Fair enough, and I agree with you here. This topic provided a good attack vector on the more draconian & infringing nti-piracy schemes, but yeah, shippers public & private have the right to pretty much set whatever policy they choose WRT restricting & inspecting the cargo they carry, and that's as it should be.
Re: "maybe they'll even become resistant to being hit with a hammer," hey, I'd be okay with that. Hell, if they could even survive a hot coffee spill it would be an improvement. But next-generation entities that they are, do you think they'll still be backward compatibile with PS2?
Okay, what if it included some sort of RFID-esque identifier?...or if it was printed digitally?
C'mon, don't make me hack a musical Hallmark card to press its chip into service as a digital combination lock for DVD cases. Though quite vulnerable to "brute force" attacks, it would still handily satisfy the definition of DRM. But sheez, it's Glenfiddich time & I really prefer not to need that kind of coordination any more tonight. Can't we just call the label "good enough" and share a toast to our good comrades at FedEX?
Shipping them in unmarked cases is a start, but to really guarantee the items against confiscation, they'd just need to add a holographic "This is a DRM Anti-Piracy Copyright Protection Seal" label on the seam of each case. At that point, the mere discussion of how to circumvent said label & gain unauthorized access to the contents would be a class C felony.
True 'nuff; I was discounting the previous generation of voice-over-IM features as far as being real "in the VOIP game" offerings. I guess I've just always identified "real VoIP" with SIPPhone & Vonage, since they were more geared towards PSTN termination, and towards just generally being more faithful incarnations of the familiar telephone earlier on.
When I started using SIPPhone, voice on Yahoo IM was still pretty unusable (YIM 4.? - 5, IIRC). That made a substantial jump in quality in 6, but that was about 3 minutes before I reached the end of my attention span for IM in general.
I still dig SIPPhone though. Of course, could be I'm just too deep in the cult of Robertson...
Is it just me, or - not that they were ever early birds - is AOL getting to the party later and later with each forage into a new market?
...We're sorry, the number you have reached does not accept calls from AOVoIP users. Please try your call again through a more standards compliant provider.
If Barbara Boxer's bill passes prohibiting open & clear protocols for "internet streaming broadcasts," well then you wouldn't be scrambling voice, you'd be DRM'ing the stream.
Interested parties, government or otherwise, would be more than welcome to the raw stream; all they would need is to apply for a license to your proprietary Copyright Protection technology (which of course requires that they submit plans & blueprints for each device they wish to license, along with proof of its robustness in thwarting those who would attempt to defeat it and record or otherwise redistribute the content). Then, provided they received the mandatory certification for a licensed device, it'd be a clear voice call like any other. Well, so long as their device key hadn't potentially been compromised by some teenage hacker in Algiers, in which case it would have to be subject to key revocation to preserve the DRM system's integrity.
But they could still license a new device - and that would probably pay off in the long run anyway; older devices that worked with the obsolete DRM release level wouldn't be supported in the then-current revision anyways...
I dunno... It's a new application, but would a competitor be vulnerable to infringement claims by implementing a wrapper encapsulating a speech recognition algorithm, an auditory dictionary, and a realtime output stream editor?
What I'd like to see on patent applications: "Provide 5 pertinent, hypothetical examples of the most dissimilar works that would, in applicant's eyes, constitute infringement if produced by another entity. Provide 5 more examples - as similar as possible to the work for which patent is sought - but which would *not* be deemed infringing by applicant. Cross join & explain the variance."
That might gum up the works pretty good. Would make it a bit more difficult to own some facet of of everyday web life as a "technology" or "business process," or at least to legally bully someone else with a broad definition of one's IP? <hmmmm.....>
I'm usually pretty loathe to suggest government intervention (into anything short of Lord of the Flies level degeneracy, anyway), but c'mon... *somebody* had to finally address the horrid, horrid HTML, color schemes, embedded whoknowswhat, RaNdOMmIxEd!CaSiNg, and PONIES!.
