You'd be surprised.. I posted to the article about the world's top computers, noting that the top four are at.mil installations doing "energy research", and cracked that maybe they're working on 90 MPG engines or cold fusion, and two people let me know that nuclear simulations are energy research too. Sadly, one thing this medium doesn't convey so well is the subtleties of sarcasm, something which all true geeks are quite well-versed in.
Only on slashdot... The third post gets a "redundant" moderation.
As a primarily Windows user, I've never had a problem with Red Hat, be it on its own system, under VMWare, or even on an old Sun Ultra 1 system I was playing with.
Auctally, the contract/license agreement you sign doesn't allow open sourcing of the code, because then otherwise anyone could just find out how it works. So, you can't "legally" license an open source DVD player.
Surely you can share the algorithms with your development team though... What's stopping my development team from being about 10,000,000 people?
I wonder how all you who support this and the similar BS would feel if someone put out simple instructions for a tool to unlock and start any car, especially yours.
Specious argument. Your car is yours, and if you want to take the rear seats out and put them in your living room, you can. You can't do that with your DVD because the mpaa doesn't want you to.
A much more realistic argument (again involving your car) is that it's as if your car only runs on gas with a certain additive in it, and the only way to get that additive is by buying official [ford | gm | other car co] brand gasoline. Even if that gas only cost marginally more than regular gas, you better believe that manufacturers would come up with that additive so you can add it to any gas, until, that is, the car companies go after the manufacturers of the additive. What then when the car company starts going after people making the additive at home for their own use? That is the situation we're in right now with CSS.
It's impractical because it's their keys used in the algorithm. Even if you encode something with CSS, you need to encode it to the keys of licensed devices. By encoding to their keys, you're giving permission to decrypt something. It would be like me writing my masterpiece, and encrypting to someone's public key, then going after them for breaking my encryption and destroying my IP rights by decrypting it. Unless I was forced to encrypt to something they can decrypt (ala key escrow), it was my choice to encrypt to them.
Now, one thing I haven't seen discussed... Has anyone approached the CCA about becoming a licensed user of CSS? How much can be published? If the licensed app is GPL'ed, how much of the CSS code goes for the ride? $10k isn't all that much, in the scheme of things.
What I guess I'm really failing to grasp is how the movie industry major players can have this kind of control without being considered a Cartel.
One of the defining characteristics of a cartel is price collusion. When [mpaa | riaa | airlines | other greedy bastards] get together to fix prices, the FTC starts sniffing around.
Simple. Look at his user page and you'll see a bell curve of inane drivel modded as such, unmodded posts, and highly modded (mostly) on-topic posts. If even I can get a bonus, it's not that hard (this post doesn't have it for the reason you can disable it: this post isn't worth +2). Posting early helps, even if it is a half-cocked opinion. Getting stories posted helps too. Each one is +5. Of course, the only thing karma is good for is making my co-workers jealous.
What I found interesting is that they say the top four computers are at.gov research facilities, doing "energy research" (90 MPG engines? Cold Fusion? heh), and others are with the army and air force. Kind of makes you wonder what is more sensitive than weapons research that earns the "classified" title.
Having content delivered to your shirt gives new meaning to shrink-wrap licensing.
Seriously though.. This is a step towards the future we all abhor: One where everything is licensed. Sure, it starts out simple, then the shirt gets an IPv6 address, and starts calling home, and before you know it, you're only allowed to wash a shirt 10 times before you have to choose between it calling home or being called home.
What will it take to make a private company part with some of their material for govt. funded research? Will they even do it, or will they charge millions to get a sample? Forcing them to release cells for research smacks of government intervention. It will be interesting to see in the coming weeks and months what it takes to make them release the cells for research.
As a side-note, politically, this is a brilliant move for Dubya.. Scientists get what they want, in a limited aspect, and religionists get what they want, again in a limited aspect. Some people will call it wussing out. I call it compromise, which is exactly what it is.
Even a non-technical person can figure out that email is being blocked. "User is not getting my email. Why?" would seem to be a pretty standard question. Unless you're dealing with Simon the BOFH, you'll get a straight answer. You can address with management as appropriate. If you're dealing with Simon, well, the problem's not so much with the blocking as it is the BOFH.
