Slashdot Log In
Developing Subversive Software?
Posted by
Cliff
on Sat Sep 09, 2000 12:54 PM
from the software-on-the-hush-hush-q-t dept.
from the software-on-the-hush-hush-q-t dept.
e_lehman asks: "Software development is increasingly subject to corporate legal harassment. Suppose I want to write a program that I know corporate America won't like without being sued or arrested. How do I covertly find collaborators? How do I distribute the code? How can I distribute patches? How can I get user feedback and contributions? How can I prevent someone with a lot of resources from tracking me down? Producing "subversive software" must appeal to a lot of frustrated Slashdotters these days. How would you really go about it?"
"Examples of the problem are familiar: development of DeCSS brought police to Jon Johansen's home (Interestingly, Jon's two collaborators remain safely anonymous). Distribution of DeCSS brought onerous MPAA litigation down on 2600 and others. Development of CPHack landed Matthew Skala and Eddy Jansson with a suit from Mattel. Distribution of a driver for a barcode reader has put Michael Rothwell under legal duress. Openly defying corporate bullying is important, but grueling. Coding shouldn't always risk martyrdom.
Here are some stray ideas and questions in this vein:
- A program could be introduced to the net via a public access terminal. How common are these? Where are they? Is it easy to upload code? How do you then anonymously publicize your program?
- Code could initially be distributed in encrypted form with its function only loosely described. Lawyers would have no solid target until the key was released, which could happen once that cat was safely out of the bag-- say, after a hundred downloads.
- Do compilers slip information into binaries that could be used to identify the author? For example, do MS compilers sneak a registration number in there somewhere?
- Version 1.0 could include a cryptographic hash of a text message included in version 1.1, version 1.1 could inclue a hash of a message appearing in 1.2, and so on. This would let users know that that a newly posted version was indeed from the original authors, without identifying those authors.
- Gnutella and Freenet are obvious distribution models. But surely RIAA and the MPAA are scrutinizing them for vulnerability to legal bombardment. Will they really hold up? A sort of free-for-all model worked for distributing DeCSS; could that work routinely?
How would you go about developing, distributing, and maintaining 'subversive software'?"
This discussion has been archived.
No new comments can be posted.
Developing Subversive Software?
|
Log In/Create an Account
| Top
| 258 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Careful, posters (Score:5)
Ever used a BBS? (Score:4)
Don't the groups that actually put out "warez" still use an elaborate BBS-based scheme before it gets onto the internet in general?
--
Re:Ever used a BBS? (Score:5)
What's needed is a way to set up a "front" site and post your code there, without either being traceable to you, and without ever using the same front site twice. That way they can't catch you when you come back, since you don't.
Making us crackers... (Score:4)
Are these "divide and conquer" tactics working? Well, they are altering YOUR methods already. If they didn't work, you wouldn't have to ask your question.
Perhaps this is a question you should take up with the EFF or some other such body. They could use as much help as you can give.
bm :)-~
Winking in the dark (Score:3)
I would suggest a private, secure newsgroup, hosted on your own machine, to allow only your developers to talk to each other. Think of it as your very own BBS for exchanging information and services. As a matter of fact, a BBS would be a pretty good way to a casual RIAA or MPAA port sniff. So ask your developers to dial into your box direct and keep it off the net.
As far as attracting new developers, this one is a little differant. They can't join a team they don't know exists, so look for trade mags and cheap "alternative newspapers" that have a lot of er umm "escort services" advertising in them. If they can advertise witout getting investigated, so can you. Getting their attention without tipping off "the man" won't be easy. It's a lot like winking in the dark. Sure, you know you're doing it, but does anybody else?
Depends on the road you want to take. (Score:4)
I have taken, and prefer the high road. Hiding, will give the enemy amunition that you are hiding, therefore knowing it's wrong.
If you do something with the belief that you are right, then stand up for what you believe. It's not easy, but large corporations can be fought and you can win. Though some will refer to you as a crackpot.
If you go "underground" anyone who knows, can always surrender your name. You can always submit it to a rogue server from a cash paid public terminal. Use the Gnu or Watcom compiler to make sure that there is no embedded identification code in the executable.
