Remember when the USA had export controls, and strong cryptography was thought to be a military weapon rather than an enabler of trillions of dollars of economic activity?*
The brief version: your TLS secure connections to websites can be forced into the old "export only" weak key. Generating keys is expensive, so webservers tend to do it only once at startup. Once you force a connection to work in export mode, you can break the encryption much more easily.
But wait! There's more! Now you're pushing smaller keys, you can break those keys more easily. So as well as decrypting the transmission, you can now EASILY pretend to be the website the user was going to, performing a Man-In-The-Middle attack.
All because weak keys were required once, and nobody removed the code to do that. And now in 2015 those weak keys that were "secure enough" for export in 1998 can be broken with about $100 worth of cloud computing time.
And yet backdooring or weakening encryption is still somehow attractive to those in power. How short-sighted.
-------- * I do, as I'm in the UK so we got export versions of security software, backup software and communications software - interoperability with the full US version in big companies was a pain in the posterior.
On this next Tuesday, I will have the privilege of being at the British Library viewing the four surviving copies of the Magna Carta.
I doubt I have to tell any visitors to the website what the Magna Carta is, but for those who may wonder I will simply say it is the embryonic charter of all rights you assume you have today. You should undertake a study of it and its impact on the world.
On Tuesday, I will try my best to forget this news article. I will try my best to view those four vellums with the optimism and reverence that they inspire and deserve.
But this news undermines my ability to do that. And I am not American, and cannot legally protest or contest this news, and therefore I find myself simply offended by it - and unable to change it. This simply compounds my foul mood around this subject.
And that is why a British citizen feels he must forget news of an American abuse of justice, lest he weep when he views those four surviving vellums that sought to establish our rights so soundly.
Any tears in the British Library on Tuesday will be well deserved, and a sad reflection on how far our principles have drifted.
But I will try to forget this, so that there will be no tears.
I will try.
No matter how hard this, and so many other news articles, may make it.
I will try.
If only out of respect for the principles of that 800 year old charter, and the empty words that are still sadly spoken in its shadow.
I'm going to have to say you're doing it completely the wrong way.
Either that, or you're intentionally making life difficult for yourself.
Linux can indeed be compiled from source, and you can then download compile all your apps manually. But that's not how 99% of people use Linux.
Most people get Linux through a distribution, which pre-compiles everything into packages for them. The distribution's Package Management system then handles the installation of those pre-compiled binaries for you.
It will even handle the dependencies you mention - going back to its repositories and downloading/installing them automatically.
A decent Package Manager will even go so far as to know which packages can conflict (it's rare, but it happens) and refuse to install new software until the conflict is fixed - which may sound bad, but I'd rather have a system protect itself by not installing something than hose itself by trying to please me.
Better yet, if I install a package from outside the package management system's repositories, all of this still happens. So if I download and install Corel's Aftershot Pro software, and it needs a library for printing or colour management, then the package just needs to say so and all of the installation will be handled automatically.
(Even versioning.)
There are a couple of distributions - like Gentoo - which have a package management system that prefers to compile from source, but even then its package management is automating that for you. And those are very niche systems, which most users won't ever consider using. (For example, LibreOffice takes hours to compile on many systems, which is offputting - using a Red Hat or Debian based system which has precompiled packages suddenly becomes much more attractive!)
Basically, Linux doesn't work the way you think it does. It actually works in a very sane, very safe way to try to ensure that the complexities of software installation are something the user doesn't have to bother with.
Of course, some software authors may choose not to use the package management system. And in that case, you might get a self-contained .tar.gz file (or similar) which you just unpack and run the contents of. But that's hardly Linux's fault.
I'm unsure where you found your Linux philosophy, but frankly it doesn't match the experiences of any Linux distribution I know.
WINE is a different issue, as it's an abstraction layer. It should ideally be a last resort rather than a first port of call - which is why people want AAA titles on Linux, not on WINE on Linux.
Sadly, the DMCA's Safe Harbour part and takedown processes are still some of the saner parts of US copyright law.
But they're obviously broken when this can happen - so let's amend them.
Let's bring in game theory.
The issuer of a takedown has to declare the value of the material. This value is legally binding, and can be used in court when discussing damages. (Except statutory damages.)
Conversely, if the takedown turns out to be bogus, then the issuer is liable for an instant statutory fine of 10x the value declared, multiplied by the number of downloads/views the material has (if available).
