This "alliance" is a plot run by the PR firm Dittus Communications. The contacts given for the alliance are all Dittus employees. The domain name "alliancefordigitalprogress.org" is registered to Dittus Communications.
Among their clients, Dittus Commuications
counts BSA (Business Software Alliance), Intel and Microsoft.
So, how does Dittus work? Go to dittus.com to find out. Clicking on "services", then "coalitions & grassroots" gives you this:
Dittus tailors each coalition and grassroots program to help our clients run a successful campaign. We will recruit and mobilize the right people to help you influence key decision makers and retain their support. Through experience, effective monitoring, innovation and the ability to deliver the right message at the appropriate decision points, Dittus will help you win.
Coalition Building Support voiced from the right allies can vastly amplify your message and add credibility to your argument. Marshalling diverse players can be a delicate art, and Dittus Communications has a flair for it. On a range of hotly debated issues, we have successfully managed varied alliances across the political spectrum.
Grassroots Organizing The quickest way to policymakers' hearts is through their backyards. Time and again, Dittus Communications has demonstrated an uncanny gift for grassroots campaign management. We're known for finding innovative ways to mobilize widespread support and sway important votes.
Now, click on "clients" on the main menu to the left, then "case
studies". Read through a couple of the studies, for example "Americans
for Computer Privacy" (text mirrored below). Interestingly, you'll find that Dittus was
behind the strategy and campaign that in the end lifted U.S. export limitations on
strong encryption. Now of course, the current DRM campaign they are running
on behalf of their clients, is pretty much the opposite of the goals
of "Americans for Computer Privacy". This campaign is no more than a
call for unregulated, oligopoly-controlled implementation of TCPA /
Palladium, but of course they never mention TCPA/Palladium. I am not
surprised to find all of the TCPA founding members in this so
called "Alliance for Digital Progress".
This is a fight were it is in the public interest that both parties fail.
Here's Dittus' own case study on how they helped relax U.S. encryption regulations:
"In one six-month period, Dittus Communications generated more than
130 million media impressions."
CHALLENGE Encryption systems, which scramble electronic communications and
information, allow users to communicate on the internet with
confidence in the knowledge that their security and privacy are
protected. In 1998, however, American manufacturers were facing heavy
export restrictions by the U.S. government on U.S.-made encryption
products, thus restricting American manufacturers from meeting global
demand. Momentum was also building in Washington for policies that
would allow the FBI to unlock encrypted information.
STRATEGY An existing client asked Dittus Communications to draft a
strategic plan that would rally the support of other industries and
manufacturers similarly affected by U.S. encryption policies. The
Dittus plan called for the creation of a "strange bedfellows"
coalition that would energize organizations outside of the technology
community to support encryption policy and oppose the FBI's mandatory
key recovery proposal. Dittus also recognized that the issues
surrounding the encryption debate would have to be reframed in order
to broaden support among the memeber organizations and in
Congress. After conducting significant focus group research, Dittus
reframed the debate to focus on privacy and security. And thus
Americans for Computer Privacy was born.
Dittus then actively recruited groups such as the Louisiana
Sheriff's Association, Americans for Tax Reform, and the Eagle Forum
to join the coalition. Dittus helped build and manage the coalition
that grew to 40 trade associations and more than 100 companies
representing financial services, manufacturing, high- tech, and
trasportation industries as well as law enforcement, civil-liberty,
taxpayer, and privacy groups.
Understanding that Members of Congress needed to hear from their
constituents regarding this issue, Dittus mounted an extensive public
affairs campaign nationally and in targeted congressional districts
that delivered favorable editorials; placed ads, op- eds and letters
to the editor; and generated grassroots, third- party, and coalition
support. Our objective was to convince lawmakers to reform current
policy and to stop the passage of anti-privacy legislation.
We organized Hill drops, visiting every congressional office with
ACP information packets; established relationships with key staff and
press secretaries; organized demonstrations and briefings; and
developed press/lobby kits and papers. Building widespread, vocal
grassroots support among targeted congressional constituencies was
critical. We targeted the campaign to the markets of lawmakers who
were either undecided about the issue or against it.
