I appreciate it very much. However, I am not convinced yet.
First of all, I don't understand your response to my point. You say "(2) a DRM box will be more attractive to the general public than an open box." and you go on to say "I explained (2) in my previous post, so now to explain (1)..."
However, I feel as though I have sufficiently explained why it is not the case that the public would prefer DRM, and I not seen any specific responses to my arguments on that point. I think it's fairly clear that, all else being equal, the only attraction a DRM device could have over a non-DRM device is that there is no new content for the non-DRM device. And as I have explained, this is far from a trivial thing to accomplish.
Your other point rests on the unbreakability of the black box. I can, for instance, circumvent your hypothetical protections with hypothetical exploits: a motherboard tap anywhere inside the DA should be sufficient to recover bit-perfect digital data from your device. Think they can make the hardware too tamper proof for that to work? Now you have to prove your case. Remember, the content only needs to escape once, and you are up against the best; professional pirates in Asia, South America, and the West - bootleggers who have millions to spend on the best equipment and talent.
I am not aware of any evidence presented in a respectable setting that watermarks can be used in the way you describe. I would appreciate correction on that point if I am wrong, but remember, marks can be tiny, but they won't survive recompression. They can be big and redundant, but then they will be easy to spot and remove. Not that it matters. Watermarks won't even be useful for tracking down pirates, who if enforcement is aggressive will simply steal equipment/keys the way bank robbers steal cars.
This is ignoring the biggest problem in your plan, which is real-time encrypted digital video delivery to a mass-market audience. I would optimistically guess we are at least a decade away from this capability. Remember, we're talking about the last mile problem now. Let alone the expense.
Of course, ultimately we can agree to disagree about whether or not you can make your black box strong enough. Yet I feel extremely confident that you can't, now or in the future. If you have to put a variety of implementations of your hardware in hundreds of millions of hands, you will need a fundamental advance, nay, a paradigm shift, in fabrication technology for that to change.
Which is that the MPAA/RIAA can just issue "black boxes" which allow the user to handle the data in exactly the ways they choose. These systems are tamper-resistant and implement the content producers' desired policy, and new media would only be available in a proprietary format they can decrypt.
Of course, we all still have our regular VCRs and computers, but we can no longer rent tapes and buy CDs - content producers don't make them anymore. But hey, consumer choice and all that. Capitalism at work.
What happens then however is that it only takes a single person to arrange a jailbreak, and extract content from inside the box. Once converted to an open format, it is then endlessly distributed and enjoyed on conventional, non-black box hardware.
What we are discussing is the DVD in a nutshell, and RIAA is considering "secure CDs" along similar lines. DVDs are DRM embodied. The problem comes from the fact that DRM is inherently stupid, and is actually guaranteed to fail in a world where non-DRM devices are readily available. The issue we're considering when we talk about "open hardware" and "DRM hardware" is that, because of this problem with the black box, the MPAA/RIAA is now actively campaigning to make non-DRM hardware and software illegal.
Hence our discussion thus far. In the real world, of course, in absence of such awe-inspiringly hateful legislation, there is always an uneasy dance between the content producers and the consumer electronics manufacturers when considering new standards. Many excellent formats have fizzled and died for far smaller reasons than that they intentionally eliminate your fair use rights. The black box, on its own merits, will always lose. In a non-Orwellian scenario, the format transition could never occur, since during that transition, neither side (the content people or the electronics people) can jump without the other (or they risk a zero-sales incident) and there are too many parties for everyone to jump at once. Thus any transitional period would have both formats available, hence my point: consumers would have to choose, and as long as they have the choice, they won't choose DRM.
The whole problem with DRM is that anytime someone can choose between having it or not, they will almost always choose not to have it. This is elementary common sense.
Manufacturers are rightly scared of DRM for this reason. Anything too radical or obstrusive will kill sales. And what MPAA/RIAA wants is highly radical.
They are thus pursuing two avenues around the problem. The first is to make DRM a part of Windows. Since as we've observed most users (for a variety of reasons) are locked into Windows, they will have no choice but to (eventually) upgrade into DRM. There are some problems with this approach; they (correctly) don't trust Microsoft, either to do a good job or to look out for their interests, and there are those pesky "competitors." Will Apple play ball? Think about it. They'll have a powerful incentive not to, to try to use the Windows-DRM shock as an opportunity to gain marketshare. But of course, as has been well established in the past, Apple can be bought. That still leaves Linux. And that's a bit frightening, frankly, since you can't reliably control Linux, and the buzz on the street is that, someday, it might be what everyone uses.
That brings me to the second prong of this attack: the CBDTPA, in its many forms, past and (undoubtedly) future. And that, basically, would make "Open Hardware" illegal. If past legislation is any guide, it would probably also make talking about how to build open hardware illegal.
So if you're considering spending time and energy getting involved in the design and (god forbid) manufacture of open hardware, please don't bother. If you're determined to contribute to the issue, you're needed in Washington.
Stallman wrote a wonderful piece of science fiction on the subject. If you want to think about where this is going, it's worth reading.
When you think about how it's possible for such a small industry (content is infinitessimal compared to, for instance, consumer electronics) to have such incredible influence, remember that politicians have a unique respect for those who control the media.
It's a remarkably cynical viewpoint, but the television in some ways restored an old social order called the monarchy. Content actually is King. More specifically, those who control the TV rule the world. I mean, think about it; that joke doesn't quite get the laugh it used to. Anyone who'se ever worked for a cause and felt the crushing, inevitable apathy of the world around them knows what I mean. Five minutes on Oprah could mobilize tens of millions of people to vote or to read or to free Tibet, but at the moment its highest calling is to sell beer and diet drugs.
