Would it not be enough for them to document cause and effect without ripping the DRM apart? I use this DRM disc, and this happens. That should be more than enough.
the tools and techniques used to test security are the same as those used to circumvent it.
you run a debugger and watch stuff move around a systems memory, you run a fuzzer to see how a program deals with arbitrary data, you run sniffers to see what goes over the wire or proxies to catch stuff before it comes in or goes out so you can see what it is or what it does.
the only difference between security research and cracking is what you intend to do with the information that you have gathered. researchers hack stuff and share what they know to improve the security of products while crackers share what they know in order to strip away protections.
microsoft, cisco, adobe, novell... every vendor has used gag orders at one time or another to silence a researcher who has discovered a fatal flaw.
the real problem with DRM is that it's not real security, and so it doesn't hold up to real security research.
real security research is proven by peer review. you prove something is secure by having people try to break it. you show everyone how it works and invite them to come smash it. if they succeed, then you fix the vulnerability, and if they fail, then you can feel safe that your solution is secure, for now.
the anti-circumvention clause in the DMCA prevents this kind of research and so DRM technologies hide behind legalities. this is why DRM doesn't work and gets owned in a short period of time.
thanks to the sony rootkit fiasco, you now have a legion of researchers who mistrust all implementations of DRM in addition to the people who are interested in circumventing it.
how do you justify multiples of hundreds of thousands of times damages by saying it has the 'potential' for the infinite?
if you sue some one for a reasonable amount then you can't scare people into buying CD's. reasonable amounts just aren't intimidating.
Clearly damage claims in civil cases should relate directly to actual, measured damages. Otherwise you're victimising a handful of individuals for the actions of society.
riiiiight. people are sued for millions every day for no good reason. in this case, the purpose of the damages is intimidation. they can't figure out how to deliver a product worth buying, so they are going to break metaphorical kneecaps instead. now that they own the dept. of justice it's like a crime spree.
Not so - long before communication was easy (like back when we all used paper print terminals connected as slowly as 45.45 baud) there was still communication. It was called the phone, personal meetings, etc. Stuff got done
and all of the programming done before the 80's was open source. that's how stuff got done: people stole each other's code. companies distributed software as source because it had to be compiled using your machine's environment.
it was the unix wars and packaged software that set the gnu foundation in motion.
Open Source software is dependant on people who write code because they like to, not because they want to.
WTF does that mean?
Open Source is also one of the worst ways to develop anything, because in the end nobody is really responsible.
right, openBSD has had 2 remote access flaws in the default install in 10 years. windows has had 2 in the last 6 months. who fixes their bugs faster? how has fewer bugs in the first place?
things get done and get fixed in open source because anyone who can see what's wrong can have a say and contribute a fix.
read about dan kaminsky's work on the DNS bug and see how proprietary software companies like MS and cisco respond to peer review.
It works, but sometimes open source is more like the infinite number of monkeys typing as opposed to any real direction or thought.
right, and sometimes proprietary software companies are more like monkeys throwing feces at each other as opposed to trying to help their customers.
if open source software is such poor quality, why is so much of the world wide web hosted on apache? why is bind the number one DNS server? why did TCP/IP win out over all proprietary networking protocols in the early days of the internet?
The military's bandwidth has been allocated in such a way that its main use, communication between forward deployed units and command centers takes priority. Social networking sites have not written their pages in a manner that gives the option of not sucking bandwidth. Why should the military have to account in their tactical network design, which is limited by technology that will handle "being in the field" for sites that do not account for them?
military networks of all kinds are segregated. there are separate machines and networks for classified material and unclassified material, and there are networks for tactical use vs. strategic vs. garrison use. compartmentalization is one of the cornerstones of operational security. if your unit isn't compartmentalizing, its not doing its job.
the bandwidth argument is lame no matter what sector or industry you talk about because it comes down to network admins that are too lazy or scared to administer their networks. sure, you can buy more bandwidth, or you can get off your ass and do something to better manage the bandwidth that you already have.
you can have multiple subnets, vlans, routes, and even multiple uplinks that can minimize the effects of user abuse on your network. you can also add QOS to the mix and if you are worried about security there is always IDS and IPS. if facebook can take down your network, then you as the network admin need to do your company a favor find a new job.
rather than just blocking something, why not investigate the problem? why not talk to the people that are hogging bandwidth and see what can be done to help them and the rest of the network? you know that management is going to side with the user instead of you anyway, why let the issue go that far? you can tell who they are and what they are doing by looking in your firewall or proxy logs. if processing logs is too boring for your short attention span, there are products that process logs into visualizations, so you can look at graphs instead.