What exactly are you hiding from? (Score:5)
I'm sure you all think I'm naive, and I'm underestimating the damage that a lawsuit can do, but it strikes me as incredibly cowardly to do otherwise. Personally, I've sent copies of the musical version of DeCSS (a link would be helpful here) to all my friends, so that they can play it on their radio shows. None of them have blinked. Like most "broadcasters" (including authors), they know that because of their position, it is their duty to be the first line of defense against the thought police.
(Aside: Why do all my friends have radio shows? Do hand them out at concerts or something? I want a radio show!)
Hah! (Score:3)
Re:anonymous maintenance (Score:3)
Suppose I want to write a program that I know corporate America won't like without being sued or arrested.
You can send a synopsis of your proposed code and ask specific queries regarding its implementation at the folling email aliases (obfuscated to protect the innocent):
postmaster@[32.96.111.130]
webmaster@[208.47.125.33]
jv@[209.67.152.159]
root@[208.225.90.120]
Speaking of helping the EFF ... (Score:3)
Obfuscate your identity (Score:4)
Anyone with enough resources will be able to track you down. Big corps usually have good private investigators on the payroll - these guys don't have to play by the rules like the cops/feds do. You can take some steps to make things considerably more difficult, however.
Use a *good* anonymous remailer [publius.net] in a country other than your own. If possible, use several remailers in several different countries. Distribute your software through Freenet [sourceforge.net] and encourage users to set up mirrors. Use encryption software, such as GNUPG [gnupg.org].
These suggestions are perfectly legal ways to obfuscate your identity. This is good because if you are caught, there won't be a lot of "enhancement" charges thrown at you (like getting caught with a few grams of pot, a small scale, and a (legal) gun). Depending on exactly how "subversive" this software is, you may decide it's worth breaking a few more laws to reduce your chances of getting caught.
You're Confusing Your Objectives... (Score:4)
Hi!
I think you have to decide what you want to do:
If you want to run an Open Source project, hey, that's great. But by its very nature Open Source is open--the very opposite of clandestine. If you're going to write clandestine software you need to maintain an absolutely closed development group--you simply cannot tell the world the names and addresses of all the members in your cadre of 3l33t haX0r d00dz.
Corporations? You're Aiming Too Low
DeCSS may scare the (few remaining) wits out of the MPAA--but ultimately the MPAA is just a trade organization dedicated to staging an awards ceremony. If you really want to have a little excitement, consider doing something really subversive. Say, develop Arabic-language courseware targeted at girls (particularly Afghan girls). Or Bible-club software in modernized Chinese.
I have been involved, in years past, with an ad hoc operation that smuggled Bibles and other Christian books into countries where they were (and in several cases still are) considered contraband. The operation was relatively small--because we had limited funds, and because we depended upon people in-country to handle distribution. Our funds were limited by our need for security--if we'd broadcast to the world that we were smuggling Bibles to women in the Persian Gulf the locals might have caught on. Or worse, caught our contact in-country. Security is paramount.
That said, yes--Microsoft compilers do point to unique identifiers in things like class IDs. A necessary part of the COM interface requires a globally-unique identifier--that identifier of necessity points to your machine. That doesn't make it easy to find your machine--it only means that once the authorities get to your door they can prove that a particular class or DLL was originally compiled there. (That is, it was compiled there first--subsequent compiles on other machines won't change the class IDs, so those later builds will still point to your machine.)
I cannot resist!!!! (Score:3)
You said, "free country"
DO YOU MEAN free-as-in-BEER COUNTRY,
OR Free COUNTRY!
Free countries must use the Gnu Public Constitution(tm), or they're not really Free, merely free!
{grin}
WWJD -- What Would Jimi Do?
VPN! (Score:3)
Once you have this large network, you'd be free to do whatever you wanted on it, with not much worry of law enforcement, government, or clueless people interfering with your work.
Think about it, multiple IPSec tunnels to different nodes, and gated running with OSPF or BGP4 for dynamic routing updates in case someone elses node goes down.