RESULTS In one six-month period, Dittus Communications genereated more
than 130 million media impressions on the coalition's position. We
earned favorable coverage in the Boston Globe, Chicago Tribune,
Houston Chronicle, Los Angeles Times, New York Times, San Fransisco
Chronicle, USA Today, Washington Post, Wall Street Journal, Business
Daily, Newsweek, Roll Call, PC Magazine, Internet Week, Time,
U.S. News & World Report, and Wired. We also booked ACP spokespeople
on Bloomberg TV, MSNBC, the Fox News Channel, and all three major TV
networks, as well as radio talk shows nationwide.
Our campaign created a groundswell of public and congressional
support for the SAFE Act and killed the third- party key recovery
plan. It also brought the Administration, which had shown little
movement in support of ACP's position on the issue, to the negotiating
table. The Administration also eased its encryption export policy,
allowing American companies to export strong encryption overseas.
At least two companies have started working on a TCPA-compliant version of GNU/Linux.
So, is there a problem? Yes, there is. You can't modify the kernel. If you try, it will not be trusted by the TCPA chip and so no application running on that kernel can gain access to any feature, media or application that requires TCPA. Certifying a Linux kernel (or any other OS) as TCPA-compliant is expensive and you would need to do it for every modification of the kernel. What value is the GPL if you can't use the source to create your own kernel?
Ross Anderson's TCPA / Palladium FAQ has a more detailed discussion (excerpt from section 18):
[TCPA hardware is referred to as the "Fritz chip" in the FAQ]
TCPA will undermine the General Public License (GPL), under which many
free and open source software products are distributed. The GPL is
designed to prevent the fruits of communal voluntary labour being
hijacked by private companies for profit. Anyone can use and modify
software distributed under this licence, but if you distribute a
modified copy, you must make it available to the world, together with
the source code so that other people can make subsequent modifications
of their own.
At least two companies have started work on a TCPA-enhanced version of
GNU/linux. This will involve tidying up the code and removing a
number of features. To get a certificate from the TCPA corsortium, the
sponsor will then have to submit the pruned code to an evaluation lab,
together with a mass of documentation showing why various known
attacks on the code don't work. (The evaluation is at level E3 -
expensive enough to keep out the free software community, yet lax
enough for most commercial software vendors to have a chance to get
their lousy code through.) Although the modified program will be
covered by the GPL, and the source code will be free to everyone, it
will not make full use of the TCPA features unless you have a
certificate for it that is specific to the Fritz chip on your own
machine. That is what will cost you money (if not at first, then
eventually).
You will still be free to make modifications to the modified code, but
you won't be able to get a certificate that gets you into the TCPA
system. Something similar happens with the linux supplied by
Sony for the Playstation 2; the console's copy protection
mechanisms prevent you from running an altered binary, and from using
a number of the hardware features. Even if a philanthropist does a
not-for-profit secure GNU/linux, the resulting product would not
really be a GPL version of a TCPA operating system, but a proprietary
operating system that the philanthropist could give away free. (There
is still the question of who would pay for the user certificates.)
People believed that the GPL made it impossible for a company to come
along and steal code that was the result of community effort. This
helped make people willing to give up their spare time to write free
software for the communal benefit. But TCPA changes that. Once the
majority of PCs on the market are TCPA-enabled, the GPL won't work as
intended. The benefit for Microsoft is not that this will destroy free
software directly. The point is this: once people realise that even
GPL'led software can be hijacked for commercial purposes, idealistic
young programmers will be much less motivated to write free software.
So who is Ross Anderson? He is at Cambridge University, UK. From his homepage:
I lead the security group at the laboratory, where I hold a faculty post as Reader in Security Engineering.
I don't think Andersson is, as you suggest, biased against TCPA / Palladium and certainly not "heavily biased" (see Bill Arbaugh's comment below). His analysis does however point out very serious consequences of the TCPA / Palladium infrastructure. The consequences are what they are, Anderson just made a very good job in formulating them.
We are all aware of the criticisms that the TCPA has received. Ross Anderson did a good job of explaining the problems in an abstract fashion, but I felt that there were some things left out (Privacy concerns).
