Ok, google's choices as you see them.

a) The GPL? I don't really understand why this is even a discussion. On one hand you're saying you should be able to do anything with anything you create, and on the other hand google shouldn't be allowed to. Since Android is effectively an application executing on Linux there's no reason for it to be GPL'd. There is no reason for it to be GPL'd other than that. One of the main reasons for Android to be under the Apache2 license is project Harmony http://harmony.apache.org/ that provide the class libraries. I don't know if they could have converted the class libs to the GPL and I really don't care, I'd prefer the Apache2 license to the GPL because as you say " I would certainly reserve that right on any software I write." - if I write apps I want to own the apps, or at least have something of a mechanism to stop people ripping me off.

b) Seriously? Did you read any of the things I'd posted? That license is between you (as the Android developer or android OS compiler - and even that isn't guaranteed) and Oracle. Remember, and this is important, Android does not run Java, it CANNOT run Java it runs Dalvik byte-code. The license you linked to was for the Java Development Kit, effectively a desktop JVM and compiler. Ergo executing Android does not violate this license, Writing apps for Android does not violate this license and I'm fairly sure that even compiling Android doesn't violate this licence although not 100% confident.

From that license file
"D. Java Technology Restrictions. You may not create, modify, or change the behavior of, or authorize your licensees to create, modify, or change the behavior of, classes, interfaces, or subpackages that are in any way identified as "java", "javax", "sun" or similar convention as specified by Sun in any naming convention designation."
Which is I presume what you're discussing here since there's no mention of embedded versions in the entire license agreement, this is an EULA for the download of the JDK, this may or may not be binding on Google (or indeed any large company) as it is specifically an End User License Agreement - quite a number of companies have their own licensing agreements with Sun and now Oracle over Java as it is different in the enterprise.
But a major point here is that you can use the Java SDK to create programs that run elsewhere and therefore are not subject to this license, secondly there is more than one java compiler for example - http://jikes.sourceforge.net/ which kinda means that if you also have a VM you're able to avoid the license completely.

On a moral level the authors of Java (which by the way isn't Oracle) do have the moral right to tell you what you can and can't create with their software but (and this is important) they've already done that in the license for the language spec and bytecode spec. You're suggesting that they should have absolute control forever - this isn't a good thing and cannot happen. Companies would create new languages rather than be controlled by a competitor.

If you had written a new programming language and you wanted it to be popular you'd have to have few restrictions as if those restrictions are too onerous then the majority of people will never use it. Please note that writing a program is not the same as writing a programming language, one is a program and the other a specification and syntax. If you had put in restrictions then nobody would use it and nobody would care, what you can't (legally, let alone morally) do is say yeah do what you want and then tomorrow say nope, you can only create kiddie games on it. Unless your license had that unilateral ability (and remember consideration is necessary for a license to be binding) that you could change it at any time then you're stuck - most companies read the licenses and as such refuse to do business with something that has the huge risk of randomly changing at no notice.

Finally your forced licensing, er firstly this isn't assignment of copyright from the author of the program to the author of the language and secondly from your linked article "At all times, Qt was available under a commercial license that allows the development of proprietary applications without restrictions on licensing. In addition, Qt has been gradually made available under a number of increasingly free licenses." Which means that Trolltech isn't trying to take your code, hence not supporting your point, you have always been able to release any program written to take advantage of the Qt library (and this is a library not a language) and release it under any license you want - but you have to pay them for that. Which is fine since they wrote a library that saves you time, if you want to release it under a GPL license for free it appears they now have a new free version that might support that. But if you want to make money off your code using their library you have to pay.

Please note that this is different from Android in that Android doesn't use Oracle's libraries, it uses the Harmony libraries which means that Android (and therefore Google) isn't restricted on the license in the same way as if they used Oracle's libraries.

I very much doubt I'm going to convince you towards my point, and barring actual evidence the other way I'm not gonna shift, so best of luck to you!

Z.

Actually what Google did was relatively smart but not in this case creating an entirely new language.