I think there were (are?) two overlapping but potentially unrelated attacks going on; there's the Blue Security incident as reported here, and there's also a defacement attack going on against certain bloggers, seemingly done by Islamicists angry over the bloggers' vocal championing of some Danish cartoonists who, for better or worse, insist on publishing mocking (or potentially defamatory) cartoon images of Muhammed.
"Instapundit" Glenn Reynolds had a sketchy report that one of those attacks originated in Saudi Arabia - http://instabackup.blogspot.com/. That of course doesn't necessarily mean anything, but the nature of the defacements involved are consistent with the theory: http://www.google.com/search?q=neEeO_hack
Related or not, it'll be interesting to see if & who Blue Security names.
When the dealership quoted me upwards of 90 bucks to make a 2nd key for my car, I declined & headed to my local Ace Hardware, who did it for about 84.50 less (hey, it took their most expensive automotive blank). The dupe is cut right, the original has no *visible* embedded chip, and the dupe even unlocks & starts the car -- for about 3 engine cycles. Then it kills the engine & all electric devices. Being a glutton for punishment, I of course repeated the experiment a couple times (easier than RingTFM, no?).
This approaches DRM's insidiousness in vendor lock-in through needless proprietary interfaces. Well, needless from a consumer standpoint, anyway. But hey, I do get deterrence from theives who think my car's worth $6.00 but not $90.00.
I haven't tried starting the car with my laptop yet...
Awesome; with all the furling of capture device links I've been doing lately, I hadn't managed to get any of those on my list. Looks like I'll need to bone up on the finer points of acquiring / recording streams from 'em -- and see if anyone makes an ice machine in ATX/BTX dimensions!;-)
Secure Historied Personae are the best proposal I've seen to sever the competing relationship between privacy & network security.
A network would grant nyms on a truly anonymous basis, but a newly acquired nym would only be as good as the door it comes knocking on decides it should be. That could be based on (still anonymous, but historied) individual encounters, or on what information the nym owner is willing to disclose in return for the right to access the resource in question.
Just like eBay accounts and/. karma, a nym reputation would take time & effort to build up, after which it'd be very much worth preserving. If the system is well secured against nym tracing *and* against forgeries of nyms or their histories, I think that'd represent a substantial improvement to both the privacy and the abuse prevention fronts.
With caveats, I could think up an outline of one, sure[1]. There's a continuum of effectiveness, probably with some degree of correlation to transition difficulty. I definitely can't agree that "laws and legal enforcement have been the only meaningful check against antisocial behavior", *especially* when it comes to cyberstuff, so I guess I'll put up a stupid idea or two & see what happens.
I'll grant that the problem isn't purely technical, but even that doesn't mean that the solution mustn't be; human behavior is regularly constrained by extra-legal but well designed systems. All kinds of juxtapositions are possible between problem domains and the domains that workable solutions arise from. Also, the computing space seems to be moving ever away from being tethered to specific physical systems. Here we have a problem involving a human behavior acted out in a technical arena, and it *seems* like you're restricting the solution domain to some intersection of legal + physical, which doesn't sound right to me.
So my thought is that, like you said, SMTP is broken, and Spam is already illegal, so therefore it's SMTP that's in most urgent need of a successor.
What would my solution look like? Nothing terribly original here [but Patent Pending neverthless, of course]. I communicate over many crowded protocols that don't exhibit an excessive noise:signal ratio. Pondering those, it seems a few factors keep showing up:
Historied Personae
Earned Reputations
Cryptographically Secured Signatures
Sender Controlled PIInfo Disclosure
Receiver Controlled Inbound Signal Gate
Merit Based Resource Allocation
So how about something like this: tack a keyserver and a distributed peer network server on top of ye olde next-gen mailserver base. Historied ID tokens and any number of keys exist minimally for users, orgs, and domains (and optionally for arbitrary nodes up & down the chain). The server runs separate thread & socket pools for negotiations and data. Data connections run on dynamic ports allocated and disclosed along with a short data-connect token upon successful negotiation. Data connections use a lower-overhead negotiation mechanism; just enough to validate the preceding negotiation.