Of course, you'd be reliant upon owners of the other nodes keeping them secure. Maybe a linux distribution that is specifically for making a node for the network would be better rather than trusting each user to set up and secure his own box. Run the installer, give it an IP, and tell it where a couple of nodes are. Make extensive use of encryption, especially for authentication, an you're all set.
For an nice layer of anonymity, it would be nice if freedom.net allowed IPSec tunnels through their network. Although ssh works, and you can always do ppp over ssh.
There's endless possibilities to how this could work, but it would certainly be an interesting project.
Won't work (Score:5)
This way a small BBS will be "decrypted" immediately; FBI just needs to run a query like:
SELECT DISTINCT originating_number
FROM all_phone_calls
WHERE target_phone_number =
against the phone company's data warehouse.
You are having paranoid fantasies (Score:3)
You seem to have an overly high opinion of the "conformity", if you will, of corporations. There are companies that let you gamble and buy drugs, steal music and videos, and hire prostitutes, all over the web.
What on earth could you be doing thats is worse than this?
I have a funny feeling that you're a minor-league developer who has let the slashdot "black-helicopter" club feed your paranoia.
USENET + Signed PGP (Score:3)
- Start with an anonymous remailer as described in The Anonymous Remailer FAQ [andrebacard.com].
- Next, create a NEW PGP key (that's not related to your name, DUH!) and upload it to one of the many PGP Keyring servers, such as at pgp.mit.edu.
- Next, create an internal CVS tree with your source code. Tar it up, split it, md5sum the file, and attach both to a mail message pgp signed with your anonymous key. Mail this to the remailer with a USENET news header of your favorite newsgroup (make certain all your friends know the correct newsgroup to puruse).
- Now, all your friends need only suck down the attachment from the agreed upon USENET newsgroup and create their own CVS trees.
- They all follow the same steps, only they post patches, along with an MD5 sum of the patch+original CVS source tree (tar'd, or individual file)... this way you know when you're applying the patch that it's against a current revision).
There you go, because you're using an anonymous remailer it's completely anonymous. Because everyone is signing the USENET post with their (anonymous) PGP keys it's absolutely certain proof of authenticity from the author, and because you're MD5 suming either the source tree tarball or individual files you can be certain that the patch is against a particular revision of the source tree/file.Answer your question?
Re:Subversive Code (Score:3)
* Anonymous distribution of "embarassing" materials. Model here is the "Church" of Scientology's (tm) "copyright trade secret" "scriptures". They have established a precident that, if somebody releases private material showing evidence of a crime, the IP issue of releasing private material takes precident over any crimes that that material might provide evidence for.
* Code that enables small-scale, not- for- profit sharing of things like recordings and movies. Right now, I would *not* want my name associated with an MP3-sharing program.
* Code that enables use of IP things in ways that the "owners" don't approve of. An example would be bypassing the "fast forward cutout" on some DVDs. Yes, fast forwarding through commercials is a "crime" now.
* The way that things are going, "reverse engineering" of any kind will soon be illegal. See the discussions on the "CueCat" and the hoohah about figuring out what CyberSitter et al actually filter out.
Anyway, the way the laws are currently written, any time you do something that a big company doesn't like, they can simply sue you into oblivion. Anonymous software distribution gives you a way of getting your stuff out there without painting a target on yourself.
Incorporate (Score:3)
Create a business, file the proper papers, and have the software be created for the company.
Generally, the company can be held liable for the sins of its products, but the employees can't.
This is why MS may be broken up, fined, etc., but Bill Gates won't go to jail.
Any lawyers out to there to clarify or correct?
-----
D. Fischer
Rule #1 (Score:3)
Grow up (Score:4)
So you want to do some noble "power to the people" project that "corporate America won't like". Well, two things come to mind. One possibility is that you want to create something wonderful, like an extraordinary browser (Mozilla), or a whole operating system (Linux), or any number of other superb products that legitimately compete ferociously with products of "corporate America" like IE, Solaris, Oracle, etc. If that's the case, then the number of ways you could contribute to the world is virtually limitless, and you don't need to sneak around to do it. "Corporate America" calls it "competition", and it goes on above ground, in the light of day.