It's quite a hack really but what happens is that you actually create your android app against stubs, completely in Java and using the desktop, free licensed version of the Java compiler, nothing here violates any copyright or patents.

Then you take your compiled Java code and re-compile it for Dalvik, so it's no longer Java and isn't running on a JVM.

Java the language isn't a computer program, quite explicitly Java is something in which you can write a computer program but it is not a program itself. Yes there are support tools such as the compiler and the JVM which allow you to execute a program written in Java but you must understand that Java is not a program. I think you're fundamentally misunderstanding how a programming language works.

Please note however that "Because Java is a "managed" language it's also a design document for a very specific piece of software, the JVM. And it's also the API "interface" (to use a term from C++) for a very extensive library." is pretty much completely incorrect.

The JVM doesn't have a design document, multiple companies produce multiple JVMs in different ways for different platforms and different instruction sets. Primarily Java consists of the language syntax and the bytecode syntax.
The Java class libraries are not fixed, nor are they solely defined by Oracle, as should be pointed out by the Harmony class libraries.

Just to repeat it: Java is the language syntax and the bytecode specification!

"What google did is to take the specification, some "chapters" (like the language spec, compiler and base API) copied verbatim, and change a few chapters in the book (mostly packaging and extended the API) so that it would apply better to cell phones. Now this is all nice and great, but like for a real book, you can't do this without the permission of the original book owner." - I suppose it would look like that from the outside, but what you're really not understanding is that it's not what it is under the covers. Since everything was written in Java on the desktop for J2SE with additional libraries nothing has been violated - except for the Dalvik VM. So things like the language spec? Doesn't matter, the reason you can use the normal tools is that it's normal Java, under the normal license on the normal compiler and without hitting the Field of Use restrictions that required it in the first place. Compiler? It's not copied, you're using the one that Sun and now Oracle ship, all that happens afterwards is that the bytecode is converted to a different language to run on a different VM. Base API? I can only assume you mean the class libraries which have been clean-room implemented in Harmony and so Oracle's IP hasn't been touched.

"There are computer languages that do not allow you to base other languages off them (in fact most commercial are like this). The big exceptions is C/C++ (and another exception getting bigger is Javascript). But most languages do not in fact allow this, things like C#, F#, Object Pascal, PL/SQL, ... do not allow you to make a new computer language based on them (in fact several Google languages explicitly forbid this, they even forbid trying to understand how they work)" - I'm pretty sure that I could write a Pascal alike language, create my own compiler and stay within the law (can't be sure I won't get sued but that's what the courts are for). I couldn't call it Pascal and I'm sure there would be minor differences but for all practical intents it would be a very similar language - and when you get down to it most languages are very similar, they have to be.

"(and remember : just because you haven't read the law or a contract doesn't mean it doesn't apply. A license = a contract)" - A license != A contract they are very different things in the eyes of the law, not reading law (which most definitely != a license) means you were negligent, not reading a contract means you were stupid if you sign that contract.

Entering into any legal agreement without reading it first is stupid, but licenses are a different matter their enforceability can be suspect depending on the license.

"But the big, current, example of a programming language that reserves copyright on every program written in it's code is FBML (facebook's extension language)." - which is weird because searching facebook I can't find this. It's a little suspicious that the courts would enforce a license that the end user cannot read and wasn't notified about, although admittedly I've not signed up to have an app authenticated so there's the possibility it's there. One thing I did find is that Facebook has released some of their code under the BSD license ( http://developers.facebook.com/blog/post/67 ) which is completely incompatible with Facebook owning everything .

Personally I don't believe it until the evidence is there, you tell a developer I own everything you do and the developer won't work for you for free. Platforms tend to be valuable because of the developers, so it's pretty much a given that you don't steal from your developers - of course if you do have any evidence please let me know :)

What it all boils down to is that it's the patents that are a problem, and whilst Oracle may detest that they don't have absolute control over Java or anything anyone does that might be related to Java they can only really use patents to harm others who don't submit.