By the way, trustedcomputing.org does not allow the general public to view the member list anymore. You can however see one list of 170+ member companies in Lucky Green's presentation below (links from http://www.cypherpunks.to/:
You mean I'll finally be able to trust. . . my computer to reject spam, viruses, spyware, do what I tell it to, not do what I don't tell it to and not worry about it "phoning home" to my software and "content" suppliers without my express permission?
Wrong on all accounts, unfortunately. TCPA / Palladium is not a solution to those problems, and in some cases is exactly the opposite to what you would like. Read the FAQ, to see why.
24. So why is this called `Trusted Computing'? I don't see why I should trust it at all!
It's almost an in-joke. In the US Department of Defense, a `trusted system or component' is defined as `one which can break the security policy'. This might seem counter-intuitive at first, but just stop to think about it. The mail guard or firewall that stands between a Secret and a Top Secret system can - if it fails - break the security policy that mail should only ever flow from Secret to Top Secret, but never in the other direction. It is therefore trusted to enforce the information flow policy.
Or take a civilian example: suppose you trust your doctor to keep your medical records private. This means that he has access to your records, so he could leak them to the press if he were careless or malicious. You don't trust me to keep your medical records, because I don't have them; regardless of whether I like you or hate you, I can't do anything to affect your policy that your medical records should be confidential. Your doctor can, though; and the fact that he is in a position to harm you is really what is meant (at a system level) when you say that you trust him. You may have a warm feeling about him, or you may just have to trust him because he is the only doctor on the island where you live; no matter, the DoD definition strips away these fuzzy, emotional aspects of `trust' (that can confuse people).
Remember during the late 1990s, as people debated government control over cryptography, Al Gore proposed a `Trusted Third Party' - a service that would keep a copy of your decryption key safe, just in case you (or the FBI, or the NSA) ever needed it. The name was derided as the sort of marketing exercise that saw the Russian colony of East Germany called a `Democratic Republic'. But it really does chime with DoD thinking. A Trusted Third Party is a third party that can break your security policy.
25. So a `Trusted Computer' is one that can break my security?
On the membership page, they have this little blurb:
Internet Piracy Membership:
This level of membership is for software developers who are against unauthorized distribution of their products on the Internet and wish to be part of the latest advances in industry efforts to combat this growing problem. BSA recently deployed an automated web crawler to search for and identify instances of Internet piracy involving member products.
WTF? When did they create an anti-piracy spider? And why was that relevant to a membership level?
I wonder if their spider honors/robot.txt?
Anybody noticed their spider in a webserver logfile?
There's also Opencascade.com and OpenCascade.org, with which you can build high quality CAD software. For example, the GPL-licensed exoTK CAD application is built using OpenCascade. See the screenshots here. Many other industrial CAD solutions are built using OpenCascade.
The OpenCascade license, although they call it open source, doesn't seem to be one of the approved Open Source licenses yet, though.
From the OpenCascade.com website:
Open CASCADE is an EADS Matra Datavision subsidiary, founded in January 2001. The 100-member team (including 80 developers) works in France. The company's mission is to provide services and support for industrial users, software editors and research workers for their development projects based on Open CASCADE 3D modeling components.
Code signing has it problems. Would you for example install a component that was signed by "Microsoft Corporation"? You should not do that. (Read the article The Age).
...but it is a document which the inventor of TCPA himself, Bill Arbaugh, seem to agree with. He opens his comment on Ross Anderson with this statement:
"We are all aware of the criticisms that the TCPA has received. Ross Anderson did a good job of explaining the problems in an abstract fashion, but I felt that there were some things left out (Privacy concerns)." (my emphasis).
You write:
And I don't care if he uses words like "could" or "may" or any other wishy-washy term.
The rest of your comment, "Reality Master 101", builds on ignoring what Anderson is actually saying and is thus just a straw manargument, with which you have apparently fooled yourself.
No, they aren't. Palladium will NEVER stop you from running unsigned code. Never. Ever.
So what if Palladium lets your GPL program run, it wouldn't matter at all. This is because your GPL program will not be able, or rather allowed to, access the Palladium infrastructure in order to get the needed cryptographic credentials to perform certain tasks. So yes, your program will run, but no, it won't be able to do anything useful for you, not for anything that requires access to Palladium. And that would be mission completed for Microsoft: GPL software rendered useless.