The other possibility is that instead of creating something of value yourself, you feel an adolescent urge to be a big hero to other adolescents by finding ways of stealing things of value created by others. You have some cartoonish image of "corporate America" as The Evil Empire from Star Wars, and you're some noble code Jedi with a compiler for a light saber. I suspect you're in this camp. I'm mistaken, then these comments apply to those who are, but not to you.
"Corporate America", in reality, isn't one entity, and it isn't even American. It is the majority of working people in the developed world and the relatively consistent conventions they've established for cooperating as groups and individuals to convert the hours of their lives into things of value, which they then trade with other groups and individuals. It is also the relatively consistent conventions they've established to prevent people and groups from stealing from one another, forcing them to have to produce things of value themselves that can be used in voluntary trades. That increases the pot of goods and services rather than just shifting them around.
There are plenty of areas in commerce where reasonable people of good will legitimately disagree on areas of legal policy. There are also countless inequities and inefficiencies in a system that still requires human lawyers to argue the edge cases. Those with the biggest legal budgets tend to win more than their fair share of edge cases.
Unfortunately, there are also a lot of people who think it's their right to steal anything that they can get away with stealing. They frequently point to the inequities of the system as a rationalization for their base desire to simply steal something rather than trading for it.
Instead of pouring your energies into finding ways to steal from your neighbors, whom you refer to as "Corporate America" to make it sound noble, why don't you find a charity that can't afford to pay for "enterprise software" and build something for them from open source components?
Or why don't you find a way to extend the features of some open-source system to cover the needs of a group that doesn't yet have the necessary level of computer literacy to do it for themselves?
Or why don't you go out and create music or great films or whatever, and then give away what you've traded the hours of your life to produce, instead of trying to give away the hours of other peoples' lives?
How to release and maintain code anonymously (Score:5)
1) E-mail
Setup a nym account with one or more of various nym servers out there:
nym.alias.net [mailto]
redneck.gacracker.org [mailto]
OR, you can get a paid for nym account with ZKS:
ZKS Freedom Net [freedom.net] (They are taking applicants to beta test their Linux port now)
This takes care of having an anonymous bi-direction e-mail account that people can contact you through and will be secure from the attacks of a determined foe (be sure to change your reply blocks often though).
2) Publish the code somewhere publicly available, like the web or usenet.
The next problem is distributing your code. What you need is a means to publish the code anonymously.
Web
To contact sites like sourceforge [sourceforge.net] anonymously, which provide you with a nice mechanism for releasing the code and storing it somewhere, you need a web anonymizer or an anonymous routing scheme like ZKS.
Several solutions exist to do this. In order of highest security:
ZKS Freedom Net [freedom.net]
CROWDS [att.com]
Anonymizer [anonymizer.com]
Usenet:
Usenet is means of publishing your code that is even more resistant to censorship attacks than publishing the code on a website:
mail2news gateways. These allow you to post an e-mail message to usenet, preferably after you have anonymized it thru several remailers. Posting to usenet is an EXCELLENT mechanism for getting past the most determined censor. As long as you don't start spamming your distribution, and thereby driving your BI up, you can be pretty sure that your post will not get robo-canceled. If you want to be really fancy, you can encrypt the message, publish the password in another forum, and then post the conventionally encrypted message to aalt.anonymous.messages [alt.anonymous.messages]. This will defeat efforts to automatically find your post on usenet and then issue a third party cancel for it.
Here is a list of known mail2news gateways:
mail2news AT nym.alias.net
mail2news AT zedz.net
mail2news AT mixmaster.shinn.net
Send a message to one of the above e-mail addresses with "help" in the subject for instructions on how to use the gateways.
Python
Re:unique identifiers [OT] (Score:3)
Re:anonymous maintenance (Score:3)
College computing sites are perfect for this. Do not put your dev machine on the net; instead deliver it via read-only media to the site, and get access (for example, sniff passwords w/out doing anything malicious to the user; the more actions you take against the user, the more you expose yourself). Send the information (sourcecode, binaries, etc) via many different routes, almost all of which are irrelevant.
