Ltlw0lf's Favorite Techdirt Posts of the Week
from the huffing-and-puffing dept
This week’s posts ran the gamut from the evils of DMCA/ACTA/TPP, to computer security issues, to the government’s effort to pass draconian treaties which are most likely binding even when the government says they aren’t, to cheap computers that will revolutionize the world. There is always a lot of good stuff on Techdirt to talk about.
One of my most favorite posts this week would have to have been the article about how Hollywood would like to see us space-shift DVDs by forcing us to take the DVD to a store to convert into a file for use in our non-DVD capable devices. They appear to be hoping that by offering this capability, they will head off the consumer groups out there who are trying to get the Librarian of Congress to allow ripping of DVDs as an exception to the DMCA’s anti-circumvention provision.
It also outlines something that many of us here say regularly in the comments; that the gatekeepers are so used to holding all the cards, abusing their producers and customers alike with one-sided contracts, DRM, and onerous regulations and they really don’t want to change. And neither do their customers, who will continue ripping the DVDs themselves, violating the anti-circumvention provision of the DMCA because it is easier and more effective than any legitimate alternative Hollywood has provided. And of course, we are talking about space-shifting, which was a legally protected activity until DMCA made it illegal only if the material was encrypted to protect copyright.
The gatekeepers won’t be successful in this effort until they can control
software distribution all over the world and outlaw computers which can be
modified by the user, and I just can’t see this happening in a post-SOPA world,
no matter how much the gatekeepers would like to believe that the SOPA backlash
was a one-off event caused by “misinformation” and “undemocratic” processes.
Something that most of those who participated in the anti-SOPA demonstrations
felt pretty much summed up the actions of those behind SOPA with the backroom
deals, the laws for sale, regulatory capture, and the efforts to discredit those
behind the anti-SOPA demonstrations as lapdogs for Google.
And of course, we have the EFF fighting against companies sending out automated bogus DMCA takedowns for things they have no legal right taking down. Hopefully someone will bring some sanity to this problem – but I am not holding my breath. I used to think DMCA was an army where SOPA was a nuclear holocaust. But now it looks like the DMCA is an army with nuclear bombs – placing them somewhat indiscriminately and with no concern of legality or collateral effects. At some point, like everything else, it will backfire on the gatekeepers, as we have seen recently where two gatekeepers sue each other over the public domain or over trademarks. Someone is going to issue a takedown for another gatekeeper, and the nuclear armageddon will begin. Especially with automation, where companies really aren’t checking the results to assure that the results are correct but which does not appear to be happening in these cases (every engineer/scientist learns early on in their career to check the results.)
Moving on, this week saw a couple posts on computer security issues. We had the post on how the University of Michigan hacked the online voting system that was placed online specifically for the public to test the functionality and security of the system. We have to commend OSDV and Washington D.C. for doing the right thing and putting the system online to be tested. And the University of Michigan (and the others) who tested the system to its fullest and made the results available. This effort will make the system more secure, if they take what they learn and fix the problems and don’t introduce new ones. We know that many of the problems discovered here also exist in the closed source voting systems, and this is precisely why those closed source systems are so hard to trust.
On a lighter note, we have the post
on the Raspberry Pi, and how it could be a big problem for oppressive regimes.
So many people were excited about the product that they crashed the server.
Having cheap and small devices which run open source operating systems and
applications can make things far more difficult for countries and gatekeepers who
want to control how everyone uses their computers. Having less devices to worry
about securing, and tailoring the 20W $25 PCs to replace the 650W $500 Desktop PC
will have a better effect on the environment. Now if they can get the computer
to fit into an Altoids tin, that would be awesome.
And finally, something I found to be surprising, is that teaching styles of teachers are much more of a distraction then computers in the classroom. I didn’t have a laptop with me in school until I was in my senior year in college, and that was only on a special occasion. However, it makes sense, as I find I am most efficient when I allow myself a couple short opportunities to visit Techdirt. Though if my boss is reading, I am multi-tasking and I am blocked waiting for the tasks to finish.