there are a ton of network monitoring and analysis tools that are free and open source, all it takes time to set them up. you don't even need fancy managed switches either (you know, the cisco kind that needs air conditioning) since you can build a passive tap for like 20 bucks from parts from radioshack and monitor a connection with a pair of network cards: http://www.snort.org/docs/tap/
i set my status to "boffing my secretary, susan" and my wife left me and is suing me for alimony and custody of the kids, susan's husband left her and is suing her for divorce, susan left me and is suing me for defamation, and is also suing the company for sexual harrassment, and the company has fired me for no good damn reason.
facebook is a freakin menace and should be burned to the ground.
if i was a terrorist with a bomb that was burning a hole in my pocket, wouldn't it be super easy for me to find a good target by pulling up the google map for where i was standing and heading towards the nearest blurred out space?
why not make a neon sign that says "come blow this place up!"??
militaries often leave secret facilities off of maps, so the easiest way to locate the interesting places on a military installation is to walk around and see what's not on the map.
the anti-circumvention clause in the DMCA pretty much states that you can't do anything to bypass a lock on a copyrighted work, including providing tools or instructions.
i don't agree with the clause (or anything else in the DMCA other than safe harbor provisions) in the slightest, but i think that anti-circumvention covers this.
i say that based on this excerpt: Here's how anticircumvention works: if you put a lock -- an access control -- around a copyrighted work, it is illegal to break that lock. It's illegal to make a tool that breaks that lock. It's illegal to tell someone how to make that tool. One court even held it illegal to tell someone where she can find out how to make that tool.
and i think the professor's point was that the basics of journalism are still valid regardless of the medium that they are employed in.
i think he could have phrased it differently, like "you're here to learn about journalism, not how to design webpages."
i tried to talk to the professor about it, but he just kept insisting that i get off his lawn. i thought it was kind of strange since we were in new york where lawns have been extinct for over a hundred years.
He couldn't innovate on his patent for 17 years. Everyone...this is progress in action!
12 years ago i got a patent for using a computer to act as a telephone using software and hardware to place calls over a large interactive network of similar computer phone devices. with a few more years of research i will have perfected my "compuphone" and be rich!
Currently, RnD and especially safety trials (I do not know the exact number) have cost millions of dollars in investor money. This is before advertising (if we get FDA approval), and manufacturing costs.
Without patents and a licensing agreements, how would we recoup these costs? Why would we even bother with all these safety trials?
the need for the FDA approval process to change is a central theme in "against intellectual monopoly". the current FDA approval process is an obstacle to eliminating drug patents.
There isn't a shift in business models here because a new one wasy required, rather an unruly mob has figured out how to shoplift en masse and has laid ruin to what was a thriving business.
it wasn't a riot, it was a change in the market that came too quickly for large media conglomerates to react to.
the problem with large companies is that they can't change directions fast enough to keep up with these sudden changes. the same thing happened to microsoft with vista, the market didn't respond as predicted and now there is plenty scrambling to meet that response.
this wasn't a riot, it was a shift in the market that the recording industry just wasn't prepared for. the world woke up one morning a few years ago and said "i don't want to buy plastic discs anymore" and then they stopped buying them.
this happens to companies all the time, something happens and the market moves in a radical new direction. when that happens, you have two choices: invest time and money in pushing the market back in the old direction, or invest that same time and money pushing your company in the same direction as the market.
Perhaps, just perhaps, engaging the issues in a respectful manner with the author may lead to a greater appreciation on both sides of what is happening.
Until this happens, articles such as this here are little more than "flames" criticizing an individual who might have something substantive to add to the discussion.
you must be new here. let me be the first to welcome you to the internet.
here on the internet, we do not think, we do not listen, and we damn sure do not do anything in a respectful manner.
hopefully that clears up some of the confusion and you can better enjoy your time here in the web.
That is the true issue - is there more money here, or less? If there is less, then the old business model was still better business.
the numbers don't matter because the old model has stopped working. it doesn't matter what numbers you put on the new model, as long as they are positive. positive numbers, no matter how small, are always larger than negative ones.
even if you only make trace amounts of money in the new model, that is infinitely better than losing money on the old one.
don't buy books til after the first week of classes. then you can go to class, get the syllabus, and see what, if any, role the textbook plays in the course.
for a lot of courses, the lecture notes will suffice for the exams, unless you are a grad student or concerned with getting perfect grades.
The rights for songs are the same for everyone, without discrimination for age or health. I know it doesn't suit the local agenda, but well, that's life.
and what is the average life expectancy of a multinational corporation?
it doesn't have the "call us in the middle of the night fix it in an hour" or "put someone on a plane to come fix it" type of support unless you pay for it.
you pay for that privilege with most commercial enterprise software too, either directly or it's wrapped up in the price tag.