The easily fooled will probably be glad to hear that the full source code to Palladium will likely be made available. Again, the source code is as powerless as your GPL program, and is of no use to you - even with the source, you can not make modifications to it and run the modified version in place of the version endorsed by Microsoft.
Furthermore, Microsoft already has a license in place that exludes open source development and specifically GPL and LGPL open source, see this article by Bruce Perens
Yes, there are people who are LYING about Palladium. Yes, LYING.
If you are aware of any lie in Ross Anderson's TCPA/Palladium FAQ, please state what it is.
It's exactly the same as if Microsoft changed the Windows license to say you could not run any GPL programs under the Windows operating system. Imagine the screaming that would take place if they tried that.
Microsoft are busy working on just this and it's much worse than you would imagine. See the TCPA/Palladium FAQ.
There will have to be some premium to account for non-pro-rata overhead and transaction costs, plus the safety margin to pay for all the music doesn't sell (a premium you pay automatically when you buy an album with tracks you never listen to).
I say good riddance - never listen to another filler track, stop making them in the first place! Just because the album format has room for a couple more songs doesn't mean there's any good reason to use that space.
Yet another problem with cheap online music (I keep thinking of more) is that it will undermine the brick retailers
In related news, the car industry is going to be outlawed because it is hurting the makers of horse wagons.
Nobody forces anyone to stay in the CD retailer business and who looks at posters anyway? I hear most of the new (and old!) music of internet radio and buy my CD:s over the net - I haven't visited a record store in two or three years now. I have no reason to. The owners of traditional retail stores have a choice, adapt or quit. Adaption may mean they'll have to do something entirely different - if so, they're just the latest victims of the industrial revolution. I have no interest at all in subsidizing them with a higher price on media bought over the net.
For Windows, there's the full-featured FusionsSoft DVD Player which is described as published under the GPL license, but where is the source? The indicated home page of the project is constantly over its monthly bandwidth quota. The last version available seems to be from July, 2002, version 5.0.0.1.
The binaries for FusionSoft DVD Player can be found here. Gut again, since it's GPL, the sources should be somewhere. The program itself is multilingual, although you may have to do some german to download it and some french during the installation.
You are apparently not aware that it was Microsoft themselves who posted all these documents publically on their FTP server.
Nobody "stole private documents", hacked the server or anything like that. Best of all, it's Microsofts own marketing droids who posted these documents.
"In the United States, certification authority VeriSign failed spectacularly in its role when, in early 2001, it accidentally issued a key pair to someone - it doesn't know who, or isn't saying - under the name "Microsoft Corporation". This allowed the mystery hacker to sign software under this name.
Anyone installing this software was assured that the software originated from "Microsoft Corporation", which, of course, it didn't.
The only way Microsoft could fix this blunder was to patch the operating systems of all its customers to deliberately reject anything signed with this key."
When Search King manipulated the search results, they put Google's reputation as a reliable and impartial search engine at risk, thereby causing Google financial risk in the first place.
Thus Search King is suing Google for manipulation, because Google is protecting their own business against Search King's manipulation. Where can I place a bet on the outcome of this lawsuit?:-)
Re:Impressive but can you do this?
on
Lego Segway
·
· Score: 2
Was the robot zigzaging across the straight line before the crossing? I guess that would be one source of trouble, as it might be leaving the track on the other side just because it was zigging or zagging as it entered the crossing area. With a buffered bot, it ought to be possible to avoid zigzaging, stay on a relatively straight heading and thus avoid leaving the track while crossing.
For turning, extend the dead reckoning code to also keep track of the rate of turning. Then you can also handle the situation where a crossing shows up in the middle of a turn, by continuing to turn at the same rate while crossing.
Next, it needs a web interface, an OGG player, cam and a robotic arm to turn on the coffee machine, and... oh wait, that would be the ER1 from Evolution Robotics. I'm not sure if it can turn on the coffee machine, but it can deliver your pizza and hunt down people!
Re:Impressive but can you do this?
on
Lego Segway
·
· Score: 2
When you're turning, take that into account when you cross lines. Track you position and turning by dead reckoning - i.e. integrate the distance that each wheel travels.