The history logging chore is shared by the peer network. Inbound gates anywhere in the system can set whatever admission rules they please. Connection requests are granted based on a series of handshakes in increasing order of specificity, e.g. domain -> org -> user -> user:recipeint relationship. A domain could, say, not even grant connections to anything less than "5 star" or custom-whitelisted domains. Or perhaps they'd get fancy and only accept data socket requests originating from 4-star or better individuals on 3-star or better domains. Or perhaps they'd configure per-user/org/domain threshholds on inbound traffic, on a sliding scale of age * karma of the originating domain, or on a lack of -1 mods, etc.
At any stage, refusals can include detail or not. Rule override & inheritance is of course configurable; it's your basic ad-hoc rule manager, with an object model to support the negotiation protocol so that transactions can use any combination of nodes and properties to determine pass/fail.
Now add the keyserver, & signed / sealed token evaluation to the feature set & you're getting pretty close. Just like in any good distributed peer network, establishing a new relationship is expensive, and getting access to large amounts of bandwidth even moreso. If this is their first contact, my plaintext email address is just enough for domain B to submit a signed "connect key" request to the peer network for domain A. Domain A can delegate & revoke this authority as it sees fit on the peer network, explicitly and/or conditionally.
Ultimately, a transaction could require any number of ID proofs, property conditions, character vouchers, node hash tokens or transaction tokens to complete. And
The "Next Media Bridge" will be an ever morphing compendium of little bridgelets - producers of content serving it directly to their audience. Zero hour feedback, high-touch, closer audience relationship is all going to come into play here, and having a Big Neon Brand playing matchmaker will become a drag in time.
You've hit on exactly the issue that got me into this topic in the first place: the ubiquity of crippled equipment, and the scarcity of marketplace solutions.
At least your problem is easier than mine. DVD Red Pro will do ya there for less than $80, IIRC.
I'm still looking for the non-Howard Hughes approach to capturing & recording *component* video at 720p on a HTPC. I refuse to rent a DVR from my cable provider on principle (I don't patronize rent-to-own furniture stores either), but the closest I've come to my design goal is a couple DVRs with component inputs that only accept 480i, which they then deinterlace.
Once they criminalize PVRs that are under their owner's control, only criminals will have PVRs that are under their owner's control...
I'd gladly manage a behemoth amount of spam before I'd accept a treacherous mobo in my machine - turned against me by little lice squirming within legislative chambers and California corporate boardrooms.
As far as the load on mail servers, there's plenty of middle ground between waiting for an RFC or capitulating to DRM to fix the SMTP problem. Mindshare is the only real obstacle between the way things are & a least-privelige mail system that uses strongly signed logins integrating a sender/receiver pair hash. Hell, I'd use & spread an alternative and experimental system like that, standards be damned. I mean, where's the W3C spec for onion routers and torrents, et. al?
Slashdot Mirror
Is the possibility that someone with a little bit of knowledge could determine the outcome of a vote really that bad?
I have one of those - $4400 actually; it's a PII450. Has 128mb & it's still all original, from the paint to the case screws.
Hmmmm... and who needs to watch the DVD anyway? If they make lots of cool smoke when they self destruct, that's entertainment enough right there.
Fair enough, and I agree with you here. This topic provided a good attack vector on the more draconian & infringing nti-piracy schemes, but yeah, shippers public & private have the right to pretty much set whatever policy they choose WRT restricting & inspecting the cargo they carry, and that's as it should be.
Whatever you call them, if they come in an incestuous, siamese, hermaphrodite version, sign me up at the prerelease price.
And since when is a 25% clock gain to market in about 5 years even worthy of an article?
________________________________________________ _____
Okay, what if it included some sort of RFID-esque identifier? ...or if it was printed digitally?
C'mon, don't make me hack a musical Hallmark card to press its chip into service as a digital combination lock for DVD cases. Though quite vulnerable to "brute force" attacks, it would still handily satisfy the definition of DRM. But sheez, it's Glenfiddich time & I really prefer not to need that kind of coordination any more tonight. Can't we just call the label "good enough" and share a toast to our good comrades at FedEX?