(The multiplier hopefully prevents late claims or attempts at censorship.)
No value means no takedown.
A value below a certain threshold (set by the Library of Congress, based on combination of length & content type) means no takedown.
This should solve the problem. Those with genuine takedown needs get a takedown, AND for playing nicely they get to declare how much they think their goods are worth for the court's consideration later.
And those who are just trolling get their wallets emptied on a regular basis.
An interesting side effect means that we may actually get to see companies start to put realistic values on their goods, and that if the load for DMCA takedowns becomes too high the data is there to begin processing them in "most expensive losses" order first.
Which raises an entirely new dilemma on the part of the issuer. Submit high and get takedown sooner, or submit low and hedge against having made a mistake?
(There is a third option - submit low and go for statutory damages in court. Except that will mean that the figures will end up showing that statutory damages are too high, and give hard facts which allow the law to be altered there. A good short term option, but a very dangerous long term one.)
I think that if those changes were made, DMCA takedowns might actually approach something which almost resembles sanity...
I think that we're seeing two worlds fail to understand each other.
Louis CK made money, yes. But he failed to MONETIZE.
By which it's meant that he failed to make the most out of the process.
Not the product, mind you - the process.
Louis had a very simple proposition: Pay me money, I give you something funny.
Louis CK viewed DRM as a cost that wasn't worth it, and that alone is a threat to the MPAA's reality. It's also what most people here have focused on, because of this guy's job title.
But we need to ignore the job title, and remember that this guy is steeped in an industry. Language shapes how you think, and I believe we can see more than just DRM being referred to here.
Louis CK didn't sell plushies, action figures, and clothing. Or re-release earlier goods with a little sticker on them that advertised the new product whilst pretending to be a reference of quality ("From the man who brought you...")
Louis CK didn't do that not only because he didn't have the rights to previous works, but because that would be a waste of time and money. He could - nay, should - be writing material or working on the new product.
He also didn't choose to get paid for holding a particular brand of soft drink whilst he did his act.
A smart move, because even if $sponsor were to pay for him to be using their product during the filming, the costs of lawyers to land the deal would leave him with little money.
And the sponsor would no doubt want some "creative control", to ensure he didn't say anything that they don't want their brand associated with...
Which is effectively self-censorship for the project. And when you realise that the deal will probably land him no more than minimum wage (given how long it will take to do the project), suddenly he needs more sponsors, which means a death spiral of more censorship...
Basically, Louis CK is smart. He saw what people wanted, he budgeted it out, he delivered JUST WHAT THEY WANTED, and didn't waste time doing much else.
But that's not what Hollywood does. Hollywood doesn't just sell films to customers, it sells advertising space in those films too. It doesn't just sell a film, it sells merchandising - or at least the rights to it. It doesn't just sell a medium with the film on it, it sells the rights to distribute those films.
THAT'S monetization.
That's how the MPAA thinks. Total control for maximum profit. Don't take risks, and do whatever it takes to get the most money from every stage of the process.
Who cares if the film is sanitised by sponsorship requirements? Who cares if the distribution chain creates artificial delays that encourage piracy? Who cares if merchandising is shoddy? Who cares if DRM means buyers are annoyed by unskippable adverts?
Not one of those is a concern to this man.
The business he lives and breathes in a "monetized" world. He may not quite understand how the new generation of Connecting-With-Fans and Reason-To-Buy artists can make money without doing this.
Subconsciously, he's almost certainly wondering why Louis CK didn't "monetize" as I've described. Because such monetization is all he sees, every day.
Which is slightly frightening.
But what's also slightly sad is that he probably hasn't even considered the downsides I've listed. He's not even capable of seeing them as serious downsides, because everyone around him sees only the upsides - the bottom line from the deals.
I've always wondered if Hollywood execs are just unscrupulous salesmen. They often seem to share one key quality - they only care about the money that they, individually, bring in. If the sale hurts business reputations, or damages future sales, then they don't care. "Just look at this quarter's bottom line! I'M ON FIRE!"
That's monetization. The pursuit of many individual bottom lines, with no care for the effect on the final product.
Techdirt has not posted any stories submitted by Philip Storry.
And coincidentally...
