Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Wonderful (Score 1) 154

Again, it seems we basically agree on this one in principle, but again, I'm perhaps a little wary in practice. When we start talking about regulating software development, and so recognising accepted good practice in some way, that implies that there is someone qualified to judge what good practices actually are and some reasonable basis for determining what the regulations should be. My personal view is that I'm optimistic about the future but we're not there yet.

In particular, suppose we tried to move in that direction tomorrow, or maybe we even went as far as making software development a proper engineering discipline and a licensed profession. I think the kind of people who would find their way into the influential regulatory positions probably would not be the people who were actually best qualified to advise on such issues, not least because they're busy building useful software. Instead, I think you'd get the dreaded consultants -- not the legitimate ones who really do have wide experience and now make a living sharing it to help others, but the ones who are more politician than engineer, engaging speakers and writers, always quick to tell others how they should write software, yet typically having built relatively little of their own and having little actual data to support their recommendations. (I have this vision in my head now of some Extreme Agile Craftsmanship Consultant telling guys who have been writing security-sensitive networking stacks for 30 years how in future they should TDD their way to the basic functionality and then add "security" on later, and as long as the tests are still passing they can just ship right away.)

This isn't to say that the underlying problem is not serious. The idea that everything should be connected and the idea that security and privacy concerns are being adequately addressed by today's market is a terrifying and potentially extremely dangerous combination. As a geek, I'm able to protect myself and my family to some extent by avoiding a lot of the junk, but obviously most people don't have that advantage and general public awareness of the real implications of these modern trends is still disturbingly low.

I wonder whether a useful way forward in the near future would be some sort of voluntary endorsement system to help raise that public awareness. You don't have to absolutely require following lots of specific regulations, but maybe those who can demonstrate that they at least meet some basic, uncontroversial standards get to label their products with some sort of reserved mark, and then maybe customers start asking why some other product doesn't come with, say, a money-back guarantee and extra compensation in the event of certain bad things happening.

Comment Re:Wonderful (Score 1) 154

Yes, I agree with pretty much everything you're saying. I also think it's important to distinguish a theoretical benefit, where it's possible to conduct such a review and possibly to fix problems yourself, from a practical benefit, where someone actually has the time and skills to do that or the time and money to get someone else to do it.

Comment Re:Sledgehammer approach. (Score 2) 163

Actually, if someone sells insecure crap that subsequently gets hacked and stops working as a result, in a lot of places that's going to be considered unfit for purpose or the legal equivalent and therefore entitle the owner to some sort of refund or other remedy at the vendor's expense. While I don't condone the vigilante aspect here, it might prove to be quite effective at highlighting how poor the state of security is in the IoT industry and forcing manufacturers of these devices not to cheap out so much.

Comment Re:Wonderful (Score 1) 154

The trouble is, we don't know how to make bug-free, perfectly secure software and hardware yet. Requiring the SoC manufacturers to meet a practically impossible standard isn't going to put prices up "a bit", it's going to increase them dramatically, and it's still not going to solve the problem, it's just going to make the luckier insurance companies underwriting those manufacturers a bit richer.

If the idea of better regulation is going to go anywhere useful, it has to push manufacturers and those along the supply chain towards an achievable better position, and it has to do so with a cost that is commercially viable. I'm not sure that's what some of the people posting in this discussion are asking for.

Comment Re:Wonderful (Score 4, Interesting) 154

This sort of argument gets made every time there is a breach in any proprietary system, but where exactly are you going to find these "security professionals" to carry out detailed audits on entire firmware systems every time someone released a new product? Who's going to pay their bill? What good is a fix from a SoC manufacturer if the suppliers of devices incorporating those SoCs or the networks reselling them don't then supply an OTA update in a timely and secure fashion?

The idea that enough eyes make all bugs shallow might be one of the most dangerous fallacies in computing today, but even if it were true, it would still only be the first step to fixing a problem like this.

Comment Re:For lawyers, by lawyers (Score 1) 194

I've no reason to doubt your description of your own experiences. As you say, we're talking anecdotally here. I'm just saying that's not always how things work out.

I suspect in our case the issue might be that the uploader was themselves taking the material down some time after we filed the notices but before YouTube got around to acting on them, so by the time our notices got processed we just received another standard form message about the content having been removed already. That's all well and good, the content was down either way, but it doesn't stop thousands of people from watching it on this person's YouTube channel and in some cases apparently thinking they made it as well instead of finding an authorised source run by the original creators, and it doesn't stop us having to spend a lot of time filing notice after notice when stuff went back up again. YouTube's system seems to be completely incapable of dealing with this, and I really see no justification at all for a heavily automated system like theirs taking multiple days to act on a properly submitted takedown notice, but maybe this is why our experiences have differed.

