Defendant Eric Corley a/k/a Emmanuel Goldstein also posted DeCSS on his Internet web site...
The judge in the case crafted a rule limiting but not banning linking: reference
there may be no injunction against, nor liability for, linking to a site
containing circumvention technology, the offering of which is unlawful
under the DMCA, absent clear and convincing evidence that [lots of details]
When I was at Wired News, we joined an amicus brief in the 2600 case that
said journalists should have the right to link to controversial material
such as DeCSS.exe: source
The following post was written by Steven M. Christey for Bugtraq. I completely agree with what Christey is saying, and highly recommend everyone interested in full disclosure read his letter here:
The Responsible Disclosure Process draft specifically allows for
researchers to release vulnerability information if the vendor is not sufficiently responsive. Some people may disagree with the delay of 30 days between initial notification and release, but I don't think there are good stats on how long it really takes vendors to fully address vulnerability reports - open or closed source, freeware or commercial. Let's take a recent example - how much coordination had to happen for the zlib vulnerability? It seems reasonable to assume that it took more than a day. And the controversial "grace period" has the interesting distinction of being used by both Microsoft and Theo de Raadt.
Researchers can help to shed light in this area by publishing disclosure histories along with their advisories. (By the way, vendor advisories rarely include such information.)
While the response to the proposal focused almost exclusively on how it impacts researchers, it lays out a number of requirements for vendors, primarily that they (a) make it easy for people to file vulnerability reports, (b) be responsive to incoming vulnerability reports, and (c) address the issues within a reasonable amount of time.
IMHO, it makes a stronger impression when someone releases a security advisory with an extensive disclosure history that says how much they tried to resolve the issue with the vendor, before they released.
Those who are interested in the legal aspects of "responsible disclosure" are encouraged to read the article by Mark Rasch at http://online.securityfocus.com/columnists/66. The article basically says that the adoption of community standards could protect researchers who disclose issues responsibly, while it could also help vendors who seek legal recourse against researchers who are not responsible (for some definition of "responsible"). The former could happen with a community standard. The latter may already be happening without one.
I have a similar setup, with a Maxtor 80MB swap drive. But I'm nervous about the 33MHz ATA channel showing down the entire system. The BIOS takes unusually long to identify IDE devices, but I haven't been able to benchmark performance with a 100MHz ATA drive. Can anyone shed any light on if there are severe negative impacts of using a quite dated swap drive in a high-capacity server system?
Also, look on peer-to-peer networks for files named as (for example) "2600 - Off the Hook - 2002, 07-17 - WBAI 99.5FM - WBCQ 7415kHz - NYC 7PM EST.mp3". I used to share my large OTH MP3 collection on Audiogalaxy 24/7...if the RIAA wouldn't have gotten involved I would offer a link.
.1 What is the purpose of the HRID/PIN?
The purpose of the AT&T HRID/PIN is to verify the user's identity so that he or she (if authorized) can access secure information on AT&T and partner web sites. All AT&T web applications are encouraged to use the AT&T HRID/PIN process so that AT&T associates only have to remember one password (the PIN) for many applications. There are currently over 200 AT&T applications that have integrated the HRID/PIN service into their software. AT&T associates also enjoy a single sign-on experience between all participating HRID/PIN applications. The AT&T HRID/PIN Service is planned to be marketed to external companies as an AT&T Managed Security Service. In an "eat-your-own-dog-food" approach, the Service is being first deployed to all AT&T associates.
The HRID/PIN Service uses the AT&T
Common Security Platform (CSP) to provide all password enforcement
and password management functions. The CSP policy
enforcement servers are web proxy servers that straddle the public
networks (i.e., UGN, Internet) and the CSP secure network. All
HRID/PIN Service content is located within the CSP secure
network. When the CSP proxies detect that you want to access
a secure page within the CSP secure network (e.g., the HRID logon
page), the CSP proxy prompts you for HRID and PIN. If
the CSP proxy validates your PIN, the proxy connects your browser
to a page that generates an encrypted cookie that is shared with
participating HRID applications. The encrypted cookie contains
your HRID, your employment status, group membership, Social Security
Number, etc BUT not your PIN. Your PIN and the values in your
Personal Security Profile are never sent outside of the CSP secure
network.
I wardrove through Portland, OR on my summer vacation and found tons of APs. The usual linksys and default SSIDs are there, but more interestingly SSIDs of pubnet.pdx.edu, the www.personaltelco.net the article you linked mentions, and also a "tmobile" SSID which apparently exists on the city's public transportation.
Corporations do use 802.11b, but because of the free access in Portland WEP is enabled when it should be. Oxley Airport, HealthPlans, HeRzOgMeIeR, randallgroup2001 are private, encrypted networks. In my experience about 58% (30 of 51) of all Portland networks have encryption off. Not a bad ratio I'd say, the public's awareness of secure wireless networks was no doubt raised by open networks such as PDXNet and Personaltelco.
