Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Censorship

Keep It Legal To Embarrass Big Companies 148

Posted by jamie
from the safe-legal-and-rare dept.
Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

This discussion has been archived. No new comments can be posted.

Keep It Legal To Embarrass Big Companies

Comments Filter:
  • by jd (1658) <imipakNO@SPAMyahoo.com> on Tuesday February 22, 2000 @04:33AM (#1254089) Homepage Journal
    Keyword censoring doesn't work. For the same reason Echelon can't work by keywords, there are just going to be far too many false positives and far too many false negatives.

    (Those with keywords on the brain have a rare, but fortunately treatable, disease called Greperitus. The cure for this is to hit yourself over the head with a salami sandwich, repeating "Grep is not all-powerful. Grep does not out-rank The Great Linus.")

    Nor does it make any sense to filter everything for every user of the software. What is wanted, IMHO, is an ability to selectively control what is filtered and what isn't, maybe by nature, relying on volunteer-maintained databases and/or filters of what fits into the category you don't want. (Sort of like a super-Junkbusters, but not restricted to just banner ads.)

    I e-mailed a couple of organisations involved in promoting filter software, to see why they promoted such packages. I did NOT get the usually claimed line of "it's for the children". What I DID get was "if you go into a bicycle shop, you expect to see bicycles. Why should public Internet terminals be any different?" Now, -that- is a line of argument I can have some sympathy for, which is why I think self-selective censorship makes much more sense than blanket, keyword stuff.

    To make sure this is on-topic, I can't say I sympathise with companies that provide encrypted dictionaries with network software. If they didn't want you to have access to the dictionary, they could just as easily have the filter software connect to a database at THEIR end. Ergo, they are not -really- serious about not letting you access their dictionaries. Ergo, reverse-engineering is being implicitly permitted, because they are not taking obvious, simple measures to prevent it.

    Embarassing such companies, IMHO, is a good idea. Force them to declare where they stand, and make them act on their beliefs. The more these companies are forced to actually -occupy- the moral high ground, rather than merely claim it, the better. Anyone can claim anything, but morality cannot co-exist with dictatorship. The sooner these companies are made to be moral, the sooner they will stop trying to be thought-police.

  • Just use one of the numerous open "Cacheflow" Web proxies, which are scattered all over the 'net. Instant "distributed" discovery.

    209.137.141.68
    cacheflow1.direcpc.com
    cacheflow.tcg.sgi.net
    206.49.216.243
    ch2smc.bellglobal.com
    ch1blm.bellglobal.com
    ...

  • by Anonymous Coward
    Oh, I suspect that they "get it". The question really is: Do they *care*? On many an issue -- particularly the more controversial ones, like abortion and gun-control -- many legislators KNOW the arguments, they just don't CARE because they have their own agenda. Legislators often aren't in power to serve YOU; they're out to serve THEMSELVES. If that means pandering to a minority that votes fervently compared to being just to a majority that doesn't, fine. If this means obstructing justice and violating the Constitution, then fine -- as long as they think they can get away with it; because they probably _will_. They *do* understand fear, 'tho.
  • I was discussing the whole reverse engineering subject with my roommate and we thought it would be funny if Xerox decided to sue Apple and Microsoft. The GUI interface as we know it would not exist if it was not for them. Let us not forget Ethernet as well. I mean if the government is going to say all reverse engineering is illegal, lets hope they don't make the ruling recursive or there are going to be a whole lot of lawsuits.

    If words were wisdom I'd be talking even more

  • > if I were to log on remotely to a site someplace
    > in Sweden from my home here in the US of A,
    > and do all my hacking there, then what?

    Hmm interesting question actually.

    If you used ssh to connect to the server in
    the other country...it could get very interesting.

    I would imagine you would still be under US law
    sinc eyou were in the US when you did it (at
    least according to the authoritarians who run
    the US maff^H^H^H^HGovernment.

    However, assuming you do not do this...then it
    would require them finding out it was a person in
    the US who did it...and ALL of the evidence would
    be on a machine in another country...
    This of course means requesting that either
    A) The sysadmins of the machine volunteer to
    cooperate with US authoritiarians or B) The
    US Authoritarian regime contacting the regime
    where the server is located and asking them to
    go through their process for forcing the admins
    to cooperate and give up the info.

    Basically...if you were smart about it...and
    released any reverse engineered info in a
    fairly anonymous way...it would make prosecution
    nearly impossible.

    Hmmm who else likes the idea of running fiber
    lines from 5 or 6 countries out into the middle
    of the ocean and setting up a platform in
    international waters just full of servers?

    allow anyone to get an account for free and have
    a policy of not cooperating with ANY government
    wrt identitfication of acounts...support only
    ssh connections to the server...even add an
    anonymous remailer.

    Course...I imagine within a year or so...all the
    governments would be pissed off to the point that
    they would just send a few ships out and sink the
    damned platform but...hey...its a nice idea....
    perhaps some satilites....

    too bad its all to expensive to offer accounts
    for free. I don't think people should have to pay
    to hide their identity.

    In any case...it would make any discussion of
    making reverse engineering illegal a moot point...
    since anyone would have a safe place to do it and
    publish from.
  • Would you want to advertise on a page whose basic method of getting people to go there was to con them?

    That sentence sounded quite funny at first to me because in French "con" can mean (among other things) the women genitals, which reminds me of the questions of how do they to keyword-block foreign porn site, let say an other-alphabet-language porn site with no english language (except for the navigation maybe?). Maybe it's time to create your porn site entirely in Klingon ;)

  • Simple: The FBI will demand that you give them the source code. No judge will stop them from trying to convict terrorists because of some copyright you might have.

    Judges, like legislators, are elected: until the public is intelligent, the government will never be.

  • "When they took the fourth amendment, I was quiet because I didn't deal drugs.
    When they took the sixth amendment, I was quiet because I was innocent.
    When they took the second amendment, I was quiet because I didn't own a gun.
    Now they've taken the first amendment, and I can say nothing about it."

    -----

  • Yes of cource I would lose. (at least *if* I was under US jurisdiction...) Just like I would lose if I got prosecuted without those "licence terms"

    *But* with some luck I might bring the law down with me. If the UCTIA gives the little guy a chance to screw with the big boys, the big boys will make sure that it goes away.

  • From the DVD side, its probably very important to them that the case be settled before the general public becomes more technologically literate.

    In fact, I bet most of the people pushing this case actually believe CSS does something to prevent copying.
  • Uh, yup. Check this out, from the CYBERsitter license agreement (quoted near the end of this article):

    Reverse Engineering Prohibited
    Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

    You'd be interested in the bold part. But also, I think it's interesting that they think they can prevent "fair use." Would this really hold up in a court? How can this specific license overrule "fair use," which is a federal law, right?

  • Sounds good to me. An open source software censorware program should allow you to import black lists from other sites, so you could subscribe to the anti-porn, anti-racist, anti-sports, anti-republican, anti-microsoft and/or anti-government lists of your choice.

    If the KKK and NAACP put up lists, take your pick. Or choose neither or both.

    Maybe that way parents who don't want to take responsibility for supervising their children can at least take responsibility for choosing who they trust to take responsibility.

    And maybe it will help the common folk realize that the open source community aren't just anarchists, but are really trying to help people get control of technology.

  • Why?

    Cyber Patrol is a strictly opt-in deal. Parents get it to "protect" their children from filth and smut. Employers get it to "protect" their employees from distractions. Those are both definetly within their rights - they supply the computer for a certain set of tasks (homework, games, research (games doesn't apply to employers :)) and have a right to "know" that their resources aren't being squandered away.

    IF you take objection to libraries and other public resources using internet filters, take it up with them, your local government or your state rep. Don't sabotage their property because you don't like the way some of their clients use it.
  • Nope... When you work for a company, you're generally allowed use of a computer to satisfy the tasks needed to do your work. An employer is fully within their rights by blocking sites from employee access.

    Same goes for parents and kids. Kids aren't "real" people until they're 18. They aren't afforded the same rights as adults (and that's a good thing, in terms of things like penalties for crimes and such).

    The only way it would be a violation of free speech is if the government mandated that every ISP have such and such installed and to disallow eeryone from accessing a certain black list of sites.
  • Suppose UCITA is passed in all 50 states as a worst-case scenario. Reverse-engineering is illegal.

    Save your work on a foreign server. If they try to say you worked on it here, disclose that the server where the work exists is located in Holland. They will say "you were located here while you typed it."

    "No, I called my friend in Holland and repeated my program verbatim to him and HE typed it in."

    Soon, you will be seeing laws passed that say "Intellectual property cannot be exported" (ala crypto) and the security guards doing mind-scans in the airport for any programming knowledge.

    You can expand this via paranoia to any length. IANAL.
  • Some major assumptions there. First let me disclaim that I do believe in honest hard working politicians. Can't name one offhand, but I believe they exist, they just aren't the ones chasing the media and presidency.

    For most politicians though, the question isn't what makes sense, what is practical, or even what is right, it's "what will get me (re-)elected?" Freeer distribution of pornography is not an issue they would like to, or even could, take on in America. No matter how you well you wrap your opposition to censorware in the first amendment a large quantity of prigs and prudes in this country will not vote for such a politician. Ironically I think this is often because they must deny their own attraction to pornography, but that is another subject...