Comments on “Ltlw0lf's Favorite Techdirt Posts of the Week”
This effort will make the system more secure, if they take what they learn and fix the problems and don’t introduce new ones. (in reference to a voting system)
There are two serious problems with that statement.
First, it’s ridiculously optimistic.
Second, it endorses a methodology that it well-known to guarantee failure: penetrate-and-patch, as explained by
Marcus Ranum here, where it’s #3 on his list of the six dumbest ideas in computer security.
You CANNOT design and build a secure voting system, or anything even remotely close to one, by launching something riddled with fundamental conceptual errors and then iteratively “fixing it” until you decide that you’ve done enough. That approach is a failure the moment you start; it only remains, as they say, as an exercise for the reader to catalog the full extent and nature of the failure.
I would never replace my PC with that dinky thing. It’s not powerful enough to run any of my games, and it couldn’t run them even if it was.
Re:
I’m pretty sure that those machines and their problems have been around since 2000. I’m willing to bet that they won’t be fixed by election time. It’s a waste of time and money that these things come out and people can hack them far more quickly than the problems solved.
JAy bob
This effort will make the system more secure, if they take what they learn and fix the problems and don’t introduce new ones. (in reference to a voting system)
There are two serious problems with that statement.
First, it’s ridiculously optimistic.
Second, it endorses a methodology that it well-known to guarantee failure: penetrate-and-patch, as explained by
Marcus Ranum here, where it’s #3 on his list of the six dumbest ideas in computer security.
JAy bob
4 things not mentioned during the announcement of the new iPad
http://huntall.com/4-mentioned-announcement-ipad
Re:
You CANNOT design and build a secure voting system, or anything even remotely close to one,
Stop right there – you’ve got it.
Re:
Does government ever act quickly to do anything in the public interest?
I see them act quickly when it comes to protecting corporate profits in exchange for corporate favors (campaign contributions and the revolving door) and when it comes to fabricating revenue generation scams (ie: frivolous parking laws, crazy penalties for a million violations that shouldn’t be illegal like not reporting foreign income on your tax returns, among others), but when it comes to serving the public interest …
Re:
I think most everyone acknowledges this, but our current voting system has its security flaws nonetheless.
I think the point is that, with a well implemented end to end user verified voting system that uses cryptography, what we can design can be better than what we currently have. Will it ever be perfect? No. Will it have flaws? Sure. But at least the public can better audit any flaws(???) and security weakness, seek improvements, and create a system better than what we currently have.
Saying that a proposed system has flaws is meaningless if it’s not being compared to our current system. The way our current system works is I vote and I have no way to audit what the heck happened to my vote. For all I know, someone may have thrown it in the trash while no one was looking and how would I know?
Re:
interesting, +1
Re:
i dont think its for a main pc, its for education and “hacking community”, im going to use it for a home theater pc
Re:
1. As I’ve said repeatedly here: the most secure available system is pencil and paper. Low-tech, tedious, onerous, slow- — and very hard to hack successfully.
2. Auditing is a much harder problem than it might appear to be on the surface. After all: if you can prove to yourself that you voted for X, then you can also prove that to someone who is standing next to you. If you can prove that to someone standing next to you, then you not only can sell your vote to that someone, you can PROVE that you voted as they asked, which means it’s now worth the effort on their part to buy your vote. (Conversely: if you can’t prove to yourself that you voted for X, then you can’t prove it to them, and since you can’t prove it to them, their motivation to pay you…or blackmail you…drops abruptly.)
I’m not saying auditing is an unsolvable problem: I’m saying that it’s hard, even on a theoretical level. And when the implementation issues are added to that mix (e.g., buggy code, attackers, system failures, etc.) it really is much more difficult than it initially appears.
Re:
First, it is ridiculously optimistic.
Never thought I’d be accused of that — thanks.
Second, it endorses a methodology that it well-known to guarantee failure
I agree, however considering that no other vendor has done this — it somewhat proves what you say — but in this case we know the vulnerabilities while on the other side, everyone but the vendor and the government knows the flaws and they think the system is secure.