They may be doomed anyway, but the content trust will fight brutally to the end. They'll take whatever we wont fight to the death over. They'll leave a wake of ruined lives and an ocean of lost opportunity in their wake. If we're lucky, our children and their children will get to clean up the mess we make today.
Region coding is a perfect example of how the content production trusts abuse their special status. You see, our government, in its infinite corruptibility, has granted legal sanctity to the IP producer's content control systems. But the MPAA isn't just trying to use this new favor to prevent theft. They really see themselves as the natural owners of the whole transport layer and presentation medium, and they exploit it in any way possible - including with region coding, which (I suspect) allows them to sidestep the perils of free trade to further control prices.
What gets me is that I don't even see region codes as a big loss for the MPAA; I'm curious about the substance of the price differences across region boundaries that this allows them to create. I understand that the movie industry is in the habit of doing theatrical releases months apart on different continents, and that this allows them to make sure that the American DVD does reach Australia before the movie hits theaters, but really, how often is that in danger of happening? I suppose there are cases where they decide some time after a release in one country to go for a release in another (probably based on sales figures)... But how much hardship are we really talking about, I wonder?
Think of it like a cage. It's meant to let us see what's inside, but not let what's inside get out. It can never effectively be used to get back what's escaped. And something only needs to escape from it once to be outside, fruitful and multiplying and all that, forever.
It's an absurdly complicated cage, with hundreds of potential points of failure. Even if it's the best designed cage in the world, with encryption and booby-traps at every joint and hindge, someone in a good lab in Hong Kong is going to arrange a jailbreak anyway. And you know it's not going to be the best designed cage in the world. It's going to suck, maybe slightly less than CSS sucked.
Once the content is out of it, that's it. You can't make a computer that refuses legacy data and applications (mp3s). That might be what Hollywood wants, but it's the only thing Microsoft can never do. At least not in the next 10-20 years - they'd have to work up to it very gradually. And even then, there are a million problems.
The real purpose of DRM is to act as a shield against free software technologies interoperating with commercial products. MS has been considering fighting compatible free software with patents and bribes and EULA suits (and probably would, but for the awkwardness of doing it during their anti-trust trial), but by far its best weapon is to pretend to ally with the content people. They, after all, own Washington, and they were the geniuses that engineered the DMCA. The law that will make Samba, or the encrypted-WindowsDRM-filesystem module, or any number of other enabling technologies illegal... because it's trying to "bypass Microsoft's access control features."
People will point out that the DMCA has provisions for allowing interoperability. That's right, it does. That's called a "bait exception." Sort of like the distributor price caps in the California electric utility deregulation, they're there for show; they can have no real effect. DeCSS, after all, is meant to allow free softare to interoperate with DVD's. But tell that to all the people in court all around the world right now. When deciding on whether there's a "significant non-infringing use," it turns out that it's quite easy to make a non-savvy judge (and how few of them are savvy?) believe the worst. DVDs are case in point.
DRM will accomplish none of its stated goals. But it will be great for Microsoft. Paladium is a big deal to them because it will be the first Windows which can't be emulated by Wine, for instance, or interoperated with by other software, without risking the appearance that one is interoperating in order to open the cage. And if you mess with cages, you know we're not just talking about a civil trial and bankruptcy. We're talking about a good long stretch in federal prison.
I've never seen it used and I don't know anything about it. It might be able to export something Max-like, I don't know. FYI conversion from one 3D format to another, or similarly a "save as" into a non-native format, is surprisingly complex and generally introduces problems - even on static scenes, let alone with animation. Even with the best conversion tools, nothing quite produces 3D Max output like 3D Max. Furthermore, it's uncommon for tools to work on the Max files themselves; they tend to use Max plugins, and you export from Max into the tool's proprietary format.
And I should know, because I do a lot of work producing it. It is by no means a lonely field, but there are relatively few people who do it.
Why put anything on the web? It's relatively cheap compared to printing flyers or magazines or novels, and there is really no parallel for instantly delivering interactive media (I've done dozens of web-based games, 3D and 2D using all of the technologies you've heard of and I'm sure several you haven't). But really, why?
You see, 3D is complicated. I've regularly had to participate in hiring of modelers and artists capable of collaborating producing good, efficient 3D art on a deadline, and real skill in this field is still rare. I know the tools, and I've watched them work, and I see why. It takes a unique blend of manual dexterity, artistic ability, spatial skills, math, and geekdom - especially the last, because you have to be a geek to keep up with the tools and the issues, which are heinous. That law about the more special-purpose and expensive a piece of software is, the worse it is, applies to 3D tools in spades. There are so many bizarre little problems.
Last but not least, most of the widely used 3D authoring systems are, or have historically been, very very expensive - $5,000 - $10,000 - $25,000 is not an unusual amount to spend just on software. There are cheaper tools, but remember, you have to interoperate with web middleware, and pretty much everything just imports from 3D Studio Max. And then, what's your presentation platform? VRML (ech)? Shockwave 8.5 (~$1,000)? There are others... my point is that most of these cost money too. Pre-rendering to Flash is the cheapest and actually very attractive, but then you don't get anything in real time and it's really just a clever trick for making a canned animation.
The net result is that there are very few hobbyists producing 3D for the web - games or anything else. And then we have companies. So why would companies want to produce 3D content when they get almost as much oomph with good 2D technology (or just plain graphics) without the significant costs, and endless technology headaches? That's because even with the best middleware, you might see 10-25% of your users have some kind of 3D hardware/software related problem... old video drivers bunging up D3D which bunges up whatever your middleware is, weird budget 3D cards, software mode, etc... Most businesses just want to spend the least amount of money to reach the largest possible audience. And that was true before the drive to produce any kind of non-ecommerce-related commercial web content at all pretty much dried up.