It all comes back to the individual, be it the network or its operator. If the owner doesn't like the operator, they change the operator. If the operator doesn't like the packets, they drop the packets. If the operator doesn't like the owner, they change who they work for. No one commands anyone to use or abide by blackhole lists. It's voluntary control of the network and its use. For someone (other than the owner) to say how I should run a network (in ways other than maliciously broken..) smacks me as being totally wrong.
Except the "known spammer" in this case was the entire MIT community!
No, it was the open relay that MIT was running. If someone is running a relay that takes all comers, and someone else is using it to send spam to my network, I'll ask the admin to deny relaying. If they won't, I'll blackhole it. If someone doesn't prevent their resources from using mine in a manner I don't want, I disallow them the right to use my resources.
The key point is I don't tell someone how to use their resources. If they want to allow relay, fine. I just won't allow them to use my resources.
For example, ISP's may want to reject incoming port 80 connections. becuase of the Code Red worm. Is this action so legally clear cut? What about the home user who needs to run a server now?
1. Find an ISP who allows you run a server. Most home broadband ISPs have clauses preventing people running servers. Just because they haven't stopped you before technologically doesn't mean they approved of it.
2. Run it on a different port. You're likely still in violation of your user agreement, if it has such a clause.
3. Get a dedicated connection. T1's can be had for $500 port and telco. Just because you can run a server on a DSL or cable modem connection doesn't mean that you should.
Also, a major point Lessig made in the article you linked is the unaccountability of the people compiling these lists.
They're accountable to their users. If I use a list that is abused, I will try to correct the abuses. If I cannot correct the abuses, I will cease to use the list. No one's telling anyone they must use a blackhole list. It's a voluntary choice.
Regarding network admins polling users, I don't agree with that. A network admin is charged with operating the network as they see fit. I don't like that I can't listent to streaming radio at work. It is my employer's network, and they don't want me doing that, hence I don't do that. If my ISP used any filtering I don't want, I'd use another ISP. If my employer does something with their network I don't think they should, I raise the issue with management.
It wasn't a brief. It wasn't a bit of trial advocacy. It wasn't a legal opinion. It was an op-ed piece, aka opinion editorial, one which at no point approached legal issues. BTW, he's also a professor at Harvard, but for all I know, that might be only because the Law School Dean figured it might be good for the alumni donations to keep him around.
I don't question his knowlege or his credentials, only his (stated) opinion, one which leads me to question all others. To question the right of a network operator to drop traffic they don't want strikes at the very definition of the internet, a collection of interconnected autonomous networks. If he wants to tell me that I have to take packets from networks I don't want to talk to, you bet I'm going to get pissed off.
That being said, he's free to express his opinion, I'm free to express mine, and we're both free to disagree with each other. I'm also free to keep whoever I want out of my network.
For me (and a lot of others in the anti-spam community), Mr. Lessig lost all credibility when he wrote The Spam Wars. In it, he describes a group of vigilantes looking to change the nature of commerce on the net. What he fails to mention is that it's just a bunch of network admins using a self-compiled and maintained list to drop packets from open relays and known spammers from hitting their own networks.
I find it both amusing and disturbing that he can be so strongly in favor of fair-use, reverse engineering, and against the DMCA, among other hot button/. issues, all the while decrying network operators dropping traffic they don't want on their network.
He's the copyright holder of a piece of software that strips technological controls (aka, encryption) from digital media put in place to prevent copyright "abuse". Pretty cut and dried to me. I'm not considering the whole points about it being written outside the US, it being a crappy law, or that he's got a strong civil case for malicious prosecution. That's outside the scope of this particular discussion. His actions appear to run counter to the DMCA. It's to a judge to decide if A) the law was substantially broken in the US, and B) if the law itself is constitutionally valid.
I read a report today, though I can't remember where, that he distributed 500 copies of the trial version of the software at defcon. That sealed it. Even if he made it elsewhere, that he was distributing it here was to invite trouble.
Don't worry, I'm one of the good guys. I've been making donations to the EFF for six years now, and have even named them in my life insurance policies. I'm happy as hell to see Dmitry out on bail, though I'd be far happier to see the case dropped.