    Then there is a small set of politicians that fully realize that a populace that thinks about issues and is well-informed is not good for their little games with pork, and their power brokering. These critters would like nothing better than a controlled media that didn't criticize the government, and a repealed 1st amendment would garner only crocodile tears, if that.

    Finally, there is the constituency of our government, the mega corporations. These guys simply aren't going to care until you show them a bottom line effect. Unfortunately, what they see is that unless the smut is cleaned off the net they stand to lose billions in potential revenue from those that stay away or are kept away by restrictions on net usage. Look what happened with TV, we all have to view children's fare so that no potential product buyers will be offended. Advertising money looks to drive the net too.

    Its a good fight, I believe it matters greatly. Pornography is being used as a wedge against the 1st amendment in the same way that pedophiles and terrorists are used to keep crypto restricted. But I do not see any organized body of people or interest group with the sway to win the fight. Kudos to the ACLU but they are more reviled than respected today, unfortunately. I see a *lot* of very organized opposition. Depressing. Only by educating at the grass roots is there any chance, and that's a long one.
  • by hobbit (5915) on Tuesday February 22, 2000 @04:48AM (#1254106)
    Wouldn't it be possible to write a self-extracting encryption wrapper around DeCSS and its ilk, which presented the user with a choice:

    1) continue, and forfeit any right to pursue the hosting site;

    or 2) exit, without evidence that the program contravenes the DMCA;

    leaving only the option of reverse-engineering the access control mechanism itself to prove anything?

    Hamish
  • This does seem off topic

    Wpoliticians collecting more and more money over the internet you'd think they would pass more clueful laws about it.
    --
    Be insightful. If you can't be insightful, be informative.
    If you can't be informative, use my name
  • I note that Cybersitter deprives users of one of the main pillars of online journalism: The Onion.

    [you][are][,a,an,too,to][stupid,dumb,ugly,fat,id iot,ass,fag,dolt,dummy]

    ...matches the official Onion motto, which not a little bit of irony relating to Cybersitter's error rate:

    You are dumb.

    Cybersitter: saving the world from the dolts of the net. (tm)

  • Open UP a Unix shop in a mall. Hire young people 15+ yrs of age. Offer scholarships. Hype up the productive day-cre environment. (Even if it isn't true, as long as they're learning.) And sponsor gender-neutral science fairs. Oh yeah stalk the bullshit boys and girls clubs and hire kids from them to so they can really get ahead.
  • But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.
    Given that the entire list has been decoded, you could have really produced a valid statistic by taking an actual random sample of 50 working .edu sites from the whole list. Merely using the first 50 is not a random sample.
  • Sounds good to me [slashdot.org]. An open source software censorware program should allow you to import black lists from other sites, so you could subscribe to the anti-porn, anti-racist, anti- sports, anti-republican, anti-microsoft and/or anti-government lists of your choice.

    If the KKK and NAACP put up lists, take your pick. Or choose neither or both.

    Maybe that way parents who don't want to take responsibility for supervising their children can at least take responsibility for choosing who they trust to take responsibility.

    And maybe it will help the common folk realize that the open source community aren't just anarchists, but are really trying to help people get control of technology.

    Reposted at Score:2 because I can't moderate today. If you're going to mod this down as redundant, then please mod up the parent coment and give GreyMatter [slashdot.org] the credit that he's due for this great idea.
  • I've been thinking about this. The user should be able to select the order that censor lists are applied in, and the censor list should be able to allow as well as disallow access. For example, if the American Family Association block list included gay and lesbian sites, then a Gay Rights block list, if applied with higher priority, would re-enable access to the sites that they think are inappropriately blocked. I can see that it would be difficult to get groups like the AFA to join this scheme, though.
  • by tal (20116) on Tuesday February 22, 2000 @03:48AM (#1254114)
    Don't worry, they won't take away all our rights at once. They'll just take little bits at a time
    until you don't have the right to complain that they have taken away your rights.
  • Something similar happened when the 625-line television standard was proposed in Europe after World War II. That standard was worked out in large part by a German engineer (whose name I've now forgotten). One little problem, though -- the western Allies still occupied the three western sectors of Germany, and forbade all television research, so if word got around about his research he'd be in some deep doo-doo. Solution? He leaked the idea to a Swiss colleague, who could publish it without fear of retribution.

    FWIW, the significance of 625 lines -- aside from the specific number, which was chosen to provide a convenient set of divide ratios -- was that the active line period was essentially identical to that of the established 525-line NTSC system, so that 525-line and 625-line TV sets could use the same deflection yokes and horizontal output transformers. (Today this happy fact also allows conversion between the two standards without having to resample the image horizontally.)
  • by leko (69933)
    I have in the back of my mind, that one day all the politicians will just "get" this and that all these problems will be no more. Am I being too hopeful? It seems to me its just about education on the issues, and understanding the mindset of people like us.
  • Well, perhaps it's time to get rid of the division between "They" and "We"... This sort of thing is ridiculous, and we've definately _GOT_ to do something about it.
  • by www.sorehands.com (142825) on Tuesday February 22, 2000 @04:00AM (#1254122) Homepage
    When I was at MSI (the original developer of Cyber Patrol), we talked (more like joked) about selling the CyberNot list as a seperate product. This would be for users who wanted an easy way to find porn.

    Of course, it did not get far beyond the joking stage. I do suspect that a few people at the company kept copies of the porn lists for their own use. ;). And no, I was not one of them.

    It's a little hard for a company to keep a straight face when selling a list of porn site (or publishing porn themselfs) and selling an internet filter or blocker. It's along the line of a virus protection software company also selling a virus writing kit.

    CyberPatrol does have a page to check their list [cyberpatrol.com] to see if a site is on it. It does not do much good for seeing how good their list is, but at least you can check if your own site is on it.

  • by httptech (5553) on Tuesday February 22, 2000 @04:00AM (#1254123) Homepage
    So, if I were a porn site operator, all I'd need to do is disallow access to User-agent: "Mudcrawler" and then kids can surf my site freely.

    Do you get the feeling that even the programmers know that their software is pretty much useless?
  • I use this site [mit.edu] to get around my school's CyberPatrol proxy. Get to it quick as it will probably be blocked soon, along with the rest of MIT.
  • Oh yeah, one day they'll `get' it and these problems will be no more. But it's gonna get a whole hell of a lot worse before then....
  • Remember when Consumer Reports rated a small SUV by Mitsubishi or Suzuki "unacceptable" because it tended to roll over in hard turns (the kind you would make trying to avoid a child or a deer)? The magazine is being sued for slander. The January issue has more details (it's on the web, for a fee).

    PR Watch [prwatch.org] has an eye-opening series of articles about SLAPP (Strategic Lawsuit Against Public Participation) suits. Companies file them to bankrupt, and effectively silence, people who speak out against them (which is not the same as libel or slander). Oprah Winfrey was SLAPPed by the National Beef Council when she disparaged beef during the Mad Cow outbreak in Britain. An environmentalist in West Virginia was SLAPPEd by a coal mining company when he highlighted environmental abuses by the company.

    Free Speech is becoming very expensive.


  • by arivanov (12034) on Tuesday February 22, 2000 @05:05AM (#1254128) Homepage
    That is not enough, but the checklist to make sure that your site never hits the morons checklist is:
    • Start with a fresh new domain
    • Make sure your robots.txt file says not to scan the entire site. Quite a lot of them ignore the file so this is not enough.
    • Disable any unknown user agents. If your site is 100% PHP or PERL it is an elementary function in the beginning of the script.
    • Rewrite all texts replacing a dictionary of smut-words (the posted ones are a good example as their quoted or escaped equivalents. The smut checkers are where virus checkers were 10 years ago. They do only elementary pattern matching. This will also help against stream scanning sofwtare.
    • Keep an eye on your logs. If you see that someone is crawling check who they are. Firewall or ban the IP range if necessary.
    • Firewall all IP ranges belonging to known anti-smut software vendors.

    Have fun if you have brains. If you do not you shall be filtered. Resistance is futile. Isn't technology wonderful?

    Almost forgot - the described technologies do not consititute reverse engineering and as such do not fall under the provisions of the UCITA and the DMCA.

  • by guran (98325) on Tuesday February 22, 2000 @05:10AM (#1254129)
    On every page critical to a software company, put the words "By reading this text you agree not to take any legal action against the author or publisher"

    On a web site hosting, for example, deCSS. Put the words "Any similarity between this program and any commercial products is purely coincidental. Reverse enginering of this program, wether by looking at the source or observing the operations of the program, for the sole purpose of finding such similarities is not permitted"

    Let the system fight itself!

  • So, if I were a porn site operator, all I'd need to do is disallow access to User-agent: "Mudcrawler" and then kids can surf my site freely.
    Do you get the feeling that even the programmers know that their software is pretty much useless?
    My guess would be that if Mudcrawler couldn't access your page, it would be assumed to be smut and blocked.
  • by Chris Johnson (580) on Tuesday February 22, 2000 @05:16AM (#1254132) Homepage Journal
    "You are stupid."

    DOH! Color me porn!

