I've never searched for an ad-supported FTP client, but I imagine there's at least one out there which does indeed install adware. I would also change that to reflect the facts: an easy way to find filenames of the user's choice, many of which will be copyrighted works.
The point, is that this client software made it very easy to find media (including copyrighted media), which made it popular. This popularity provided a large audience for this client software to be used as an effective advertising platform. They were aware their software was being used to infringe copyright in a big way, yet they seemingly did next to nothing to prevent this and thus they gained financially from allowing people to continue to use their software in an illegal manner.
If someone did the same thing tomorrow, but used FTP, they would find themselves in court too. FTP though, is not really appropriate for this sort of P2P.
Don't kid yourself.
I'm not.
If they succeed only in eliminating the bloated, ad-filled Kazaa client and converting more people to alternatives like Kazaa Lite (or, for that matter, switching them to an alternative method entirely) the RIAA has gained nothing. They're out to sue developers here, I would bet you the RIAA's profits last year.
They went after the parties controlling the business. The people requesting the features from the developers.
They want P2P GONE, as in "illegal even to use or develop for", not just "filtered"-that's trivial to trick.
In Australia? Prove it please.
Exactly. Which is why I compared a program (FTP client) to a program (Kazaa client).
You said:
Kazaa is a data transfer protocol-a crappy one, granted, but that's all it is.
This statement is NOT true. Kazaa is not just a "data transfer protocol" and the protocols involved are of little interest to this case, comparatively speaking.
Their software simply -allows- users to transfer files via that protocol.
There are more than one protocol involved. Plus their software delivers advertisements.
Are the makers of FTP clients now liable if an FTP user downloads copyrighted material?
Makers of an FTP client would be liable if they provided a client of similar ilk. One that helps the makers gain from assisting people to infringe copyright beyond just the transfering of arbitrary files which might just happen to be copyright infringing.
I really don't know, I guess I neglected to read the Kazaa site every few days for the past few years. I can't, however, find a reference to that in the case documentation. Can you show me what I missed or provide other evidence, or is this just your speculation?
I work in computer forensics. Web sites changing content is not uncommon and in a legal case, which includes evidence from a web site, it is typical to capture changes in case they are needed as evidence.
It looked to me like it came down to just one thing, just as Grokster did.
The judge considered all of the evidence and there was a lot of it.
Direct infringement's out, so all you've got left is this nebulous "inducement" thing. And the judge -never- cited in his decision that Kazaa -directly- advocated violation of the law-only CHANGE of the law, and/or change of the RIAA's business practices, with their "join the revolution" bit, while (even by his admission!) condemning violations of that law while it's in effect. Now, of course that's not what's really in their heads, but the day we start legislating what's in someone's head is the day I run for it. And no, it wasn't effective, but nor have the RIAA's warnings been-and they're trying in dead earnest. I think a case could be made under those circumstances that there isn't a known way right now for a copyright warning to be effective, and Kazaa certainly shouldn't be expected to do what someone with a vested interest in succeeding can't manage.
How many FTP clients do you know of which are advertisement delivery platforms which are designed to lure people to the advertisements by providing them with an easy way to find and download copyrighted works?
I would like to change this to:
How many FTP clients do you know of which are advertisement delivery platforms which are designed to lure people to the advertisements by providing them with an easy way to find and download works, which incidentally is very effective at finding copyrighted works?
Alright, is it really that hard to read? I've been told 3 times now that I'm comparing a program to a protocol. In my post, I specifically stated the developers of an FTP -CLIENT-. This is (say it with me) a PROGRAM which uses PROTOCOLS, which certainly could make money for someone, and which most certainly could be used to infringe copyrights.
How many FTP clients do you know of which are advertisement delivery platforms which are designed to lure people to the advertisements by providing them with an easy way to find and download copyrighted works?
Also, Kazaa -is- part protocol-other programs (Kazaa Lite, and so on) also access their network, so apparently, there IS a network or protocol which exists separately from the program, and can be accessed independently. So, we've got the same thing-a program (the Kazaa desktop, Kazaa Lite, whatever) accessing a protocol (the Kazaa network). You may not want to -think- I'm right, but you've illustrated, so far, no differences aside from marketing practices.
You need to read better. I said that this case is not about the protocols. The protocols are not what the case is about. Certainly they get mentioned during the case, to complete the picture, but it is the way the businesses are being run and the way the KDM works that the case is about.
I'm also a bit concerned about that-the judge found that Kazaa was "authorizing infringement" simply by criticizing the record companies' policies. Nowhere that I can find on their website does it EVER say "Alright, go ahead and do it anyway."
You think that their web site has not changed over the course of 3 years? You think that mirrors of the web site were not periodically captured as evidence over the course of that 3 years?
But I sure don't like seeing the free speech implications of that for Australians-simple criticism of someone's actions amounts to encouragement of a third-party's unlawful act?
There was TONS of evidence, experts and lawyers working on this for THREE YEARS. It does not just come down to one thing.