What Google did is annoying to Oracle yes, but is it morally reprehensible? I believe not. Yes it competes with J2ME, but that doesn't make it wrong. Competition is a good thing and promotes growth and innovation (you need to stay within the law - and other than patents Dalvik appears to have), sure it's harder for any one company to gouge customers but that's kinda good for the customers.

Z.

You can't use J2SE on mobile devices (I'm pretty sure Google would have wanted to use J2SE) due to Field of Use restrictions and J2ME wasn't any good, so no choice if you wanted to use Java. Sun wouldn't open the Field of Use restrictions at all - possibly because they were making money from it but I don't know.

As far as I know Sun said it had to be J2ME on Android which wouldn't have worked, J2ME is incredibly restricted and frankly almost sufficiently different from J2SE to be a different language.

Sun could have sued - but Sun didn't want to be the bad guy. Oracle is happy to be the bad guy so there you go - which is weird, they happily piss off everyone they run across from open source developers to large companies.

Google have already opened their wallet, lawyers aren't free after all :) but barring getting rid of those patents (prior art, overly broad claims, or being found not to infringe etc) they'll probably have to pay. That said if the case goes against them I'm sure they'll appeal and if that fails or looks like it'll fail they'll settle - at least Oracle can't go for a scorched ground approach if the settlement is reasonable they've pretty much got to accept it (I think that's right).

Z.

Er?

Dalvik bytecodes are not sun bytecodes - they don't work, at all. And I suspect you're misunderstanding what verbatim means - because it certainly doesn't mean 'slightly different'.

Dalvik was written anew, not developed from a sun JVM. Although how clean-room this is as it was written is to be decided in the courts - and last I'd heard Oracle's contention that this was copied has been mostly shot down, hence the patent claims being the most talked about currently.

"Java is not public domain, and anything unique about java is protected just like the contents of a book." - Well except for the fact that writing a book does not mean you own the English language, you have some rights over expression of the language in that book and that format.

In programming the content of the book, the story is the program, the language the book is written in (say English) is the programming language ie Java. So a copyright for a particular program does NOT mean you own every program written in the same language.

You may be thinking of the class libraries because these provide 95% of the meat of Java, but of course Android uses the Harmony class libraries, something clean-room developed and currently owned by the Apache Foundation so it's not using the Sun class libraries.

Not a single programming language ever lays claim to the programs written within that language - if one ever did? then it would never be used. Why write a program in order to give it to someone else - seriously, TOS for all languages specifically state that the programs you create in that language are yours!

So to sum up, Google is only guilty of copyright infringement if (and only if) the Dalvik VM hasn't been clean-room developed correctly - it's not copyright infringement to convert from Java to another language (at any point of the compile process), nor is it copyright infringement to use the same development tools, the Dalvik bytecode is a different language to the Java bytecode.

What Android cannot (and if you'll notice - does not) do is claim that it runs Java, because field of use restrictions in the JCK and TCK prevent anything other than Java ME running on a mobile device and if a VM has not been JCK and TCK certified then it can't have the trademarked Java coffee cup or use the trademarked Java name and of course since Dalvik doesn't run Java bytecode.....

The largest part of this case is (as the previous posts mention - they are correct, you missed the point) the patents, as they are much more difficult to deal with. Copyright? Easy just develop it without ever seeing the original and you can't have copied.

Google didn't take something that didn't belong to them, yes they maimed it against the wishes of the original author (but if the author wanted to prevent this possibility all they had to do was not release it into the public), didn't use it's massive weight to outcompete the original author (seriously? If Sun had opened the Field of Use restrictions then clean-room re-implementing Java wouldn't have been necessary - Java ME was never fit for purpose).

As for the ends justifying the means? Well considering it appears about the only thing they may have done is violate some patents it's not exactly evil is it?

I could create a new language that looked the same as Java tomorrow (I'm a fast worker ;) ) and not violate any of Oracles copyrights... Patents on the other hand..

Z.