    Funnily enough airwindows.com is not on any list I've ever checked. I say that because in the fiction section is at least one completed novel with adult themes, one short story with adult themes, and an unfinished novel with even more adult themes. All are basically sci-fi or fantasy and none are really gratituous- the closest that I get to gratituous is the last one mentioned, 'Aquarius', which is sci-fi and deals with a society so advanced in genetic engineering that you have 'races' of cat-people, dog-people, wolf and fish and fox ad infinitum people- and the springboard for the adult theme is this: what if humans went into heat? More, what if this was socially unacceptable and got fixed through surgery and medication, but the untreated condition also brought the ability for sharper concentration and fits of intensely hard work? (not to mention the obvious 'private benefits'- and even here, there's a dark side, as in heart attack risks and added stress)

    I don't know how many Slashdotters have done serious literary writing, or how many people with 'geek values' are also writers. I _do_ know that I've walked a fine line of MY OWN CHOOSING in writing these things- wanting to deal with the fascinating concepts (it's a very geeky trait of mine that even sex is something to intellectually study in fascination rather than just wallow in), but not wanting to be pigeonholed as a tacky porno writer. As a result, I've had to work quite hard (but am pleased to do so), because if you're writing decently about this subject it _must_ be sensed and felt. Fiction is not a HOWTO, but neither is it a scholarly essay. If I'm setting up tensions they must be felt, they must involve- and interestingly, there seems to _never_ be any reason to use 'dirty keywords' or phrases- it's a lot more effective to take the time and energy to write up such a scene properly. And 'effective' does mean inflaming the imagination- that's what fiction is _for_.

    It's ironic- I've never been a particularly prurient writer. I've never written outright porn (this despite the fact that I know where I could sell it for a damned decent price, I might add). My fine line of decency is discreet enough that, even when I write about adult topics, I tend to delicately slip away from the focus of the matter. And yet, every time I read about this damn censorware nonsense, I am more inclined to take my existing approach and really _run_ with it. There's no reason I have to show such decorum. I'm quite capable of taking my SF/fantasy stuff, dealing with the adult topics that do interest me, absolutely going for the throat (or, uh, other areas :) ) and STILL not using any Dirty Keywords.

    I consider this the hidden cost of what the censorware people are doing. Eventually they may just have to _read_ my fiction writing and ban me on _content_ alone despite my tendency to not use dirty words. If they are capable of banning 'gay culture', then they are capable of banning the adult situations of entirely fictional characters which aren't even human in the normal everyday sense. But to do so they'll have to actually read it- and they'll also have to really drop the pretense and stand revealed as the bookburners they are.

    In conclusion: censorware people? "You are stupid". Pardon my _obscene_ _words_. furrfu.

  • I am really happy about this.

    IMHO, blocking websites from children should not be done by software but by the parents. If they can't sit down with the kid for a few hours a week to browse disney.com, they probably shouldn't have had children.

    Of course, not every parent will sit with a child while they're looking information about volcanos for a school project. This is what history/cookies/cache/ip logs are for - you can *always* find a way to monitor what your kids did.

    The best analogy I can think of is not allowing children to watch porn on tv. Sure, they'll still do it on occasion (and they should, eventually), but it won't be done on every day basis.

    As for public access from libraries, maybe it's time to face the fact that "CLICK HERE IF YOU ARE UNDER 18" rarely gets pressed. Maybe the public terminals could only be accessed by people of legal age.

    On the other hand, I wouldn't want to be checking out porn in *any* public place...

    Food for thought. Now it's time to put on my anti-flame suit.

    Cheers,
    Bart
  • Merely using the first 50 is not a random sample.

    Sure it is! Flip a coin. It comes up heads. Is there a better chance for the next flip to be tails? No, the chances for tails are still 50-50. Selecting the first 50 URLs is just as random as selecting the last 50, or 50 arbitrary ones in the middle. It's even conceivable that a purely arbitrary method of selecting 50 URLs could, in fact, select the first 50. In this case, would you suggest resampling so as not to get those certain first 50? In that case, you would in fact be making the sampling less random. You never know. Statistically, though, selecting the first 50 still constitutes a random sampling.
  • Given that the entire list has been decoded, you could have really produced a valid statistic by taking an actual random sample of 50 working .edu sites from the whole list. Merely using the first 50 is not a random sample.
    Actually, I just went through all of the "geocities.com/SiliconValley/*" sites listed as a quick test. Most didn't exist, and of those that did, only 4 (out of 20 or so) actually had pr0n on them. I might put together a quick test utility to pull down 1000 pages and look them over. That would probably give a more accurate percentage of invalid blocks. Keep selecting random URLs from the list until I've got 1000.
  • Both Mass. and California have some form of anti slap statute.

    In my case [sorehands.com] with Mattel, I am arguing that their countersuit violates the anti-retsliation provisions of the FMLA, ADA, etc. This opens them up for unlimited puntive damages.

    .

  • by Anonymous Coward
    Hello, end-user vermin. Here's some software. It might work. It might not. No gurantees and in fact, we have no responsibility even if it fries your hardware, scrambles your hard drive, blows up your monitor, messes up your credit report, and gets you indicted for tax fraud with the IRS. You however, have no rights at all, peon. You will use the software EXACTLY as we graciously permit you to. Period. Any unauthorized use, regardless of wheather permitted by other laws is (thanks to our lobbying efforts), not just a minor civil violation, but a federal criminal felony. Ha! You agree to waiving all other "fair use" and other rights including constitutional rights and "inalienable" human rights by accepting this EULA. And we might change out minds about what you can do and you agree to that too. We might even decide to scan your hard drive and monitor your network traffic and secretly report that info back to anyone we wish, and without telling you. You, of course, agree to this too. But don't even bother to complain. You should be thrilled we're letting you do anything at all with our product. And if you don't swear blood oath, full compliance with this license, then FUCK YOU and your little dog Toto too and get this software the hell off your computer and destroy the disk. Oh, and if you don't agree, you can't even refund the software, thanks to omnipotent software store policies. Tee-hee! Thnaks for the cash. l00z3rZ! HA Ha ha .......
  • Ahh, another example of why stoplists don't work, especially on something as nebulous as the Internet.

    My new iMac came with a web blocking package, so I decided to see how it works. I don't recall the name of the package, but they do it the right way -- there is a list of "approved" sites, and the person in control (parent, teacher, etc.) can add sites.

    The software blocked RedHat [redhat.com], for example, but it was trivial to go in and say, "Naw, it's ok for my kids to go there" and add it to the "ok" list.

    Interestingly, Dav Pilkey [pilkey.com] is on the default "ok" list. So apparently being dangerously subversive isn't enough to prevent approval.....

  • Maybe we need a publicly accessed "blocker"... kind of like NoCeMs in usenet - you basically pick a set of "trusted" people who you rate as being able to block stuff. The christian fundies can all subscribe to christian fundie blockers for all the categories, whereas a merely concerned parent might just go with someone a bit less radical.
    Parents could set up a proxy server for every computer their kid has access to, which remembers every URL the kid visits; later, the parents could review the list (perhaps previewing a list of thumbnails) and flag URLs containing pr0n, racism, advertising, bad grammar, or whatever else they didn't want their kids to see. They could then digitally sign the list of flagged URLs and send it to some central server.

    Then, the parents could tell the proxy server which other reviewers they trusted, and the proxy would block access to any URL that had been flagged by either the parents or their trustees.

    The technology for doing all this seems pretty simple ... the biggest programming challenge, I think, would be the interface.
    --
    "But, Mulder, the new millennium doesn't begin until January 2001."

  • Your idea should be very effective, if done right.

    Here are a set of "rules" that could be used in conjunction with a proxy to moderate a web site in a public library;

    Don't filter "adult" users or younger people who have been allowed access by a parent/guardian.

    Log all data retrieved from a web site.

    Keyword and pattern match 'suspect' sites/pages.

    Have a real, live, human check the 'suspect' pages.

    If sensitive/offensive, tag the page with a set of labels and/or levels.

    Submit the tags to an organization that maintains the database of all tagged sites.

    Intentional mis-labeling -- to censor political views or because of excessive prudishness -- will revoke previous entries by that person in the database without review.

    (The last item will give a level of checks and ballences to prevent zealous groups or individuals from forcing an agenda.)

    In the case of grade school (pre-college), the students would be told that it's OK to innocently bring up a page. Since what they read will be tracked *individually*, don't do it intentionally. If a pattern of pages that deal with inappropriate content are pulled up, they can be added to the local list, submitted, and/or the *individual* can get a preverbial "note to the parrents".

    The idea here is to provide an open, public, and *distributed* method of using a proxy...and one that could be taylored to "community standards" without pestering 100% of normal people. :)

    Problems, gripes, call me an idiot, but it seems like this problem is not too hard to solve reasonably...without giving up all the rights the bigots want to have us give up.

  • by Redundant() (89068) on Tuesday February 22, 2000 @05:46AM (#1254145)
    There is no better way to have your children surfing good links then finding and supplying what you consider to be good links yourself. Porn gets boring very quickly, when you take away the thrill of the forbidden. Eventually all kids are going to get unfiltered access to the internet they might as well learn early where the good links are for them.

    The web forces us to make decisions about who's spin is valid something kids didn't have to deal with in the days of the one way media monolith. Perhaps it will force us to be better and more involved parents.
  • Often the next logical stage is to reverse engineer that feature to get a better understanding of it, especially if the method used is not obvious. Yes this is illegal

    No it's not. The only thing that even remotely forbids this is the provision in most EULA's that prohibits it, but most companies with a reasonable legal budget will have no problem getting that shot down should the need arise.