By the same token, if you know how to hack, make automated scripts that send information in a similar manner, to the same routes. Only one person need know how to compromise such machines; that can be your logistics person. No gratuitous damage there, either.
College areas are unlikely to have any sort of visual surveillance. And of course you will keep in mind that it is not impossible.
I am demonstrating much of this at the moment.
stealing is not the point (Score:4)
I think the balance of power is seriously shifted in favor of corporations. It's not just a question of "stealing" copyrighted material, it's also about the customer's right to use that material in reasonable ways. Even though I don't agree with the use of Napster to perform large-scale free distribution of copyrighted work, I think things like Napster and DeCSS are important in order to reach some kind of acceptable balance on these issues, and ultimately to declaw UCITA, DMCA et al.
This is a toughie, for sure. (Score:5)
My own answer has been along these lines- I will create to the best of my ability and use the legal system to defend the interests of the people I'm creating for. That's sometimes meant GPLing software, when I could- my software is frankly not world-class, it's not really my area of expertise- and now it's beginning to mean that I must put together not only my recording studio, but also CD mastering and duplication, and even hosting for free audio. The studio's done and quite functional- CD mastering and even Video CD mastering is dead simple- duplication's going to cost me some serious money, I'll be taking out a bank loan when I have my ADAT paid off to get a duplicator- and hosting is beyond _my_ reach though I need it desperately.
All this is needed because I can't trust the commercial sector to handle it for me. The breakdown goes like this:
- Studio: the $75 an hour I'm asking is actually very low for a studio. This part is pretty straightforward- studios are service oriented and it's more a financial question than anything else.
- Mastering: mastering houses charge a _lot_ of money for what they do- the gist of it is that you can't seriously tailor the frequency range and soundstage of your CD while listening over pathetic little nearfield monitors. The need for an extra pair of ears on the project is somewhat counterbalanced by the fact that these days, mastering houses are increasingly forced to brutally compress their results until average levels are about 1 db down from peak. This sounds appalling but is louder than the competing songs on the radio
;P
- Duplication: currently having a burner will do- one nice thing about being a geek is ability to track down things like Mitsui CD-R media with process color surface-prints: it can cost six times what you can find cheap media for, and maybe twenty times what commercial CD materials cost, but archival quality is substantially better and honestly, there is a place for a quality argument. The point at which the commercial product is cheap crap at premium prices is the point at which the quality argument at reasonable prices starts to substantially work. The trick is you have to make all aspects _look_ professional- hence the process color media print, at 400 dpi carefully color corrected (the guy who does the CD printing called this 'overkill', to which I replied 'good!'
;) ) When things develop to the point that I need more duplication, it will be time to talk to my bank about the next bank loan- currently I'm paying one off for my 20-bit ADAT studio recorder, it seems reasonable to think in terms of another to get a serious CD duplicator. I'm also excited about the possibilities of producing Video CDs- which can be played in DVD players. Hooray, an accessible format for short video that can piggyback on the leverage of the stinkin' MPAA! I may get a DVD player just to test my VideoCDs on :)
- Hosting: This is the killer. I don't have any way to offer _this_. I have done some research, however, into what needs to be out there.
This last one is the hardest one, and I'm not sure how to address it- and this post is about how I'm trying to address each issue personally instead of announcing that 'someone should' do this stuffBasically, I see a pressing need for just plain media hosting on a massive scale. It could well be restricted to mp3 and ogg vorbis (hell, include wma). It could also be restricted to 128K on two assumptions: one, it'll be important to not have everyone doing 320K and using up two and a half times the resources for their stuff, and two, it's low enough quality to justify being giveaway stuff and high enough to basically enjoy. It will not pay musicians one cent for the downloads- on the other hand it will not _charge_ musicians a cent for the hosting. Most importantly, it will have a usage agreement that protects both parties, asks only nonexclusive rights to host the material, claims no copyrights to the material, and requires any contract changes to be explicitly signed off on by the artist. (This last one is the main thing mp3.com just lost in their contract alteration).