Shipping them in unmarked cases is a start, but to really guarantee the items against confiscation, they'd just need to add a holographic "This is a DRM Anti-Piracy Copyright Protection Seal" label on the seam of each case. At that point, the mere discussion of how to circumvent said label & gain unauthorized access to the contents would be a class C felony.
When I started using SIPPhone, voice on Yahoo IM was still pretty unusable (YIM 4.? - 5, IIRC). That made a substantial jump in quality in 6, but that was about 3 minutes before I reached the end of my attention span for IM in general.
I still dig SIPPhone though. Of course, could be I'm just too deep in the cult of Robertson...
Bill Would Outlaw Digital Receiver Recorders:0 8
http://slashdot.org/article.pl?sid=06/05/02/18532
Interested parties, government or otherwise, would be more than welcome to the raw stream; all they would need is to apply for a license to your proprietary Copyright Protection technology (which of course requires that they submit plans & blueprints for each device they wish to license, along with proof of its robustness in thwarting those who would attempt to defeat it and record or otherwise redistribute the content). Then, provided they received the mandatory certification for a licensed device, it'd be a clear voice call like any other. Well, so long as their device key hadn't potentially been compromised by some teenage hacker in Algiers, in which case it would have to be subject to key revocation to preserve the DRM system's integrity.
But they could still license a new device - and that would probably pay off in the long run anyway; older devices that worked with the obsolete DRM release level wouldn't be supported in the then-current revision anyways...
Just followin' the law as it's written, sirs...
Mail have you.
What I'd like to see on patent applications: "Provide 5 pertinent, hypothetical examples of the most dissimilar works that would, in applicant's eyes, constitute infringement if produced by another entity. Provide 5 more examples - as similar as possible to the work for which patent is sought - but which would *not* be deemed infringing by applicant. Cross join & explain the variance."
That might gum up the works pretty good. Would make it a bit more difficult to own some facet of of everyday web life as a "technology" or "business process," or at least to legally bully someone else with a broad definition of one's IP? <hmmmm.....>
I'm usually pretty loathe to suggest government intervention (into anything short of Lord of the Flies level degeneracy, anyway), but c'mon... *somebody* had to finally address the horrid, horrid HTML, color schemes, embedded whoknowswhat, RaNdOMmIxEd!CaSiNg, and PONIES!.
"Instapundit" Glenn Reynolds had a sketchy report that one of those attacks originated in Saudi Arabia - http://instabackup.blogspot.com/. That of course doesn't necessarily mean anything, but the nature of the defacements involved are consistent with the theory: http://www.google.com/search?q=neEeO_hack
Related or not, it'll be interesting to see if & who Blue Security names.
This approaches DRM's insidiousness in vendor lock-in through needless proprietary interfaces. Well, needless from a consumer standpoint, anyway. But hey, I do get deterrence from theives who think my car's worth $6.00 but not $90.00.
I haven't tried starting the car with my laptop yet...
Thanks!
Secure Historied Personae are the best proposal I've seen to sever the competing relationship between privacy & network security.
A network would grant nyms on a truly anonymous basis, but a newly acquired nym would only be as good as the door it comes knocking on decides it should be. That could be based on (still anonymous, but historied) individual encounters, or on what information the nym owner is willing to disclose in return for the right to access the resource in question.
Just like eBay accounts and /. karma, a nym reputation would take time & effort to build up, after which it'd be very much worth preserving. If the system is well secured against nym tracing *and* against forgeries of nyms or their histories, I think that'd represent a substantial improvement to both the privacy and the abuse prevention fronts.
http://en.wikipedia.org/wiki/Pseudonymity
Pseudonymity in the light of evidence-based trusta tions/Papers/spw04.pdf
http://www.cl.cam.ac.uk/Research/SRG/opera/public
Ok, so I didn't RTFA, but is that a verbatim quote? If so, it's amazing, and I'ma have that guy do my next resume, mthnk...
