in, i.e. which one of my friens I need to send the request to. It is a network with a totally local network routing system. Finding everyone on the network is craploats of social engenering.. hell if you don't mind it being a bandwidth hog you can set it up so that there is not even any way to count how man systems are on the network.
Example 2: Move files at random between diffrent machines.. anyone can put any file into the network and anyone can take a file off the network when it is physically sitting on your machine, but no one can prove that you put a file on or removed it. Now, you the sysadmin should be protected by common carrier status since there is no way for you to monitor the traffic that moves through your site.. well.. execpt for those 50 burned CDs of music you leeched of the network as it moved through your system.. but hey your shit is your problem.. encrypt it or soemthing.
Piracy can be made safe.. and it's not really to hard.. the hard part is making it safe and user friendly. Maybe Example 1 + a CDs catologer for people to make requests for you to rip CDs you own.. now that would be cool.. especially if it was all automated. The daemon just requests that you insert bla and it rips it.
Jeff
By authenticating the application you could guarantee that a certain daemon is actually THAT daemon and not a hacked telnetd for instance. Is that possible or does it make no sense at all?
This is not a good idea in general.. as it slows inovation and really removes all the benifits of open source. The better approach is to simply desgn the protocolls so that it dose not matter if you hack the daemon. SSH is a perfect example. If I replace you sshd I can not obtain your password.. only your public key, which dose me no good and I could obtain anyway if I had access to replace the daemon.
Also, remember that the person running the blessed binary controls it's enviroment and jsut because I'm taling to a blessed binary dose not mean that it can not be tricked into doing something nasty. Example: write a fake X server and a fake libc network interface which interacts with your blessed netrek client to make it do ubernasty things, but if the protocoll had been designed with appropriate constraints this woud not matter. Generally, it is much harder or imossible to design a program to be secure in a hostile eniroment.. so just do all you sensitive stuf in a frendly enviroment.
Jeff
This is one of the wonderful way in which the internet community is influencing society.. I would be currious to hear projection for how much intrest the movie industry generated in this program just by threatening legal action. It is hard to gague how much intrest there was in DeCSS before this news came out, but my suspicion is that the movie industry just creaded a much bigger monster then they had to deal with before.
Now, we should realize that DLing the software today dose not necissarily impact future piracy, but it dose a) increase people's awarness of the software for when they eventually want to copy a movie and b) may attract addiotnal codders.
I think this could be a really interesting studdy.. Email interview the developers of software like DeCSS, the Game simulators, etc. and try to determin how many of them would have gotten into it in the first place and how many go into it because of soemthing like this. Maybe this could be expanded from developers to people who run the sites. I suspect it will be hard to get good statistical sampels regardless of which groups you use, but it would still be a very interesting studdy.. and it might strike fear into the hearts of some of the corperate badies too. Anyone have personal stories to post?
Jeff
They were LESS liable for the behaviour of their students BEFORE they started snooping. Now that they've set a precedent of editorial control over content on their network, they will have to keep monitoring for and removing copyright violations (or potential violations, or libel, or obscenity, or any other forbidden-speech-du-jour) from now on.
This gives me an idea for a great legal system hack that someone who really wanted to ``get them back'' could use. ``Find'' a kiddy porn site hosted at CMU.. and sue them. Nope, sorry, no common carrier status. That would be just wonderful.
This has given me another idea for a way to pirate legally.. by taking advantage of the common carrier status. Use a daemon to run network of moving files (not all MP3s). I would never know what I had on my system as that would change all the time and anyone could put files into the system, so I could claim common carrier status (since I have never erased anyhting) and there would be no logs to prove that any MP3s originatted from my system. I'm not shure how well this would work in practice since people might fill it up, but I suspect it would provide some legal protection.. especially if the files you actually use for yourself (i.e. not on the network because you dont want them randomly deleted) are kept on a partiation encrypted with a plausible deniability system (SegFS) AND there were probable legal uses for the system.