Yeah, I used perl -e"unlink('glob *.mp3')" and it removed my complete MP3 collection quite nicely. But I like flaunting my close encounter with rm, because it shows in a Unixy way how many mp3s I have, and therefore I'm 31337.:)
For example, let's say I'm looking for 80's brat pack member Anthony Michael Hall (not that I would do such a think), but I can't remember his middle name. Looking for "Anthony Hall" will do me little if any good, but looking for "Anthony \w+ Hall" could do the trick nicely.
You can already do this by searching for Anthony * Hall. I use Google's wildcard feature all the time, definitely not a replacement for regexes but it works.
I've started using the postal service for my music swapping.
I can't tell if you're joking, but for the moderators: on Audiogalaxy there is in fact a very active group, CD'S THROUGH THE MAIL. In case they take their group description down, here it is for reference:
A group for trading data cds full of MP3 albums (NOT audio cds!) through snail- mail! Well, it looks like the time has come, AG has settled out of court with the RIAA & has disabled file-sharing here for now. Please bookmark our group website (listed on CDMail's profile) & check in there if AG closes down completely. I am looking into other forums for this group & will make any announcements there. *IF* we have to change to a different forum, only members in good standing (lists turned in, good trading record, knows how to follow directions, etc.) will be invited to rejoin the group. I hope you all understand why I need to do this, it will be for the benefit of all of us.:-)
I realize most of the MP3 kiddies use mediocre peer-to-peer networks like FastTrack; this kind of "spoofing" is made possible by the lack of name brands on such P2P programs. Name branding is just as important in the realm of content trading of movies and music as it is in corporate America.
FastTrack (Grokster, Kazaa, iMesh) relies on trusting it's users to provide authentic content. Anyone can share anything they want, mislabelled as they wish. Multi-sourcing exists on FastTrack, but only with up to around 10 users at most due to it's centralized structure.
Audiogalaxy, on the other hand, is centralized and can multisource from thousands of users, and group them together based on sharing of identical files (determined by a modified MD5 hash). Britney Sphere's latest single I'm A Slave For You, 128kbps, 3:36 is currently shared by 2627 users. That's way more than you'll get on any FastTrack or WinMX network. And since Audiogalaxy downloads the most popular version, it is very difficult to inject bogus crap -- in fact, you'll need to have more users sharing the fake files than legit. As a whole, users often remove fake files leaving the legit shining brightly through.
Regardless, it's all irrelevant once one enters the real MP3 scene on IRC and FTPs. Not just anyone can share files on most channels, only approved xdcc bots can. In addition, they only share specific "releases". Groups base their reputation solely on the quality of their releases. New groups on the scene often put out re-encodes and other junk which is nuked on a global scale. No site worth it's salt carries it. Well-established teams, on the other hand, are respected and sites carry their content, where sites are either +m IRC channels or ratioed FTP sites.
In conclusion, there is no need for peer-to-peer. Multisource downloads are a fad. We have enough bandwidth already. The protocols to distribute and disseminate content has been here for years: FTP and IRC. And they both work better and resist spoofing more effectively than whatever new protocol an inspirating programmer puts out this decade.
Bandwidth Reductions: Audiogalaxy servers automatically choose the closest person who has the file you want. This makes life easier for network admins at corporations, colleges, and ISPs by reducing external bandwidth usage
Sadly, RIAA's muscle may force Audiogalaxy's amazing technology (made possible by it's 430 central servers) into oblivion.
At my school we have Deep Freeze and installing any software is fruitless or only of temporary use. Therefore, we have resorted to web-based peer-to-peer sites for queueing downloads. Of course you need your servent to be online elsewhere, but that is the least of the problem.
Although Gnutella, Blubster, and FastTrack use fixed port numbers, Audiogalaxy does not. I have experience with the Audiogalaxy protocol and it uses random (i.e., obtained from the central server) port numbers to transfer files. Additionally, port 21 is used to communicate with the central server -- block Audiogalaxy, and you block FTP. Block *.audiogalaxy.com, and it'll be blocked for now not when someone decides to set up a compatible server (ala OpenNap).
Granted the bitrate is shitty (128), but if you really like it, buy the CD.
So the artists get paid twice? The "if you really like it, buy the CD" attitude is getting tiresome. I don't even own a CD player, I don't want the CD -- I want high-quality freely copiable MP3s, able to be transferred to any of my computers. What we really need is a service that provides MP3s in lieu of CDs, not as a venue for previewing the songs.
As long as ripping groups keep on ripping and releasing in IRC 192kbps, high-quality MP3s, I will not buy an eMusic subscription. The underground is far more sophisticated and dedicated than any (current) music download corporation. Once that changes, you can bet I'll look into it. Until then, zerodaymp3.