Instead of instantly planning to fund the thing off ad banners (aren't we all sick of that by now?) I propose the hosting service be incorporated... as a 501c3 nonprofit corporation. This is a VERY IMPORTANT point for protecting artist rights in the current climate. The 501c3 must have an explicitly spelled out mission statement that it must abide by to maintain its nonprofit status. It can seek grants- it could even solicit money from the RIAA labels, 'leeching' off them to provide its services in perfect safety. It can pay server operators a relatively decent salary for doing their jobs- you wouldn't have to go hunting for MCSEs, you could spec out a proper high-load server farm and pay to have it run properly, nonprofit doesn't mean it can't pay employees a normal wage. Finally and most importantly, a 501c3 answers to the IRS and has to follow certain rules or cease to exist. It CANNOT be bought out, either in a takeover or a merger, by a commercial corporation. It can only be bought/merged with another 501c3- and for this to happen both 501c3s must have essentially (literally?) the SAME mission statement, not differing ones- and it is so hard to change a 501c3's mission statement that you might as well disband it and start a new one. And when you disband a 501c3, all assets it has must be distributed to OTHER 501c3s covering the same basic area.
When you look closely at these things (I have a friend who is expert at framing charters for 501c3s and knows all about them and has a terrific batting average for his 501c3 proposals being approved), it's amazing- almost GPL-like- it's a form of legal incorporation that uses the meanest parts of the US government (the IRS!) to protect you against rampant corporate abuses. If you are a 501c3 no commercial corporation can touch you- they can give you money for a tax break, and that's about it. They can't buy you out. They can't shut you down- even if they for some reason got totally Mafialike and pressured all your boardmembers to disband the corporation, your resources simply get distributed to other 501c3s doing the SAME JOB. It's like the liquid metal Terminator- no amount of force can destroy you! All watched over by the IRS with gimlet eyes. You don't have to vigilantly guard against, say, major labels subverting you and making you a profit-earning subsidary. The IRS will vigilantly guard against that :)
I'm not sure what the software sphere would need in terms of a 501c3 to develop ideas that need to remain free of corporate control. I do know the needs of my own sphere- music, media in general, video as that becomes a factor. The music sphere needs free hosting because a musician who's even slightly prolific will rapidly exceed the bounds of any personal site or typical hosting service, and it seems like most/all of the music/mp3 hosting services on the net are RIAA label controlled or copying their contractual provisions.
In order for musicians to be able to function outside the confines of RIAA ownership, they need to have the ability to own the means of production (easy: CD burners and duplicators and Internet sales) and the ability to circulate music to people who don't know the music yet. It really isn't necessary to have one recognizable site for people to _browse_ from (mp3.com is full of bands who've never been listened to- I always got most listens from mentioning what I do on Slashdot), but it is necessary to have a site with acceptable policies/contracts which won't need to be changed or moved. Wherever it is, there needs to be a fair amount of stability so that the musician can distribute CDs, posters, handouts with the URL on it. Because of mp3.com's change of contract, I have posters, CDs out there, even 24 cassette tapes that haven't even been _recorded_ yet, all with the mp3.com addy on them, which is now obsolete.
The common factor here is that it's all about giving _my_ material a base of operations that's not easily destroyable by corporate interests. I'm not attempting to, say, sample RIAA label acts and use their music as part of my composition. I am not negativland ;)
A very good question would be, how important is it to pursue development on IP that corporations have claimed as their own, and how important is it to defend IP that is actually original? Most of my response has been centered on defending the ability to produce and distribute stuff (music, video) that is original, knowing that the _facilities_ for this production and distribution are under continuous attack, but my right to produce is not actually in question.
Are programmers in danger of losing their right to produce, or is the perceived threat simply that anything programmers do will be patented by corporations and taken away from them? There is a point at which this begins to seem unreasonable. Somebody at Amazon _thought_ they invented one-click ordering, which is stupid but doesn't necessarily mean Amazon set out to 'steal' stuff from the public domain. I question the wisdom of assuming, from the start, that what YOU CREATE is so doomed that it must be 'subversive' to survive. I would suggest trying to remain visible and CREATING stuff, quite openly. Use contractual tools like the GPL to protect your interests. Don't assume you're so outclassed that you must go into hiding! We're looking at an era of much legal rule-changing. Some of the rules are changing to heavily favor corporations and piracy, by them, of intellectual property and other types of property and privileges. Some of these rules will be changed BACK once the consequences are clear. Act as if the world was fair and you had rights! Behave in good faith and don't knuckle under to the appearance of oppression. Act AS IF you had rights, know what they would be if you had them. Don't act like you are a criminal just because some other entity profits by criminalising you.