I think we've already agreed that he's broken the DMCA. He sold a product to circumvent copyright protections. We're more concerned about seeing the DMCA get knocked back judicially than we are about Dmitry being exonerated of charges. Personally speaking, I'm not quite sure just how to feel about that one..
I suppose it probably wouldn't hold up in court, but it'd still be amusing.
Doesn't even hold up technologically, let alone in court.
In theory, it sounds good. You're ignoring that the infection comes from a malformed request, not response. To make it work, you'd need to take the IP issuing the request, and fire a request back at it containing your payload.
"Ummm, I was just seeing who was talking to me. I didn't know they were vulnerable!"
Another reply included a link to an article in Wired. Without having looked at it, it's probably a better version of the story.
Max had a good idea. He got greedy though, and his counter-worm left a backdoor. Would they have pursued him as thorougly if he hadn't have left the backdoor? Likely, especially since he hit.mil systems.
There's a difference between making a request to a server and getting its response, and making a malformed request to a server in the hope that it executes your code. Whether the code is benevolent or malicious, it's all the same. You're doing things to other peoples property that they neither ordinarily allow you to do nor ask you to do. Even with the best of intentions, you're still executing your code on someone else's system.
"Oh, I'm sorry! You were saying about 'best intentions'? Oh, you're finished? Well, allow me to retort."
Uhhhh, Yeah. Tell it to Max Butler (aka Max Vision). He did the same thing for the bind worm, releasing a worm that fixed the hole. He's now doing 18 months with three years of probation, plus $60k in restitution.
Read here if you're still thinking of releasing this creature into the wild.
Slashdot Mirror
(I can't believe you took my post seriously...)
.mil installations doing "energy research", and cracked that maybe they're working on 90 MPG engines or cold fusion, and two people let me know that nuclear simulations are energy research too. Sadly, one thing this medium doesn't convey so well is the subtleties of sarcasm, something which all true geeks are quite well-versed in.
You'd be surprised.. I posted to the article about the world's top computers, noting that the top four are at
but where is ISS ? He doesn't say!
Waaaay up in the sky. You may also know it as the International Space Station.
Only on slashdot... The third post gets a "redundant" moderation.
As a primarily Windows user, I've never had a problem with Red Hat, be it on its own system, under VMWare, or even on an old Sun Ultra 1 system I was playing with.
Auctally, the contract/license agreement you sign doesn't allow open sourcing of the code, because then otherwise anyone could just find out how it works. So, you can't "legally" license an open source DVD player.
Surely you can share the algorithms with your development team though... What's stopping my development team from being about 10,000,000 people?
Also, who's going to pay the $10k?
Depending upon the fine print, I might.
I wonder how all you who support this and the similar BS would feel if someone put out simple instructions for a tool to unlock and start any car, especially yours.
Specious argument. Your car is yours, and if you want to take the rear seats out and put them in your living room, you can. You can't do that with your DVD because the mpaa doesn't want you to.
A much more realistic argument (again involving your car) is that it's as if your car only runs on gas with a certain additive in it, and the only way to get that additive is by buying official [ford | gm | other car co] brand gasoline. Even if that gas only cost marginally more than regular gas, you better believe that manufacturers would come up with that additive so you can add it to any gas, until, that is, the car companies go after the manufacturers of the additive. What then when the car company starts going after people making the additive at home for their own use? That is the situation we're in right now with CSS.
It's impractical because it's their keys used in the algorithm. Even if you encode something with CSS, you need to encode it to the keys of licensed devices. By encoding to their keys, you're giving permission to decrypt something. It would be like me writing my masterpiece, and encrypting to someone's public key, then going after them for breaking my encryption and destroying my IP rights by decrypting it. Unless I was forced to encrypt to something they can decrypt (ala key escrow), it was my choice to encrypt to them.
Now, one thing I haven't seen discussed... Has anyone approached the CCA about becoming a licensed user of CSS? How much can be published? If the licensed app is GPL'ed, how much of the CSS code goes for the ride? $10k isn't all that much, in the scheme of things.