You say: "People don't want to store information they did not request." That's the whole point in FreeNet, otherwise something would be near-to/totally centralized, wouldn't it? If not, then it surely isn't anonymous to the degree it is (which is where the security layers, the so-called sucky implementation, comes in). If that's not your purpose (if you "have nothing to hide"), then forget about it!
I'm worried about MediaEnforcer. In an interview conducted by ZeroPaid, they say anyone running a Freenet node would be subject for termination.
Slightly OT, but I must congradulate you on your website. It's a wonderful way to download whole albums, excellently layed out, superbly designed. The only problem is your server is the central point of failure. If it's not too much to ask, care to share the source?
Freenet was founded on a noble principle of freely available information, but the implementation frankly sucks. I wish Ian Clarke would get the point and take note of popular P2P networks which shall remain nameless. People don't want to store information they did not request, as they may become a victim of MediaEnforcer. Encryption is a good idea, but using Java couldn't be a worse idea.
Notice how all open source peer-to-peer networks are mediocre? Freenet, Gnutella, you name it. Until a real implementation of Freenet, in ANSI standard C, is available, Freenet is not an option.
A new interesting peer-to-peer project is BitTorrent, presented at CodeCon and with source freely available. As their website suggests, BT is aimed at corporations rather than warez kiddies or music freaks. Basically, your server is used to manage the P2P connections and also to provide actual content. BitTorrent is the answer to high-bandwidth connections, cheaply.
Well, Audiogalaxy does in fact allow FTP searches, but also provides a separate "satellite" service where users can freely transfer files without considering ratios or clickthroughs. With over 26 million users, you can find just about everything. I challenge you to provide an artist not on AG.
Asinine indeed. Copyright is not a natural right.. It is a necessary evil, necessary to encourage innovation and creativity. I think we can all agree having a (say) 60 year copyright is 3 times as evil as 20 years, and 2 times as evil as 30 years. But does the increasing amount of evil so drastically amount to an increasing amount of innovation and creativity? I think not.
True, some do re-encode their MP3s at higher bitrates. That's why you should avoid the secondary crowd, and go straight to the source.
See "An Analysis of Current File-Sharing Systems" for more information. IRC trading is the way to go. Branding is just as important in the piracy scene as in corporate America, and specific IRC channels are devoted entirely to single ripping groups.
Ever checked your MP3 comment fields? Most of mine, at least, are riddled with tags from ripping groups, claming credit for their hard work. EGO, CMS, or my personal favorite Team RNS, infiltrate recording studios and provide high-quality rips as zips. You can trust these groups to provide high-quality 192kbps rips, they must provide quality or face dimishining of their brand name. However, once the secondary crowd gets their hands on the perfect MP3s via IRC, they share on second-level trading networks such as FastTrack, OpenNap, Gnutella, Blubster, or WinMX. That's where the problem begins. By using a trusted source, one can easily get perfect copies of CDs online, several times easier than a retail store can provide.
Slashdot Mirror
I have a similar setup, with a Maxtor 80MB swap drive. But I'm nervous about the 33MHz ATA channel showing down the entire system. The BIOS takes unusually long to identify IDE devices, but I haven't been able to benchmark performance with a 100MHz ATA drive. Can anyone shed any light on if there are severe negative impacts of using a quite dated swap drive in a high-capacity server system?
Also, look on peer-to-peer networks for files named as (for example) "2600 - Off the Hook - 2002, 07-17 - WBAI 99.5FM - WBCQ 7415kHz - NYC 7PM EST.mp3". I used to share my large OTH MP3 collection on Audiogalaxy 24/7...if the RIAA wouldn't have gotten involved I would offer a link.
Corporations do use 802.11b, but because of the free access in Portland WEP is enabled when it should be. Oxley Airport, HealthPlans, HeRzOgMeIeR, randallgroup2001 are private, encrypted networks. In my experience about 58% (30 of 51) of all Portland networks have encryption off. Not a bad ratio I'd say, the public's awareness of secure wireless networks was no doubt raised by open networks such as PDXNet and Personaltelco.
Yeah, I used perl -e"unlink('glob *.mp3')" and it removed my complete MP3 collection quite nicely. But I like flaunting my close encounter with rm, because it shows in a Unixy way how many mp3s I have, and therefore I'm 31337. :)
I can't tell if you're joking, but for the moderators: on Audiogalaxy there is in fact a very active group, CD'S THROUGH THE MAIL. In case they take their group description down, here it is for reference:
FastTrack (Grokster, Kazaa, iMesh) relies on trusting it's users to provide authentic content. Anyone can share anything they want, mislabelled as they wish. Multi-sourcing exists on FastTrack, but only with up to around 10 users at most due to it's centralized structure.