    I think the big thing here is that the software industry wants an exception to law that no other industry gets; reverse engineering is actually protected by law in this country. The software industry is still just trotting out the tired old 'software is different' mantra that keeps them out of trouble with things like the consumer protection laws, and unfortunately, people are still falling for it.

  • Thats my point, they are all guilty of it, only the small ones get caught.
  • I remember back in the BBS days, when I was young, my dad would take the computer cord, but he didn't take the monitor cord. I would switch the cords, and use the computer without a monitor, sending output to the printer. heheh the days of dos!
  • The way to block a distributed technique is to cease providing that service. This service is useful to individuals, but if it is being used to circumvent measures they took to prevent an aggregate list from being public, it would be appropriate for them to disable it.


  • Better yet, encrypt it.

    If my understanding of copyright law is correct (IANAL!), DeCSS is copyrighted by the author(s), even if the function of the program may be illegal.

    If the MPAA/whoever ignores the license agreement and decides to crack the encryption on the self-extracting archive anyways, you can simply turn around and file a countersuit against them under the auspices of the DMCA for unauthorized circumvention of a technological means for controlling access to a copyrighted work.

  • Do you get the feeling that even the programmers know that their software is pretty much useless?

    Given the ones I've interviewed for articles on this subject (for Network World Canada), yes. The people who produce these products are fairly aware that they're playing on parental and school board insecurity to sell something.

    That's why many of these products spend less effort on blocking pages (since kids can get around them, often just by using numerical IP addresses) and focus instead on logging everything the user does. That way, mommy and daddy can check the log later and see that little Timmy was looking at porn and little Susie was reading about wicca (a common target of censorware).

    This is, of course, even more insidious, because a confused kid looking for honest information on sexual orientation, diseases, etc. can think they're safe, only to have someone come down on them later. What better way to pry into your kid's life than give them a false sense of privacy?

    The people making the software exude an attitude of giving parents control, not of protecting children. And proudly so.

    -- Kimberly "evil liberal" Chapman

  • "if you go into a bicycle shop, you expect to see bicycles. Why should public Internet terminals be any different?"

    They shouldn't. If you go out into the world, you should expect to see the world.
  • by Anonymous Coward
    >Both Mass. and California have some form of anti slap statute.

    And civilised countries have a loser-pay system.

  • True, but it's a damned-if-you-do, damned-if-you-don't scenario. If they had chosen 50 sites on a truly random basis, then proponents of censorware would say that the choices were not in fact random, but chosen specifically to try to undermine the reputation of the software. It's lame, yes, but choosing anything other than an arbitrary range (not a random selection) would just give the opposition something to spin.

  • by Anonymous Coward
    Aren't their actions a direct violation of Free Speech?

    Not as long as people are not forced by the government to use this software, which is why the library thing is a big deal. Example: You don't have to go to a bookstore and buy a copy of Hustler. And Barnes and Noble might choose not to carry that kind of magazine. Free speech is the ability to make your own decisions about what you look at or listen to or even sell. This software does not violate that right unless you are forced to use it. A violation of free speech would be if bookstores that sold Hustler were closed down and you couldn't buy it whether you wanted to or not.
  • My company uses the SurfNazi.. er, SurfWatch on the proxy server. The Onion is blocked out! Nooooo!

    Instead of the dialup, you can go through an anonymizer or URL rewriter. Many of those are also blocked by SurfWatch, but not fr0.idzap.com. It's free, but you have to have look at an extra banner ad. It also doesn't require you to change your proxy setting. Any site that's in their blocked site list will go through (like TheOnion) but URL's that have keywords in them still get blocked.
  • I've always thought this was the way to go. Censorware is not going to go away and the only way to get stuff that actually works is to do it open. My idea was to have the list of blocked sites on a website that the programs download periodically. This list would be not only viewable by the public, people would be able to add links to the list. The list of links would then be voted on by site visitors according to their "smut" rating or something and if a librarian wanted to filter only stuff rated above +2 on the smut-o-meter they could. This would make it similar to the slashdot forum moderation, the sites that are blatantly adult-only would get rated that way and some shmoe's student homepage would get off the list where it belongs.
  • CyberPatrol does have a page to check their list to see if a site is on it. It does not do much good for seeing how good their list is...

    I find it irritating that censorware companies suggest this as a suitable means to find whether a site is blocked or not. These are just fine if the address is known, but what about hyperlinks that don't show the address? In those cases, all you can do is click and hope it doesn't give a 403 error.

    The other question that I have is this: what keeps the proxy server from substituting a 403 (forbidden) error return with a 404 (page not found) error code? "I don't know what you're so upset about - it's obvious that this page just doesn't exist any more..."

    Or am I just being paranoid?

  • Better yet, encrypt it.

    That's what I said! ( "self-extracting encryption wrapper" ).

    My main concern is that another party (i.e. not the person who accepts the license agreement) could bring charges against the author / hosting site.

    Anyone got any ideas how to ensure that this could not happen?

    Hamish

  • I believe it was a Suzuki 4-whell drive (ie. Jeep... but Jeep is trademarked by Chrysler), that basically rolled over (possibly more then once but I don't really remember) while they were driving it to the test course :)

    Due to this 'undocumented feature' it got the nickname "Suzuki Suicide" (vs. Suzuki Samuri(sp?) which I believe was the vehicles original name).

  • It strikes me that if an organisation of 'moral guardians' set themselves up and went round burning books and stealing 'offensive' books from bookshops to prevent them being read there'd be a huge outcry.

    But because it's the Internet rather than books it's ok. I never could grok this attitude.

    It's as though any media that has popular appeal is to be feared and attacked. With a few exceptions art exhibitions are not censored, but every cinema film is in most countries and TV is constantly redefining the lowest common denominator. It's such a poodle the censors don't even need to threaten it.
  • by Non-Newtonian Fluid (16797) on Tuesday February 22, 2000 @06:36AM (#1254166)
    I wonder ... if I were to log on remotely to a site someplace in Sweden from my home here in the US of A, and do all my hacking there, then what? Certainly there is work being done in America, since I'm the one who's thinking and trying to understand what's going on, and I'm most definitely here. But at the same time, much of that process is going on remotely in another nation. What if some one else was doing all the hacking on that other computer, without me actually coding anything, but through IRC or on the telephone I was explaining to him/her what was going on and what needed to be done to reverse engineer the product. What then? Where is the reverse engineering taking place?

    More importantly, how does/will law deal with the Zen koan that is the Internet -- it being both everywhere and nowhere all at once?

  • My guess would be that if Mudcrawler couldn't access your page, it would be assumed to be smut and blocked.
    Damn, my server is down! Oops! Looks like my billion dollar DotCom site is now listed as smut!
  • Selecting the first 50 URLs is just as random as selecting the last 50, or 50 arbitrary ones in the middle.

    Mmm, not really. What if the list is alphabetical, and entries in the "a" section correlate with porn? Or not porn? The first 50, last 50, or middle fifty are all clusters -- decidedly not random. While you're right that it's possible, but highly unlikely, that a random sample would select the first 50 .edu sites, intentionally selecting the first 50 .edu sites is certainly not random.

    Besides, it's easy to pull out all the .edu's and do a truly random sample. That's probably what they should do to be methodologically precise.

    -schuss

  • UTICA will basically do to the rest of the American software industry what anti-crypto laws have done to the American cryptographic software industry--crush it, drive it underground, stifle innovation, put it under the control of a handful of corporations whose best interest is served by entering a collusive agreement with the U.S. government, whose recent track record on human rights over corporate rights is, to say the least, bad.

    Then all the remaining viable innovation will go overseas.

    As long as the flow of information continues, this can't go on forever.

    This is precisely what they are attempting to do: choke the flow of information. If you can accuse anyone of "reverse engineering" if they decrypt a "trade secret", then all MS would have needed to do is rot13 the Halloween documents [opensource.org] and noone but the government could legally investigate their activities.

    --

  • Good idea but you're missing the obvious point here. What you just described requires effort on the part of the parent. The good parents are already making sure their child isn't cruising the porn sites and the other ones want a quick fix. What you described requires more effort then your average "Protect the children!" fanatic wants to put into it. If you want to keep your kids from being online when your not home or otherwise able to watch them, take the cord with you. If nothing else they'll learn the computer trying to figure out how to fix it so they can get online again. ("Damn! The modem isn't working! What's wrong? Hey, whats behind this beige box with the power switch?")


  • ... still doesn't seem aware of the issues at stake. Apathetic as they usually are, they will only get it, when it will be too late.

    But then again, let the software moguls à la M$ have their way, and let us go ahead with UCITA. It will only put off more people who will turn to open source instead.
  • Does anyone else know what this word means? It seems that too many parents today are too busy to watch their kids. If you can't trust your kids to not go surfing where they don't belong, then you shouldn't be on the Internet at all. (more bandwidth for the rest of us) If you are so busy that you feel the need to have a CyberSitter watch over your children you shouldn't be having children in the first place.

    People need to realize that by not taking responsibility for your actions (or inactions) you are giving up your right to make decisions and causing others to make them for you. If you don't make your own decisions on what is good for your children to see and what's not... don't complain when someone else does for you and you don't get any say.