On the post: Security Researchers Shouldn't Face DMCA Liability While Protecting Users From Faulty DRM
Re:
the tools and techniques used to test security are the same as those used to circumvent it.
you run a debugger and watch stuff move around a systems memory, you run a fuzzer to see how a program deals with arbitrary data, you run sniffers to see what goes over the wire or proxies to catch stuff before it comes in or goes out so you can see what it is or what it does.
the only difference between security research and cracking is what you intend to do with the information that you have gathered. researchers hack stuff and share what they know to improve the security of products while crackers share what they know in order to strip away protections.
On the post: Security Researchers Shouldn't Face DMCA Liability While Protecting Users From Faulty DRM
vendors gag security researchers all the time
microsoft, cisco, adobe, novell... every vendor has used gag orders at one time or another to silence a researcher who has discovered a fatal flaw.
the real problem with DRM is that it's not real security, and so it doesn't hold up to real security research.
real security research is proven by peer review. you prove something is secure by having people try to break it. you show everyone how it works and invite them to come smash it. if they succeed, then you fix the vulnerability, and if they fail, then you can feel safe that your solution is secure, for now.
the anti-circumvention clause in the DMCA prevents this kind of research and so DRM technologies hide behind legalities. this is why DRM doesn't work and gets owned in a short period of time.
thanks to the sony rootkit fiasco, you now have a legion of researchers who mistrust all implementations of DRM in addition to the people who are interested in circumventing it.
On the post: DOJ Sides With RIAA In Tenebaum Case
Re: Re: Re: infinite copies
if you sue some one for a reasonable amount then you can't scare people into buying CD's. reasonable amounts just aren't intimidating.
Clearly damage claims in civil cases should relate directly to actual, measured damages. Otherwise you're victimising a handful of individuals for the actions of society.
riiiiight. people are sued for millions every day for no good reason. in this case, the purpose of the damages is intimidation. they can't figure out how to deliver a product worth buying, so they are going to break metaphorical kneecaps instead. now that they own the dept. of justice it's like a crime spree.
On the post: How To Create A Moral Panic: Ask A Question, Get Opinions, But Ignore Facts
Re:
coming from the guy named after a character from fat albert.
On the post: Extending Copyright Law Is Like Banning Wikipedia
Re:
and all of the programming done before the 80's was open source. that's how stuff got done: people stole each other's code. companies distributed software as source because it had to be compiled using your machine's environment.
it was the unix wars and packaged software that set the gnu foundation in motion.
Open Source software is dependant on people who write code because they like to, not because they want to.
WTF does that mean?
Open Source is also one of the worst ways to develop anything, because in the end nobody is really responsible.
right, openBSD has had 2 remote access flaws in the default install in 10 years. windows has had 2 in the last 6 months. who fixes their bugs faster? how has fewer bugs in the first place?
things get done and get fixed in open source because anyone who can see what's wrong can have a say and contribute a fix.
read about dan kaminsky's work on the DNS bug and see how proprietary software companies like MS and cisco respond to peer review.
It works, but sometimes open source is more like the infinite number of monkeys typing as opposed to any real direction or thought.
right, and sometimes proprietary software companies are more like monkeys throwing feces at each other as opposed to trying to help their customers.
if open source software is such poor quality, why is so much of the world wide web hosted on apache? why is bind the number one DNS server? why did TCP/IP win out over all proprietary networking protocols in the early days of the internet?
On the post: Government Employees Banned From Using The Social Networking Tools They're Told To Use
Re: Re: The Military
military networks of all kinds are segregated. there are separate machines and networks for classified material and unclassified material, and there are networks for tactical use vs. strategic vs. garrison use. compartmentalization is one of the cornerstones of operational security. if your unit isn't compartmentalizing, its not doing its job.
the bandwidth argument is lame no matter what sector or industry you talk about because it comes down to network admins that are too lazy or scared to administer their networks. sure, you can buy more bandwidth, or you can get off your ass and do something to better manage the bandwidth that you already have.
you can have multiple subnets, vlans, routes, and even multiple uplinks that can minimize the effects of user abuse on your network. you can also add QOS to the mix and if you are worried about security there is always IDS and IPS. if facebook can take down your network, then you as the network admin need to do your company a favor find a new job.
rather than just blocking something, why not investigate the problem? why not talk to the people that are hogging bandwidth and see what can be done to help them and the rest of the network? you know that management is going to side with the user instead of you anyway, why let the issue go that far? you can tell who they are and what they are doing by looking in your firewall or proxy logs. if processing logs is too boring for your short attention span, there are products that process logs into visualizations, so you can look at graphs instead.
there are a ton of network monitoring and analysis tools that are free and open source, all it takes time to set them up. you don't even need fancy managed switches either (you know, the cisco kind that needs air conditioning) since you can build a passive tap for like 20 bucks from parts from radioshack and monitor a connection with a pair of network cards:
http://www.snort.org/docs/tap/
On the post: Social Network Status Updates Come Back To Bite You
facebook should be illegal
facebook is a freakin menace and should be burned to the ground.