Audiogalaxy, on the other hand, is centralized and can multisource from thousands of users, and group them together based on sharing of identical files (determined by a modified MD5 hash). Britney Sphere's latest single I'm A Slave For You, 128kbps, 3:36 is currently shared by 2627 users. That's way more than you'll get on any FastTrack or WinMX network. And since Audiogalaxy downloads the most popular version, it is very difficult to inject bogus crap -- in fact, you'll need to have more users sharing the fake files than legit. As a whole, users often remove fake files leaving the legit shining brightly through.
Regardless, it's all irrelevant once one enters the real MP3 scene on IRC and FTPs. Not just anyone can share files on most channels, only approved xdcc bots can. In addition, they only share specific "releases". Groups base their reputation solely on the quality of their releases. New groups on the scene often put out re-encodes and other junk which is nuked on a global scale. No site worth it's salt carries it. Well-established teams, on the other hand, are respected and sites carry their content, where sites are either +m IRC channels or ratioed FTP sites.
In conclusion, there is no need for peer-to-peer. Multisource downloads are a fad. We have enough bandwidth already. The protocols to distribute and disseminate content has been here for years: FTP and IRC. And they both work better and resist spoofing more effectively than whatever new protocol an inspirating programmer puts out this decade.
Hint: decode the au into a wav, and use LAME to make an MP3. At least that's what I did.
Sadly, RIAA's muscle may force Audiogalaxy's amazing technology (made possible by it's 430 central servers) into oblivion.
Obtain two or more distinct copies of the film, diff them, edit all differences, and the watermark is no longer unique.
At my school we have Deep Freeze and installing any software is fruitless or only of temporary use. Therefore, we have resorted to web-based peer-to-peer sites for queueing downloads. Of course you need your servent to be online elsewhere, but that is the least of the problem.
Although Gnutella, Blubster, and FastTrack use fixed port numbers, Audiogalaxy does not. I have experience with the Audiogalaxy protocol and it uses random (i.e., obtained from the central server) port numbers to transfer files. Additionally, port 21 is used to communicate with the central server -- block Audiogalaxy, and you block FTP. Block *.audiogalaxy.com, and it'll be blocked for now not when someone decides to set up a compatible server (ala OpenNap).
As long as ripping groups keep on ripping and releasing in IRC 192kbps, high-quality MP3s, I will not buy an eMusic subscription. The underground is far more sophisticated and dedicated than any (current) music download corporation. Once that changes, you can bet I'll look into it. Until then, zerodaymp3.
Excellent. Your hard work is greatly appreciated in the Audiogalaxy Community.
I'm worried about MediaEnforcer. In an interview conducted by ZeroPaid, they say anyone running a Freenet node would be subject for termination.
Slightly OT, but I must congradulate you on your website. It's a wonderful way to download whole albums, excellently layed out, superbly designed. The only problem is your server is the central point of failure. If it's not too much to ask, care to share the source?
Notice how all open source peer-to-peer networks are mediocre? Freenet, Gnutella, you name it. Until a real implementation of Freenet, in ANSI standard C, is available, Freenet is not an option.
A new interesting peer-to-peer project is BitTorrent, presented at CodeCon and with source freely available. As their website suggests, BT is aimed at corporations rather than warez kiddies or music freaks. Basically, your server is used to manage the P2P connections and also to provide actual content. BitTorrent is the answer to high-bandwidth connections, cheaply.
Well, Audiogalaxy does in fact allow FTP searches, but also provides a separate "satellite" service where users can freely transfer files without considering ratios or clickthroughs. With over 26 million users, you can find just about everything. I challenge you to provide an artist not on AG.
Is 61:18 close enough for you? What about 79:38 minutes of DJ Dalien? If you bother to search, it's quite easy to find full CDs of any sort.
Asinine indeed. Copyright is not a natural right.. It is a necessary evil, necessary to encourage innovation and creativity. I think we can all agree having a (say) 60 year copyright is 3 times as evil as 20 years, and 2 times as evil as 30 years. But does the increasing amount of evil so drastically amount to an increasing amount of innovation and creativity? I think not.
See "An Analysis of Current File-Sharing Systems" for more information. IRC trading is the way to go. Branding is just as important in the piracy scene as in corporate America, and specific IRC channels are devoted entirely to single ripping groups.
Ever checked your MP3 comment fields? Most of mine, at least, are riddled with tags from ripping groups, claming credit for their hard work. EGO, CMS, or my personal favorite Team RNS, infiltrate recording studios and provide high-quality rips as zips. You can trust these groups to provide high-quality 192kbps rips, they must provide quality or face dimishining of their brand name. However, once the secondary crowd gets their hands on the perfect MP3s via IRC, they share on second-level trading networks such as FastTrack, OpenNap, Gnutella, Blubster, or WinMX. That's where the problem begins. By using a trusted source, one can easily get perfect copies of CDs online, several times easier than a retail store can provide.