As for removing safe harbour provisions being an existential threat to sites like YouTube, I'm not sure I have a problem with that. YouTube isn't actually creating the content people enjoy there, it's just making a lot of money from hosting it, which is a secondary service that could certainly be replaced in a variety of ways, some of which might work better. If nothing else, not so many years ago, when the Internet was more decentralised, people just ran their own web sites and blogs and email and so on, using their own ISPs as hosts. Given all the advances in related areas since then I don't see why a similarly decentralised approach couldn't work today, and I suspect the online world might be a much nicer place without so much power and so little accountability being concentrated with a tiny number of hosting services like YouTube and Facebook. After all, if any normal person is hosting infringing content on their site, there is no magic law to protect them, and yet the Internet still became perhaps the greatest information sharing and communication tool in history.

Comment Re:My how have the tables turned (Score 1) 194

The fourth group doesn't exist if things are done right.

It really does. An existence proof is that I've seen people rip material and then offer it with their own branding applied from their own source(s), and I've then seen other people who have supported that (including financially) and whose public comments make it obvious that they think they're supporting the original creators of the work. Those people liked the work and demonstrably were willing to support it financially in whatever way, they were just unknowingly supporting the wrong person.

Are you certain you're seeing the same account put your music back up after you have it taken down, over and over, more than three times?

Yes (though it wasn't music in our case).

In the most recent incident, it was unmistakably our content, right up to the point of sometimes forgetting to remove our URLs from videos and the like while slapping the infringer's own channel branding all over it. It was posted by the exact same account, along with obvious infringements of various other people's work. In some cases it was even removed and then the exact same content reposted a few days later by the same account.

We filed DMCA requests against each infringing video for a few days, and then eventually sent a separate email to YouTube pointing out the persistent infringement and that we had already filed numerous separate takedown notices against that account. This went back and forth a couple of times, but the bottom line was whoever was replying didn't even seem to be reading the basic details we were sending, and we were just getting fobbed off with form content about needing to submit a proper takedown notice and being directed back to the same takedown notice page that we'd already been using and had told them we'd already been using. At no point did they even seem to acknowledge being informed about the ongoing and repeated infringement or understand that notifying them of this was the purpose of our separate email.

I can't speak about anyone else's experiences here. I'm just offering a data point that we have followed these processes very recently, and found them to be totally ineffective. We actually got results by taking action directly against the infringer, who apparently subsequently pulled the content from YouTube voluntarily before YT's staff did anything about it (but still a considerable time after the original takedown notices were submitted). It's hard for me to see how YouTube's actions would have qualified as either acting reasonably quickly to remove material after receiving a proper takedown notice under the DMCA or meeting their obligation under the same law to deal with persistent infringement.

Apparently your experience and ours have been wildly different. Maybe it was different timing, or because you were talking about music and we were talking about other types of video, or just that you got the diligent agent and we got the guy phoning it in. Whatever the cause, the bottom line is that their system apparently did absolutely nothing to protect or help us in that case.

Comment Re:My how have the tables turned (Score 1) 194

Even if YouTube did go away, who is to say that would be a bad thing and it wouldn't naturally be replaced by something different and perhaps better? We take a lot in the technology world for granted because once, often long ago, it somehow won and became the default way of doing things. That doesn't necessarily mean it was or remains the best or even a good way of doing things, particularly if after the incumbent had become established the barriers to something else developing became high. Personally I think the centralisation of the Internet in recent years, and the disproportionate and largely unearned influence it gives to a few big hosting services and gatekeepers, is a prime example of this.

Comment Re:My how have the tables turned (Score 1) 194

The only thing that can tip that balance is either some kind of revolution or collective bargaining (which I could totally get behind) OR legislation.

Well, a review of the principles underlying IP regulation/legislation does seem long overdue. Intellectual property rights in their current form often are not creating effective competitive markets, which is their raison d'être. The most important players in the creative markets are the creators and the consumers/society, yet current incentives are mostly directed towards the middleman services. Given that those services are provided to creators, if competition were functioning effectively, this would be driving compensation for creators up and margins in the services down, but often that does not seem to be happening.