BTW, you said "Kazaa is a data transfer protocol-a crappy one, granted, but that's all it is", which is absolutely not correct. That is not "all it is". Maybe lots of people have pulled you up on this because it's WRONG? Kazaa is NOT just a protocol and the protocols involved are not what the case is about. The case was about business practices and their client software.
Please reread, get rid of the straw men, and comment again.
I think many people who've RTFA but who haven't RTFCD are under the impression that the ruling was made after 20 minutes; the reality is that the case stretched on for many, many months, and included the testimony of computer science professors from UC Berkeley and other institutions.
Make that 3 years.
One of the professors on the Kazaa side had very little integrity.
226 The two American experts called by counsel for the Sharman respondents were Keith Wimberly Ross and Justin Douglas Tygar.
227 Professor Ross is Professor of Computer Science at the Polytechnic University in Brooklyn, New York. He has taught computer systems engineering at university level since 1985 and has published widely. At the time of giving evidence, he was researching aspects of peer-to-peer networking pursuant to three grants provided by the National Science Foundation, a United States government agency. The professor was obviously well qualified to give expert evidence in this case. However, my confidence in him was shaken during the course of his cross-examination.
228 Mr Bannon showed Professor Ross a draft of his report that contained a passage dealing with the relationship between Joltid's PeerEnabler software (used in FastTrack) and Altnet's TopSearch technology. The draft shows exchanges between Professor Ross and a solicitor at Clayton Utz, acting for the Sharman respondents. Professor Ross initially wrote the words: 'The Altnet TopSearch Index works in conjunction with the Joltid PeerEnabler to search for Gold Files'. The solicitor crossed out this sentence on the draft and suggested a substitute sentence: 'TopSearch searches its own Index file of available Altnet content and PeerEnabler is not needed or used for this, other than to assist in the periodic downloading of these indexes of available content'. Professor Ross replied: 'I was not aware of this, even after our testing. But if you say it is so, then fine by me'. He left the solicitor's words in the draft.
229 When Mr Bannon asked about this, Professor Ross responded:
'Unfortunately, I don't have the report memorised. But it is my recollection that I was not comfortable with this and I took it out in the end. But I would like to see my report to confirm that.'
230 Mr Bannon then showed Professor Ross the email showing the solicitor's response to his 'fine by me' reaction. The solicitor said: 'Keith, we want to try to avoid you being exposed to criticism so how about'. The solicitor then suggested the sentence that appears in Professor Ross' final report. The cross-examination went on:
'You see it wasn't you feeling uncomfortable. Clayton Utz said, well, in effect, Keith we want to try and avoid you being exposed to criticism, so how about something different. And they ruled out what you were otherwise prepared to swear up to based solely on their say so? --- I wouldn't agree with that. I wouldn't have been comfortable putting it into the final report I suppose unless I was given further evidence of this fact.
That is not what you communicated? --- Well you have to read between the lines. I said that we had phone calls as well and during the phone conversations often I would indicate that there were some things I was uncertain with and I would want an additional explanation or justification.
You said: "If you say it is so then fine with me." That is all you said? --- Once again I do not have my final report in front of me so I am not 100 per cent sure what I put there. But again in saying this I just know the way I am personally. What I am saying there: "Fine with me, once you give me additional proof".'
231 I cannot accept that explanation. I am forced to conclude that Professor Ross was prepared seriously to compromise his independence and intellectual integrity. After this evidence, I formed the view it might be unsafe to rely upon Professor Ross in relation to any controversial matter. Of course, that does not mean his evidence should be totally disregarded.
I mean, surely the inventors of the BSD TCP stack have known for a long time that piracy was occuring over the network. And it's possible to do data fingerprinting, even at the TCP level. So what stops them from being legally liable in the future?
They were not leveraging profits specifically from the illegal activities and then doing nothing to stop those activities.
KMD is an advertisement platform. Protocols are protocols.
Kazaa is a data transfer protocol-a crappy one, granted, but that's all it is.
No it absolutely is not. It *uses* some protocols, through an application designed to provide advertising while also making it really easy to find and download the content you like. They *KNOW* that people are using it to download copyright material in a big way and they've done nothing to prevent this because THAT is the catalyst to them making money from the advertising.
If they effectively prevent the downloading of copyrighted material, the popularity of Kazaa will suddenly drop to a miniscule fraction of what it is now and that will result in the same for their profits.
Comparing Kazaa to FTP is completely and utterly ridiculous. FTP is a protocol, the Kazaa Media Desktop is a money making machine which happens to use some protocols. The court case is not about a protocol.
Of course, I'm sure we can agree that the *right* answer is that you should do it both ways.
Absolutely. I prefer write-blocker and capturing from an OS which does not "think" for me. ; )
Do you really think those devices are out of spec? Many of them are switchable between writable and write-block and merely don't pass any write commands on to the drive. It seems pretty simple to me. Humans on the other hand, have bad days. There is that classic story of Linus Torvalds dialing up to the internet, but instead of dialing with his MODEM device, he accidentally dialled his HDD device! Writing some characters over the beginning of the disk.
People make mistakes, write-blockers are simple and almost eliminate any damage that a mistake may have caused. I say almost, because people are of course always able to accidentally switch to writable(if their blocker is switchable).