    As far as reverse engineering goes do you think Apple would have sued Microsoft? Almost every major computer company got where it is today by reverse engineering something someone else already did. If the government wants to stop the technology boom I see no better way of doing it.

    If words were wisdom I'd be talking even more.

  • by geekoid (135745)
    Politicians are just like computers:
    There output(votes) is based on there input(lobbyists). Our representitives can not read and interpet every piece of legislator that comes there way, it is just too much stuff.
    Now the good thing is YOU can be a lobbiest. Just Fax or Write them why you feel something is wrong. Form a group of concerened people, A good place to start is A local Linux user group(LUG) or any user group will do. In my experience, two people who vehamently oppose each other in a BSD/Linux debate, still have the same opinion about freedom on the internet.
    Take time to explain to your boss why this is bad for the company. Tell your parents why it is bad for them, you, and there grandchildren. Most people want to keep there freedom, but it's up to us to let them know when there losing it.
    Contrary to public opinion, You can make a diffrence.
    It also helps if you, at least, register to vote.
    There are some generalities in the above statement, but my point is still valid.
    I mentioned the Linux/bsd debate. It was used as an example, please don't use this post as an excuse to flame each other.
    Orwell was very close, but he thought it would be the goverment, when it should have been big business. And if you think things like this can't happen in our country, remember MaCarthism.
  • As if only to prove the point for us, that censorship once begun is necessarily indiscriminate, the codebreaker URL has itself been seized upon by various "net-nannies" as the subject of censorship.

    Slashdot itself may soon be censored, after all, for harboring open discussion of the propriety of censorship, or the reverse engineering of censor listings. Such censorship censorship is useful for censors who would avoid review of the "quality" of their censorship.

    At any rate, I am sad to report that, at least, our Novell BorderManager improvidently censors the link. Are there others?
  • The bit about building a distributed query was a joke.

    But besides that, by putting in a small wait, would make it the slowest distributed system in the world.

  • If I simply watch how something works I can design another thing that works in the same way. The internal components may be different or not, but if both the first designer and I followed the current engineering practice, there is a strong chance that we will arrive to similar designs

    From what I know, if you examine how it works without examining the internal components (ie by treating the item as a black box and analysing patterns in its input and output) then this is known as a "clean room implementation" and is not classed as reverse engineering. Am I correct?

    Phillip.

  • reminds me of a funny 'disclaimer' that said something like:

    this software comes with no warrantee. its not my fault if it breaks your computer, deletes your files, orders pizza in your name, or tries to sleep with your girlfriend. its just not my damned fault - ok?

    ;-)

    --

  • Doesnt 'Blocking Software' qualify as an oxymoron? or at least the people who run the companies that engage in such activity?
    Aren't their actions a direct violation of Free Speech? Not that we _really_ still retain our free speech rights, now it all hasta be 'p.c.'
    How is it that corporations and companies get away with saying whatever they want, and shutting down the poor sods that disagree with them?
    I thought the bill of rights was for citizens, not companies.
    This is just another example that the time is nigh to rear up our collective head, and grab these jokers in our maw and not let go until they lie twitching on the ground.
    Its no longer a joke, folks. It's time to get up, stand up, and fight for the right to

    wake up and smell the napalm.
    and lob a few funky bombs where it hurts.
  • by mangu (126918) on Tuesday February 22, 2000 @04:06AM (#1254185)
    Wow, if I write a random program I can be guilty of reverse engineering!

    From my point of view, the law should say: "reverse engineering is permitted. 'Reverse engineering' is hereby defined as any method by which someone may gather information about how a software or hardware works".

    Anything else is ridiculous. If I simply watch how something works I can design another thing that works in the same way. The internal components may be different or not, but if both the first designer and I followed the current engineering practice, there is a strong chance that we will arrive to similar designs.

    If a design is original, and the owners want to protect it, they should *patent* it.

    Moderators, take note:
    1)Read the moderation guidelines before moderating anything

  • I guess this means that, for the time being, any software that needs reverse engineering might have to be done in Europe. What do people think about the chances of this kind of thing being done via Europe, i.e. someone in US discovers something dodgy in a programme, finds the offending code, then 'hints' to someone in Europe that they might like to release the information...? Or am I just being nieve?

    Although all these restrictions will be a pain for the time being, I can't see how the law can continue to fly in the face of progress for ever. I remember reading "The Hacker's Handbook" (remember that?) in the 80s and all the controversy that caused. Back then, computer 'crimes' were being dealt with by analogy to existing laws. People in the UK were prosecuted for 'theft of electricity' and 'trespassing' until such a time as the law caught up. Now it seems like the law is getting ahead of things and listening to corporations rather than Real People.

    As long as the flow of information continues, this can't go on forever.

  • If you embarass Mattel on the web, they will try to sue you into oblivion.

    For those who don't know, I posted the information about my lawsuit [sorehands.com] against them. They filed a countersuit for libel, saying the information on the site is not true. They still continue with this countersuit after they paid over $140k to me in a judgment. If the information on the site was not true, why would they pay so much money for a lawsuit which is detailed on the site?

    Mattel Threatened one kid who put some Barbie jokes up at school [nmt.edu]. I was informed that Mattel also is going after Barbie Benson and her site Barbie's Sin Circus [barbiebenson.com] for using the name Barbie. It has nothing to do with the doll (except, when you see her pic, you'll see she's a doll ;).

  • One way to put a dent in filtering software companies' wallets is to make sure parents see peacefire.org when they search for filtering software. Currently, if I search for "filtering software" on Google, peacefire is the 30th link, after all of the software manufacturers' pages.

    For Google, the way to improve peacefire's exposure is to link it from your own personal web pages and make sure those pages are indexed. I dunno about other search engines.

    -jwb

  • Wpoliticians collecting more and more money over the internet you'd think they would pass more clueful laws about it.
    Unfortunately, raising cash is more a function of the campaign manager than the candidate. Worse, the kind of expertise needed to raise money doesn't necessarily imply cluefulness; think about the Internet equivalent of bulk mail appeals, for example. My appraisal of the prospects for Internet campaigning leading to improvements in lawmaking is that it isn't likely. Just look at Holland, MI for a counterexample. The Internet is still a convenient bogeyman, so expect lots of cluelessness for a while.
    --
  • "Parents could set up a proxy server for every computer their kid has access to, which remembers every URL the kid visits; later, the parents could review the list..."

    That's a great idea. However, I read something here yesterday (on jamie's [slashdot.org] library story) that makes this a bad idea.

    If you're a kid, and your parents are abusive, you don't want them to see you researching how to [run away|get help| remove yourself from their control]. If you're a fifteen year-old girl, you may not want your dad to see that you accessed Planned Parenthood looking for information on contraceptives.

    There are other examples as well. These are situations where complete disclosure could potentially put someone's life at risk (especially the first example).

    Any suggestions as to how to get around this problem, while still implementing this idea?


    Here's my [redrival.com] copy of DeCSS. Where's yours?
  • Trade Secret? The idea makes me laugh. They trying to cover the fact that it doesn't take an expert to write a perl script that can generate one of these black lists.

    --Hephaestus_Lee
  • I am not condoning this product in any way, but the company I work for uses Websense [websense.com] to do it's filtering of the company Internet feed. Now they at least let you see what category a site is blocked under and you can tell them they got it wrong and they will review the URL. You can even suggest new sites they don't have yet.


    Now I guess they figure (correctly IMHO) that you pay for the service or correlating all these URLS and the actual list should be open and as much controlled by users (suggest updates, suggest corrections) as the company.


    Censorship is wrong and not letting customers participate in the list management is even more blatent giving up your rights.

  • Ok..this is completely off topic..but you mentioned funky bombs and napalm and it brought back memories of Scorched Earth. God I had a lot of fun playing that game. Ok...nostalgia's over :)
  • Brill's Content [brillscontent.com] did an interesting article [brillscontent.com] calling into question some of Consumer Report's famed impartiality and meticulous testing methodologies, particularly on the issue of SUVs. Essentially, the suit filed by Isuzu and Suzuki alleges that CU has an editorial bias against SUVs:
    The Suzuki litigation includes a sworn statement from Ronald Denison, a former test-facility employee for the magazine, who alleges that on the day the Suzuki Samurai was being tested in 1988, he heard Irwin Landau, the magazine's editorial director at the time, tell an engineer, "If you can't find someone to roll this car, I will." Landau said in his deposition that he would never have said such a thing, except in jest.

    CU has expressed the opinion that SUVs are frivolous, gas-hungry, clumsy and wasteful. As a motorcycle rider in SUV-saturated Atlanta, I am inclined to agree with their assessment (and add further opinion on the typical driving abilities of their owners), but if there is a hidden editorial agenda which is influencing their testing methods, this is clearly cause for concern.

    Is this a SLAPP suit? Sales of the Isuzu Trooper, which several contemporary offroad and 4WD magazines praised, suffered horribly after the Consumer Reports article. But it's worth noting what the Isuzu/Suzuki lawsuit tries hard to ignore--while the Trooper and Sidekick failed the lane-swerve test by rolling, that the Chevrolet Tahoe, Nissan Pathfinder, and Toyota 4Runner in the same article all passed the test acceptibly.

    --

  • Good question. Trivially, you're in America -- the local cops can still come up and knock on your door, and haul your ass off. They can't get at your Swedish data, though, without asking somebody in Switzerland. (OTOH, we all know how good European cops are about following orders from US IP interests... Norwegians in particular.)

