Ltlw0lf's Favorite Techdirt Posts of the Week
from the huffing-and-puffing dept
This week's posts ran the gamut from the evils of DMCA/ACTA/TPP, to computer security issues, to the government’s effort to pass draconian treaties which are most likely binding even when the government says they aren’t, to cheap computers that will revolutionize the world. There is always a lot of good stuff on Techdirt to talk about.
One of my most favorite posts this week would have to have been the article about how Hollywood would like to see us space-shift DVDs by forcing us to take the DVD to a store to convert into a file for use in our non-DVD capable devices. They appear to be hoping that by offering this capability, they will head off the consumer groups out there who are trying to get the Librarian of Congress to allow ripping of DVDs as an exception to the DMCA's anti-circumvention provision.
It also outlines something that many of us here say regularly in the comments; that the gatekeepers are so used to holding all the cards, abusing their producers and customers alike with one-sided contracts, DRM, and onerous regulations and they really don’t want to change. And neither do their customers, who will continue ripping the DVDs themselves, violating the anti-circumvention provision of the DMCA because it is easier and more effective than any legitimate alternative Hollywood has provided. And of course, we are talking about space-shifting, which was a legally protected activity until DMCA made it illegal only if the material was encrypted to protect copyright.
The gatekeepers won't be successful in this effort until they can control software distribution all over the world and outlaw computers which can be modified by the user, and I just can't see this happening in a post-SOPA world, no matter how much the gatekeepers would like to believe that the SOPA backlash was a one-off event caused by "misinformation" and "undemocratic" processes. Something that most of those who participated in the anti-SOPA demonstrations felt pretty much summed up the actions of those behind SOPA with the backroom deals, the laws for sale, regulatory capture, and the efforts to discredit those behind the anti-SOPA demonstrations as lapdogs for Google.
And of course, we have the EFF fighting against companies sending out automated bogus DMCA takedowns for things they have no legal right taking down. Hopefully someone will bring some sanity to this problem – but I am not holding my breath. I used to think DMCA was an army where SOPA was a nuclear holocaust. But now it looks like the DMCA is an army with nuclear bombs – placing them somewhat indiscriminately and with no concern of legality or collateral effects. At some point, like everything else, it will backfire on the gatekeepers, as we have seen recently where two gatekeepers sue each other over the public domain or over trademarks. Someone is going to issue a takedown for another gatekeeper, and the nuclear armageddon will begin. Especially with automation, where companies really aren’t checking the results to assure that the results are correct but which does not appear to be happening in these cases (every engineer/scientist learns early on in their career to check the results.)
Moving on, this week saw a couple posts on computer security issues. We had the post on how the University of Michigan hacked the online voting system that was placed online specifically for the public to test the functionality and security of the system. We have to commend OSDV and Washington D.C. for doing the right thing and putting the system online to be tested. And the University of Michigan (and the others) who tested the system to its fullest and made the results available. This effort will make the system more secure, if they take what they learn and fix the problems and don't introduce new ones. We know that many of the problems discovered here also exist in the closed source voting systems, and this is precisely why those closed source systems are so hard to trust.
On a lighter note, we have the post on the Raspberry Pi, and how it could be a big problem for oppressive regimes. So many people were excited about the product that they crashed the server. Having cheap and small devices which run open source operating systems and applications can make things far more difficult for countries and gatekeepers who want to control how everyone uses their computers. Having less devices to worry about securing, and tailoring the 20W $25 PCs to replace the 650W $500 Desktop PC will have a better effect on the environment. Now if they can get the computer to fit into an Altoids tin, that would be awesome.
And finally, something I found to be surprising, is that teaching styles of teachers are much more of a distraction then computers in the classroom. I didn’t have a laptop with me in school until I was in my senior year in college, and that was only on a special occasion. However, it makes sense, as I find I am most efficient when I allow myself a couple short opportunities to visit Techdirt. Though if my boss is reading, I am multi-tasking and I am blocked waiting for the tasks to finish.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
There are two serious problems with that statement.
First, it's ridiculously optimistic.
Second, it endorses a methodology that it well-known to guarantee failure: penetrate-and-patch, as explained by
Marcus Ranum here, where it's #3 on his list of the six dumbest ideas in computer security.