Remember when the USA had export controls, and strong cryptography was thought to be a military weapon rather than an enabler of trillions of dollars of economic activity?*
Well, that stone-age view of encryption just came back to bite everyone on the arse:
http://arstechnica.com/security/2015/03/freak-flaw-in-android-and-apple-devices-cripples-https- crypto-protection/
The brief version: your TLS secure connections to websites can be forced into the old "export only" weak key. Generating keys is expensive, so webservers tend to do it only once at startup. Once you force a connection to work in export mode, you can break the encryption much more easily.
But wait! There's more! Now you're pushing smaller keys, you can break those keys more easily. So as well as decrypting the transmission, you can now EASILY pretend to be the website the user was going to, performing a Man-In-The-Middle attack.
All because weak keys were required once, and nobody removed the code to do that. And now in 2015 those weak keys that were "secure enough" for export in 1998 can be broken with about $100 worth of cloud computing time.
And yet backdooring or weakening encryption is still somehow attractive to those in power. How short-sighted.
--------
* I do, as I'm in the UK so we got export versions of security software, backup software and communications software - interoperability with the full US version in big companies was a pain in the posterior.
I will try not to weep
I doubt I have to tell any visitors to the website what the Magna Carta is, but for those who may wonder I will simply say it is the embryonic charter of all rights you assume you have today. You should undertake a study of it and its impact on the world.
On Tuesday, I will try my best to forget this news article. I will try my best to view those four vellums with the optimism and reverence that they inspire and deserve.
But this news undermines my ability to do that. And I am not American, and cannot legally protest or contest this news, and therefore I find myself simply offended by it - and unable to change it. This simply compounds my foul mood around this subject.
And that is why a British citizen feels he must forget news of an American abuse of justice, lest he weep when he views those four surviving vellums that sought to establish our rights so soundly.
Any tears in the British Library on Tuesday will be well deserved, and a sad reflection on how far our principles have drifted.
But I will try to forget this, so that there will be no tears.
I will try.
No matter how hard this, and so many other news articles, may make it.
I will try.
If only out of respect for the principles of that 800 year old charter, and the empty words that are still sadly spoken in its shadow.
Re:
Either that, or you're intentionally making life difficult for yourself.
Linux can indeed be compiled from source, and you can then download compile all your apps manually. But that's not how 99% of people use Linux.
Most people get Linux through a distribution, which pre-compiles everything into packages for them. The distribution's Package Management system then handles the installation of those pre-compiled binaries for you.
It will even handle the dependencies you mention - going back to its repositories and downloading/installing them automatically.
A decent Package Manager will even go so far as to know which packages can conflict (it's rare, but it happens) and refuse to install new software until the conflict is fixed - which may sound bad, but I'd rather have a system protect itself by not installing something than hose itself by trying to please me.
Better yet, if I install a package from outside the package management system's repositories, all of this still happens. So if I download and install Corel's Aftershot Pro software, and it needs a library for printing or colour management, then the package just needs to say so and all of the installation will be handled automatically.
(Even versioning.)
There are a couple of distributions - like Gentoo - which have a package management system that prefers to compile from source, but even then its package management is automating that for you. And those are very niche systems, which most users won't ever consider using. (For example, LibreOffice takes hours to compile on many systems, which is offputting - using a Red Hat or Debian based system which has precompiled packages suddenly becomes much more attractive!)
Basically, Linux doesn't work the way you think it does. It actually works in a very sane, very safe way to try to ensure that the complexities of software installation are something the user doesn't have to bother with.
Of course, some software authors may choose not to use the package management system. And in that case, you might get a self-contained .tar.gz file (or similar) which you just unpack and run the contents of. But that's hardly Linux's fault.
I'm unsure where you found your Linux philosophy, but frankly it doesn't match the experiences of any Linux distribution I know.
WINE is a different issue, as it's an abstraction layer. It should ideally be a last resort rather than a first port of call - which is why people want AAA titles on Linux, not on WINE on Linux.
A quick change to the law, and this stops
But they're obviously broken when this can happen - so let's amend them.
Let's bring in game theory.
The issuer of a takedown has to declare the value of the material. This value is legally binding, and can be used in court when discussing damages. (Except statutory damages.)
Conversely, if the takedown turns out to be bogus, then the issuer is liable for an instant statutory fine of 10x the value declared, multiplied by the number of downloads/views the material has (if available).
(The multiplier hopefully prevents late claims or attempts at censorship.)
No value means no takedown.