I'll grant that the problem isn't purely technical, but even that doesn't mean that the solution mustn't be; human behavior is regularly constrained by extra-legal but well designed systems. All kinds of juxtapositions are possible between problem domains and the domains that workable solutions arise from. Also, the computing space seems to be moving ever away from being tethered to specific physical systems. Here we have a problem involving a human behavior acted out in a technical arena, and it *seems* like you're restricting the solution domain to some intersection of legal + physical, which doesn't sound right to me.
So my thought is that, like you said, SMTP is broken, and Spam is already illegal, so therefore it's SMTP that's in most urgent need of a successor.
What would my solution look like? Nothing terribly original here [but Patent Pending neverthless, of course]. I communicate over many crowded protocols that don't exhibit an excessive noise:signal ratio. Pondering those, it seems a few factors keep showing up:
So how about something like this: tack a keyserver and a distributed peer network server on top of ye olde next-gen mailserver base. Historied ID tokens and any number of keys exist minimally for users, orgs, and domains (and optionally for arbitrary nodes up & down the chain). The server runs separate thread & socket pools for negotiations and data. Data connections run on dynamic ports allocated and disclosed along with a short data-connect token upon successful negotiation. Data connections use a lower-overhead negotiation mechanism; just enough to validate the preceding negotiation.
The history logging chore is shared by the peer network. Inbound gates anywhere in the system can set whatever admission rules they please. Connection requests are granted based on a series of handshakes in increasing order of specificity, e.g. domain -> org -> user -> user:recipeint relationship. A domain could, say, not even grant connections to anything less than "5 star" or custom-whitelisted domains. Or perhaps they'd get fancy and only accept data socket requests originating from 4-star or better individuals on 3-star or better domains. Or perhaps they'd configure per-user/org/domain threshholds on inbound traffic, on a sliding scale of age * karma of the originating domain, or on a lack of -1 mods, etc.
At any stage, refusals can include detail or not. Rule override & inheritance is of course configurable; it's your basic ad-hoc rule manager, with an object model to support the negotiation protocol so that transactions can use any combination of nodes and properties to determine pass/fail.
Now add the keyserver, & signed / sealed token evaluation to the feature set & you're getting pretty close. Just like in any good distributed peer network, establishing a new relationship is expensive, and getting access to large amounts of bandwidth even moreso. If this is their first contact, my plaintext email address is just enough for domain B to submit a signed "connect key" request to the peer network for domain A. Domain A can delegate & revoke this authority as it sees fit on the peer network, explicitly and/or conditionally.
Ultimately, a transaction could require any number of ID proofs, property conditions, character vouchers, node hash tokens or transaction tokens to complete. And
The "Next Media Bridge" will be an ever morphing compendium of little bridgelets - producers of content serving it directly to their audience. Zero hour feedback, high-touch, closer audience relationship is all going to come into play here, and having a Big Neon Brand playing matchmaker will become a drag in time.
Next...!
At least your problem is easier than mine. DVD Red Pro will do ya there for less than $80, IIRC.
I'm still looking for the non-Howard Hughes approach to capturing & recording *component* video at 720p on a HTPC. I refuse to rent a DVR from my cable provider on principle (I don't patronize rent-to-own furniture stores either), but the closest I've come to my design goal is a couple DVRs with component inputs that only accept 480i, which they then deinterlace.
Once they criminalize PVRs that are under their owner's control, only criminals will have PVRs that are under their owner's control...
As far as the load on mail servers, there's plenty of middle ground between waiting for an RFC or capitulating to DRM to fix the SMTP problem. Mindshare is the only real obstacle between the way things are & a least-privelige mail system that uses strongly signed logins integrating a sender/receiver pair hash. Hell, I'd use & spread an alternative and experimental system like that, standards be damned. I mean, where's the W3C spec for onion routers and torrents, et. al?
Nothing like pissing off ever increasing numbers of both your customer base and your artist base.