Sorry but that's really not the case. You're making an assumption that just isn't true when it comes to software development - people never reuse idea/techniques/widgets from patents because there aren't any idea/techniques/widgets in patents, only claims.

Patenting idea/technique/widget X does not mean you've helped anyone. I have my name on several patents myself and have waded through many other patents (software and hardware), what you actually have are a series of claims and that's what you infringe - the sole sop to actually having the invention in the patent is the preferred embodiment, which is really no use. It's pretty much impossible to run through a patent database and find ways to solve your problems and it certainly would take longer than just writing it yourself from scratch. Just looking for prior art to verify that you have something patentable is a nightmare and then seeing what happened to a clear valuable idea when it became written up by the patent attorneys - if I couldn't have worked back to my idea from the end result I don't know how anyone else could have.

What usually happens is that someone patented X, and someone else who faced the same problem (or similar problem, or even something else entirely but the claims on X were broad) implemented X without ever knowing about the patent, and even if they had known about the patent it wouldn't have helped - they have been made so generic and legalised that there's really no benefit to the actual code.

In software people re-invent the wheel all the time, there's no library of patented functions you can pull from and pay a fee, you don't even look because if you looked it becomes willful infringement, you couldn't find something that matched and you wouldn't get any benefit from the legalese and broad generic claims.

The concept of a patent helping innovation by spreading knowledge around is false, the most you can say is that it may help innovation by protecting ideas. The reality is (I believe) that it hurts innovation by being about who has more money.

Z.

Doesn't matter if you use an Android based phone or if you're guilty of patent violation - damages will be minimal. No possibility of 100 million damages against an individual, more like $1 as there are over 100 million devices.

Can you really imagine Oracle suing someone for $1? Or even $3 for triple damages from willful infringement?

And if they do sue you, then they can't sue the manufacturer because they're attempting to get compensation twice for the same event (or at least I believe that's the case).

Patents aren't ever (for a given value of ever, I suppose it is remotely possible) enforced against individuals, you could probably win simply thru having more money but the PR would be hideous, you'd spend more trying to get your dollar than you'd ever get back and judges would end up detesting you.

When you get down to it, other than as attempting to change the behaviour of other people you're too small to be noticed. The same is for copyright infringement, the labels aren't really making much in the way of money (other than from the people who settle) and are pissing everyone off, including the judges they're relying on. Even when they win 100k judgements they've little hope of ever getting the money unless the person literally has that money lying around or is a high earner.

Z.

You know, for a while I thought this was someone else - the language was much better.

Which kinda indicates that you're faking a lot.. What do you get out of it? I'm kinda curious. So you're trolling, do you get a secret thrill out of getting a reply?

I don't understand your motivation - this took me like 5 minutes to reply and it's amusing so I'm not being detrimentally impacted, so if you're thrilled I'm replying and wasting my time I don't quite follow.

But back to the point, a quick bit of research shows that actually diet coke has 4 calories so I suppose in theory if you drink enough you might not starve - I have to admit I prefer coke zero over diet coke, and coke zero really does have zero calories. But my original point is correct, drinking only diet coke, or only water will kill you. Neither have enough to sustain life in the medium term.

If you meant drink only diet coke with meals and you'll be dead in a year, then again I have to say you're wrong - I know people who do 99% only drink diet coke (occasional alcohol) and they're still alive after many years - like 10 or so.

Ignoring your assumption that I'm american, yes I'm highly educated - but I do have to admit that none of my subjects / courses were in how long you can live on diet coke and I have to say that any education system that dedicates time to how long you can live drinking a particular carbonated beverage probably isn't worth very much.

And finally, what does this have to do with milk or GMO crops?

I suspect you'll troll another reply, but you'll only get another bite if you're interesting enough, sorry.

Enjoy.

Z.

Seriously? I appreciate you're trolling but...

Diet coke has zero calories, therefore you won't make it very long before you starve to death, let alone all of the missing nutrients. Non-diet coke is loaded with calories so at least you will last longer..

And what has this got to do with milk? or GMO crops?