A value below a certain threshold (set by the Library of Congress, based on combination of length & content type) means no takedown.
This should solve the problem. Those with genuine takedown needs get a takedown, AND for playing nicely they get to declare how much they think their goods are worth for the court's consideration later.
And those who are just trolling get their wallets emptied on a regular basis.
An interesting side effect means that we may actually get to see companies start to put realistic values on their goods, and that if the load for DMCA takedowns becomes too high the data is there to begin processing them in "most expensive losses" order first.
Which raises an entirely new dilemma on the part of the issuer. Submit high and get takedown sooner, or submit low and hedge against having made a mistake?
(There is a third option - submit low and go for statutory damages in court. Except that will mean that the figures will end up showing that statutory damages are too high, and give hard facts which allow the law to be altered there. A good short term option, but a very dangerous long term one.)
I think that if those changes were made, DMCA takedowns might actually approach something which almost resembles sanity...
What we have here is a failure to communicate...
Louis CK made money, yes. But he failed to MONETIZE.
By which it's meant that he failed to make the most out of the process.
Not the product, mind you - the process.
Louis had a very simple proposition: Pay me money, I give you something funny.
Louis CK viewed DRM as a cost that wasn't worth it, and that alone is a threat to the MPAA's reality. It's also what most people here have focused on, because of this guy's job title.
But we need to ignore the job title, and remember that this guy is steeped in an industry. Language shapes how you think, and I believe we can see more than just DRM being referred to here.
Louis CK didn't sell plushies, action figures, and clothing. Or re-release earlier goods with a little sticker on them that advertised the new product whilst pretending to be a reference of quality ("From the man who brought you...")
Louis CK didn't do that not only because he didn't have the rights to previous works, but because that would be a waste of time and money. He could - nay, should - be writing material or working on the new product.
He also didn't choose to get paid for holding a particular brand of soft drink whilst he did his act.
A smart move, because even if $sponsor were to pay for him to be using their product during the filming, the costs of lawyers to land the deal would leave him with little money.
And the sponsor would no doubt want some "creative control", to ensure he didn't say anything that they don't want their brand associated with...
Which is effectively self-censorship for the project. And when you realise that the deal will probably land him no more than minimum wage (given how long it will take to do the project), suddenly he needs more sponsors, which means a death spiral of more censorship...
Basically, Louis CK is smart. He saw what people wanted, he budgeted it out, he delivered JUST WHAT THEY WANTED, and didn't waste time doing much else.
But that's not what Hollywood does. Hollywood doesn't just sell films to customers, it sells advertising space in those films too. It doesn't just sell a film, it sells merchandising - or at least the rights to it. It doesn't just sell a medium with the film on it, it sells the rights to distribute those films.
THAT'S monetization.
That's how the MPAA thinks. Total control for maximum profit. Don't take risks, and do whatever it takes to get the most money from every stage of the process.
Who cares if the film is sanitised by sponsorship requirements? Who cares if the distribution chain creates artificial delays that encourage piracy? Who cares if merchandising is shoddy? Who cares if DRM means buyers are annoyed by unskippable adverts?
Not one of those is a concern to this man.
The business he lives and breathes in a "monetized" world. He may not quite understand how the new generation of Connecting-With-Fans and Reason-To-Buy artists can make money without doing this.
Subconsciously, he's almost certainly wondering why Louis CK didn't "monetize" as I've described. Because such monetization is all he sees, every day.
Which is slightly frightening.
But what's also slightly sad is that he probably hasn't even considered the downsides I've listed. He's not even capable of seeing them as serious downsides, because everyone around him sees only the upsides - the bottom line from the deals.
I've always wondered if Hollywood execs are just unscrupulous salesmen. They often seem to share one key quality - they only care about the money that they, individually, bring in. If the sale hurts business reputations, or damages future sales, then they don't care. "Just look at this quarter's bottom line! I'M ON FIRE!"
That's monetization. The pursuit of many individual bottom lines, with no care for the effect on the final product.
Techdirt has not posted any stories submitted by Philip Storry.
Submit a story now.
Tools & Services
TwitterFacebook
RSS
Podcast
Research & Reports
Company
About UsAdvertising Policies
Privacy
Contact
Help & FeedbackMedia Kit
Sponsor/Advertise
Submit a Story
More
Copia InstituteInsider Shop
Support Techdirt