There are still a few people left who we haven't eliminated who, for whatever reason, it makes sense to produce 3D for the web. Product demos, promotional games, and the rest. Believe me, competing for their business is far from easy.;)
Don't get me wrong; I welcome better tools and better standards. There might be a niche for simple object inspection or static environment presentation ala a not-totally-braindead-VRML. But it's really not a big deal at all. Most of the real issues to do with web 3D are on the OS side of the equation - uniformity of hardware, APIs, cross-platform issues, etc. IOW just "Stability" and "Reliability." It's really, really hard to deliver 3D content to a wide PC audience even without the massive additional headaches of the web. At the end of the day, I think web 3D will come into its own when we collectively find it easy to author 3D the way we author text-and-graphics websites now - in other words, maybe never. Until then, it will remain a specialized niche which is (these days) reasonably well served by the existing toolmakers and not really susceptible to wide-ranging standards due to the divergent needs of the participants.
I'm not feature-for-feature familiar with the various versions of PGP and GPG, but their paper did make the claim that GPG does not do compression for already compressed plaintext (.zip,.gz,.bz files?). Obviously that statement is short on detail, and as I think we're realizing, this is all pretty academic anyway, but what they're doing is very good - they're being extremely thorough, and considering every angle.
If they hadn't pointed it out, I'm sure a number of people including myself would not have considered the threat of disclosing "failed" decryptions.
It hinges on being able to intercept a message, add some random data to the encrypted blocks containing its payload, and then for the recipient to decrypt it, and respond "hey Ed, what's with this garbled message you just sent me?" with that decrypted message quoted below. And, naturally, for the attacker to be able to intercept that response as well.
The basic idea of a "chosen cyphertext" attack is that if you can see a decryption of blocks you mangle, you can work backwards to get the plaintext in the unmangled blocks. You might consider this an attack on the user interface or the protocol rather than the algorithm. You should just never be quoting failed decryptions...
The talk about compression preventing the attack is not referring to the compression of cyphertext by you (i.e. ZIP'ing the payload before sending). That doesn't make a difference. It involves the DEFLATE compression the PGP/GPG software applies (and it generally does so only for uncompressed plaintext) both before and after encryption. You may already be realizing, randomizing compressed data will cause the decompression to fail with an error; that will make it much less likely for the user to disclose the failed decryption.
Fixing this is a good idea. Until it is fixed, if someone sends you garbage, don't reply, or if you do, don't quote their message in your reply. However, this is not the end of the world. The foundation is still sound, the attack is only useful on a per-message basis, and your keys are not affected by this strategy.
I do have a question for the crowd; it seems to me that this is an attack on "encrypted" messages, as opposed to "encrypted and signed" messages. I am assuming that the use of signatures will also foil this attack, but I would welcome comments from others on that subject.
And in fact, one of the first things people learn in basic statistics/probability classes is how many striking blind spots the human mind has for math. It's why Vegas works, and its probably part of why we tend to systemmatically misunderstand how "coincidental" things really are (or aren't).
Again, you make good points, but the strong regulatory regime you describe sounds just like a more complicated, expensive, inefficient and failure-prone version of what we already had with the pre-deregulation utilities - which were, by the way, already "private" - just "strongly regulated" by the various governments involved.
I would say the "strong regulation" you describe is basically suggestive of the oversight regime that we just removed, except that instead of a utility owned by shareholders (the public), whose policies and prices were tuned to get a pre-determined ROI (balanced carefully between investor profits and the public good which comes from plentiful, environmentally sound electricity), the utility is splintered and divided between private owners and traditional public companies, and instead of simply issuing and following public policy, we have "crimes" and "massive penalties."
If you look at it objectively, you realize the only reason for doing it is to make it difficult to maintain the protections we are discussing.
As the Road to Tycho is for intellectual property reform advocates, so should this be for those interested in the environment.
Commondreams.org has written a fictional address; conservatives and non-believers will call it propaganda, but then, as the weather patterns continue to change and the news stories about environmental catastrophes keep coming, they may have some trouble making the charge stick...
You make a very good point, but I would argue that the deregulation/capitalist model is fundamentally flawed for some services; electric power, most notably, but also education, police...
In the particular case of power, it's very simple: the incentives are exactly the opposite of what you want, since distribution over long distances is so inefficient.
If you build power plants, the power supply goes up, and your product is worth less. Hence, your profits go down.
If you do not build power plants, and/or take some of your plants off line, the power supply goes down, and then your product is worth more. Supply and demand! Whopee! Time to raise the rates! This is more or less what's happened everywhere this scheme has been tried; the only difference is that in California the distributor couldn't pass on the rate hikes because its end-prices were capped. Enron et al didn't mind, they just ran their rates up astronomically, ridiculously high for a few months, then turned off the lights (a negotiating tactic which actually took lives!), and even now they're probably still going to get the proceeds of the "utility bailout," so it's all the same to them.
The only possible way the "private" power generation companies can fail to get rich is by doing what they're supposed to... which is, provide ample, cheap, environmentally sound generating capacity. If you want to make money, on the other hand, the opposite is true; it's in the private utility's best interests to use the cheapest, dirtiest power generating techniques available, to encourage as much waste as possible, to cultivate their most profitable volume buyers at the expense of their least profitable low and middle income customers, to run as close to 100% capacity as they possibly can, and, of course, to create artificial shortages. If the consumers don't like it, there's always electric blackmail.
It's interesting to me that there did seem to be some early success in the telecom deregulation regime. One thing I would really like to spend more time doing is going over the actual laws involved... I have a feeling there must have been some interesting rules in there about how the incumbents have to operate for it to have worked at all.
I've often had the same thoughts, but remember, the telecoms and the media people own the FCC, and wireless technology only happens at the sufference of that agency.