Re: Honda and economies of scale, a write blocker is super basic. Get commands, pass anything on which is not any type of write command. An OS and userland tools on the other hand, are very complex. This is a core functionality of products made by companies which make these devices and they need to stand up the scrutiny of the court.
My point, is that these devices are very simple and thus little can go wrong with them. There are few buttons for a person to push. I beleive they adhere to specs but simply choose to drop certain commands, kind of like a firewall. OS and apps are way too complex and people stuff up when they have lots of buttons to push.
Ultimately such a device merely relocates the nexus of trust and fails to actually improve the surety of the evidence.
I agree with a lot of what you have said. But...
Court cases are all about being most convincing to a judge and sometimes a jury. They typically don't understand the technical issues, so expert witnesses are expected to explain the findings in an accessible manner.
Write-blockers do however work and are expected to be used. There is little to go wrong with a write-blocker/expert combination and a lot more that can go wrong with a software/expert combination.
You do the best for the court and write-blockers provide the best solution for capturing evidence accurately without modifying the orignal. You can't accurately capture original evidence if the act itself alters it, even if ever so slightly.
What you have to understand though, is that even if you are the best computer forensics expert to have ever walked the Earth, the barristers on the opposing side NEED to find fault with you, your findings and your evidence. They do it for a living and they are really good at it. That can take a small issue and have your evidence and findings thrown out.
Because such a device is Kludge. It is a black-box that cannot be verified and as such as is no better than the "black-box" of the operating system.
I would not call the forensic quality write-blockers on the market "a kludge". They perform a basic role to a level that is accepted by the highest courts and experts (the real ones). They are very simple, yet vital. They go a long way to preventing human error.
Moreover, the latter is used and effectively tested by millions whereas only a handful of people purchase such "write blockers"
The software in question is extremely complex and has to be driven by an error prone human. The write-blocker on the other hand, is a very simple device dedicated for one thing and is simply plugged into the drive to be captured.
Why in the hell would you choose a dull career like forensic investigation based on a TV show?
Computer forensics does not always have to be dull.
You can sometimes do things you ordinarily would not be allowed to do, because you are doing them to "assist the court", sometimes which explicit blessing from the court in the form of a court order. Reverse engineering, network packet analysis, log file analysis, filesystem analysis, cryptography (algorithm deduction, password cracking), statistics, data mining. Using sniffers, hacking tools, debuggers like IDA Pro, getting to use devices not available to the public, etc.
It does not have to be boring. And the more you delve beyond the superficial, the more rewarding it is to find evidence yourself and others had missed.
Uh, most drives have a write-protect jumper on them.
Even if the HDD you were capturing evidence from had a write-protect jumper, the point of a write-blocker is that it removes doubt. You plug it in and it will not allow writes to the drive. You don't have to worry about what jumper to short, etc. A simple and absolute solution leads to a simple and absolute statement on the stand.
BTW, can you point me to a HDD which has a write-protect jumper? I don't recall ever seeing one.
Well, instead of using an OS that does what it damn well wants (like mount all drives read/write by default),
I agree, gathering evidence with Windows sucks.
why don't you use Linux and simply create a drive image straight from the raw device without mounting at all?
Because in court, things can get nasty like this...
Barrister: Did you use a (looks at freshly written note) "write blocker", Mr. Smith? Forensics guy: No, I did not need to. I refrained from mounting the disk and copied it at a raw block-for-block level (confusing to judge). Barrister: Yes or No Mr. Smith, did you use a "write blocker". Forensics guy: No. Barrister: And a "write blocker" is a forensics industry standard method for preventing contamination of captured evidence? (Judge respects witnesses who respect the court enough to make sure their captured evidence is absolutely accurate and original evidence could not have been altered). Forensics guy: Yes, but... Barrister: Mr. Smith, you failed to take a basic precaution to make absolutely certain that the captured evidence was not altered in any way, by using a basic device that is normally a part of the toolkit of a computer forensic professional. Do you posess a "write blocker" Mr. Smith? Forensics guy: Yes (No). Barrister: Then WHY did you not use it?! (You ARE a computer forensics professional are you not Mr. Smith?) Forensics guy: gasp gasp (blush) choke...
The point is, if you are gathering evidence of this sort, then write blockers are tools you should have and always use. All the opposition needs to do is raise doubt. And then you and your client are screwed.
When you take the stand or put on an affidavit, the opposing legal team will attack:
1/ Your findings and the methods you used to get to them. 2/ Your evidence. 3/ You credibility.
and at a worst case...
4/ Accuse you of tampering with ORIGNAL EVIDENCE which has been tendered to the court!
Not having a write-blocker says, "I am not a computer forensics professional".
Having a write-blocker and not using it says, "I am sloppy and failed to use a simple tool at my disposal to assist the court as best I could".