You CANNOT design and build a secure voting system, or anything even remotely close to one, by launching something riddled with fundamental conceptual errors and then iteratively "fixing it" until you decide that you've done enough. That approach is a failure the moment you start; it only remains, as they say, as an exercise for the reader to catalog the full extent and nature of the failure.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
I see them act quickly when it comes to protecting corporate profits in exchange for corporate favors (campaign contributions and the revolving door) and when it comes to fabricating revenue generation scams (ie: frivolous parking laws, crazy penalties for a million violations that shouldn't be illegal like not reporting foreign income on your tax returns, among others), but when it comes to serving the public interest ...
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Today you elect those people without anything, you just trust them and have nothing to hold them accountable for.
More organized people noticed that already and give them ready made laws and requests, the people don't do that, we are used as cattle to produce the outcomes that those other more organized ones want, to change that politics must happen at the public level, where everyone who wants to get involved can do so and that means drafting laws and regulations, finding consensus or building it and only then electing any dumbass to office.
The only thing the public has in its favor is their sheer numbers, it was difficult to organize that in the past, that is not a problem anymore, millions can be find a common place to discuss and debate and find solutions to problems, what is needed now is just a trusted platform and some guidance from people who usually do those things although the guidance is not needed.
When people start doing that, others will start planing how to undermine that power, but to do so also undermine theirs.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
that or he just forgot to include that line.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
The direct problem that needs fixing is electoral reform. We need a way to punish political parties for being too focused on the needs of a small segment of the US culture.
I could care less if there are people that want a Socialist country or a Communist America. So long as they aren't the majority, that shouldn't happen. Yet our democracy is mixed with special interests on a massive level and the 538 delegates are a horrid mix of barriers to individual liberties. Our law makers moved to the authoritarian right since the 1980s. And it's not by accident. When the marching orders are to try to help special interests over the American people, you know there's a problem.
[ link to this | view in chronology ]
Re:
Stop right there - you've got it.
[ link to this | view in chronology ]
Re: Re:
I think the point is that, with a well implemented end to end user verified voting system that uses cryptography, what we can design can be better than what we currently have. Will it ever be perfect? No. Will it have flaws? Sure. But at least the public can better audit any flaws(???) and security weakness, seek improvements, and create a system better than what we currently have.
Saying that a proposed system has flaws is meaningless if it's not being compared to our current system. The way our current system works is I vote and I have no way to audit what the heck happened to my vote. For all I know, someone may have thrown it in the trash while no one was looking and how would I know?
[ link to this | view in chronology ]
Re: Re: Re:
2. Auditing is a much harder problem than it might appear to be on the surface. After all: if you can prove to yourself that you voted for X, then you can also prove that to someone who is standing next to you. If you can prove that to someone standing next to you, then you not only can sell your vote to that someone, you can PROVE that you voted as they asked, which means it's now worth the effort on their part to buy your vote. (Conversely: if you can't prove to yourself that you voted for X, then you can't prove it to them, and since you can't prove it to them, their motivation to pay you...or blackmail you...drops abruptly.)
I'm not saying auditing is an unsolvable problem: I'm saying that it's hard, even on a theoretical level. And when the implementation issues are added to that mix (e.g., buggy code, attackers, system failures, etc.) it really is much more difficult than it initially appears.
[ link to this | view in chronology ]
Re: Re: Re: Re:
If you believe that then you are naive. There have been all sorts of instances where more voters voted than the number of existing registered voters, I remember (though I can't find it) an instance of someone being pulled over by a cop for speeding and in the back of his car was a bunch of votes, there have been instances of dead people voting, etc... The list goes on and on.
Paper voting is only as secure as the flaws and intentional nefarious actions of those conducing the election. When I vote, my vote goes into a black box and I have no way to audit it at all. I have no idea what happened to my vote after it gets submitted or how to audit it, I have to just trust other people, flawed people (people tend to make more mistakes than computers) who may also act and conspire nefariously.
"After all: if you can prove to yourself that you voted for X, then you can also prove that to someone who is standing next to you."
The cryptographic community, who has spent many years (if not decades) working on this problem, has pretty much concluded, unanimously, that this is not true in theory. Just because you may not understand how these cryptographic systems could work doesn't make them any more subject to voter buyout.