In a sense, ithey're already blocking it, since such decentralized applications are already feasable and (I would guess) even relatively cost effective for some applications, and yet... you know how "crowded" the spectrum is. No room for something they can't get paid billions in bribes/bids for. Of course, you can always try it with existing technology, but I don't know if the numbers are right.
It's 1996, and the bells have been newly de-regulated. They're pleased as hell, because they can diversify, but more importantly, because they can now charge whatever they want - price gouging galore! Time to raise the price of call waiting!
There was only one pesky problem. The bells were now theoretically obligated to "compete" with other carriers. The nerve! Wasn't everyone informed that they don't share their playground? Wasting no time, they immediately set to work on the FCC and congress to try to roll back the regulations (or at least the enforcement regime) that allowed competitors to re-sell some of the network and compete.
They came up with a great idea. Oh, it was a real doozy, and very simple. They convinced the feds to allow them to charge a "call completion" fee.
It works like this. If a customer in one local phone company calls the customer of another, the originating carrier has to pay a fee to the receiving carrier for "completing" the call. This, reasoned the bells, was *it.* Who can start up a competing local carrier, if (since they're new) every call from their customers terminates at a bell-controlled phone, and they're saddled with 3c fees for every call! It's a classic "screwing the little guy with the power of math" scenario.
It was a perfect plan. And it only had one fatal flaw.
The metropolitan ISPs of New York City were some of the phone company's most enthusiastic enemies. And why not? Have you ever tried to get the NYC Bell to do anything more complex than a residential hookup? How about manaing hundreds of lines in a hunt chain... let me tell you. You lose a few every few months for no discernable reason, and during one of your dozen hour-long calls to the bell for support, you discover that in trying to "fix" your hunt, they've now disconnected your office phones as well. True story.
The NYC ISPs were desperate to deal with someone, _ANYONE_ other than the local bell. So what did they do? They got together with a tiny, unknown little local carrier. And they became its first, and practically only, customers.
And do you know what happened then?
ISPs need lots of lines, and they're willing, nay desperate, to pay a premium for any kind of service exceeding the Soviet-block standard of the bell. They hardly ever make any calls out. But everyone calls an ISP. In fact, they get thousands and thousands of calls a day.
Within days of getting their first 8 figure "call completion" bill from the tiny little independent local phone company (that the bells had just been gloating over murdering), the bells were back in Washington, and back in court, desperate to break the deal.
Now, exercise for the reader: where they successul in weaseling out of it? What do you think?
Four years ago I signed up with a local and long distance phone company called Econophone. One of the new breed of de-regulated, privatized competing phone service providers, they were offering rates for local and long-distance calls well below half what AT&T was, and still significantly cheaper than Verizon.
I used them successfully for two years, and paid very little for phone service. 5 cents a minute national long distance and comprable local rates.
How, you ask? De-regulation, which happened under Clinton in the mid '90's. However, once de-regulated, the baby bells immediately began testing the resolve of the federal regulators to force them to deal fairly with their "client competitors" for local & long distance service. You see, they wanted the good parts about de-regulation (being able to diversify, charge whatever they wanted, etc.) but not the bad parts (actually having to give up their monopoly status). They fought tooth and nail battles over various regulations and did their level best to kill their competitors... by bribing regulators to get call-completion charges, by systematically failing to service their new clients properly, and, now and again, by slamming their customers.
Clinton's people were going to stick it out and fight the bells into submission. The Bush people had a more, shall we say laissez faire attitude about it, and the last two years have all but brought about the end of competition among the bells, first as the feds looked the other way while they turned their embrace with their competition deadly, and now as the FCC is actually going to rubber stamp their new "pseudo-monopoly" status, enshrining the notion that bells need not lease their lines to anyone, just like they already did with cable.
Econophone is bankrupt. Many of you remeber the Northpoint fiasco; Econophone was very similar. Not content with stealing their customers and bludgeoning them to death with sabotaged service, the bells had to make a show of violently disconnecting them from the network, without warning. The message: don't deal with the independents. You just never know what might happen to your calls.
This industry makes billions of dollars a week. They are _printing money_. Their margins are _incredible_, and that's with some of the worlds most notorious bureaucracies. I've dealt with AT they just _hemorrhage_ money. Why not? They get paid most every time someone makes a call.
De-regulation was a failure. Not exactly because it was inevitable, but because it was never really intended as anything but ideological cover for more and better price fixing. $5/mo for call waiting service anyone? Or how about $3.50 for _not_ publishing your number in the phone book?
You might say the little carriers like econophone went out of busines because they didn't charge enough. But I don't think those people made a math error when they founded their company and calculated what they could charge. I think we got a brief glimps of what we _should_ have been paying all along, before the Bells furiously covered it up.
Specifically, in a probability textbook I saw a long time ago, the preface opened with a rivetingly complex proof, well beyond my ability to follow in detail both then and now. But I got the jist. The quick version is that, "mathematically speaking," something nearly impossible happens nearly every instant. A logical pun, so to speak.
And yet, am I really paranoid for suspecting that the Enron executive who committed suicide recently was murdered? Is that a hollywood-addled sense of the world, or is it simply realistic; it's not a difficult to accept fact that people have been killed over far, far smaller amounts of money. And the money is only the tip of the iceberg of conspiracies that was Enron.
Call it a coincidence that all of these scientists died in such rapid succession if you want. But I will do you one better. I won't say it's proof of a conspiracy, and I won't say it's a coincidence either.
Slashdot Mirror
I appreciate it very much. However, I am not convinced yet.
First of all, I don't understand your response to my point. You say "(2) a DRM box will be more attractive to the general public than an open box." and you go on to say "I explained (2) in my previous post, so now to explain (1)..."