Whether your evidence is exactly the same as the other forensics experts is beside the point. They have attacked your credibility and that can go against your findings (even if they are completely correct). You have nothing to gain from not using a write-blocker (which you should already have) and everything to loose. I would love to just capture evidence with FreeBSD and just copy from the raw device. But at the end of the day, the cost of a $500 write-blocker, which you get to use over and over, should be peanuts compared with what you make each day you work on cases which requires its use.
It's as bad as the CRT TVs with "digital enhancement" and 100Hz gimmics, it does nothing to improve the quality of the image.
Tell me about it. I remember first seeing the 100Hz TV's with my home theatre enthusiast friends. They were commenting how great they looked and I was thinking, "W T F !?!?". They look like crap. "Oh you have to stand back for the 'effect' to work", "ahh, yeah, how much further do I need to go back before those crazy flashing patterns disappear?". ; )
Expensive Grundig and Telefunken "100Hz" TV's, which looked like crap.
I call bullshit. With plasma, burn-in is just the same as with CRTs. When the same image is on the screen for a long time, it causes uneven phosphor wear, which leaves a pattern behind where the phosphors can't get as bright anymore. I have never seen anything like you have described.
Call bullshit all you like, but this experience is part of my past work and personal life. I don't know why it happens, but I see it everywhere. An obvious image is left behind of something that is displayed for long periods of time and that image exhibits a lot of noise (instead of just a dull image).
Maybe this is because the phosphors used in plasma displays are in a gaseous state, as opposed to those in CRT's which are solid. What happens when flourescent lights start to wear out? They flash. Plasma lighting often causes oscillating types of effects where the areas excited to lighting moves around. Especially when the phosphors become "worn out". Perhaps this is a similar effect.
Every long-term CRT display I have seen (Pac-man, Centipede, Ms. Pac-man), has lots of broken, noisy pixels. As if a burn-in effect had occured.
Ha ha. Those games are like 20+ years old! With plasma I am talking (from my own personal experience) burn in from 1 to 2 years in installations that are 12 hours per day, 5 days per week. With CRT, burn-in causes the phosphors to become less effective and thus a reduction in brightness is seen. But with plasma "burn-in" (if it could be called that) causes this awful effect where each burnt pixel flashes independently from all others as if they are constantly receiving a poor "snowy" reception. That's what I mean by noisy pixels. Burnt phosphor of CRT's just look dull. No flashing.
Seriously, this happens to any display when used like this.
I was about to mention LCD for just one example against this statement, but you beat me to it...
f you can afford it, get LCD, as it has all the advantages of plasma and no risk of burn-in
I'd rather wait till nice quality 1080 native displays are both cheap and durable and there is plenty of content at this resolution to watch.
Every long-term plasma display installation I have seen (train stations, malls, building foyers), have lots of broken, noisy pixels. As if a burn-in effect had occured. I took this problem into account when designing a display about 4 years ago, by randomly placing images/text (within constraints) and this still occured.
I would be really pissed off if this happened to me on one of these super expensive displays. What's more, have they made plasma look good yet? I've never seen a plasma display which looked good. Even when opperated at their native resolution through digital interfaces.
To me, they seem way overpriced for the quality and durability you get.
FreeBSD on the other hand could be installed off of the cdrom drive _and_ the wifi card worked without issue.
FreeBSD also runs very nicely on my nice new Sony VAIO.
Linux is not bad but at the same time it is not the be all end all as most will have you believe.
Amen to that. All people need to do is use some BSD's for a while, then go back to Linux and read some man pages, then search on the net for some HOWTOS, then the forums... then, in disgust, come back to the BSD's with current doco. ; )
I spent 3 days trying to get it installed, but it kept kernel panicing during installation. Does that count?
Your hardware is one or more of:
1/ Broken. 2/ Buggy. 3/ Unsupported.
I install OpenBSD, NetBSD and FreeBSD on all manner of machines.
I have FreeBSD 5.4 Release on my Sony VAIO VGN-A49GP, OpenBSD on my various Sun Ultra's, and Apple Macs and NetBSD on a few work Dell machines. Each of them is running within various VMware machines also.
No version of Microsoft Windows has ever shiped with a network stack derived directly or indirectly from BSD. Some network applications, notably ftp, did.
Since you speak with such authority ("no version ever"), then you must be a long-time Microsoft systems programmer? One of greater knowledge of this subject than Mr. Adam Barr?
Slashdot Mirror
Wasn't the Palm Pilot first developed and sold by US Robotics, after it became owned by 3Com?
Certainly the first Palm Pilots were branded US Robotics.
I've never searched for an ad-supported FTP client, but I imagine there's at least one out there which does indeed install adware. I would also change that to reflect the facts: an easy way to find filenames of the user's choice, many of which will be copyrighted works.
The point, is that this client software made it very easy to find media (including copyrighted media), which made it popular. This popularity provided a large audience for this client software to be used as an effective advertising platform. They were aware their software was being used to infringe copyright in a big way, yet they seemingly did next to nothing to prevent this and thus they gained financially from allowing people to continue to use their software in an illegal manner.
If someone did the same thing tomorrow, but used FTP, they would find themselves in court too. FTP though, is not really appropriate for this sort of P2P.
Don't kid yourself.
I'm not.