On the post: Unblurred Google Satellite Images Is The Equivalent Of Yelling Fire?
wtf will blurring help?
why not make a neon sign that says "come blow this place up!"??
militaries often leave secret facilities off of maps, so the easiest way to locate the interesting places on a military installation is to walk around and see what's not on the map.
On the post: Amazon Uses DMCA To Try To Block Other Ebooks From Getting On Your Kindle
isn't this the anti-circumvention clause?
i don't agree with the clause (or anything else in the DMCA other than safe harbor provisions) in the slightest, but i think that anti-circumvention covers this.
i say that based on this excerpt:
Here's how anticircumvention works: if you put a lock -- an access control -- around a copyrighted work, it is illegal to break that lock. It's illegal to make a tool that breaks that lock. It's illegal to tell someone how to make that tool. One court even held it illegal to tell someone where she can find out how to make that tool.
from this paper:
http://www.craphound.com/msftdrm.txt
this is reason number 29,848,353,455 to do away with the DMCA.
On the post: Columbia Journalism Professor: Fuck New Media
i actually read the article
i think he could have phrased it differently, like "you're here to learn about journalism, not how to design webpages."
i tried to talk to the professor about it, but he just kept insisting that i get off his lawn. i thought it was kind of strange since we were in new york where lawns have been extinct for over a hundred years.
On the post: Google Settles Patent Lawsuit From Klausner So It Can Launch Google Voice
Re: Re:
He couldn't innovate on his patent for 17 years. Everyone...this is progress in action!
12 years ago i got a patent for using a computer to act as a telephone using software and hardware to place calls over a large interactive network of similar computer phone devices. with a few more years of research i will have perfected my "compuphone" and be rich!
On the post: T-Mobile Takes Out Some Handset Unlockers
happens all the time
why not sell the phone either at cost or for a small profit and encourage people to do what they want with the phone once it's theirs?
On the post: Scientist Makes Sure That No One Uses His Patent On Malaria Drug To Gouge The Poor
Re:
Without patents and a licensing agreements, how would we recoup these costs? Why would we even bother with all these safety trials?
the need for the FDA approval process to change is a central theme in "against intellectual monopoly". the current FDA approval process is an obstacle to eliminating drug patents.
On the post: There Is No New Business Model For Music?
Re: Re: Wierd Harold
it wasn't a riot, it was a change in the market that came too quickly for large media conglomerates to react to.
the problem with large companies is that they can't change directions fast enough to keep up with these sudden changes. the same thing happened to microsoft with vista, the market didn't respond as predicted and now there is plenty scrambling to meet that response.
this wasn't a riot, it was a shift in the market that the recording industry just wasn't prepared for. the world woke up one morning a few years ago and said "i don't want to buy plastic discs anymore" and then they stopped buying them.
this happens to companies all the time, something happens and the market moves in a radical new direction. when that happens, you have two choices: invest time and money in pushing the market back in the old direction, or invest that same time and money pushing your company in the same direction as the market.
On the post: There Is No New Business Model For Music?
Re:
Until this happens, articles such as this here are little more than "flames" criticizing an individual who might have something substantive to add to the discussion.
you must be new here. let me be the first to welcome you to the internet.
here on the internet, we do not think, we do not listen, and we damn sure do not do anything in a respectful manner.
hopefully that clears up some of the confusion and you can better enjoy your time here in the web.
On the post: There Is No New Business Model For Music?
Re:
the numbers don't matter because the old model has stopped working. it doesn't matter what numbers you put on the new model, as long as they are positive. positive numbers, no matter how small, are always larger than negative ones.
even if you only make trace amounts of money in the new model, that is infinitely better than losing money on the old one.
On the post: The Coming Disruption In The Textbook Market
easy way to save on textbooks in college
for a lot of courses, the lecture notes will suffice for the exams, unless you are a grad student or concerned with getting perfect grades.
On the post: Sony Considers Lawsuit Over Its Controller Being Used In Anti-Video Game Ad
i don't see the anti gaming angle
On the post: Sita Sings the Blues... Available For Free Download
Re: Re: Re: Re: Re: Re: Re: Re: Re:
and what is the average life expectancy of a multinational corporation?
On the post: When You Treat Your Customers Like Criminals, Don't Be Surprised When They Go To Different Suppliers
Re: Re: Re: Two words
it doesn't have the "call us in the middle of the night fix it in an hour" or "put someone on a plane to come fix it" type of support unless you pay for it.
you pay for that privilege with most commercial enterprise software too, either directly or it's wrapped up in the price tag.
Next >>