> "Superfast means it has the ability to go much faster than the undocumented quota that will get a subscriber kicked off the net."... thus getting that subscriber kicked off the net.
(Responding to this thread because I want to get this down quick and go back to studying, and you have the number in your sig making you a good candidate...)
I absolutely love the cultural phenomenon that this simple 128-bit number (09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0) has sparked - everything from Digg to Slashdot to the blogs, it's all just too beautiful. This number (09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0) is truly a piece of internet history, being both a geek meme and a piece of political commentary. I'm slightly worried though that this kind of thing might dilute its impact by flooding us with a bunch of other irrelevant 128-bit impostors, but that fear seems irrational.
You think the Oxyclean guy is a good example of an annoying commercial? You obviously have not been exposed to nearly enough low budget local advertisements.
You need to gain some perspective. Why, someone should force you to watch more commercials...
My friend asked me when he saw this headline, is the dropping of DRM worth the price increase. I responded that the right question is simply whether the songs are worth the new price; whatever the old price was is irrelevant because DRM'd songs are worthless.
So I would say, first consider whether or not you would pay that amount per song - and I say "song" now, not "download", since we can now begin to talk about paying for content rather than paying for the right to enjoy it under their terms. Comparing this prices against historic trends should come after that.
I think the article summary sentence reads better with an ellipses between the words "rape" and "in second life". It's the difference between "got raped in space" and "got raped... IN SPACE!"
Speaking of which, since it doesn't appear that the old meme "... in space!" has caught on though, perhaps we can try using "in Second Life" instead. Take anything reasonable, and tack that phrase on to make it a ridiculous overreaction not worth anyone's time.
Great Garlic God of Giants, if you had your way we'd be too damn busy worrying about Social Security to think about eating and sleeping. Parallel processing is a good thing, and perspective should be put in perspective.
Slashdot does seem to always portray the Pirate Bay favorably, which surprises me because they're obviously a bunch of assholes. There's a difference between promoting peer-to-peer technology because of its merits, doing so because you don't believe in copyright, and doing it to make a fucking profit. And judging by the number of porn ads they run, I'm betting it's the latter.
> "Understand that freedom of speech is NOT a government-granted freedom, it is an inherent one that all people of all citizenship must understand. The U.S. Constitution's (Bill of Rights) 1st Amendment does not say "You are free to speak," it says that Congress shall make NO LAW restricting the freedom of speech -- NO law. Discussing encryption mechanisms is free speech, and Congress shall not abridge that. As for patents and trademark and the rest, as long as you do not mimic the mechanism in your own hardware or software, you're fine, Constitutionally. As long as you do not quote verbatim the actual code used to create this mechanism, you're not violating copyright. The DMCA is unconstitional, and regardless of what Congress, the Supreme Court, the President, or any company says, it is non-binding in terms of the moral realization that Congress, and honestly no State organization, can prevent you from freely airing your opinions. You are free to talk, but no one has to listen."
The first amendment is actually about freedom of expression, and disclosing the actual key (09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0) is not expression. Nor is it copyright. I suppose one could argue constitutionally that it falls under Necessary and Proper clause in conjunction with Congress's authority to enforce copyright. But hell, the specific Constitutional arguments mean jack 230+ years later.
Notable exceptions to free speech: defamation, causing panic, fighting words, incitement to crime, sedition, obscenity, offense, establishment of religion.
How about the stereotypical senate committies where they bring in a speaker and belittle him/her with propaganda rather than actually have a discussion? That's far more annoying and indicative of bone-headedness than yes-no rhetorical questions.
Amen. The entire OP reads like a tantrum. Why should criminals be held liable just because there aren't enough police? Why should virus writers be prosecuted just because software has holes?
"Jeeze, what's your problem? I thought you would APPRECIATE a brick through your front window to let you know how vulnerable you are. What are you mad at me for? It's not like I designed your crummy house."
Intuitively, a person who can afford a car has the financial means to deal more damage to society than a single homeless person. The irony of this situation (nothing spectacular, just implied) is that a man whose actions would otherwise be extremely localized and probably insignificant, actually managed to affect a large, dispersed population.
This could already be done by having a few community-trusted people keep a compromised device key secret and continuously use it to decrypt and publish volume keys. In both cases, revocation is not possible/relevant and the flaw is on a per-release basis with the people exploiting the flaw having to stay on top of every new release. Leaking a device key semi-periodically does more damage as it exposes every movie up until that point.
No, there are two possible results. Either it is a decryption key for AACS content or it is not. The chances of it being the former are astronomically less likely than those of it being the latter.
So make that a direct communication initiated by the consumer at the time of purchase. Make them type a few extra lines and go through a few extra clicks from their card company's website. It's hardly a show-stopper.