Keep your sensors over the edge of the line rather than outside or inside, so that you can compensate sooner for a turn. When you're on track you'll have both sensors "gray". If one of your sensors goes "white" while the other goes "black" you need to turn. If one sensor goes "black" while the other stays "gray", or both go "black" you're approaching a crossover - keep on going on the same heading. You need to test out suitable treshold levels of course. You might even be able to do this without buffering, but it'll be a smoother ride with buffering as you can avoid overcompensating.
Uh, is this you school assignment? In that case you must either immediately disregard any hints on how to solve this or give full credit.:-)
Re:Impressive but can you do this?
on
Lego Segway
·
· Score: 2
A buffer implies storing more than one sensor readings. It is obvious that you need to store enough readings to have the far end of the crossing in the buffer together with the near end.
You can buy yourself time to react by moving the sensors forward. You need to do this anyway to compensate for the amount of distance/time represented in the buffer readings and the time needed for making decisions.
Slashdot Mirror
Among their clients, Dittus Commuications counts BSA (Business Software Alliance), Intel and Microsoft.
These simple facts are revealed by Dittus' press release, about yesterday's event and the actual press release from the event.
So, how does Dittus work? Go to dittus.com to find out. Clicking on "services", then "coalitions & grassroots" gives you this:
Now, click on "clients" on the main menu to the left, then "case studies". Read through a couple of the studies, for example "Americans for Computer Privacy" (text mirrored below). Interestingly, you'll find that Dittus was behind the strategy and campaign that in the end lifted U.S. export limitations on strong encryption. Now of course, the current DRM campaign they are running on behalf of their clients, is pretty much the opposite of the goals of "Americans for Computer Privacy". This campaign is no more than a call for unregulated, oligopoly-controlled implementation of TCPA / Palladium, but of course they never mention TCPA/Palladium. I am not surprised to find all of the TCPA founding members in this so called "Alliance for Digital Progress".
This is a fight were it is in the public interest that both parties fail.
Here's Dittus' own case study on how they helped relax U.S. encryption regulations:
Ah, the joys of money.So, is there a problem? Yes, there is. You can't modify the kernel. If you try, it will not be trusted by the TCPA chip and so no application running on that kernel can gain access to any feature, media or application that requires TCPA. Certifying a Linux kernel (or any other OS) as TCPA-compliant is expensive and you would need to do it for every modification of the kernel. What value is the GPL if you can't use the source to create your own kernel?
Ross Anderson's TCPA / Palladium FAQ has a more detailed discussion (excerpt from section 18):
[TCPA hardware is referred to as the "Fritz chip" in the FAQ]
I don't think Andersson is, as you suggest, biased against TCPA / Palladium and certainly not "heavily biased" (see Bill Arbaugh's comment below). His analysis does however point out very serious consequences of the TCPA / Palladium infrastructure. The consequences are what they are, Anderson just made a very good job in formulating them.
He is far from alone in his view on TCPA / Palladium. In fact, Bill Arbaugh, one of the inventors of TCPA (US patent 6,185,678 here), has second thoughts. His comment on Anderson begins:
By the way, trustedcomputing.org does not allow the general public to view the member list anymore. You can however see one list of 170+ member companies in Lucky Green's presentation below (links from http://www.cypherpunks.to/:
Other resources with much information are:
Wrong on all accounts, unfortunately. TCPA / Palladium is not a solution to those problems, and in some cases is exactly the opposite to what you would like. Read the FAQ, to see why.
Read it here: http://www.cl.cam.ac.uk/%7Erja14/tcpa-faq.html
The two last sections are worth repeating here:
Anybody noticed their spider in a webserver logfile?
The OpenCascade license, although they call it open source, doesn't seem to be one of the approved Open Source licenses yet, though.
From the OpenCascade.com website:
Another recent code signing problem from Microsoft was also discussed recently on Slashdot.
"We are all aware of the criticisms that the TCPA has received. Ross Anderson did a good job of explaining the problems in an abstract fashion, but I felt that there were some things left out (Privacy concerns)." (my emphasis).
You write:
The rest of your comment, "Reality Master 101", builds on ignoring what Anderson is actually saying and is thus just a straw man argument, with which you have apparently fooled yourself.