What I guess I'm really failing to grasp is how the movie industry major players can have this kind of control without being considered a Cartel.
One of the defining characteristics of a cartel is price collusion. When [mpaa | riaa | airlines | other greedy bastards] get together to fix prices, the FTC starts sniffing around.
Where the fuck do you get your karma!??
Simple. Look at his user page and you'll see a bell curve of inane drivel modded as such, unmodded posts, and highly modded (mostly) on-topic posts. If even I can get a bonus, it's not that hard (this post doesn't have it for the reason you can disable it: this post isn't worth +2). Posting early helps, even if it is a half-cocked opinion. Getting stories posted helps too. Each one is +5. Of course, the only thing karma is good for is making my co-workers jealous.
Simulating nuclear weapons also falls under "energy research".
Well... I figured they weren't trying to solve CA's energy crisis.
What I found interesting is that they say the top four computers are at .gov research facilities, doing "energy research" (90 MPG engines? Cold Fusion? heh), and others are with the army and air force. Kind of makes you wonder what is more sensitive than weapons research that earns the "classified" title.
Having content delivered to your shirt gives new meaning to shrink-wrap licensing.
Seriously though.. This is a step towards the future we all abhor: One where everything is licensed. Sure, it starts out simple, then the shirt gets an IPv6 address, and starts calling home, and before you know it, you're only allowed to wash a shirt 10 times before you have to choose between it calling home or being called home.
I don't have the link to that page anymore or I'd post it!
Site du Jour of the Day Archives
What will it take to make a private company part with some of their material for govt. funded research? Will they even do it, or will they charge millions to get a sample? Forcing them to release cells for research smacks of government intervention. It will be interesting to see in the coming weeks and months what it takes to make them release the cells for research.
As a side-note, politically, this is a brilliant move for Dubya.. Scientists get what they want, in a limited aspect, and religionists get what they want, again in a limited aspect. Some people will call it wussing out. I call it compromise, which is exactly what it is.
Even a non-technical person can figure out that email is being blocked. "User is not getting my email. Why?" would seem to be a pretty standard question. Unless you're dealing with Simon the BOFH, you'll get a straight answer. You can address with management as appropriate. If you're dealing with Simon, well, the problem's not so much with the blocking as it is the BOFH.
It all comes back to the individual, be it the network or its operator. If the owner doesn't like the operator, they change the operator. If the operator doesn't like the packets, they drop the packets. If the operator doesn't like the owner, they change who they work for. No one commands anyone to use or abide by blackhole lists. It's voluntary control of the network and its use. For someone (other than the owner) to say how I should run a network (in ways other than maliciously broken..) smacks me as being totally wrong.
Except the "known spammer" in this case was the entire MIT community!
No, it was the open relay that MIT was running. If someone is running a relay that takes all comers, and someone else is using it to send spam to my network, I'll ask the admin to deny relaying. If they won't, I'll blackhole it. If someone doesn't prevent their resources from using mine in a manner I don't want, I disallow them the right to use my resources.
The key point is I don't tell someone how to use their resources. If they want to allow relay, fine. I just won't allow them to use my resources.
For example, ISP's may want to reject incoming port 80 connections. becuase of the Code Red worm. Is this action so legally clear cut? What about the home user who needs to run a server now?
1. Find an ISP who allows you run a server. Most home broadband ISPs have clauses preventing people running servers. Just because they haven't stopped you before technologically doesn't mean they approved of it.
2. Run it on a different port. You're likely still in violation of your user agreement, if it has such a clause.
3. Get a dedicated connection. T1's can be had for $500 port and telco. Just because you can run a server on a DSL or cable modem connection doesn't mean that you should.
Also, a major point Lessig made in the article you linked is the unaccountability of the people compiling these lists.
They're accountable to their users. If I use a list that is abused, I will try to correct the abuses. If I cannot correct the abuses, I will cease to use the list. No one's telling anyone they must use a blackhole list. It's a voluntary choice.
Regarding network admins polling users, I don't agree with that. A network admin is charged with operating the network as they see fit. I don't like that I can't listent to streaming radio at work. It is my employer's network, and they don't want me doing that, hence I don't do that. If my ISP used any filtering I don't want, I'd use another ISP. If my employer does something with their network I don't think they should, I raise the issue with management.