However, I feel as though I have sufficiently explained why it is not the case that the public would prefer DRM, and I not seen any specific responses to my arguments on that point. I think it's fairly clear that, all else being equal, the only attraction a DRM device could have over a non-DRM device is that there is no new content for the non-DRM device. And as I have explained, this is far from a trivial thing to accomplish.
Your other point rests on the unbreakability of the black box. I can, for instance, circumvent your hypothetical protections with hypothetical exploits: a motherboard tap anywhere inside the DA should be sufficient to recover bit-perfect digital data from your device. Think they can make the hardware too tamper proof for that to work? Now you have to prove your case. Remember, the content only needs to escape once, and you are up against the best; professional pirates in Asia, South America, and the West - bootleggers who have millions to spend on the best equipment and talent.
I am not aware of any evidence presented in a respectable setting that watermarks can be used in the way you describe. I would appreciate correction on that point if I am wrong, but remember, marks can be tiny, but they won't survive recompression. They can be big and redundant, but then they will be easy to spot and remove. Not that it matters. Watermarks won't even be useful for tracking down pirates, who if enforcement is aggressive will simply steal equipment/keys the way bank robbers steal cars.
This is ignoring the biggest problem in your plan, which is real-time encrypted digital video delivery to a mass-market audience. I would optimistically guess we are at least a decade away from this capability. Remember, we're talking about the last mile problem now. Let alone the expense.
Of course, ultimately we can agree to disagree about whether or not you can make your black box strong enough. Yet I feel extremely confident that you can't, now or in the future. If you have to put a variety of implementations of your hardware in hundreds of millions of hands, you will need a fundamental advance, nay, a paradigm shift, in fabrication technology for that to change.
Which is that the MPAA/RIAA can just issue "black boxes" which allow the user to handle the data in exactly the ways they choose. These systems are tamper-resistant and implement the content producers' desired policy, and new media would only be available in a proprietary format they can decrypt.
Of course, we all still have our regular VCRs and computers, but we can no longer rent tapes and buy CDs - content producers don't make them anymore. But hey, consumer choice and all that. Capitalism at work.
What happens then however is that it only takes a single person to arrange a jailbreak, and extract content from inside the box. Once converted to an open format, it is then endlessly distributed and enjoyed on conventional, non-black box hardware.
What we are discussing is the DVD in a nutshell, and RIAA is considering "secure CDs" along similar lines. DVDs are DRM embodied. The problem comes from the fact that DRM is inherently stupid, and is actually guaranteed to fail in a world where non-DRM devices are readily available. The issue we're considering when we talk about "open hardware" and "DRM hardware" is that, because of this problem with the black box, the MPAA/RIAA is now actively campaigning to make non-DRM hardware and software illegal.
Hence our discussion thus far. In the real world, of course, in absence of such awe-inspiringly hateful legislation, there is always an uneasy dance between the content producers and the consumer electronics manufacturers when considering new standards. Many excellent formats have fizzled and died for far smaller reasons than that they intentionally eliminate your fair use rights. The black box, on its own merits, will always lose. In a non-Orwellian scenario, the format transition could never occur, since during that transition, neither side (the content people or the electronics people) can jump without the other (or they risk a zero-sales incident) and there are too many parties for everyone to jump at once. Thus any transitional period would have both formats available, hence my point: consumers would have to choose, and as long as they have the choice, they won't choose DRM.
The whole problem with DRM is that anytime someone can choose between having it or not, they will almost always choose not to have it. This is elementary common sense.
Manufacturers are rightly scared of DRM for this reason. Anything too radical or obstrusive will kill sales. And what MPAA/RIAA wants is highly radical.
They are thus pursuing two avenues around the problem. The first is to make DRM a part of Windows. Since as we've observed most users (for a variety of reasons) are locked into Windows, they will have no choice but to (eventually) upgrade into DRM. There are some problems with this approach; they (correctly) don't trust Microsoft, either to do a good job or to look out for their interests, and there are those pesky "competitors." Will Apple play ball? Think about it. They'll have a powerful incentive not to, to try to use the Windows-DRM shock as an opportunity to gain marketshare. But of course, as has been well established in the past, Apple can be bought. That still leaves Linux. And that's a bit frightening, frankly, since you can't reliably control Linux, and the buzz on the street is that, someday, it might be what everyone uses.
That brings me to the second prong of this attack: the CBDTPA, in its many forms, past and (undoubtedly) future. And that, basically, would make "Open Hardware" illegal. If past legislation is any guide, it would probably also make talking about how to build open hardware illegal.
So if you're considering spending time and energy getting involved in the design and (god forbid) manufacture of open hardware, please don't bother. If you're determined to contribute to the issue, you're needed in Washington.
And digital prohibition is a good term for it.
Stallman wrote a wonderful piece of science fiction on the subject. If you want to think about where this is going, it's worth reading.
When you think about how it's possible for such a small industry (content is infinitessimal compared to, for instance, consumer electronics) to have such incredible influence, remember that politicians have a unique respect for those who control the media.
It's a remarkably cynical viewpoint, but the television in some ways restored an old social order called the monarchy. Content actually is King. More specifically, those who control the TV rule the world. I mean, think about it; that joke doesn't quite get the laugh it used to. Anyone who'se ever worked for a cause and felt the crushing, inevitable apathy of the world around them knows what I mean. Five minutes on Oprah could mobilize tens of millions of people to vote or to read or to free Tibet, but at the moment its highest calling is to sell beer and diet drugs.
And the days when the media owners were innocent and principled are ancient history. They know what they're doing. The federal government's ONDCP editing scripts of prime time TV shows? Disney making anti-file-sharing propaganda cartoons? Oh, they know exactly how it works.