The last word is this- when you create, you set the rules. My CDs will have "All commercial rights reserved- noncommercial copying OKAY" at the bottom of every single one of them. If the RIAA manages to make (for instance) copying of tracks off audio CDs automatically illegal, I will happily participate in a test case: someone can rip my stuff and put it on Napster, and I will testify that I explicitly allow such noncommercial copying of MY CDs, thus no blanket rule can be made. The RIAA DOES NOT HAVE THE RIGHT to set MY rules, and my rules for my CDs permit noncommercial copying. I'm even spelling it out on the CD itself where it can't be missed- my wishes _will_ be respected. That's justice.
Re:anonymous maintenance (Score:3)
Unfortunately, this doesn't appear to work either. The U.S. gov't has just successfully prosecuted an American citizen for running an internet gambling site based in Antigua (he himself was in Antigua too, at the time of the 'violation', and the site is legal in Antigua). His crime seems to be that he is an American and was allowing Americans to access his site. So, it appears that doing something that is legal in the place where you are and is theoretically outside of U.S. jurisdiction is not necessarily a defense, if you're a U.S. citizen.
Re:IRC File Servers (Score:3)
Re:stealing is not the point (Score:3)
Nevertheless, I see an element of civil disobedience amongst Napster users that goes beyond just the desire for "free stuff". Some see cheap justifications and rationalizations; I see at least some people who aren't necessarily articulating what's bothering them very well, or in the right places (mea culpa), but their actions speak for them. Mindlessly criminalizing this kind of activity won't ultimately help even those lobbying for the criminalization, as we both know.
[...]or their rights over their property (I'm not allowed to mp3 my song? But it's _my_ song, recorded it myself!).
I agree, this is one of the big danger areas. Actually, as copyright holder of your own work, you'll probably be allowed in theory to mp3 or dvd it, but getting access to the necessary tools could be another question. In the current climate, it's easy to envisage being forced to join the RIAA, pay dues, and use an approved publishing company, all to gain access to the technology required to create content that can be recognized by consumer players.
As long as it's about copying Britney Spears CDs without her permission it's a losing argument. But it _will_ escalate until the problems are so terrible that there's no more ground to give.
Agreed on both counts.
One ray of hope I see is that higher courts in the U.S., especially the Supreme Court, are often pretty good at handling this kind of thing. As long as the next president doesn't totally mess up the court, I fully expect some of these things (like code that's illegal?!) not to hold up.
Speaking of which, to bring this back to the original topic, now that particular bits of code have been declared illegal, I consider it virtually a moral duty to try to write such "subversive" code - otherwise, we are capitulating to an unacceptable restriction on freedom of thought, expression, and communication. I haven't thought of a suitable application yet, though, so the NSA and RIAA can sleep easy for another night! ;^)
Re:Careful, posters (Score:3)
Re:unique identifiers [OT] (Score:3)
The ability of this algorithm to generate "globally" or "universally" unique identifiers relies in part on the fact that network adapters contain a node address which is issued in blocks to network card manufacturers by the IEEE, so is guaranteed to be unique. Here's some info about UUID generation [opennc.org].
While processor IDs can be used to identify a system, there currently isn't widespread use of these numbers in standard software components.
Re:Grow up (Score:3)
It sounds reasonable, but I think it only describes half the equation. There's a question of balance to be examined.
While large cooperative groups offer advantages, they also have a number of qualities which I think are largely uncontroled today.
Maybe the advantages in the pseudo-symbiotic relationship we share with corporate entities are enough to overwhelm any worries you might have as to the more destructive qualities corporations exhibit, but I choose not to wear blinders or to see the world in black & white, and certainly not to tell people who might have legitimate concerns to 'grow up', just because I would rather not face the nauseating possibility that maybe there is something terribly wrong.