So what if Palladium lets your GPL program run, it wouldn't matter at all. This is because your GPL program will not be able, or rather allowed to, access the Palladium infrastructure in order to get the needed cryptographic credentials to perform certain tasks. So yes, your program will run, but no, it won't be able to do anything useful for you, not for anything that requires access to Palladium. And that would be mission completed for Microsoft: GPL software rendered useless.
The easily fooled will probably be glad to hear that the full source code to Palladium will likely be made available. Again, the source code is as powerless as your GPL program, and is of no use to you - even with the source, you can not make modifications to it and run the modified version in place of the version endorsed by Microsoft.
Furthermore, Microsoft already has a license in place that exludes open source development and specifically GPL and LGPL open source, see this article by Bruce Perens
If you are aware of any lie in Ross Anderson's TCPA/Palladium FAQ, please state what it is.
Microsoft are busy working on just this and it's much worse than you would imagine. See the TCPA/Palladium FAQ.
Translations: German, Spanish, Italian, Dutch, Chinese, Norwegian, Swedish, Finnish, Hebrew and French
As everybody seems to know the name already, perhaps you'd be interested in reading some of his essays, newspaper columns, letters and editorials.
From the page: Orwell was 47 years old when he succumbed to tuberculosis in January 1950.
I say good riddance - never listen to another filler track, stop making them in the first place! Just because the album format has room for a couple more songs doesn't mean there's any good reason to use that space.
In related news, the car industry is going to be outlawed because it is hurting the makers of horse wagons.
Nobody forces anyone to stay in the CD retailer business and who looks at posters anyway? I hear most of the new (and old!) music of internet radio and buy my CD:s over the net - I haven't visited a record store in two or three years now. I have no reason to. The owners of traditional retail stores have a choice, adapt or quit. Adaption may mean they'll have to do something entirely different - if so, they're just the latest victims of the industrial revolution. I have no interest at all in subsidizing them with a higher price on media bought over the net.
For Windows, there's the full-featured FusionsSoft DVD Player which is described as published under the GPL license, but where is the source? The indicated home page of the project is constantly over its monthly bandwidth quota. The last version available seems to be from July, 2002, version 5.0.0.1.
The binaries for FusionSoft DVD Player can be found here. Gut again, since it's GPL, the sources should be somewhere. The program itself is multilingual, although you may have to do some german to download it and some french during the installation.
This is already invented in Finland :-). See http://www.violasystems.com/index.php
Wrong link in my parent post, here's the correct link to the Wired article: Microsoft Spills Customer Data.
Nobody "stole private documents", hacked the server or anything like that. Best of all, it's Microsofts own marketing droids who posted these documents.
See this Wired article
The parent post is a Troll. The background of this story can be found all over the place:
4 81,00.html
1 121017417.htm
A Microsoft spokeswoman said the company has disabled downloads from the PSS Support server "to improve the privacy protections on the site."
http://www.wired.com/news/infostructure/0,1377,56
http://www.geek.com/news/geeknews/2002Nov/gee2002
Thus Search King is suing Google for manipulation, because Google is protecting their own business against Search King's manipulation. Where can I place a bet on the outcome of this lawsuit? :-)
For turning, extend the dead reckoning code to also keep track of the rate of turning. Then you can also handle the situation where a crossing shows up in the middle of a turn, by continuing to turn at the same rate while crossing.
Next, it needs a web interface, an OGG player, cam and a robotic arm to turn on the coffee machine, and... oh wait, that would be the ER1 from Evolution Robotics. I'm not sure if it can turn on the coffee machine, but it can deliver your pizza and hunt down people!
Keep your sensors over the edge of the line rather than outside or inside, so that you can compensate sooner for a turn. When you're on track you'll have both sensors "gray". If one of your sensors goes "white" while the other goes "black" you need to turn. If one sensor goes "black" while the other stays "gray", or both go "black" you're approaching a crossover - keep on going on the same heading. You need to test out suitable treshold levels of course. You might even be able to do this without buffering, but it'll be a smoother ride with buffering as you can avoid overcompensating.
Uh, is this you school assignment? In that case you must either immediately disregard any hints on how to solve this or give full credit. :-)
You can buy yourself time to react by moving the sensors forward. You need to do this anyway to compensate for the amount of distance/time represented in the buffer readings and the time needed for making decisions.