Re:
I would never replace my PC with that dinky thing. It’s not powerful enough to run any of my games, and it couldn’t run them even if it was.
I deleted that part in my script, but I’d never suggest getting rid of the big PC for a majority of my work, but I don’t need 10 large PCs…I could have one large one and one or two small ones.
Re:
“1. As I’ve said repeatedly here: the most secure available system is pencil and paper. Low-tech, tedious, onerous, slow- — and very hard to hack successfully. “
If you believe that then you are naive. There have been all sorts of instances where more voters voted than the number of existing registered voters, I remember (though I can’t find it) an instance of someone being pulled over by a cop for speeding and in the back of his car was a bunch of votes, there have been instances of dead people voting, etc… The list goes on and on.
Paper voting is only as secure as the flaws and intentional nefarious actions of those conducing the election. When I vote, my vote goes into a black box and I have no way to audit it at all. I have no idea what happened to my vote after it gets submitted or how to audit it, I have to just trust other people, flawed people (people tend to make more mistakes than computers) who may also act and conspire nefariously.
“After all: if you can prove to yourself that you voted for X, then you can also prove that to someone who is standing next to you.”
The cryptographic community, who has spent many years (if not decades) working on this problem, has pretty much concluded, unanimously, that this is not true in theory. Just because you may not understand how these cryptographic systems could work doesn’t make them any more subject to voter buyout.
That’s the whole reason these are cryptographic systems, if we didn’t want to conceal who we voted for then we can just do what other countries have done in the past and have an open system where your vote is both verifiable and openly transparent. Statistics show that this tends to change voter turnout. The point of introducing cryptography is to prevent this. Can it have flaws? Sure, someone can take their camera phone and video tape who they voted for. They can do that now too.
http://www.youtube.com/watch?v=ZDnShu5V99s
Re:
Remember, there is merely one party running everything in Congress. You want representatives? I’d say flush them all out. Then take the money out of Congress. Then make electoral reform a necessity. No, this does not mean vote all Democrat nor all Republican. If you vote all Democrat, SOPA will be passed next year. Focus on the politics, get everyone to vote for people that have middle class issues, then get electoral reform on the ballot.
Re:
Now, I completely agree that there should be a paper trail attached to each vote so that we can cross check digital votes with paper votes and make sure they are consistent. Such is often implemented as a part of these cryptographic systems as well.
Re:
Here I disagree.
If you want security you will need to learn, that means failing and that means and endless cycle of making something and reworking it until we find out how it works and how all fit together.
There are many things I can’t see a solution to, but somebody may be able to come up with something that makes it work, so experimenting is a good thing, not being afraid of failure is a good thing for progress and innovation.
Re:
Here is my naive proposal for a more secure voting system:
For cases of ballot stuffing: e-voting machines should send their data to more than one place dispersed geographically and voters should be given a encrypted key to use that to see how their vote is being counted and be able to report problems.
I’m assuming that problems will always occur, but like in manufacturing is not important to eliminate 100% of the problems but how to fix 100% of them after they occur, it is impossible to keep determined people from modifying something, but it is possible to spot and correct those instances.
Re:
1. Nope is not, as a young lad I worked as a ballot watcher once and people where bringing in stuffed ballots and replacing them for new ones in the backroom, there was no way for people to check what they did and so this happened and if you complained you was kicked out of the building, another form was to pay the people who counted the votes or put people who would just modify the counting and this things were not done by parties they were done by local influential people who wanted their horses to win and so they did, pencil and paper are not hard to cheat, of course this was in the 80’s, but still happens. Technology gives us the chance to make it a little more harder to do that today, by creating secure channels that could send the same data to multiple places and for the first time give each voter a means to check if their vote was counted correctly, it creates others problems though, like bogus claims of wrong doing and how to assert that what a person said.