    I'm not a lawyer, though, so what do I know? At any rate, I think this isn't so much a legal question than a practical question of 'whose cops patrol my neighborhood?'
    --

  • by arivanov (12034) on Tuesday February 22, 2000 @07:28AM (#1254200) Homepage

    Good point. Though the sandwich should be replaced by a baseball bat dipped in glue and broken glass a few times.

    Continuing my previous post on SMUTSITE-miniHOWTO which was kind of vague. The following cause a well defined smut site to be greperitus resistant:

    These are only antipattern matching HTML techniques. Pure networking intentionally omitted:

    • The discussion on Java script injection in HOTMAIL on Bugtraq is a very good guide on masqing characters. Specifying a character as an escaped HEX, specifying it by HTML code, specifying it inside JavaScript Function, etc ad naseum. In order to match these the search engine will have to start interpreting HTML as a browser. Guess how much resources does this take.
    • Though brilliant the BUGTRAQ discussion is highly limited. Javascript is more sensistive than pure HTML to bastardizing. In order to bastardize HTML the following options are also available: insert non-breakable spaces, tabs, backspaces, etc through their HTML encoding equivalents.
    • Best of all use a pattern matching algorithm yourself and whenever you find smut in a page you shall display replace all "offending" f...oids, s...oids, etc with a mixture of randomly selected escaped alternatives. Ala stealth virus techniques.
    And best of all make your smut site to operate via post style CGI's filling form values via JavaScript. There is no robot designed for these. And it is least likely to be designed beacuse this will require the robot to go as far as running javascript.

    If smut filter vendors had a clue on how evasive their subject is they would have been in a different business by now.

  • by Anonymous Coward on Tuesday February 22, 2000 @07:43AM (#1254202)
    I don't think I fully understand the reverse-engineering clauses in UCITA. Is it really
    going to outlaw all reverse-engineering? Do the major software companies really want this?

    If you go into any major software program they almost all support importing/exporting into some competitors format. Are these competing formats open standards? I doubt it; they were probably reverse-engineered. Or what about Microsoft reverse-engineering of the AOL messenger protocol? That would now be illegal?

    Is this the end of interoperability between proprietary packages?
  • by Danse (1026)

    Methinks you missed the point.

    He was talking about solving the problems of corruption in the government that allows legislation like UCITA to become law, not solving the problem of buggy software. If the government decides that it would rather serve its own interests and those of its biggest financial backers, then it is the duty of the people to remind them that it just ain't so. If this requires force, then it's the government that brought it on itself.

  • I agree that this requires the parents to do a lot of work, but if enough people sign onto the system, the parents who don't want to do a lot of work can just place their trust in a few of the more active folks. (Open-source censorship, er, editorial review, so to speak.)
    --
    "But, Mulder, the new millennium doesn't begin until January 2001."
  • And civilised countries have a loser-pay system.

    I doubt that would work well. You'd have to find really good lawyers to represent you in order to even have a chance at standing up against the lawyers that a big corporation can field. You wouldn't have a choice. The corp is going to spend a ton of money fighting you, whether you hire the best lawyers you can get or not. If you don't get good lawyers, the corp will probably win and you'll be in debt for life. If you do get really good lawyers, then your financial future is entirely dependent on the outcome of the case, because you will end up paying not only your own legal bills, but also the corp's legal bills if you lose. As we've seen in many cases, being right doesn't mean you'll win, especially if you have a case related to technology (the courts haven't been real impressive in their grasp of technology issues). Such a system would probably destroy a lot of people.

  • While it scares me to death that things like the DeCSS fiasco and content blocking are going on, it is far scarier that so many people either don't know or don't care. My friends think I'm weird for not going to the movies (for $8), and they don't get it when I try to explain why DeCSS is important. We live in a world where we depend more and more on technology but a growing number of people (the vast majority) understand that technology less and less every day. With this sort of apathy, we cannot hope to beat the big corporations in these legal battles. We are all up in arms (and VERY rightly so), but that doesn't matter. We need to get John "What's a computer?" Doe to care.

    ...just my $0.02...
  • Virtually every old, large software company is guilty of reverse engineering at some stage. Even though it's probably not part of there corporate policy.

    How many times has a programmer been told to duplicate a competitors feature and started by looking at how the competitor has done it. Often the next logical stage is to reverse engineer that feature to get a better understanding of it, especially if the method used is not obvious. Yes this is illegal, it probably should be as well but without doubt a programmer in every large organisation has done it.

    Of course they don't tell the world they did it...but if they can't stop it being done for corporate profit should they really stop it for community awareness?
  • From their website (emphasis added):

    Here's what DAB has to do:

    1.User requests a URL through a browser

    2.Before the computer even gets the keystrokes, the URL is translated (if necessary) and compared to the URL list. Because this is done with numbers instead of letters (there are only 10 digits! There are 255 characters...) the response is nearly instantaneous. If the site is on the blocked list, the screen is covered, and the violation message is displayed.

    You little wankers just can't understand that. Go back hacking your silly kernels toys and let real people transfer keystrokes to base-10 number before the computer get it.

  • by SillyWiz (149681) on Tuesday February 22, 2000 @04:21AM (#1254218)
    You /HAVE/ to be kidding me? This is how they search for "smut"?

    Good grief. I mean, according to those bits of search file, doesn't having the phrase "you are too stupid" on a page sucessfully match?

    Maybe we need a publicly accessed "blocker"... kind of like NoCeMs in usenet - you basically pick a set of "trusted" people who you rate as being able to block stuff. The christian fundies can all subscribe to christian fundie blockers for all the categories, whereas a merely concerned parent might just go with someone a bit less radical.

    Having a centralised system just seems hugely open to all kinds of manipulation: right from the naive bozoness that seems to permeate the industry these days to corruption, bribery and even actual criminal intent. Distributing the system removes a large amount of that failure.

    I mean personally, I kind of think it would be nice to trust sites to rate themselves as "porn" or "unsuitable for minors" or "religious content", but I can see why people wouldn't trust it. The porn sites include "perl" in meta-tags and stuff. Honesty doesn't exactly seem to come hand-in-hand with web businesses. (Business models built on hit-counts seem basically flawed to me. Would you want to advertise on a page whose basic method of getting people to go there was to con them? Great chance they'll read the ads then...)

    Distribution has to be the way to go. Undermine the obviously broken corporate approach with an open standard that ends up being free.
  • I can testify that the legal risks were one reason I quit doing anticensorware work. See my comment to the Copyright Office on the chilling effect of the DMCA on censorware reverse-engineering [egroups.com]

    I am a Senior Software Engineer who co-founded and devoted much volunteer analysis effort to an organization called Censorware Project (http://censorware.org). I do not write to you as a representative of this organization, though, and in fact my comment pertains to why that is the case. ...

    But I don't do this work anymore. A large reason is that the legal risks simply became more than I could tolerate. Around the time the DMCA was first being debated, I was advised by one lawyer with Censorware Project that we were facing odds of being ``sued on trumped up charges by a censorware company''.

  • For those of you who had problems with the site, take the last "/s/" out of the url. This is a very cool SSL anti-censorship proxy that runs on Apache and mod_ssl, and the best part of it is the author has open-sourced the proxy. There's a download link right on the page.

    That means anybody can set up an anti-censorship proxy. It's easy to block one or two proxies (a lot of filters already block Anonymizer and Rewebber), but when everyone with bandwidth to spare runs a proxy, the censors can't possibly keep up.

  • by dogbowl (75870)
    Received this in a forward this morning. Somewhat related to the matter at hand .. and definitely amusing:

    NOTE: This story is licenced under the GPL version 2.

    It is a dark and stormy night in a dark and stormy town. Tonight we find
    ourselves looking apon Dick and Jane, two programmers bundled up by the fire
    discussing current events:

    "So, Jane, how was your day?" says Dick.
    "Oh, fine. You know, I just heard about this interesting program that is
    creating quite a fuss." says Jane, "It is called 'css_descramble.c'.".
    "Wow," Dick enthused, "I have heard of it. My buddy kept talking about it.
    He couldn't stop mentioning how it was...how did he put it? Ah yes, 'Released
    under the version 2 of the GPL and Copyright 1999 Derek Fawcus'".
    Jane jumped with joy. "I am so glad you have heard of it. I happen to
    have
    a copy. Here, look. The very first thing it does is '#include '
    then
    it has '#include '."
    "You are right, but you forgot '#include "css-descramble.h"'" Dick
    admonished.
    Jane blushed, "Silly me. Well, we should have a look at the code. It
    seems to start with 'typedef unsigned char byte;'. Then it moves right
    along
    to an array. What is that? Oh, 'static byte csstab1[256]={'"
    "I know!" Dick blurted, "lets play a number game! I will say a bunch of
    numbers, then you can repeat the numbers. Ready?
    '0x33,0x73,0x3b,0x26,0x63,0x23,0x6b,0x76,0x3e,0x 7e,0x36,0x2b,0x6e,0x2e,0x66,
    0x7b,'"
    "Hmmm...that is one long list of numbers...let me see. Was it, '
    0xd3,0x93,0xdb,0x06,0x43,0x03,0x4b,0x96,0xde,0x9 e,0xd6,0x0b,0x4e,0x0e,0x46,0
    x9b,'?"
    Dick frowned, "That is completely wrong! Well, let me try again,
    '0x57,0x17,0x5f,0x82,0xc7,0x87,0xcf,0x12,0x5a,0x 1a,0x52,0x8f,0xca,0x8a,0xc2,
    0x1f,'"
    Jane furrowed her brow, "I think I can do this one,
    '0xd9,0x99,0xd1,0x00,0x49,0x09,0x41,0x90,0xd8,0x 98,0xd0,0x01,0x48,0x08,0x40,
    0x91,'?"
    "Wow!" dick exclamed, "You suck! Third time is the charm:
    '0x3d,0x7d,0x35,0x24,0x6d,0x2d,0x65,0x74,0x3c,0x 7c,0x34,0x25,0x6c,0x2c,0x64,
    0x75,'. Got it?
    "I think so," Jane said, "Is it
    '0xdd,0x9d,0xd5,0x04,0x4d,0x0d,0x45,0x94,0xdc,0x 9c,0xd4,0x05,0x4c,0x0c,0x44,
    0x95,'?"
    Dick scowled, "No, no, no! It is,
    '0x59,0x19,0x51,0x80,0xc9,0x89,0xc1,0x10,0x58,0x 18,0x50,0x81,0xc8,0x88,0xc0,
    0x11,' or is it,
    '0xd7,0x97,0xdf,0x02,0x47,0x07,0x4f,0x92,0xda,0x 9a,0xd2,0x0f,0x4a,0x0a,0x42,
    0x9f,'? That is not right. It could have been,
    '0x53,0x13,0x5b,0x86,0xc3,0x83,0xcb,0x16,0x5e,0x 1e,0x56,0x8b,0xce,0x8e,0xc6,
    0x1b,0xb3,0xf3,0xbb,0xa6,0xe3,0xa3,0xeb,0xf6,0xb e,0xfe,0xb6,0xab,0xee,0xae,0
    xe6,0xfb,0x37,0x77,0x3f,0x22,0x67,0x27,0x6f,0x72 ,0x3a,0x7a,0x32,0x2f,0x6a,0x
    2a,0x62,0x7f,'. No that is too many letters...."
    "I remember!" Jane interupted "It is
    '0xb9,0xf9,0xb1,0xa0,0xe9,0xa9,0xe1,0xf0,0xb8,0x f8,0xb0,0xa1,0xe8,0xa8,0xe0,
    0xf1,0x5d,0x1d,0x55,0x84,0xcd,0x8d,0xc5,0x14,0x5 c,0x1c,0x54,0x85,0xcc,0x8c,0
    xc4,0x15,'. Well, either that or
    '0xbd,0xfd,0xb5,0xa4,0xed,0xad,0xe5,0xf4,0xbc,0x fc,0xb4,0xa5,0xec,0xac,0xe4,
    0xf5,0x39,0x79,0x31,0x20,0x69,0x29,0x61,0x70,0x3 8,0x78,0x30,0x21,0x68,0x28,0
    x60,0x71,0xb7,0xf7,0xbf,0xa2,0xe7,0xa7,0xef,0xf2 ,0xba,0xfa,0xb2,0xaf,0xea,0x
    aa,0xe2,0xff'"
    "Boy, that was harder than I thought." Dick sighed. Where were we in
    the
    code? Ah yes, '};static byte lfsr1_bits0[256]={'".
    "You skipped a bunch" said Jane, "Besides, I am still not ready to look
    at
    that again. I feel like counting. In hex!
    '0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x09,0x 08,0x0b,0x0a,0x0d,0x0c,0x0f,
    0x0e,0x12,0x13,0x10,0x11,0x16,0x17,0x14,0x15,0x1 b,0x1a,0x19,0x18,0x1f,0x1e,0
    x1d,0x1c,0x24,0x25,0x26,0x27,0x20,0x21,0x22,0x23 ,0x2d,0x2c,0x2f,0x2e,0x29,0x
    28,0x2b,0x2a,0x36,0x37,0x34,0x35,0x32,0x33,0x30, 0x31,0x3f,0x3e,0x3d,0x3c,0x3
    b,0x3a,0x39,0x38,0x49,0x48,0x4b,0x4a,0x4d,0x4c,0 x4f,0x4e,0x40,0x41,0x42,0x43
    ,0x44,0x45,0x46,0x47,0x5b,0x5a,0x59,0x58,0x5f,0x 5e,0x5d,0x5c,0x52,0x53,0x50,
    0x51,0x56,0x57,0x54,0x55,0x6d,0x6c,0x6f,0x6e,0x6 9,0x68,0x6b,0x6a,0x64,0x65,0
    x66,0x67,0x60,0x61,0x62,0x63,0x7f,0x7e,0x7d,0x7c ,0x7b,0x7a,0x79,0x78,0x76,0x
    77,0x74,0x75,0x72,0x73,0x70,0x71,0x92,0x93,0x90, 0x91,0x96,0x97,0x94,0x95,0x9
    b,0x9a,0x99,0x98,0x9f,0x9e,0x9d,0x9c,0x80,0x81,0 x82,0x83,0x84,0x85,0x86,0x87
    ,0x89,0x88,0x8b,0x8a,0x8d,0x8c,0x8f,0x8e,0xb6,0x b7,0xb4,0xb5,0xb2,0xb3,0xb0,
    0xb1,0xbf,0xbe,0xbd,0xbc,0xbb,0xba,0xb9,0xb8,0xa 4,0xa5,0xa6,0xa7,0xa0,0xa1,0
    xa2,0xa3,0xad,0xac,0xaf,0xae,0xa9,0xa8,0xab,0xaa ,0xdb,0xda,0xd9,0xd8,0xdf,0x
    de,0xdd,0xdc,0xd2,0xd3,0xd0,0xd1,0xd6,0xd7,0xd4, 0xd5,0xc9,0xc8,0xcb,0xca,0xc
    d,0xcc,0xcf,0xce,0xc0,0xc1,0xc2,0xc3,0xc4,0xc5,0 xc6,0xc7,0xff,0xfe,0xfd,0xfc
    ,0xfb,0xfa,0xf9,0xf8,0xf6,0xf7,0xf4,0xf5,0xf2,0x f3,0xf0,0xf1,0xed,0xec,0xef,
    0xee,0xe9,0xe8,0xeb,0xea,0xe4,0xe5,0xe6,0xe7,0xe 0,0xe1,0xe2,0xe3'"
    When jane finished she looked exausted. As she collapsed, she uttered
    the
    cryptic phrase, '};static byte lfsr1_bits1[512]={'.
    Dick slapped Jane back to consciousness. "You counted wrong. You are
    delerious. Repeat these numbers until you feel better,
    '0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x 24,0x49,0x6d,0x92,0xb6,0xdb,
    0xff,'"
    Jane smiled, "Numbers always make me feel better. I will repeat those
    numbers,
    '0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x 24,0x49,0x6d,0x92,0xb6,0xdb,
    0xff,0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x0 0,0x24,0x49,0x6d,0x92,0xb6,0
    xdb,0xff,0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff ,0x00,0x24,0x49,0x6d,0x92,0x
    b6,0xdb,0xff,0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb, 0xff,0x00,0x24,0x49,0x6d,0x9
    2,0xb6,0xdb,0xff,0x00,0x24,0x49,0x6d,0x92,0xb6,0 xdb,0xff,0x00,0x24,0x49,0x6d
    ,0x92,0xb6,0xdb,0xff,0x00,0x24,0x49,0x6d,0x92,0x b6,0xdb,0xff,0x00,0x24,0x49,
    0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24,0x49,0x6d,0x9 2,0xb6,0xdb,0xff,0x00,0x24,0
    x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24,0x49,0x6d ,0x92,0xb6,0xdb,0xff,0x00,0x
    24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24,0x49, 0x6d,0x92,0xb6,0xdb,0xff,0x0
    0,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24,0 x49,0x6d,0x92,0xb6,0xdb,0xff
    ,0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x 24,0x49,0x6d,0x92,0xb6,0xdb,
    0xff,0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x0 0,0x24,0x49,0x6d,0x92,0xb6,0
    xdb,0xff,0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff ,0x00,0x24,0x49,0x6d,0x92,0x
    b6,0xdb,0xff,0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb, 0xff,0x00,0x24,0x49,0x6d,0x9
    2,0xb6,0xdb,0xff,0x00,0x24,0x49,0x6d,0x92,0xb6,0 xdb,0xff,0x00,0x24,0x49,0x6d
    ,0x92,0xb6,0xdb,0xff,0x00,0x24,0x49,0x6d,0x92,0x b6,0xdb,0xff,0x00,0x24,0x49,
    0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24,0x49,0x6d,0x9 2,0xb6,0xdb,0xff,0x00,0x24,0
    x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24,0x49,0x6d ,0x92,0xb6,0xdb,0xff,0x00,0x
    24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24,0x49, 0x6d,0x92,0xb6,0xdb,0xff,0x0