They may be doomed anyway, but the content trust will fight brutally to the end. They'll take whatever we wont fight to the death over. They'll leave a wake of ruined lives and an ocean of lost opportunity in their wake. If we're lucky, our children and their children will get to clean up the mess we make today.
Excellent point. Very well put.
This covers the subject pretty well, discussing the economics, sizes of markets, theoretical justification for region subdivisions, etc.
DVD Region Coding
Region coding is a perfect example of how the content production trusts abuse their special status. You see, our government, in its infinite corruptibility, has granted legal sanctity to the IP producer's content control systems. But the MPAA isn't just trying to use this new favor to prevent theft. They really see themselves as the natural owners of the whole transport layer and presentation medium, and they exploit it in any way possible - including with region coding, which (I suspect) allows them to sidestep the perils of free trade to further control prices.
What gets me is that I don't even see region codes as a big loss for the MPAA; I'm curious about the substance of the price differences across region boundaries that this allows them to create. I understand that the movie industry is in the habit of doing theatrical releases months apart on different continents, and that this allows them to make sure that the American DVD does reach Australia before the movie hits theaters, but really, how often is that in danger of happening? I suppose there are cases where they decide some time after a release in one country to go for a release in another (probably based on sales figures)... But how much hardship are we really talking about, I wonder?
Think of it like a cage. It's meant to let us see what's inside, but not let what's inside get out. It can never effectively be used to get back what's escaped. And something only needs to escape from it once to be outside, fruitful and multiplying and all that, forever.
It's an absurdly complicated cage, with hundreds of potential points of failure. Even if it's the best designed cage in the world, with encryption and booby-traps at every joint and hindge, someone in a good lab in Hong Kong is going to arrange a jailbreak anyway. And you know it's not going to be the best designed cage in the world. It's going to suck, maybe slightly less than CSS sucked.
Once the content is out of it, that's it. You can't make a computer that refuses legacy data and applications (mp3s). That might be what Hollywood wants, but it's the only thing Microsoft can never do. At least not in the next 10-20 years - they'd have to work up to it very gradually. And even then, there are a million problems.
The real purpose of DRM is to act as a shield against free software technologies interoperating with commercial products. MS has been considering fighting compatible free software with patents and bribes and EULA suits (and probably would, but for the awkwardness of doing it during their anti-trust trial), but by far its best weapon is to pretend to ally with the content people. They, after all, own Washington, and they were the geniuses that engineered the DMCA. The law that will make Samba, or the encrypted-WindowsDRM-filesystem module, or any number of other enabling technologies illegal... because it's trying to "bypass Microsoft's access control features."
People will point out that the DMCA has provisions for allowing interoperability. That's right, it does. That's called a "bait exception." Sort of like the distributor price caps in the California electric utility deregulation, they're there for show; they can have no real effect. DeCSS, after all, is meant to allow free softare to interoperate with DVD's. But tell that to all the people in court all around the world right now. When deciding on whether there's a "significant non-infringing use," it turns out that it's quite easy to make a non-savvy judge (and how few of them are savvy?) believe the worst. DVDs are case in point.
DRM will accomplish none of its stated goals. But it will be great for Microsoft. Paladium is a big deal to them because it will be the first Windows which can't be emulated by Wine, for instance, or interoperated with by other software, without risking the appearance that one is interoperating in order to open the cage. And if you mess with cages, you know we're not just talking about a civil trial and bankruptcy. We're talking about a good long stretch in federal prison.
I've never seen it used and I don't know anything about it. It might be able to export something Max-like, I don't know. FYI conversion from one 3D format to another, or similarly a "save as" into a non-native format, is surprisingly complex and generally introduces problems - even on static scenes, let alone with animation. Even with the best conversion tools, nothing quite produces 3D Max output like 3D Max. Furthermore, it's uncommon for tools to work on the Max files themselves; they tend to use Max plugins, and you export from Max into the tool's proprietary format.
And I should know, because I do a lot of work producing it. It is by no means a lonely field, but there are relatively few people who do it.
;)
Why put anything on the web? It's relatively cheap compared to printing flyers or magazines or novels, and there is really no parallel for instantly delivering interactive media (I've done dozens of web-based games, 3D and 2D using all of the technologies you've heard of and I'm sure several you haven't). But really, why?
You see, 3D is complicated. I've regularly had to participate in hiring of modelers and artists capable of collaborating producing good, efficient 3D art on a deadline, and real skill in this field is still rare. I know the tools, and I've watched them work, and I see why. It takes a unique blend of manual dexterity, artistic ability, spatial skills, math, and geekdom - especially the last, because you have to be a geek to keep up with the tools and the issues, which are heinous. That law about the more special-purpose and expensive a piece of software is, the worse it is, applies to 3D tools in spades. There are so many bizarre little problems.
Last but not least, most of the widely used 3D authoring systems are, or have historically been, very very expensive - $5,000 - $10,000 - $25,000 is not an unusual amount to spend just on software. There are cheaper tools, but remember, you have to interoperate with web middleware, and pretty much everything just imports from 3D Studio Max. And then, what's your presentation platform? VRML (ech)? Shockwave 8.5 (~$1,000)? There are others... my point is that most of these cost money too. Pre-rendering to Flash is the cheapest and actually very attractive, but then you don't get anything in real time and it's really just a clever trick for making a canned animation.
The net result is that there are very few hobbyists producing 3D for the web - games or anything else. And then we have companies. So why would companies want to produce 3D content when they get almost as much oomph with good 2D technology (or just plain graphics) without the significant costs, and endless technology headaches? That's because even with the best middleware, you might see 10-25% of your users have some kind of 3D hardware/software related problem... old video drivers bunging up D3D which bunges up whatever your middleware is, weird budget 3D cards, software mode, etc... Most businesses just want to spend the least amount of money to reach the largest possible audience. And that was true before the drive to produce any kind of non-ecommerce-related commercial web content at all pretty much dried up.