Very well, I'll rephrase. They elected to forgo DRM from the beginning, as a business decision to enter an under-exploited market. I should also note that I read in an interview that they wouldn't necessarily be opposed to adopting DRM were Apple to play fair with FairPlay and license it out.
> "Ruling out a wireless router would be beneficial to the plaintiff, but I don't think he did. He specifically noted that her computer was setup for DHCP. My wireless router can be setup for DHCP also."
He ruled out NAT by showing that a kazaa packet from her external IP address contained an internal IP address (in the data payload of the packet) that matched. If NAT had been present, it would have been translating her public IP address to a private one in the range of 192.168.1.x (for instance) and the addresses would not have matched. Because most consumer routers (and indeed all the ones I've ever used) do not allow you to disable NAT, and we disregard such absurdities as the notion of Ms. Lindor hacking her firmware, the absence of NAT proves (at least to my satisfaction) the absence of any router on her home network, including wireless ones.
DHCP has little to do with the equation. If she were directly connected to her ISP with no layer-three device in-between, she would probably still be using DHCP to obtain an IP address.
> "It seemed from his deposition that he may have been referring to metadata transmitted to Kazaa that said the computer knew its public internet IP address, but applications can discovery that through a NAT and specifically some applications using the Kazaa network do that."
Because the internal and external IP addresses matched, there was no internal lan segment - just a connection between her computer and her ISP.
> "Also it could have been someone plugging in to her connection even without a wireless router."
Absolutely, but because we may now assume it would have to be a wired connection, that severely limits Ms. Lindor's ability to lay the blame on random strangers.
> "I agree with you a bit here that he doesn't have to go into that great of detail, but his statement is wrong. Every device connected to the internet does not necessarily have a unique public IP address. I think this would be akin to him saying that objects can accelerate to superluminal velocity according to Newton. Not only can he not prove that a NAT wasn't used, he can't prove that it was Ms. Lindor's computer, yet he claims to be able to."
But Newton's laws DO say that you can accelerate to superluminal velocities. There's no bound on speed in the Newtonian world. If Jacobson is "wrong" to claim that everyone on the internet has an IP address, then high school physics teachers are all spreading utter misinformation when they teach F = ma. If we accept via the argument above that there is no NAT, and we also accept that the original information generated by MediaSentry and Verizon are all accurate (big ifs, of course), then the offending computer must have been plugged in to her physical connection. Because it was her residence, it is reasonable (but not absolutely sound) to conclude that it was her computer.
> "It seems all right to me since they are willing to concede that the hard drive didn't have any file sharing software or MP3s on it."
The issue I had with this was that Jacobson was being blamed specifically for not documenting evidence that did not exist. He found that the hard drive did not contain file sharing software, but the defense somehow wanted more from that - they wanted the prosecution to produce evidence detailing exactly how the incriminating evidence was absent. This is of course absurd because it is sufficient to say no evidence was found.
Lemme clarify: When I use the term stupid number, I'm referring to a number that is more vital to and trusted by the system than it should be. For example, social security numbers are under this definition stupid numbers because they are used both for identification and authentication, and can cause far too much damage once they are compromised, which is easy because they are so widely shared. Credit card numbers are in a similar boat, because possession of the widely used number is assumed to indicate authorization. I have nothing against numbers or cryptography in general.
The system I was alluding to would have the buyer give a semi-public identification number to the merchant, who would then use it to obtain money from the credit card company, but only after the user authorized the payment by logging in to their online site through a means that is at least as reliable and secure as the best internet consumer business transactions today.
Or you could eliminate the shared number aspect altogether as you suggested earlier, replacing it with one time use tokens that the customer holds on to and exhausts one by one, each of them set at various maximum expenditure thresholds. Of course then you have to safeguard this book of tokens from physical theft, perhaps by supplementing it with a password system, but then we're back to using the credit card company's site and phishing attacks.
Whatever, there are plenty of ways to fix the system, because it's near impossible to make any changes to what we have now and make it worse.
None. The card's just an artifact of the past. Under the current system even, there's no reason to have a card in internet shopping if you have your number and security code written down on a piece of paper.
Well making it not a shared number is one solution, but not the system I was getting at. In my version, the shared/stupid number would simply be used for identification. Possession of this number does not amount to authorization, nor does it have to be kept confidential. You simply need a different means of securing the channels between the cardholder and credit company, and the merchant and credit company. Let the sensitive information be internal to the credit company.
Slashdot Mirror
> "Superfast means it has the ability to go much faster than the undocumented quota that will get a subscriber kicked off the net." ... thus getting that subscriber kicked off the net.
(Responding to this thread because I want to get this down quick and go back to studying, and you have the number in your sig making you a good candidate...)