So I'll definitely be keeping at least one of my feet squarely in the, 'Corporations are the Evil Empire,' camp you described, simply because corporate entities do lots and lots of morally questionable things which make the world crappy for lots and lots of people. The fact that you can clearly write well, means you're not ignorant, so I won't bother listing off any of the ton of available examples of corporate greed and willfully reckless behavior. (When profit is god, how money is made is unimportant, so long as it's cheaply done and doesn't leave shit in your own immediate corner of the pond.)
Also. . .
'The other possibility is that instead of creating something of value yourself, you feel an adolescent urge to be a big hero to other adolescents by finding ways of stealing things of value created by others.' [snip] 'why don't you go out and create music or great films or whatever, and then give away what you've traded the hours of your life to produce, instead of trying to give away the hours of other peoples' lives?'
Yeah. . .
Fair enough. Except you're again looking only at the portion of the equation, (that which clearly makes you feel comfortable in your own philosophical rules set). Hate to say it, but. . .
The problem is one of fairness. The people who make music don't ever receive the lion's share of the profit. I'm all for a system which will put a quarter into the hands of the artist for every track of music I decide to keep, and keeps the millions of dollars out of the hands of the non-creative music execs who currently take nearly all of the profit.
And take stealing the content from DVD's. I think that's entirely fair. -The content of a DVD has usually made its money back with lots of profit by the time it plays theatrically world wide. The disks themselves cost pennies to press. If DVD's cost eight bucks a unit, I'd never rip one off ever again. As it is, they regularly retail for over thirty dollars. That's just plain greedy and unfair. The 'competition' which is supposed to bring us fair prices clearly doesn't work. (Gee? There are content cartels? Who would have thunk it!)
Currently, piracy is the only semi-organized structure which has a shot at bringing about fairness in the market place. Shucks.
Sure, I sometimes feel like I'm wielding a metaphoric lightsaber, but that's only because I feel that I'm being manipulated and taken advantage of by a metaphoric evil.
And I don't wear blinders made from half-reason.
-Garund
Balance is everything and we don't have enough.
OK for small stuff but what if they'd kill you? (Score:3)
Or provided secure communications channels for reporting human rights violations from within repressive regimes?
Or suppose the software in some way helped promote meaningful political change in a repressive regime - and was developed within the territory of that regime?
No, really this is an important question and needs to be addressed in a serious way.
Re:Depends on the road you want to take. (Score:3)
Now, it's not enough to just call it a school project. You need to be really doing something original and worth publishing, but you can do quite a bit legally when your intentions are academic. We had a good speaker from Lucent give a talk on this exact problem recently (at Rutgers). this is what he told us paraphrased:
I'm going to tell you three stories about three diffrent people working in cryptography, but first I'm going to tell you the endings to the three stories and let you take a guess as to which stories have which endings. Two of these folling people went to jall and one recieved academic laurals.
The first guy reverse engenered top secret government encrpytion chip and was told not to publish the results by his boss (and maybe NSA), but published the results in the New York times anyway. The second guy wrote a program to help him watch DVDs on his computer under Linux instead of Windows. The third found a major flaw in bank security for financial transactions and reported this to the company handling the financial transactins.
Well the first guy (our speaker) recieved great academic awards, the second guy (Jon Johanson) spent a night in jail, and the thrid guy went to jail too (I donno how long). Actually, the third guys story is really intersting. Apperently the banking company said "no we do not believe that any money could be stolen with this exploit, could you prove it to us by making a transfer." the guy made a ransfer and they said "Oh you've stolen some money so we are going to throw you in jail." The implication being that they were tring to shut him up, so they tricked him into doing somthing illegal.
Anywho, the moral of the story is that you can get away with these things if you have a PhD and work for a security company. I would say that people who are not any whare near getting a PhD in crypto, but want to publish subversive stuff should take their message to the academics. Specifically, you should get a respected academic as a coauthor for a paper and get your paper published in a resprected jurnal.