There are still a few people left who we haven't eliminated who, for whatever reason, it makes sense to produce 3D for the web. Product demos, promotional games, and the rest. Believe me, competing for their business is far from easy.
Don't get me wrong; I welcome better tools and better standards. There might be a niche for simple object inspection or static environment presentation ala a not-totally-braindead-VRML. But it's really not a big deal at all. Most of the real issues to do with web 3D are on the OS side of the equation - uniformity of hardware, APIs, cross-platform issues, etc. IOW just "Stability" and "Reliability." It's really, really hard to deliver 3D content to a wide PC audience even without the massive additional headaches of the web. At the end of the day, I think web 3D will come into its own when we collectively find it easy to author 3D the way we author text-and-graphics websites now - in other words, maybe never. Until then, it will remain a specialized niche which is (these days) reasonably well served by the existing toolmakers and not really susceptible to wide-ranging standards due to the divergent needs of the participants.
Thank you. That's what I figured.
I'm not feature-for-feature familiar with the various versions of PGP and GPG, but their paper did make the claim that GPG does not do compression for already compressed plaintext (.zip,.gz,.bz files?). Obviously that statement is short on detail, and as I think we're realizing, this is all pretty academic anyway, but what they're doing is very good - they're being extremely thorough, and considering every angle.
If they hadn't pointed it out, I'm sure a number of people including myself would not have considered the threat of disclosing "failed" decryptions.
It hinges on being able to intercept a message, add some random data to the encrypted blocks containing its payload, and then for the recipient to decrypt it, and respond "hey Ed, what's with this garbled message you just sent me?" with that decrypted message quoted below. And, naturally, for the attacker to be able to intercept that response as well.
The basic idea of a "chosen cyphertext" attack is that if you can see a decryption of blocks you mangle, you can work backwards to get the plaintext in the unmangled blocks. You might consider this an attack on the user interface or the protocol rather than the algorithm. You should just never be quoting failed decryptions...
The talk about compression preventing the attack is not referring to the compression of cyphertext by you (i.e. ZIP'ing the payload before sending). That doesn't make a difference. It involves the DEFLATE compression the PGP/GPG software applies (and it generally does so only for uncompressed plaintext) both before and after encryption. You may already be realizing, randomizing compressed data will cause the decompression to fail with an error; that will make it much less likely for the user to disclose the failed decryption.
Fixing this is a good idea. Until it is fixed, if someone sends you garbage, don't reply, or if you do, don't quote their message in your reply. However, this is not the end of the world. The foundation is still sound, the attack is only useful on a per-message basis, and your keys are not affected by this strategy.
I do have a question for the crowd; it seems to me that this is an attack on "encrypted" messages, as opposed to "encrypted and signed" messages. I am assuming that the use of signatures will also foil this attack, but I would welcome comments from others on that subject.
This similar product has been around for a number of years:
The Twiddler...
And in fact, one of the first things people learn in basic statistics/probability classes is how many striking blind spots the human mind has for math. It's why Vegas works, and its probably part of why we tend to systemmatically misunderstand how "coincidental" things really are (or aren't).
Again, you make good points, but the strong regulatory regime you describe sounds just like a more complicated, expensive, inefficient and failure-prone version of what we already had with the pre-deregulation utilities - which were, by the way, already "private" - just "strongly regulated" by the various governments involved.
I would say the "strong regulation" you describe is basically suggestive of the oversight regime that we just removed, except that instead of a utility owned by shareholders (the public), whose policies and prices were tuned to get a pre-determined ROI (balanced carefully between investor profits and the public good which comes from plentiful, environmentally sound electricity), the utility is splintered and divided between private owners and traditional public companies, and instead of simply issuing and following public policy, we have "crimes" and "massive penalties."
If you look at it objectively, you realize the only reason for doing it is to make it difficult to maintain the protections we are discussing.
As the Road to Tycho is for intellectual property reform advocates, so should this be for those interested in the environment.
Commondreams.org has written a fictional address; conservatives and non-believers will call it propaganda, but then, as the weather patterns continue to change and the news stories about environmental catastrophes keep coming, they may have some trouble making the charge stick...
You make a very good point, but I would argue that the deregulation/capitalist model is fundamentally flawed for some services; electric power, most notably, but also education, police...
In the particular case of power, it's very simple: the incentives are exactly the opposite of what you want, since distribution over long distances is so inefficient.
If you build power plants, the power supply goes up, and your product is worth less. Hence, your profits go down.
If you do not build power plants, and/or take some of your plants off line, the power supply goes down, and then your product is worth more. Supply and demand! Whopee! Time to raise the rates! This is more or less what's happened everywhere this scheme has been tried; the only difference is that in California the distributor couldn't pass on the rate hikes because its end-prices were capped. Enron et al didn't mind, they just ran their rates up astronomically, ridiculously high for a few months, then turned off the lights (a negotiating tactic which actually took lives!), and even now they're probably still going to get the proceeds of the "utility bailout," so it's all the same to them.
The only possible way the "private" power generation companies can fail to get rich is by doing what they're supposed to... which is, provide ample, cheap, environmentally sound generating capacity. If you want to make money, on the other hand, the opposite is true; it's in the private utility's best interests to use the cheapest, dirtiest power generating techniques available, to encourage as much waste as possible, to cultivate their most profitable volume buyers at the expense of their least profitable low and middle income customers, to run as close to 100% capacity as they possibly can, and, of course, to create artificial shortages. If the consumers don't like it, there's always electric blackmail.