I absolutely love the cultural phenomenon that this simple 128-bit number (09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0) has sparked - everything from Digg to Slashdot to the blogs, it's all just too beautiful. This number (09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0) is truly a piece of internet history, being both a geek meme and a piece of political commentary. I'm slightly worried though that this kind of thing might dilute its impact by flooding us with a bunch of other irrelevant 128-bit impostors, but that fear seems irrational.
You think the Oxyclean guy is a good example of an annoying commercial? You obviously have not been exposed to nearly enough low budget local advertisements.
You need to gain some perspective. Why, someone should force you to watch more commercials...
My friend asked me when he saw this headline, is the dropping of DRM worth the price increase. I responded that the right question is simply whether the songs are worth the new price; whatever the old price was is irrelevant because DRM'd songs are worthless.
So I would say, first consider whether or not you would pay that amount per song - and I say "song" now, not "download", since we can now begin to talk about paying for content rather than paying for the right to enjoy it under their terms. Comparing this prices against historic trends should come after that.
Why on earth would I give a crap about enforcing the GPL if there were no copyright law?
I think the article summary sentence reads better with an ellipses between the words "rape" and "in second life". It's the difference between "got raped in space" and "got raped... IN SPACE!"
Speaking of which, since it doesn't appear that the old meme "... in space!" has caught on though, perhaps we can try using "in Second Life" instead. Take anything reasonable, and tack that phrase on to make it a ridiculous overreaction not worth anyone's time.
Great Garlic God of Giants, if you had your way we'd be too damn busy worrying about Social Security to think about eating and sleeping. Parallel processing is a good thing, and perspective should be put in perspective.
Slashdot does seem to always portray the Pirate Bay favorably, which surprises me because they're obviously a bunch of assholes. There's a difference between promoting peer-to-peer technology because of its merits, doing so because you don't believe in copyright, and doing it to make a fucking profit. And judging by the number of porn ads they run, I'm betting it's the latter.
Which would the process of digitizing physical entropy like radio waves or electronic thermal noise count as?
> "Understand that freedom of speech is NOT a government-granted freedom, it is an inherent one that all people of all citizenship must understand. The U.S. Constitution's (Bill of Rights) 1st Amendment does not say "You are free to speak," it says that Congress shall make NO LAW restricting the freedom of speech -- NO law. Discussing encryption mechanisms is free speech, and Congress shall not abridge that. As for patents and trademark and the rest, as long as you do not mimic the mechanism in your own hardware or software, you're fine, Constitutionally. As long as you do not quote verbatim the actual code used to create this mechanism, you're not violating copyright. The DMCA is unconstitional, and regardless of what Congress, the Supreme Court, the President, or any company says, it is non-binding in terms of the moral realization that Congress, and honestly no State organization, can prevent you from freely airing your opinions. You are free to talk, but no one has to listen."
The first amendment is actually about freedom of expression, and disclosing the actual key (09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0) is not expression. Nor is it copyright. I suppose one could argue constitutionally that it falls under Necessary and Proper clause in conjunction with Congress's authority to enforce copyright. But hell, the specific Constitutional arguments mean jack 230+ years later.
Notable exceptions to free speech: defamation, causing panic, fighting words, incitement to crime, sedition, obscenity, offense, establishment of religion.
How about the stereotypical senate committies where they bring in a speaker and belittle him/her with propaganda rather than actually have a discussion? That's far more annoying and indicative of bone-headedness than yes-no rhetorical questions.
Amen. The entire OP reads like a tantrum. Why should criminals be held liable just because there aren't enough police? Why should virus writers be prosecuted just because software has holes?
"Jeeze, what's your problem? I thought you would APPRECIATE a brick through your front window to let you know how vulnerable you are. What are you mad at me for? It's not like I designed your crummy house."
Intuitively, a person who can afford a car has the financial means to deal more damage to society than a single homeless person. The irony of this situation (nothing spectacular, just implied) is that a man whose actions would otherwise be extremely localized and probably insignificant, actually managed to affect a large, dispersed population.
Damn. Either I can be a geek or a Lost fan, but not both. There's no way I'll ever be able to remember both that number and 4 8 15 16 23 42.
My god, it never occurred to me that that could be represented as an IPv6 address. I wonder how many RFC's I'd shatter by assigning that inside a LAN?
This could already be done by having a few community-trusted people keep a compromised device key secret and continuously use it to decrypt and publish volume keys. In both cases, revocation is not possible/relevant and the flaw is on a per-release basis with the people exploiting the flaw having to stay on top of every new release. Leaking a device key semi-periodically does more damage as it exposes every movie up until that point.
No, there are two possible results. Either it is a decryption key for AACS content or it is not. The chances of it being the former are astronomically less likely than those of it being the latter.
At which point the judge will snap back at you that it was generated pseudorandomly and that you should keep your terminology straight.