Jeff
His point is completely valid. I'm not defending .MP3 pirates, if they were truly running a public site they knew what they were doing was wrong. HOWEVER, I could easily see someone making the read-only password for their own .MP3 directory "MP3" so they could remember it more easily. The fact that a password isn't a good one does not make it legal to break in.
I agree totally and I would suspect that the courts would see it this way too, but I would like to hear from someone with some legal credentials.
So what can these people do about it? Can they sue or prosecute CMU for hacking into their systems? How dose one go about prosecuting these sorts of hacking attempts?
Also, is there anything we can do to encurage the victimised students to prosecute CMU? Or are there web sites to report hacking attempts to the athorities that will at least make life difficult for the people at CMU while they are investigated?
One last question.. Can someone post more information or links regarding the specifics of these hack attempts? Like maybe the names of the hackers, i.e. CMU IT personel who ran the passxword cracking program.
Jeff
Standford revoked many people's access for running Linux last year.. but people easily go arround it by running port scan detectors. I think serious people will just move to that sort of system now, i.e. deny access to all on camopus computer execpt ones that lie in blocks wired to dorm rooms. This creas an interesting idea: I wonder how easy it would be to keep an updated list of RIAA and co. IP blocks? I know they can always get a short term dialup account, but that can not be as efficent as looking for people from their own systems. Any ideas?
It will take a little more work to make Piracy really safe for the windows users, but most of the time the people looking for piracy don't check out SMB shares anyway.
Speaking of making piracy safe, here is an interesting idea: use a daemon (using a random port selected at install time and automatic portscan detector) to create a network were each person's computer shares it's list of MP3s but only talked to their friends systems for everyday sorts of contact (well execpt for actually transmitting the MP3s). Sorta like an old BBS style network.. execpt with no global network map. This could go a long way to making it impossible to effectivly bust pirates. I mean they could always go after the one guy who was pirating a specifi thin (like a movie) but it would be uneconomical to just go take out the popular since every site would be equally popular and tere would be no way (short of DLing all the MP3s on the network) to KNOW that you had them all. just a though..
Jeff
Why do I need my fridge networked? Why? It's not networked now and my food stays cold. All the time.
No, silly.. it's because Enlightenment needs to know you have beer in the fridge when it compiles. I know Geoff (Mandrake) pretty much always had beer in his fridge when he lived in Atlanta, but I have had to go out and buy it once or twice when I upgraded E.
Seriously, people will not bother with things like fridges.. unless they had some sort of bar-code scanning inventory device, but even then it wouldn't need to control the temp.. But some people will use other network controlled things. How many of you use cron/at for your allarm clock now? Hell, I even use atjobs insteal of setting the timer for the stove. It's kinda nice to have a unix like control of more of your world.
Security issues will probable have been worked out by the time personal things work there way down to the general public.. especially since the more dnagerous devices, like stoves, will be some of the least useful things to have on the network.
The only real problem I would expect to see is people hacking into networked phones or home security systems and spying on people.. it would be VERY useful to have a computerized phone or home security system which queued up say 30min. of footage and sent it to the cops if something happened (or was in gernal programable).
Prediction: We will see some hacking of systems at busnesses (ex: why not make elivators programmable so that the exec can cal them from his office and not need to wait) and we will probable see some privacy invasion (hell there is porable someone reading this who has evesdroped on another door room using someones soundcard).
Jeff
I have seen people saing that this is a bad thing because it will be the ``special intrest groups'' which get this power. This is a pretty stupid statment because it presupposes ``all special intrest groups are bad.'' Specail intrest groups are extreamly diverse group and everyone likes some of them and dislikes some others.. so please lets talk about specific examples when we make statments like that.
Example: 1) Industry special intrest groups may loose a LOT of power since they hold power by making direct campain contrabutions, but this is by no means clear since advertising (internet or otherwize) will remain extreamly importent. 2) The Pro- and Anti- Gun Lobys which are primarily people based (as far as I know) will pobable both be effected in the same way.. which will not shift the balance of power.