You might has well say only have water for a year - it also has zero calories, is missing a lot of vital nutrients and basically you'll starve, get scurvy and die.

Really stupid statement.

Z.

What? I appreciate that you're coming from the Apple is amazing point of view, but seriously?

http://uneasysilence.com/archive/2008/09/13445/ - PodCasting app denied because Apple wants to keep the iTunes monopoly. Not because it duplicates anything on the phone, but because it duplicates functionality on the desktop.

http://androidencyclopedia.com/android-magazine-denied-on-apple-app-store/ - Android mag app denied on the AppStore - well because it's about Android. To me it's a pretty weak argument that you're so afraid of the competition that you attempt to prevent even learning about it? It's the equivalent of security through obscurity, why not compete on merit?

A quick google search shows millions of entries for this. I won't even bother getting into the publishing 30% debacle with in-app purchases which is a transparent attempt to lock down the iPhone to Apple iBooks offering.

Apple has a clear track record of doing this, saying anything else is just lying - definitely to others and potentially to yourself.

They do control for control's sake (although admittedly this is my opinion - since I can't mind read, and neither can you this is only opinion) and they do control for direct profit.

Yes a side effect of that control is somewhat of a decent working experience, but it were control for a good working experience then they would be more transparent with it - after all you want people to know what the control is, you don't want a confusing, variable and whimsical control experience unless you're after the control for the sake of control.

A well defined process with clear steps, feedback and acknowledgement would provide you with far more efficient (and I believe more effective) control for the purpose of providing a great working experience - but that isn't what the App Store has. And feel free to say it does, but it's really really easy to come up with counter arguments.

Not for the hardware side, no - but then again you can't provide evidence that they are all bunnies and light on hardware. For me the balance of probabilities indicate that they are as controlling on the hardware side as they are on the software side. There are millions of examples of that control (and don't get me wrong - sometimes that control is a good thing) on the software side. If you can show me that Apple is really a completely different company when it comes to MFI, great (although a weird split personality there) and I'll apologise and everything - but I really don't believe you can. If you can't show me that, well then why should I give them the benefit of the doubt when they already do a lot of controlling (whimsically and in their favour) on the software side?

I'm sorry to tell you this but 'nerds and hackers' as you say it do have market influence - how much depends on too many factors to be able to calculate. But let's take a look at a few points:

1. They work at the companies building phones, tablets etc, I mean after all engineers count as nerds I suppose (not that I'm a fan of the labelling - if you want to pre-judge people before you have a clue about them, up to you but it's a good way to be wrong).
2. There are a lot of hackerspaces http://hackerspaces.org/wiki/List_of_Hacker_Spaces all over the world with more springing up all the time - and each hackerspace isn't just one person.
3. You don't have to pay for the hardware - you can make it yourself, for example already: http://www.youtube.com/watch?v=cHIN_Ylhk5o
4. Have you seen the number of different things done with the Kinect? And you think nobody tinkers with hardware at all?
5. Over 200,000 official arduino boards have been sold, and there are a lot of different clones - it's an open hardware design so anyone can build one.
6. People seem to rely a great deal on what friends recommend for devices, and if you're a technically qualified person you'll be asked about computing stuff, mobile stuff etc.
7. There are a lot of technically minded people - and from my anecdotal experience a lot of them prefer Android to iOS. Obviously this is based on the circles I travel in, but to me at least iOS is being rejected considered for a lot of business uses.
8. Barrier to entry for any hardware development company just became lower, and cheaper per piece of hardware sold.

A few things - firstly cost? it'll go down, there will be clone boards in no time and it's not that difficult to build your own. Cost a few days after mentioning it? yeah I'd expect it to be high from a limited run.

People already tinker with Arduino and many other embedded microcontrollers - this gives them an easy way to integrate with a mobile device. I don't know how many people thinking about tinkering will go Android instead of iOS, that said, I don't know anyone tinkering who's interested in the locked down iOS. I do know people who tinker who started with iOS and have converted to Android.