So make that a direct communication initiated by the consumer at the time of purchase. Make them type a few extra lines and go through a few extra clicks from their card company's website. It's hardly a show-stopper.
Very well, I'll rephrase. They elected to forgo DRM from the beginning, as a business decision to enter an under-exploited market. I should also note that I read in an interview that they wouldn't necessarily be opposed to adopting DRM were Apple to play fair with FairPlay and license it out.
> "Ruling out a wireless router would be beneficial to the plaintiff, but I don't think he did. He specifically noted that her computer was setup for DHCP. My wireless router can be setup for DHCP also."
He ruled out NAT by showing that a kazaa packet from her external IP address contained an internal IP address (in the data payload of the packet) that matched. If NAT had been present, it would have been translating her public IP address to a private one in the range of 192.168.1.x (for instance) and the addresses would not have matched. Because most consumer routers (and indeed all the ones I've ever used) do not allow you to disable NAT, and we disregard such absurdities as the notion of Ms. Lindor hacking her firmware, the absence of NAT proves (at least to my satisfaction) the absence of any router on her home network, including wireless ones.
DHCP has little to do with the equation. If she were directly connected to her ISP with no layer-three device in-between, she would probably still be using DHCP to obtain an IP address.
> "It seemed from his deposition that he may have been referring to metadata transmitted to Kazaa that said the computer knew its public internet IP address, but applications can discovery that through a NAT and specifically some applications using the Kazaa network do that."
Because the internal and external IP addresses matched, there was no internal lan segment - just a connection between her computer and her ISP.
> "Also it could have been someone plugging in to her connection even without a wireless router."
Absolutely, but because we may now assume it would have to be a wired connection, that severely limits Ms. Lindor's ability to lay the blame on random strangers.
> "I agree with you a bit here that he doesn't have to go into that great of detail, but his statement is wrong. Every device connected to the internet does not necessarily have a unique public IP address. I think this would be akin to him saying that objects can accelerate to superluminal velocity according to Newton. Not only can he not prove that a NAT wasn't used, he can't prove that it was Ms. Lindor's computer, yet he claims to be able to."
But Newton's laws DO say that you can accelerate to superluminal velocities. There's no bound on speed in the Newtonian world. If Jacobson is "wrong" to claim that everyone on the internet has an IP address, then high school physics teachers are all spreading utter misinformation when they teach F = ma. If we accept via the argument above that there is no NAT, and we also accept that the original information generated by MediaSentry and Verizon are all accurate (big ifs, of course), then the offending computer must have been plugged in to her physical connection. Because it was her residence, it is reasonable (but not absolutely sound) to conclude that it was her computer.
> "It seems all right to me since they are willing to concede that the hard drive didn't have any file sharing software or MP3s on it."
The issue I had with this was that Jacobson was being blamed specifically for not documenting evidence that did not exist. He found that the hard drive did not contain file sharing software, but the defense somehow wanted more from that - they wanted the prosecution to produce evidence detailing exactly how the incriminating evidence was absent. This is of course absurd because it is sufficient to say no evidence was found.
Can you please enlighten me? A: Why do you believe he did know the meaning of the word, and B: why would he lie about his vocabulary?
Lemme clarify: When I use the term stupid number, I'm referring to a number that is more vital to and trusted by the system than it should be. For example, social security numbers are under this definition stupid numbers because they are used both for identification and authentication, and can cause far too much damage once they are compromised, which is easy because they are so widely shared. Credit card numbers are in a similar boat, because possession of the widely used number is assumed to indicate authorization. I have nothing against numbers or cryptography in general.
The system I was alluding to would have the buyer give a semi-public identification number to the merchant, who would then use it to obtain money from the credit card company, but only after the user authorized the payment by logging in to their online site through a means that is at least as reliable and secure as the best internet consumer business transactions today.
Or you could eliminate the shared number aspect altogether as you suggested earlier, replacing it with one time use tokens that the customer holds on to and exhausts one by one, each of them set at various maximum expenditure thresholds. Of course then you have to safeguard this book of tokens from physical theft, perhaps by supplementing it with a password system, but then we're back to using the credit card company's site and phishing attacks.
Whatever, there are plenty of ways to fix the system, because it's near impossible to make any changes to what we have now and make it worse.
None. The card's just an artifact of the past. Under the current system even, there's no reason to have a card in internet shopping if you have your number and security code written down on a piece of paper.
Well making it not a shared number is one solution, but not the system I was getting at. In my version, the shared/stupid number would simply be used for identification. Possession of this number does not amount to authorization, nor does it have to be kept confidential. You simply need a different means of securing the channels between the cardholder and credit company, and the merchant and credit company. Let the sensitive information be internal to the credit company.