If they succeed only in eliminating the bloated, ad-filled Kazaa client and converting more people to alternatives like Kazaa Lite (or, for that matter, switching them to an alternative method entirely) the RIAA has gained nothing. They're out to sue developers here, I would bet you the RIAA's profits last year.
They went after the parties controlling the business. The people requesting the features from the developers.
They want P2P GONE, as in "illegal even to use or develop for", not just "filtered"-that's trivial to trick.
In Australia? Prove it please.
Exactly. Which is why I compared a program (FTP client) to a program (Kazaa client).
You said:
Kazaa is a data transfer protocol-a crappy one, granted, but that's all it is.
This statement is NOT true. Kazaa is not just a "data transfer protocol" and the protocols involved are of little interest to this case, comparatively speaking.
Their software simply -allows- users to transfer files via that protocol.
There are more than one protocol involved. Plus their software delivers advertisements.
Are the makers of FTP clients now liable if an FTP user downloads copyrighted material?
Makers of an FTP client would be liable if they provided a client of similar ilk. One that helps the makers gain from assisting people to infringe copyright beyond just the transfering of arbitrary files which might just happen to be copyright infringing.
I really don't know, I guess I neglected to read the Kazaa site every few days for the past few years. I can't, however, find a reference to that in the case documentation. Can you show me what I missed or provide other evidence, or is this just your speculation?
I work in computer forensics. Web sites changing content is not uncommon and in a legal case, which includes evidence from a web site, it is typical to capture changes in case they are needed as evidence.
It looked to me like it came down to just one thing, just as Grokster did.
The judge considered all of the evidence and there was a lot of it.
Direct infringement's out, so all you've got left is this nebulous "inducement" thing. And the judge -never- cited in his decision that Kazaa -directly- advocated violation of the law-only CHANGE of the law, and/or change of the RIAA's business practices, with their "join the revolution" bit, while (even by his admission!) condemning violations of that law while it's in effect. Now, of course that's not what's really in their heads, but the day we start legislating what's in someone's head is the day I run for it. And no, it wasn't effective, but nor have the RIAA's warnings been-and they're trying in dead earnest. I think a case could be made under those circumstances that there isn't a known way right now for a copyright warning to be effective, and Kazaa certainly shouldn't be expected to do what someone with a vested interest in succeeding can't manage.
Kazaa did not attempt to pr
How many FTP clients do you know of which are advertisement delivery platforms which are designed to lure people to the advertisements by providing them with an easy way to find and download copyrighted works?
I would like to change this to:
How many FTP clients do you know of which are advertisement delivery platforms which are designed to lure people to the advertisements by providing them with an easy way to find and download works, which incidentally is very effective at finding copyrighted works?
Alright, is it really that hard to read? I've been told 3 times now that I'm comparing a program to a protocol. In my post, I specifically stated the developers of an FTP -CLIENT-. This is (say it with me) a PROGRAM which uses PROTOCOLS, which certainly could make money for someone, and which most certainly could be used to infringe copyrights.
How many FTP clients do you know of which are advertisement delivery platforms which are designed to lure people to the advertisements by providing them with an easy way to find and download copyrighted works?
Also, Kazaa -is- part protocol-other programs (Kazaa Lite, and so on) also access their network, so apparently, there IS a network or protocol which exists separately from the program, and can be accessed independently. So, we've got the same thing-a program (the Kazaa desktop, Kazaa Lite, whatever) accessing a protocol (the Kazaa network). You may not want to -think- I'm right, but you've illustrated, so far, no differences aside from marketing practices.
You need to read better. I said that this case is not about the protocols. The protocols are not what the case is about. Certainly they get mentioned during the case, to complete the picture, but it is the way the businesses are being run and the way the KDM works that the case is about.
I'm also a bit concerned about that-the judge found that Kazaa was "authorizing infringement" simply by criticizing the record companies' policies. Nowhere that I can find on their website does it EVER say "Alright, go ahead and do it anyway."
You think that their web site has not changed over the course of 3 years? You think that mirrors of the web site were not periodically captured as evidence over the course of that 3 years?
But I sure don't like seeing the free speech implications of that for Australians-simple criticism of someone's actions amounts to encouragement of a third-party's unlawful act?
There was TONS of evidence, experts and lawyers working on this for THREE YEARS. It does not just come down to one thing.
BTW, you said "Kazaa is a data transfer protocol-a crappy one, granted, but that's all it is ", which is absolutely not correct. That is not "all it is". Maybe lots of people have pulled you up on this because it's WRONG? Kazaa is NOT just a protocol and the protocols involved are not what the case is about. The case was about business practices and their client software.
Please reread, get rid of the straw men, and comment again.
There are no "straw men" here, I can assure you.
I think many people who've RTFA but who haven't RTFCD are under the impression that the ruling was made after 20 minutes; the reality is that the case stretched on for many, many months, and included the testimony of computer science professors from UC Berkeley and other institutions.
Make that 3 years.
One of the professors on the Kazaa side had very little integrity.
226 The two American experts called by counsel for the Sharman respondents were Keith Wimberly Ross and Justin Douglas Tygar.