I'd agree that I don't expect a sudden blip of an extra 100k activations a day of people suddenly buying Android devices to use with this, I do believe that it's another plus point for the Android platform. In some cases it will make a difference.

I also believe that in the coming year we'll probably see a number of released hardware extensions for some odd and interested tasks - all those people that you don't care about, and that apparently (if your attitude is anything to go by) Apple don't care about will make things and sell them. Some might even get a popular following outside of the tinkering minded.

If this happens and it makes Apple open up their hardware a little? Great - everyone wins. If it doesn't? Well it's not the end of the world - people who want to tinker can still tinker, people who don't care still don't care.

Finally - the stats seem to show that Android phones are more popular than iPhones, I'm of the opinion that Android tablets will go the same way eventually, same with the rest of the devices. I don't believe that Apple's closed and whimsical process is better than Android's more open process and I think that people are tending to go that way.

I may be right, I may be wrong. But currently I prefer the way Android is heading to where Apple is.

Z.

You're making an assumption that isn't actually true, or at least isn't completely true. It is in Apple's interests to keep some third party manufacturers, but as with the Apple AppStore itself it isn't in Apple's interest to keep all of them - it certainly isn't in their interest to keep anyone who competes too closely with their own branded and thusly profitable peripherals. You are correct, MFI isn't a profit center for them, however the iPod, iPhone and all iDevices that use the connector and play with the MFI certified peripherials are a profit center (and Apple peripherals are also profitable for them), therefore close control of MFI and connecting to 'their' devices is what they're after.

To an extent I'd agree with you, MFI does tend to make the peripherals work well with the devices (although like anything the older peripherals are useless), but control is the purpose, not just a good working experience.

I half agree with you here, but not totally. As far as I know the situation is similar to that of the Apple AppStore, in that you're under an NDA and you can't really talk if you want to keep doing business with Apple. If you don't care about doing business, then you can risk breaking the NDA, but as there's a significant difference between hardware and software it's not likely that you'll be a straw-man that's not worth suing.

Based on Apple's tactics with the AppStore, it's more of a case of a track record than no evidence. I wouldn't be surprised to find out that Apple has done it, after-all where's the drawback for them? It's much easier to control small numbers of large players with a lot to lose than large groups of small players with nothing to lose.

In your opinion Google hasn't "upped" shit, in other people's opinions it might have - certainly it has interested me, a lot more than any hardware integration with an iDevice would do. The important point to realise with this is how many people might now tinker with Android and Arduino - people were tinkering with Arudino and Android already, and this makes it official (or at least easier for some). Now, I agree, it's unlikely that any one of these will suddenly mass-produce something, after all they're just small tinkerers. However it is very likely based on the number of people who will look into it (assuming there is a large number for a cheap, open and easy to use platform) that a lot of things that are good will come out of it. And this is where Apple may lose out, after all if you create a nifty hardware dongle, release the app into the Android Market and you're good to go - show me the speedy lifecycle of Apple hardware and apps?

Yes some of them will be rubbish, some of them won't work, a lot will be incredibly unique and useful for only a handful - but it'll be more than you'll ever get out of a iDevice unless Apple removes the barrier to entry. Show me the current crop of innovative devices that are MFI certified? There are a million different types of speaker docks and that's about it (yeah there are a few more, and some interesting ones coming up but nothing to shout about really).

Large corporations are very interested in profit, and not for doing something for the fun or interest of it, which means the higher the risk (aka the more innovative a new product is - especially because innovative doesn't mean good or popular) the less likely they are to do it. Your argument of not creating customers in a vacuum is literally a large company argument, not one because I want to create an Android controlled aircraft, boat or RepRap machine. Sometimes (as with Apple's original iPhone) you need to *create* the market - and that's where innovation matters, that's where controlling to closely hurts you and being open can help.

Here I pretty much have to agree with you - when you get down to it nobody's buying iPhones because they run on BSD and Android because they run on Linux it's about the user experience, the advertising and what you can do with it. That said, people are already flocking to Android, this gives another reason for it especially for anyone who likes hardware - and there are hackerspaces all over the world.