The economics of creative industries are complex at the best of times, and maybe the legal frameworks we've relied on in the past just don't do a very good job any more with the possibilities created by modern technologies and communications channels. But in that case, they should be changed, and IMHO that change should go back to first principles and start with how (and indeed how much) we want to incentivize the creation and distribution of new works for the benefit of society. The legal and regulatory landscape should be dictated by that underlying policy. The scope for any secondary services and how much of any money moving around they ultimately receive should in turn follow naturally from whatever best promotes the original goal.

Comment Re:My how have the tables turned (Score 1) 194

Would it be fair for /. to be on the hook if I cut paste a copyrighted work here?

If you did it once, and when informed of the problem they promptly removed it, perhaps not. I don't think it's a clear-cut issue, but there are obvious costs to having every piece of hosted third party content potentially incur liability, and it may be that the net benefits to society of making it easier to run a hosting service do outweigh the costs.

If there was a pattern of you doing it, and they were aware of that pattern, and they didn't then do something reasonable about it, I think that's a different question and potentially the cost/benefit ratio of allowing that practice is also different.

If they actively built a business out of that kind of infringement, such infringement continues to be widespread and conducted by large numbers of their users, it is reasonable to assume they are well aware of this, and they continue to make lots of money from it? That's a different question again.

Comment Re:My how have the tables turned (Score 1) 194

But you missed a fourth group, which is the people who enjoy your novel and would have been happy to pay for it if they'd found a legitimate source first, but who actually found it somewhere else and maybe even paid the unauthorised source for it instead of you.

As someone else doing relatively small-scale creative business, I can testify that this group can be a significant one, and I both sympathise and empathise with the situation that sneakyimp has described in terms of watching people ripping your stuff on YouTube and finding them hiding behind the safe harbour provisions even when it is clearly an ongoing problem and you have made them well aware of it.

I'll add a little from personal experience. Under the DMCA and similar laws, safe harbour is rarely an absolute protection, and typically those appealing to it are still expected to have some mechanism for dealing with persistent infringement, such as stopping the account of the infringer. In our experience, YouTube have shown no willingness to do this, and any attempt to contact them about it at their published email address for such matters just gets something boilerplatey back that directs you to their online form for filing a single DMCA complaint... again. Perhaps when they're dealing with anyone big enough that they are likely to take real action and have the resources to do it, YouTube follow other processes, but from a legal point of view it looks like they would have forfeited their safe harbour protection in a case like ours if we'd wanted to make a point of it.

Comment Re:My how have the tables turned (Score 1) 194

That solves the entire problem of Youtube being a piracy haven, by letting the RIAA get 100% of the revenue instead of the shitlord pirates.

And replaces it with a system where YouTube gets to profit off the entire RIAA back catalogue yet also to dictate to the rightsholders how much it's generously going to pay them for the privilege through ad rates it unilaterally controls. This isn't how copyright was supposed to work. In fact, it is the very antithesis of how copyright was supposed to work, and since the primary reason to have copyright at all is to generate economic incentives in creative markets analogous to markets for physical goods, I'm not sure this alternative makes much sense. If you wanted to go in that general direction, I think you'd be better off with a compulsory licensing regime and royalty rates that are determined by a state regulator and known up-front by all participants in the system.

Comment Re:Amber Rudd is dim (Score 1) 360

For me, the most disappointing thing in the whole debate is how poor the media are at challenging these ideas when our political classes come up with them. I've seen several interviews and panel discussions in recent months where even the presenters or "expert" guests essentially start from the premise that yes, obviously we have to do these things to keep everyone safe, and then spend the next several minutes bike-shedding instead of exploring the big issues. Just once, I would like a high-profile, well-regarded political journalist to have some idea about the real implications of these technologies and how they are used, and to push back at least a little against the idea that you can just magically set up communications systems to allow government monitoring without any downsides.

Comment Re:Digital Rights? (Score 1) 260

OK, but with the gaming examples you're talking about (a) a DRM system that was obviously broken and (b) DRM applied to something where you bought a permanent copy. I have much less sympathy for the content provider in those situations, and if they wind up having to refund a lot of people's money because they shipped a broken product then I still won't have much sympathy for them.

The opposite side is when you have DRM protecting a service like PPV or Netflix where you know you're not buying a permanent copy, and most people will just fire up the player and enjoy the show without ever knowing the DRM is even there. In that case, the DRM is transparent to legitimate viewers, but some form of protection is reasonable to prevent casual infringement.

As I've said throughout, there has to be a balance. DRM that breaks stuff is bad, and people who supply broken products should make good on the damage to their customers. But DRM also makes it practical to follow new and useful business models that can benefit everyone involved.

Slashdot Top Deals

I haven't lost my mind -- it's backed up on tape somewhere.