227 Professor Ross is Professor of Computer Science at the Polytechnic University in Brooklyn, New York. He has taught computer systems engineering at university level since 1985 and has published widely. At the time of giving evidence, he was researching aspects of peer-to-peer networking pursuant to three grants provided by the National Science Foundation, a United States government agency. The professor was obviously well qualified to give expert evidence in this case. However, my confidence in him was shaken during the course of his cross-examination.
228 Mr Bannon showed Professor Ross a draft of his report that contained a passage dealing with the relationship between Joltid's PeerEnabler software (used in FastTrack) and Altnet's TopSearch technology. The draft shows exchanges between Professor Ross and a solicitor at Clayton Utz, acting for the Sharman respondents. Professor Ross initially wrote the words: 'The Altnet TopSearch Index works in conjunction with the Joltid PeerEnabler to search for Gold Files'. The solicitor crossed out this sentence on the draft and suggested a substitute sentence: 'TopSearch searches its own Index file of available Altnet content and PeerEnabler is not needed or used for this, other than to assist in the periodic downloading of these indexes of available content'. Professor Ross replied: 'I was not aware of this, even after our testing. But if you say it is so, then fine by me'. He left the solicitor's words in the draft.
229 When Mr Bannon asked about this, Professor Ross responded:
'Unfortunately, I don't have the report memorised. But it is my recollection that I was not comfortable with this and I took it out in the end. But I would like to see my report to confirm that.'
230 Mr Bannon then showed Professor Ross the email showing the solicitor's response to his 'fine by me' reaction. The solicitor said: 'Keith, we want to try to avoid you being exposed to criticism so how about'. The solicitor then suggested the sentence that appears in Professor Ross' final report. The cross-examination went on:
'You see it wasn't you feeling uncomfortable. Clayton Utz said, well, in effect, Keith we want to try and avoid you being exposed to criticism, so how about something different. And they ruled out what you were otherwise prepared to swear up to based solely on their say so? --- I wouldn't agree with that. I wouldn't have been comfortable putting it into the final report I suppose unless I was given further evidence of this fact.
That is not what you communicated? --- Well you have to read between the
lines. I said that we had phone calls as well and during the phone
conversations often I would indicate that there were some things I was
uncertain with and I would want an additional explanation or justification.
You said: "If you say it is so then fine with me." That is all you said? --- Once again I do not have my final report in front of me so I am not 100 per cent sure what I put there. But again in saying this I just know the way I am personally. What I am saying there: "Fine with me, once you give me additional proof".'
231 I cannot accept that explanation. I am forced to conclude that Professor Ross was prepared seriously to compromise his independence and intellectual integrity. After this evidence, I formed the view it might be unsafe to rely upon Professor Ross in relation to any controversial matter. Of course, that does not mean his evidence should be totally disregarded.
I mean, surely the inventors of the BSD TCP stack have known for a long time that piracy was occuring over the network. And it's possible to do data fingerprinting, even at the TCP level. So what stops them from being legally liable in the future?
They were not leveraging profits specifically from the illegal activities and then doing nothing to stop those activities.
KMD is an advertisement platform. Protocols are protocols.
Kazaa is a data transfer protocol-a crappy one, granted, but that's all it is.
No it absolutely is not. It *uses* some protocols, through an application designed to provide advertising while also making it really easy to find and download the content you like. They *KNOW* that people are using it to download copyright material in a big way and they've done nothing to prevent this because THAT is the catalyst to them making money from the advertising.
If they effectively prevent the downloading of copyrighted material, the popularity of Kazaa will suddenly drop to a miniscule fraction of what it is now and that will result in the same for their profits.
Comparing Kazaa to FTP is completely and utterly ridiculous. FTP is a protocol, the Kazaa Media Desktop is a money making machine which happens to use some protocols. The court case is not about a protocol.
now all they need to do is make a good one with the patent.
Oh, no wait, it's easier and more lucrative to just sue some other company who makes very popular and much better MP3 players.
Of course, I'm sure we can agree that the *right* answer is that you should do it both ways.
Absolutely. I prefer write-blocker and capturing from an OS which does not "think" for me. ; )
Do you really think those devices are out of spec? Many of them are switchable between writable and write-block and merely don't pass any write commands on to the drive. It seems pretty simple to me. Humans on the other hand, have bad days. There is that classic story of Linus Torvalds dialing up to the internet, but instead of dialing with his MODEM device, he accidentally dialled his HDD device! Writing some characters over the beginning of the disk.
People make mistakes, write-blockers are simple and almost eliminate any damage that a mistake may have caused. I say almost, because people are of course always able to accidentally switch to writable(if their blocker is switchable).
Re: Honda and economies of scale, a write blocker is super basic. Get commands, pass anything on which is not any type of write command. An OS and userland tools on the other hand, are very complex. This is a core functionality of products made by companies which make these devices and they need to stand up the scrutiny of the court.
My point, is that these devices are very simple and thus little can go wrong with them. There are few buttons for a person to push. I beleive they adhere to specs but simply choose to drop certain commands, kind of like a firewall. OS and apps are way too complex and people stuff up when they have lots of buttons to push.