Honestly, if you were at home thinking you'd like to do something with electronics and a mobile device it is now easier to go with Android, and a nightmare to go with iDevices - that matters, although how much? It's something only time will tell.

Z.

I was under the impression that there was more changes in the route due to congestion, loading etc... I don't run a router so I have no first-hand information detailing this but I can see it both ways. I agree there's going to be a most likely path and barring loading and failures this would probably remain fairly static, I don't know how much the loading changes the route on a minute to minute basis, certainly I've seen routes change, but...?

Sorry that wasn't what I meant (and forgive the typo), I meant that it is far more likely that an internet router will be maintain / logged than a home machine. The chances of discovery of the hack would appear (to me at least) to be higher on a maintained piece of hardware rather than the unmaintained home system.

You have a point, I'd not considered that you wouldn't need to be there, although I'm not convinced that the cable networks have such modems around that will happily pretend to be someone else's IP. They might do, but it seems really stupid, I had assumed that you would require physical access to the cable modem to manage it.

This is where we need to differ on opinion, I don't believe that IP spoofing really happens, but if it does happen then I think it's a much much smaller possibility than the likelihood of someone wardriving and getting your IP in a bad place that way.

Either way, if your IP shows up on a kiddie porn server and that server gets raided then you're going to have your equipment searched no matter what. If nothing shows up at all you'll get it back and be ok, if something shows up you're in trouble. I agree that IP spoofing is a lower order probability which means it will be less likely in a defence, however I think that the possibility that an open wifi will land you in trouble is orders of magnitude higher.

Finally, since you know approximately what you're talking about (and will be classed as a techie in court) you're probably not going to be able to get away with an open wifi defence - the usual 'I don't understand' defence may not look so good... Saying you believe in free wifi, and don't mind sharing is a possible, but then you also may have been doing that to provide plausible deniability to your nefarious activities - and so may not be as good a defence as you believe.

Z.

I think I made a mistake mentioning "Oh yeah, there is another way - they could be downloading it to your system (and then back out) using your system as a relay, but that relies on them compromising your system, something you can defend against and notice."

This isn't really IP spoofing, but in my defense I was in a rush :) It's not IP spoofing because it's going to the right IP... You're simply installing malware on the target system and bouncing it out again, and actually computer viruses have been used as defenses against computer charges.

The reason the incriminating bits are seen on your connection is that they're travelling over your connection. But that's something of a myth. You aren't going to have deep packet inspection most internet connections, and certainly not historical data - there's just too much of it.

Firstly if they do succeed in spoofing your IP address then your ISP in most cases won't log the inbound / outbound traffic as they won't see it - which means your ISP can't be the source of the legal queries. Which means it's from an external website, most likely when they get the logs of a criminal site they've managed to shut down (or honey-netted) which means they definitely don't have deep packet inspection for it.

"The point, made several times above, is that secure wireless, isn't very secure." - that wasn't my point (nor was I disagreeing with it), nor was it what I was responding to.

I was responding to a comment that said you should have an open wireless AP in order to provide additional doubt onto any conviction from IP spoofing. Being that I've not yet heard of widespread (or more than just a theoretical exercise) IP spoofing and I can see a lot of problems with it, it would seem that it's foolish to open a wireless AP in order to protect yourself from IP spoofing. Considering that there are events in the field that show that having an open wifi AP can land you in trouble.

The likely incidence of IP spoofing is much much less than the likely incidence of illegal behaviour on an open wifi AP. Which means you'll get a lot more hassle from the open wifi than from the IP spoofing.

I think what my point really boils down it is the oddity that people seem to think that a single IP address record on a suspect server is sufficient evidence to convict - the reason they take all your computing gear is because they have 'reasonable suspicion' that you committed the crime and are now looking for evidence in order to secure a conviction. If they don't find evidence (and they're honest etc) then you'll be fine. The event itself is low-order probability and then having it compounded with a bad enough defence and a clueless enough judge to be convicted isn't really worth worrying about.