Special Intrest Groups are here to say.. and many of them, like the ACLU and EFF, are extreamly importent to the future of this country. These groups are especially importent when you consider the homogonous polytical landscape that the two party system creates.
I think the answer is really to take advantage of the specail intrest groups by doing thing like making it easier for them to express their ideas to the voters. The internet voting system could provide links to special intrest group score card pages which assessed the candidates. This would be a wonderful research tool for voters who were tring to make a decission about candidates. These groups have a much longer memory then individuals and can tell you all sorts of things that you need to know. Ok, so some of them can be pretty moronic, but one would hope that people would notice eventually.
Jeff
See what I mean? Patents cost MONEY. Money that people involved in OSS projects simply don't have to spend. So, what if some less-than-well-intentioned people with lots of money (say, around 100 billion for example :) ouch what a cheap shot...) start getting patents for things that are being developed as OSS projects? Can you even start to think about the ramifications of this? That's why software-patents-ARE-BAD(tm) and everyone should oppose them.
What can we do to prevent this? There have been a few ideas about making lots of prior art, but I believe there are more direct way to fight this possibility. The bigest one being internationalization of open source projects. It gets a LOT more expenciive to sue people if there are people in multiple countries working on a project. Plus, Joe GNU who gets a cease and desist letter can always continue the project.. just giving the credit to someone else.
Perhaps the EFF or some other somewhat international orginisation could host CVS servers in diffent countries. If a company harasses Joe then he just talks to the operator of a CVS server in a country which will make life difficult for the company and gets a numbered account with no ties to himself. We could also add a transport mechinism for CVS to allow you to connect to the CVS server WITHOUT it knowing where you were comming from. Now, the company needs a searh warent to see if the account login information is on his sytem and Joe can use a plausable deniability encryption System to make search warents useless (like SegFS). Hell, the patent ass wholes may stir up intrest in any project they attack, so there is NO WAY to prove that just because some anonymous person is contributing to the project means that Joe is.
I think Slashdot should adopt a policy of posting mirroring and contribution information whenever OSS project is (specifically) attacked with software patents. They know they are not going to make any money off of the guy, but the though that hundreds of geeks would suddenly take an interest in the guys project is probable enough to kep the layers at bay. I would be curious to know how many people have contributed to the Console Game Simulators because there interest was pirked by Nintendo's legal mess. (This is probable one of the best solutions)
Jeff
..is not what you lissen to, but how you lissen to it. If you have a large collection of MP3s then there is a good chance that you spend a LARGE amount of time skipping songs.
Example: Song you are not in the mood for comes on, so you stop work for a second and press skip and go back to work, but just before your brain switches back to code mode another song you don't want to here right now comes on and you must stop work again.
The tradiotnal solution to this is playlists, but it is easy to have too many MP3s to use them effectivly.. or just not understand your own lissening habits.
The solution I came up with is to use a primitive AI (well not really, but almost) to try and learn my lissening habits for me. It also shows you the next 20 songs it is going to play and allows you to cancel them from the list BEFORE they start playing.. this makes an incredible diffrence in the ammount of time you waist skipping songs in random play mode. You can check out the Perl source to smartplay, but be forewarned it is proof of concept.. and not really all that stable or polished. Plus, it takes a while to really learn anyhitng about you, but maybe someday someone who really knows something about AI will pick up the idea.
Related to efficency: There is music out there, like Brian Eno, which is specifically designed (well.. sorta) to make you more productive (well.. sorta). The idea being that the music removes destractions (well.. sorta). I personally lissen to Techno since it seems to fit in well with the mind set required for programming. If your a Techno hater you should try lissening to it while your programming.. I've seen people made into Techno fans this way.
Jeff
The big question is.. Can you implement a PGP Fone on this thing in software? i.e. Can you write software to take control of it's voice IO and is it fast enough to encrypt the voice transmission real time? This is the feature we need to really fix the privacy problems with cell phones. It must be done in software to get arround the export restrictions on encryption.
Jeff