It's interesting to me that there did seem to be some early success in the telecom deregulation regime. One thing I would really like to spend more time doing is going over the actual laws involved... I have a feeling there must have been some interesting rules in there about how the incumbents have to operate for it to have worked at all.
I've often had the same thoughts, but remember, the telecoms and the media people own the FCC, and wireless technology only happens at the sufference of that agency.
In a sense, ithey're already blocking it, since such decentralized applications are already feasable and (I would guess) even relatively cost effective for some applications, and yet... you know how "crowded" the spectrum is. No room for something they can't get paid billions in bribes/bids for. Of course, you can always try it with existing technology, but I don't know if the numbers are right.
It's 1996, and the bells have been newly de-regulated. They're pleased as hell, because they can diversify, but more importantly, because they can now charge whatever they want - price gouging galore! Time to raise the price of call waiting!
There was only one pesky problem. The bells were now theoretically obligated to "compete" with other carriers. The nerve! Wasn't everyone informed that they don't share their playground? Wasting no time, they immediately set to work on the FCC and congress to try to roll back the regulations (or at least the enforcement regime) that allowed competitors to re-sell some of the network and compete.
They came up with a great idea. Oh, it was a real doozy, and very simple. They convinced the feds to allow them to charge a "call completion" fee.
It works like this. If a customer in one local phone company calls the customer of another, the originating carrier has to pay a fee to the receiving carrier for "completing" the call. This, reasoned the bells, was *it.* Who can start up a competing local carrier, if (since they're new) every call from their customers terminates at a bell-controlled phone, and they're saddled with 3c fees for every call! It's a classic "screwing the little guy with the power of math" scenario.
It was a perfect plan. And it only had one fatal flaw.
The metropolitan ISPs of New York City were some of the phone company's most enthusiastic enemies. And why not? Have you ever tried to get the NYC Bell to do anything more complex than a residential hookup? How about manaing hundreds of lines in a hunt chain... let me tell you. You lose a few every few months for no discernable reason, and during one of your dozen hour-long calls to the bell for support, you discover that in trying to "fix" your hunt, they've now disconnected your office phones as well. True story.
The NYC ISPs were desperate to deal with someone, _ANYONE_ other than the local bell. So what did they do? They got together with a tiny, unknown little local carrier. And they became its first, and practically only, customers.
And do you know what happened then?
ISPs need lots of lines, and they're willing, nay desperate, to pay a premium for any kind of service exceeding the Soviet-block standard of the bell. They hardly ever make any calls out. But everyone calls an ISP. In fact, they get thousands and thousands of calls a day.
Within days of getting their first 8 figure "call completion" bill from the tiny little independent local phone company (that the bells had just been gloating over murdering), the bells were back in Washington, and back in court, desperate to break the deal.
Now, exercise for the reader: where they successul in weaseling out of it? What do you think?
Four years ago I signed up with a local and long distance phone company called Econophone. One of the new breed of de-regulated, privatized competing phone service providers, they were offering rates for local and long-distance calls well below half what AT&T was, and still significantly cheaper than Verizon.
I used them successfully for two years, and paid very little for phone service. 5 cents a minute national long distance and comprable local rates.
How, you ask? De-regulation, which happened under Clinton in the mid '90's. However, once de-regulated, the baby bells immediately began testing the resolve of the federal regulators to force them to deal fairly with their "client competitors" for local & long distance service. You see, they wanted the good parts about de-regulation (being able to diversify, charge whatever they wanted, etc.) but not the bad parts (actually having to give up their monopoly status). They fought tooth and nail battles over various regulations and did their level best to kill their competitors... by bribing regulators to get call-completion charges, by systematically failing to service their new clients properly, and, now and again, by slamming their customers.
Clinton's people were going to stick it out and fight the bells into submission. The Bush people had a more, shall we say laissez faire attitude about it, and the last two years have all but brought about the end of competition among the bells, first as the feds looked the other way while they turned their embrace with their competition deadly, and now as the FCC is actually going to rubber stamp their new "pseudo-monopoly" status, enshrining the notion that bells need not lease their lines to anyone, just like they already did with cable.
Econophone is bankrupt. Many of you remeber the Northpoint fiasco; Econophone was very similar. Not content with stealing their customers and bludgeoning them to death with sabotaged service, the bells had to make a show of violently disconnecting them from the network, without warning. The message: don't deal with the independents. You just never know what might happen to your calls.
This industry makes billions of dollars a week. They are _printing money_. Their margins are _incredible_, and that's with some of the worlds most notorious bureaucracies. I've dealt with AT they just _hemorrhage_ money. Why not? They get paid most every time someone makes a call.
De-regulation was a failure. Not exactly because it was inevitable, but because it was never really intended as anything but ideological cover for more and better price fixing. $5/mo for call waiting service anyone? Or how about $3.50 for _not_ publishing your number in the phone book?
You might say the little carriers like econophone went out of busines because they didn't charge enough. But I don't think those people made a math error when they founded their company and calculated what they could charge. I think we got a brief glimps of what we _should_ have been paying all along, before the Bells furiously covered it up.
Specifically, in a probability textbook I saw a long time ago, the preface opened with a rivetingly complex proof, well beyond my ability to follow in detail both then and now. But I got the jist. The quick version is that, "mathematically speaking," something nearly impossible happens nearly every instant. A logical pun, so to speak.
And yet, am I really paranoid for suspecting that the Enron executive who committed suicide recently was murdered? Is that a hollywood-addled sense of the world, or is it simply realistic; it's not a difficult to accept fact that people have been killed over far, far smaller amounts of money. And the money is only the tip of the iceberg of conspiracies that was Enron.
Call it a coincidence that all of these scientists died in such rapid succession if you want. But I will do you one better. I won't say it's proof of a conspiracy, and I won't say it's a coincidence either.