There may be points about the court of public opinion, but as for actual conviction if you are innocent? Very very unlikely, and it's far more likely that you'll be convicted from an open wifi than from someone spoofing your IP.

Z.

Yes and no...

You aren't guaranteed to get the same return path for the same set of packets - the dynamic nature of the net means that there are variations and the route tends to change over time. It's gotta be annoying for the people downing the kiddie porn to have their session interrupted because the packets took a different route now and then - also it ups the risk of being caught. The failures may be recorded on the source server and the traffic may get noticed.

Granted if you're lucky and get the router that the traffic always gets too it's fine, of course you've now hacked a piece of maintain machinery, far more than the usual home machine so it's more of a risk that you'll be caught...

As for cable segments? Depends on the topology, the technology and it ups the risk if you have a physical constraint to your location.

As far as I'm aware, when it comes to things like downloading kiddie porn or whatever they're trying to prosecute you for I don't think they can just throw you in prison because of a IP address log. They certainly can come and arrest you, and confiscate your computers and search for anything dodgy but you're likely to avoid jail as without additional evidence of wrong-doing it won't be enough to convict... Hence why they take all your devices in the first place.

If they believe you have been spoofed then they may take a closer look at the things around you, such as the people on the same cable loop, or as they know the source server and the routers it passes through they may be able to work out where it was intercepted.

I've no idea how savvy the cops are and if they'll keep searching once they can't pin it on you (or mebbe just keep trying to pin it on you) but it's difficult to reliably and without trace spoof your IP.

Maybe it's really common - but I've never heard of an instance of it.

Z.

Just so I understand - how exactly does someone spoof your IP address?

I mean if they're getting your IP address from the server logs on a kiddie porn server then the data was going to your machine. That's the way TCP/IP works - the IP address that the server has is the IP it's talking to.

If they spoof your IP, then the opening handshake will fail, because it's going to your router which is throwing it away as being rubbish. No session opened, no entries in the router's table, it's going to get blocked.

If someone wants to download kiddie porn (and I'm ignoring DDoS as 'breaking the law' as the 'sender' IPs are rarely real, or they're zombies plus the most they get is you disconnected) then they need to get the packets back, which means they need to have a route not just pushing it to you.

About the only way they can do that is to either get your IP when you don't have it (ie the ISP cycles around the IP addresses you have so someone else has yours), or they manage to hack all the routers coming from the kiddie porn site so that all packets route to somewhere else - not exactly your common garden script kiddie hack.

Oh yeah, there is another way - they could be downloading it to your system (and then back out) using your system as a relay, but that relies on them compromising your system, something you can defend against and notice.

It is much more likely that someone will use your open wifi point than they will pick your IP address and without you (or someone else) noticing manage to redirect it.

Z.

Not sure what your point is, mainly because your example doesn't make any sense.

Your comparison appears to be that telling the truth ("The ads that you're all hating are the things that are paying for the content you want to view.") vs lying to incite a (presumably negative) response ("calling the Pope a gynophobic Nazi paedophile-protector") is somehow the same?

If I'd gone to the Vatican website and called the Pope that, then obviously I would be trolling and attempting to start a flame-war. Whereas all I did was tell the truth (granted as I see it, but I've seen no evidence to the contrary) in discussion about flash (and specifically how bad flash is because of the uses of it).

However saying it on slashdot? I don't know about you but I prefer the intelligent (yes I know bits of slashdot aren't, but significant bits are) conversation on here, where I might actually learn something and I have to say I really don't know what you'll learn from deluding yourself. Granted I tend to define learning as learning new beneficial skills, or information etc. I don't really consider it 'learning' if what you've learnt isn't correct, or at least approximately correct.

Denying that ads do pay for content on a site that is partially funded by advertising revenue is a little odd. It may be unpleasant but it's still true, and you can only change things for the better (other than blind chance) if you start from what's true not just what you want to be true.

Z.

P.S. Quite like the sig :)