That's the whole reason these are cryptographic systems, if we didn't want to conceal who we voted for then we can just do what other countries have done in the past and have an open system where your vote is both verifiable and openly transparent. Statistics show that this tends to change voter turnout. The point of introducing cryptography is to prevent this. Can it have flaws? Sure, someone can take their camera phone and video tape who they voted for. They can do that now too.
http://www.youtube.com/watch?v=ZDnShu5V99s
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
2. Personal corruption is not a problem for election equipment there is nothing one can do against that and that is a fact, coercion on the other hand could really be a problem, like bosses telling people how to vote and if they don't show up with the proof they lose their jobs, paying people is not that much of a problem because it quickly becomes very expensive to do so, it can easily cost billions of dollars to successfully buy all the votes needed so that is not a real problem unless the number of people voting is very small.
It is impossible to secure anything, we trust the system and the appearance of security is important for that trust to be maintained otherwise we would be revolting instead of voting so we devise mechanism to check that system and catch instances, we may not be able to secure something 100%(that is impossible) but we can make detection and correction more stronger and that only will happen with new technologies not old ones. A boss threatening its employees if they don't show how they voted can be dealt by public outcry and the legal system but that depends on a news source(any source new or old) that people can trust and a trusted legal system, to evade lessen the effects of collusion, votes should be sent to multiple points over secure channels, when the access to the machines is compromised voters should be able to check how their votes are being counted and complain about irregularities, so redundancy is key in reducing that risk, people should vote on the e-voting machine and being given access to a secure channel where they can confirm who they voted for, so even if the machines in themselves at some location can be successfully compromised there is a control against which people can check against and if necessary redo the process with greater scrutiny on the whole process.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
If you only need to bribe/threaten a handful of sysadmins, the situation is quite different.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Give a unique key to every voter that he/she/it can use it to verify his vote online, who better to check that then the people who did the deed?
[ link to this | view in chronology ]
Re: Re: Re:
For cases of ballot stuffing: e-voting machines should send their data to more than one place dispersed geographically and voters should be given a encrypted key to use that to see how their vote is being counted and be able to report problems.
I'm assuming that problems will always occur, but like in manufacturing is not important to eliminate 100% of the problems but how to fix 100% of them after they occur, it is impossible to keep determined people from modifying something, but it is possible to spot and correct those instances.
[ link to this | view in chronology ]
Re: Re: Re: Re:
also, to have enough boxes that there is never any need to swap them. add in voters wandering in and out all day and, while not impossible, it does become difficult to do.
(also, one is Registering to vote is compulsory, though actually voting is not, so there is a List of everyone who can vote in a given electorate, and if you're not on that list you don't get to. also, if your name is checked off at multiple polling stations i'm pretty sure your vote is tossed. when you go to vote, they fill out your name and number on the top of the sheet on their pad of voting papers, then tear off the ballot paper itself and give it to you to go vote with. i believe the two bits of paper have corresponding numbers on them, but i'm not sure. that'd be so that in the event of irregularities they can pull the right papers. the people who count the votes only see the ballot paper which, if i remember rightly, does Not have identifying marks on it appart from that number... i could be wrong though, this is from memory from some months back.)
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
At some point the ballots must be moved and people swap those things then, voters registration is what was used to get a list of all the voters and create the fake ones, party lines are weaker than allegiance to local powers so you can have many watchers in the room but if they all work for the same guy in the city nobody is going to blow the whistle, in big cities each district had some sort of power guy that commanded the scheme he just needed to know who was choosing the watchers and how the names came to be and put there his own people.
No, it is not difficult at all to rig elections, is hard to detect it currently, people can't check how their votes were counted or if they did really go to vote, maybe voting should be a 2 step process, the guy goes to vote, receive a unique key that will give him online access and he can see what happened to his or hers vote and confirm those votes would be more reliable, although it cannot be mandated since there are many people who don't have the knowledge yet to do so.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Never thought I'd be accused of that -- thanks.
Second, it endorses a methodology that it well-known to guarantee failure
I agree, however considering that no other vendor has done this -- it somewhat proves what you say -- but in this case we know the vulnerabilities while on the other side, everyone but the vendor and the government knows the flaws and they think the system is secure.