    0,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24,0 x49,0x6d,0x92,0xb6,0xdb,0xff
    ,0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x 24,0x49,0x6d,0x92,0xb6,0xdb,
    0xff,0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x0 0,0x24,0x49,0x6d,0x92,0xb6,0
    xdb,0xff,0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff ,0x00,0x24,0x49,0x6d,0x92,0x
    b6,0xdb,0xff,0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb, 0xff,0x00,0x24,0x49,0x6d,0x9
    2,0xb6,0xdb,0xff,0x00,0x24,0x49,0x6d,0x92,0xb6,0 xdb,0xff,0x00,0x24,0x49,0x6d
    ,0x92,0xb6,0xdb,0xff,0x00,0x24,0x49,0x6d,0x92,0x b6,0xdb,0xff,0x00,0x24,0x49,
    0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24,0x49,0x6d,0x9 2,0xb6,0xdb,0xff,0x00,0x24,0
    x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24,0x49,0x6d ,0x92,0xb6,0xdb,0xff,0x00,0x
    24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24,0x49, 0x6d,0x92,0xb6,0xdb,0xff,0x0
    0,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24,0 x49,0x6d,0x92,0xb6,0xdb,0xff
    ,0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x 24,0x49,0x6d,0x92,0xb6,0xdb,
    0xff,0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x0 0,0x24,0x49,0x6d,0x92,0xb6,0
    xdb,0xff,0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff '"
    "'};static byte bit_reverse[256]={'," Dick swore. "That gave me a
    headache."
    But Jane still continued to repeat the numbers, So Dick was forced to
    drown Jane out with his own numbers, "Two can play at that game,
    '0x00,0x80,0x40,0xc0,0x20,0xa0,0x60,0xe0,0x10,0x 90,0x50,0xd0,0x30,0xb0,0x70,
    0xf0,0x08,0x88,0x48,0xc8,0x28,0xa8,0x68,0xe8,0x1 8,0x98,0x58,0xd8,0x38,0xb8,0
    x78,0xf8,0x04,0x84,0x44,0xc4,0x24,0xa4,0x64,0xe4 ,0x14,0x94,0x54,0xd4,0x34,0x
    b4,0x74,0xf4,0x0c,0x8c,0x4c,0xcc,0x2c,0xac,0x6c, 0xec,0x1c,0x9c,0x5c,0xdc,0x3
    c,0xbc,0x7c,0xfc,0x02,0x82,0x42,0xc2,0x22,0xa2,0 x62,0xe2,0x12,0x92,0x52,0xd2
    ,0x32,0xb2,0x72,0xf2,0x0a,0x8a,0x4a,0xca,0x2a,0x aa,0x6a,0xea,0x1a,0x9a,0x5a,
    0xda,0x3a,0xba,0x7a,0xfa,0x06,0x86,0x46,0xc6,0x2 6,0xa6,0x66,0xe6,0x16,0x96,0
    x56,0xd6,0x36,0xb6,0x76,0xf6,0x0e,0x8e,0x4e,0xce ,0x2e,0xae,0x6e,0xee,0x1e,0x
    9e,0x5e,0xde,0x3e,0xbe,0x7e,0xfe,0x01,0x81,0x41, 0xc1,0x21,0xa1,0x61,0xe1,0x1
    1,0x91,0x51,0xd1,0x31,0xb1,0x71,0xf1,0x09,0x89,0 x49,0xc9,0x29,0xa9,0x69,0xe9
    ,0x19,0x99,0x59,0xd9,0x39,0xb9,0x79,0xf9,0x05,0x 85,0x45,0xc5,0x25,0xa5,0x65,
    0xe5,0x15,0x95,0x55,0xd5,0x35,0xb5,0x75,0xf5,0x0 d,0x8d,0x4d,0xcd,0x2d,0xad,0
    x6d,0xed,0x1d,0x9d,0x5d,0xdd,0x3d,0xbd,0x7d,0xfd ,0x03,0x83,0x43,0xc3,0x23,0x
    a3,0x63,0xe3,0x13,0x93,0x53,0xd3,0x33,0xb3,0x73, 0xf3,0x0b,0x8b,0x4b,0xcb,0x2
    b,0xab,0x6b,0xeb,0x1b,0x9b,0x5b,0xdb,0x3b,0xbb,0 x7b,0xfb,0x07,0x87,0x47,0xc7
    ,0x27,0xa7,0x67,0xe7,0x17,0x97,0x57,0xd7,0x37,0x b7,0x77,0xf7,0x0f,0x8f,0x4f,
    0xcf,0x2f,0xaf,0x6f,0xef,0x1f,0x9f,0x5f,0xdf,0x3 f,0xbf,0x7f,0xff'"
    At this, Jane opened her eyes wide, she began shaking and speaking in
    tounges. "Bloogle said, '};static void css_titlekey(byte *key, byte *im,
    byte invert){unsigned int lfsr1_lo,lfsr1_hi,lfsr0,combined;byte o_lfsr0,
    o_lfsr1;byte k[5];int i;lfsr1_lo = im[0] | 0x100;lfsr1_hi = im[1];lfsr0 =
    ((im[4] >8)&0xff] >16)&0xff]>24)&0xff];'" Jane
    said as she rolled her eyes. "Lograth
    told Jane, 'combined = 0;for (i = 0; i >1;lfsr1_lo = ((lfsr1_lo&1)>8)^lfsr0)>>1)^lfsr0)>>3)^lfsr0)>>7); lfsr0 =
    (lfsr0>>8)|(o_lfsr0>= 8;}'" His voice cresendoed as he reached the height of
    the epic
    function,
    'key[4]=k[4]^csstab1[key[4]]^key[3];key[3]=k[3]^ csstab1[key[3]]^key[2];key[2
    ]=k[2]^csstab1[key[2]]^key[1];key[1]=k[1]^csstab 1[key[1]]^key[0];key[0]=k[0]
    ^csstab1[key[0]]^key[4];key[4]=k[4]^csstab1[key[ 4]]^key[3];key[3]=k[3]^cssta
    b1[key[3]]^key[2];key[2]=k[2]^csstab1[key[2]]^ke y[1];key[1]=k[1]^csstab1[key
    [1]]^key[0];key[0]=k[0]^csstab1[key[0]];}'"
    Jane relaxed vissibly. At that point there was a knock at the door. Dick
    got up to answer it.
    "Oh dear," said Dick. Jane rushed to see the problem.
    At the door was a a robot gone awry. "Illegal function." It said in
    monotone, 'int css_decrypttitlekey(byte *tkey, byte *dkey, struct playkey
    **pkey){byte test[5], pretkey[5];int i = 0;for (; *pkey; ++pkey, ++i)
    {memcpy(pretkey, dkey + (*pkey)->offset, 5);css_titlekey(pretkey,
    (*pkey)->key, 0);' Illegal function,
    'memcpy(test, dkey, 5);css_titlekey(test, pretkey, 0);if (memcmp(test,
    pretkey, 5) == 0) {fprintf(stderr, "Using Key %d\n", i+1);break;}}if
    (!*pkey) {fprintf(stderr, "Shit - Need Key %d\n", i+1);return
    0;}css_titlekey(tkey, pretkey, 0xff);return 1;}' violates rules. Illegal
    function."
    "Illegal function. What do you suppose it means?" wondered Jane.
    "Hmm..." said Dick. "Lets see if we can fix the robot with some new
    instructions."
    "Robot, enter command mode" Ordered Dick.
    "By using this robot you agree not to reverse engineer, distribute, rent,
    or use this robot for purposes not explicitly..."
    "Whatever," Dick interupted as he pressed the glowing accept button on the
    torso of the robot, "Robot, enter command mode."
    "Ready for commands"
    "Command: 'void css_descramble(byte *sec,byte *key){unsigned int
    lfsr1_lo,lfsr1_hi,lfsr0,combined;unsigned char o_lfsr0, o_lfsr1;unsigned
    char *end = sec + 0x800;#define SALTED(i) (key[i] ^ sec[0x54 + (i)])'" Dick
    paused for a breath, "'lfsr1_lo = SALTED(0) | 0x100;lfsr1_hi =
    SALTED(1);lfsr0 = ((SALTED(4) >8)&0xff] >16)&0xff]>24)&0xff];sec+=0x80;combined = 0;while (sec != end)
    {o_lfsr1 = lfsr1_bits0[lfsr1_hi] ^
    lfsr1_bits1[lfsr1_lo];lfsr1_hi = lfsr1_lo>>1;lfsr1_lo =
    ((lfsr1_lo&1)>8)^lfsr0)>>1)^lfsr0)>>3)^lfsr0)>>7 );lfsr0 =
    (lfsr0>>8)|(o_lfsr0>= 8;}}'
    End
    command."
    At this point the robot did something very frightening. It blew up.
    Dick and Jane shielded thier eyes. When they were finally able to see
    again,
    they were shocked by what lay before their eyes. When the robot exploded,
    it
    released thousands of fliers. The fliers flew for miles around. On each
    flyer the reader was greeted with the source code for a program.

  • by PhilHibbs (4537) <snarks@gmail.com> on Tuesday February 22, 2000 @04:25AM (#1254231) Homepage Journal
    Is there such a beast? This strikes me as the best way to deal with the problem - produce some software that does the job properly, and is open to peer review. Something like Junkbuster [junkbusters.com].
  • the term "reverse engineering" shall apply to ... such methods as ... activity logging.

    Also, it seems that the library isn't allowed to browse its own web access log in order to see what has been blocked by censorware. Cute.

"No job too big; no fee too big!" -- Dr. Peter Venkman, "Ghost-busters"

Working...