Ultimately such a device merely relocates the nexus of trust and fails to actually improve the surety of the evidence.
I agree with a lot of what you have said. But...
Court cases are all about being most convincing to a judge and sometimes a jury. They typically don't understand the technical issues, so expert witnesses are expected to explain the findings in an accessible manner.
Write-blockers do however work and are expected to be used. There is little to go wrong with a write-blocker/expert combination and a lot more that can go wrong with a software/expert combination.
You do the best for the court and write-blockers provide the best solution for capturing evidence accurately without modifying the orignal. You can't accurately capture original evidence if the act itself alters it, even if ever so slightly.
What you have to understand though, is that even if you are the best computer forensics expert to have ever walked the Earth, the barristers on the opposing side NEED to find fault with you, your findings and your evidence. They do it for a living and they are really good at it. That can take a small issue and have your evidence and findings thrown out.
Because such a device is Kludge. It is a black-box that cannot be verified and as such as is no better than the "black-box" of the operating system.
I would not call the forensic quality write-blockers on the market "a kludge". They perform a basic role to a level that is accepted by the highest courts and experts (the real ones). They are very simple, yet vital. They go a long way to preventing human error.
Moreover, the latter is used and effectively tested by millions whereas only a handful of people purchase such "write blockers"
The software in question is extremely complex and has to be driven by an error prone human. The write-blocker on the other hand, is a very simple device dedicated for one thing and is simply plugged into the drive to be captured.
Hi,
Plenty is probably exagerating at little. ; )
These are what I can find at the moment, although I have seen other models which I can't find at the moment...
Paralan - SCSI Write Blocking Board.
FORENSiCPC - FireWire800 + USB2.0 SCSI Bridge Kit
Digital Intelligence.
Found some more dead IDE drives, which all lack a WP jumper.
Okay. I obviously have not seen enough SCSI drives then!
Why in the hell would you choose a dull career like forensic investigation based on a TV show?
Computer forensics does not always have to be dull.
You can sometimes do things you ordinarily would not be allowed to do, because you are doing them to "assist the court", sometimes which explicit blessing from the court in the form of a court order. Reverse engineering, network packet analysis, log file analysis, filesystem analysis, cryptography (algorithm deduction, password cracking), statistics, data mining. Using sniffers, hacking tools, debuggers like IDA Pro, getting to use devices not available to the public, etc.
It does not have to be boring. And the more you delve beyond the superficial, the more rewarding it is to find evidence yourself and others had missed.
It can actually be very exciting.
Uh, most drives have a write-protect jumper on them.
Even if the HDD you were capturing evidence from had a write-protect jumper, the point of a write-blocker is that it removes doubt. You plug it in and it will not allow writes to the drive. You don't have to worry about what jumper to short, etc. A simple and absolute solution leads to a simple and absolute statement on the stand.
BTW, can you point me to a HDD which has a write-protect jumper? I don't recall ever seeing one.
Well, instead of using an OS that does what it damn well wants (like mount all drives read/write by default),
I agree, gathering evidence with Windows sucks.
why don't you use Linux and simply create a drive image straight from the raw device without mounting at all?
Because in court, things can get nasty like this...
Barrister: Did you use a (looks at freshly written note) "write blocker", Mr. Smith?
Forensics guy: No, I did not need to. I refrained from mounting the disk and copied it at a raw block-for-block level (confusing to judge).
Barrister: Yes or No Mr. Smith, did you use a "write blocker".
Forensics guy: No.
Barrister: And a "write blocker" is a forensics industry standard method for preventing contamination of captured evidence? (Judge respects witnesses who respect the court enough to make sure their captured evidence is absolutely accurate and original evidence could not have been altered).
Forensics guy: Yes, but...
Barrister: Mr. Smith, you failed to take a basic precaution to make absolutely certain that the captured evidence was not altered in any way, by using a basic device that is normally a part of the toolkit of a computer forensic professional. Do you posess a "write blocker" Mr. Smith?
Forensics guy: Yes (No).
Barrister: Then WHY did you not use it?! (You ARE a computer forensics professional are you not Mr. Smith?)
Forensics guy: gasp gasp (blush) choke...
The point is, if you are gathering evidence of this sort, then write blockers are tools you should have and always use. All the opposition needs to do is raise doubt. And then you and your client are screwed.
When you take the stand or put on an affidavit, the opposing legal team will attack:
1/ Your findings and the methods you used to get to them.
2/ Your evidence.
3/ You credibility.
and at a worst case...
4/ Accuse you of tampering with ORIGNAL EVIDENCE which has been tendered to the court!
Not having a write-blocker says, "I am not a computer forensics professional".
Having a write-blocker and not using it says, "I am sloppy and failed to use a simple tool at my disposal to assist the court as best I could".