[ link to this | view in chronology ]
Re:
If you want security you will need to learn, that means failing and that means and endless cycle of making something and reworking it until we find out how it works and how all fit together.
There are many things I can't see a solution to, but somebody may be able to come up with something that makes it work, so experimenting is a good thing, not being afraid of failure is a good thing for progress and innovation.
[ link to this | view in chronology ]
Re:
I don't know about that, nature despite the high rate of failure(north of 90%) seems to be doing well using that same exact approach.
Thinking about it, that is the exact same approach we always use and if anything is a constant is that we make things, they fail and we remake them.
Can you imagine DaVinci giving up his flying dreams, his robotic machines because they were not perfect?
Now if you said we should give up the current crop of e-voting machine manufacturers, then we could agree, but giving up a true and tried process that is the one thing that moves us forward seems a bit harsh.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
I deleted that part in my script, but I'd never suggest getting rid of the big PC for a majority of my work, but I don't need 10 large PCs...I could have one large one and one or two small ones.
[ link to this | view in chronology ]
Re:
Instead of having to wait days for calculations and renderings it would be done in minutes.
For house automation those are just glorious, one PC per room in the house, custom build network firewalls that cost thousands can be done by those, routing.
Other uses are HTPC's, controllers for other devices like CNC machines, Reflow soldering from home ovens controlled by them.
[ link to this | view in chronology ]
JAy bob
There are two serious problems with that statement.
First, it's ridiculously optimistic.
Second, it endorses a methodology that it well-known to guarantee failure: penetrate-and-patch, as explained by
Marcus Ranum here, where it's #3 on his list of the six dumbest ideas in computer security.
[ link to this | view in chronology ]
JAy bob
http://huntall.com/4-mentioned-announcement-ipad
[ link to this | view in chronology ]
Actually, from what they were saying, the power consumption is about 3.5 watts for the deluxe Model B, and 2.5 watts for the Model A. The A now comes with 256 megs of RAM, however, and thus might be a little higher than when they last mentioned those numbers.
Overall, they're supposed to be about equivalent to a Pentium II 300, with way stronger video hardware. That's slow enough that you have to pay attention to how much CPU power things need, but you can do a HELL of a lot with that much horsepower... especially when one of the bits of heaviest lifting that CPUs do, video decoding, is all offloaded to the GPU on the RPis.
You're not going to want one as a non-linear video editor, but you could easily run office or server software on something like that. You just need to avoid software that expects you to have gigs of RAM. The 256 meg limit is likely to be the real bottleneck on those systems.
[ link to this | view in chronology ]
Warner Brothers Twisted Logic
I could create an automated system that scours the Internet looking for Warner Brothers movies and when it detects one it will automatically download it. Using Warner Brothers logic I would not be responsible for the infringing because it was a computer that did the downloading not a human.
[ link to this | view in chronology ]
Re: Warner Brothers Twisted Logic ~ CORRECTION
[ link to this | view in chronology ]
You just scared me...
Ever heard of UEFI? Microsoft is already implementing it in the Real World(TM) and it's really going to take choice away from computer "owners". Besides already being in force, it's a bit like SOPA.
[ link to this | view in chronology ]
How to crash a web server:
[ link to this | view in chronology ]
I'm scared too... Bill C-11 is coming to Canada
Erm. As per Grumpy, the new improved UEFI is coming, so Microsoft will be able to lock down all our general purpose computers...
Especially as our government is on the verge of passing copyright law that will make circumventing TPMs (aka digital locks or DRM) illegal, even if what you are doing is not otherwise illegal.
Say you want to watch the DVD you just bought on your linux box: no can do.
Or maybe read that Project Gutenberg public domain book. Or perhaps, installing linux on my general purpose computer... if the manufacturer doesn't grant me permission to replace their OS with free software, and if I go ahead and do it, I'd be breaking the law. Yeah, I can see Bill Gates giving me the go ahead...
The moment this law is passed (and since we have a majority government, nothing can stop it) I expect there won't be a device sold in our market that is not riddled with drm/tpm.
This power could very easily be translated into preventing us from accessing independent digital content.
[ link to this | view in chronology ]