It wasn't a brief. It wasn't a bit of trial advocacy. It wasn't a legal opinion. It was an op-ed piece, aka opinion editorial , one which at no point approached legal issues. BTW, he's also a professor at Harvard, but for all I know, that might be only because the Law School Dean figured it might be good for the alumni donations to keep him around.
I don't question his knowlege or his credentials, only his (stated) opinion, one which leads me to question all others. To question the right of a network operator to drop traffic they don't want strikes at the very definition of the internet, a collection of interconnected autonomous networks. If he wants to tell me that I have to take packets from networks I don't want to talk to, you bet I'm going to get pissed off.
That being said, he's free to express his opinion, I'm free to express mine, and we're both free to disagree with each other. I'm also free to keep whoever I want out of my network.
For me (and a lot of others in the anti-spam community), Mr. Lessig lost all credibility when he wrote The Spam Wars. In it, he describes a group of vigilantes looking to change the nature of commerce on the net. What he fails to mention is that it's just a bunch of network admins using a self-compiled and maintained list to drop packets from open relays and known spammers from hitting their own networks.
/. issues, all the while decrying network operators dropping traffic they don't want on their network.
I find it both amusing and disturbing that he can be so strongly in favor of fair-use, reverse engineering, and against the DMCA, among other hot button
No comparison. Phil wrote a program that others exported. Dmitry wrote a program that he distributed at defcon (that much is apparently provable).
Even if he's guilty of breaking the law, that doesn't change the fact that it is a bad law, and that is what should really be addressed.
He's the copyright holder of a piece of software that strips technological controls (aka, encryption) from digital media put in place to prevent copyright "abuse". Pretty cut and dried to me. I'm not considering the whole points about it being written outside the US, it being a crappy law, or that he's got a strong civil case for malicious prosecution. That's outside the scope of this particular discussion. His actions appear to run counter to the DMCA. It's to a judge to decide if A) the law was substantially broken in the US, and B) if the law itself is constitutionally valid.
I read a report today, though I can't remember where, that he distributed 500 copies of the trial version of the software at defcon. That sealed it. Even if he made it elsewhere, that he was distributing it here was to invite trouble.
Don't worry, I'm one of the good guys. I've been making donations to the EFF for six years now, and have even named them in my life insurance policies. I'm happy as hell to see Dmitry out on bail, though I'd be far happier to see the case dropped.
I think we've already agreed that he's broken the DMCA. He sold a product to circumvent copyright protections. We're more concerned about seeing the DMCA get knocked back judicially than we are about Dmitry being exonerated of charges. Personally speaking, I'm not quite sure just how to feel about that one..
Well, at least we can cross Dmitry off the list of SirCam suspects!
I suppose it probably wouldn't hold up in court, but it'd still be amusing.
Doesn't even hold up technologically, let alone in court.
In theory, it sounds good. You're ignoring that the infection comes from a malformed request, not response. To make it work, you'd need to take the IP issuing the request, and fire a request back at it containing your payload.
"Ummm, I was just seeing who was talking to me. I didn't know they were vulnerable!"
Another reply included a link to an article in Wired. Without having looked at it, it's probably a better version of the story.
.mil systems.
Max had a good idea. He got greedy though, and his counter-worm left a backdoor. Would they have pursued him as thorougly if he hadn't have left the backdoor? Likely, especially since he hit
There's a difference between making a request to a server and getting its response, and making a malformed request to a server in the hope that it executes your code. Whether the code is benevolent or malicious, it's all the same. You're doing things to other peoples property that they neither ordinarily allow you to do nor ask you to do. Even with the best of intentions, you're still executing your code on someone else's system.
"Oh, I'm sorry! You were saying about 'best intentions'? Oh, you're finished? Well, allow me to retort."
Uhhhh, Yeah. Tell it to Max Butler (aka Max Vision). He did the same thing for the bind worm, releasing a worm that fixed the hole. He's now doing 18 months with three years of probation, plus $60k in restitution.
Read here if you're still thinking of releasing this creature into the wild.