Whether your evidence is exactly the same as the other forensics experts is beside the point. They have attacked your credibility and that can go against your findings (even if they are completely correct). You have nothing to gain from not using a write-blocker (which you should already have) and everything to loose. I would love to just capture evidence with FreeBSD and just copy from the raw device. But at the end of the day, the cost of a $500 write-blocker, which you get to use over and over, should be peanuts compared with what you make each day you work on cases which requires its use.
No, that's not why I have SCSI drives on my home server.
There are plenty of SCSI write blockers out there.
It's as bad as the CRT TVs with "digital enhancement" and 100Hz gimmics, it does nothing to improve the quality of the image.
Tell me about it. I remember first seeing the 100Hz TV's with my home theatre enthusiast friends. They were commenting how great they looked and I was thinking, "W T F !?!?". They look like crap. "Oh you have to stand back for the 'effect' to work", "ahh, yeah, how much further do I need to go back before those crazy flashing patterns disappear?". ; )
Expensive Grundig and Telefunken "100Hz" TV's, which looked like crap.
I call bullshit. With plasma, burn-in is just the same as with CRTs. When the same image is on the screen for a long time, it causes uneven phosphor wear, which leaves a pattern behind where the phosphors can't get as bright anymore. I have never seen anything like you have described.
Call bullshit all you like, but this experience is part of my past work and personal life. I don't know why it happens, but I see it everywhere. An obvious image is left behind of something that is displayed for long periods of time and that image exhibits a lot of noise (instead of just a dull image).
Maybe this is because the phosphors used in plasma displays are in a gaseous state, as opposed to those in CRT's which are solid. What happens when flourescent lights start to wear out? They flash. Plasma lighting often causes oscillating types of effects where the areas excited to lighting moves around. Especially when the phosphors become "worn out". Perhaps this is a similar effect.
Every long-term CRT display I have seen (Pac-man, Centipede, Ms. Pac-man), has lots of broken, noisy pixels. As if a burn-in effect had occured.
Ha ha. Those games are like 20+ years old! With plasma I am talking (from my own personal experience) burn in from 1 to 2 years in installations that are 12 hours per day, 5 days per week. With CRT, burn-in causes the phosphors to become less effective and thus a reduction in brightness is seen. But with plasma "burn-in" (if it could be called that) causes this awful effect where each burnt pixel flashes independently from all others as if they are constantly receiving a poor "snowy" reception. That's what I mean by noisy pixels. Burnt phosphor of CRT's just look dull. No flashing.
Seriously, this happens to any display when used like this.
I was about to mention LCD for just one example against this statement, but you beat me to it...
f you can afford it, get LCD, as it has all the advantages of plasma and no risk of burn-in
I'd rather wait till nice quality 1080 native displays are both cheap and durable and there is plenty of content at this resolution to watch.
What does look good to you?
I've seen a large Sony CRT which looks better and now some rear projection TV's even look sharper than plasma.
I hate seeing displays scale images with blurry outcomes and so often I see very large, very expensive plasma displays doing this.
What's the durability concern?
Every plasma I have seen in long-term display installations has failed severely. *Way* before I would expect a CRT to fail from burn-in effects.
If Panasonic has fixed this, then you have answered my question.
Every long-term plasma display installation I have seen (train stations, malls, building foyers), have lots of broken, noisy pixels. As if a burn-in effect had occured. I took this problem into account when designing a display about 4 years ago, by randomly placing images/text (within constraints) and this still occured.
I would be really pissed off if this happened to me on one of these super expensive displays. What's more, have they made plasma look good yet? I've never seen a plasma display which looked good. Even when opperated at their native resolution through digital interfaces.
To me, they seem way overpriced for the quality and durability you get.
I especially like the part about it shiping in NT 3.1 but had all been re-writen by the release of 3.5.
Yeah because 3.1 was never a version of Windows. And you liked the part about it sharing an odd bug that the BSD stack has?
PS, you said *DERIVED*. Fuckwit. Big fucking difference.
FreeBSD on the other hand could be installed off of the cdrom drive _and_ the wifi card worked without issue.
FreeBSD also runs very nicely on my nice new Sony VAIO.
Linux is not bad but at the same time it is not the be all end all as most will have you believe.
Amen to that. All people need to do is use some BSD's for a while, then go back to Linux and read some man pages, then search on the net for some HOWTOS, then the forums... then, in disgust, come back to the BSD's with current doco. ; )
I spent 3 days trying to get it installed, but it kept kernel panicing during installation. Does that count?
Your hardware is one or more of:
1/ Broken.
2/ Buggy.
3/ Unsupported.
I install OpenBSD, NetBSD and FreeBSD on all manner of machines.
I have FreeBSD 5.4 Release on my Sony VAIO VGN-A49GP, OpenBSD on my various Sun Ultra's, and Apple Macs and NetBSD on a few work Dell machines. Each of them is running within various VMware machines also.
I have *NEVER* had a BSD panic during an install.
No version of Microsoft Windows has ever shiped with a network stack derived directly or indirectly from BSD. Some network applications, notably ftp, did.
MS Windows with a BSD TCP/IP stack.
Since you speak with such authority ("no version ever"), then you must be a long-time Microsoft systems programmer? One of greater knowledge of this subject than Mr. Adam Barr?