2. Personal corruption is not a problem for election equipment there is nothing one can do against that and that is a fact, coercion on the other hand could really be a problem, like bosses telling people how to vote and if they don’t show up with the proof they lose their jobs, paying people is not that much of a problem because it quickly becomes very expensive to do so, it can easily cost billions of dollars to successfully buy all the votes needed so that is not a real problem unless the number of people voting is very small.
It is impossible to secure anything, we trust the system and the appearance of security is important for that trust to be maintained otherwise we would be revolting instead of voting so we devise mechanism to check that system and catch instances, we may not be able to secure something 100%(that is impossible) but we can make detection and correction more stronger and that only will happen with new technologies not old ones. A boss threatening its employees if they don’t show how they voted can be dealt by public outcry and the legal system but that depends on a news source(any source new or old) that people can trust and a trusted legal system, to evade lessen the effects of collusion, votes should be sent to multiple points over secure channels, when the access to the machines is compromised voters should be able to check how their votes are being counted and complain about irregularities, so redundancy is key in reducing that risk, people should vote on the e-voting machine and being given access to a secure channel where they can confirm who they voted for, so even if the machines in themselves at some location can be successfully compromised there is a control against which people can check against and if necessary redo the process with greater scrutiny on the whole process.
Re:
For only one I would never replace my desktop but at $35 a pop I could get roughly 30 of those for $1000 and get a supercomputer on the cheap. for the price of a high end PC I could get a hundred of those and have a powerful PC farm.
Instead of having to wait days for calculations and renderings it would be done in minutes.
For house automation those are just glorious, one PC per room in the house, custom build network firewalls that cost thousands can be done by those, routing.
Other uses are HTPC’s, controllers for other devices like CNC machines, Reflow soldering from home ovens controlled by them.
Re:
Quote:
I don’t know about that, nature despite the high rate of failure(north of 90%) seems to be doing well using that same exact approach.
Thinking about it, that is the exact same approach we always use and if anything is a constant is that we make things, they fail and we remake them.
Can you imagine DaVinci giving up his flying dreams, his robotic machines because they were not perfect?
Now if you said we should give up the current crop of e-voting machine manufacturers, then we could agree, but giving up a true and tried process that is the one thing that moves us forward seems a bit harsh.
Re:
You think it won’t if people vote all Republican? Please. It’s all six of one, half a dozen of the other. Until there is real reform we have to keep them in balance, and keep the public interested so that they know who holds the real power.
the 20W $25 PCs
Actually, from what they were saying, the power consumption is about 3.5 watts for the deluxe Model B, and 2.5 watts for the Model A. The A now comes with 256 megs of RAM, however, and thus might be a little higher than when they last mentioned those numbers.
Overall, they’re supposed to be about equivalent to a Pentium II 300, with way stronger video hardware. That’s slow enough that you have to pay attention to how much CPU power things need, but you can do a HELL of a lot with that much horsepower… especially when one of the bits of heaviest lifting that CPUs do, video decoding, is all offloaded to the GPU on the RPis.
You’re not going to want one as a non-linear video editor, but you could easily run office or server software on something like that. You just need to avoid software that expects you to have gigs of RAM. The 256 meg limit is likely to be the real bottleneck on those systems.
Warner Brothers Twisted Logic
Warner Brothers is making the case that they are not liable for bogus take-down request because it was a human that made the error not a human.
I could create an automated system that scours the Internet looking for Warner Brothers movies and when it detects one it will automatically download it. Using Warner Brothers logic I would not be responsible for the infringing because it was a computer that did the downloading not a human.
Warner Brothers Twisted Logic ~ CORRECTION
A computer made the error not a human
Re:
Real reform only will occur when people start doing politics in a different way.
Today you elect those people without anything, you just trust them and have nothing to hold them accountable for.
More organized people noticed that already and give them ready made laws and requests, the people don’t do that, we are used as cattle to produce the outcomes that those other more organized ones want, to change that politics must happen at the public level, where everyone who wants to get involved can do so and that means drafting laws and regulations, finding consensus or building it and only then electing any dumbass to office.
The only thing the public has in its favor is their sheer numbers, it was difficult to organize that in the past, that is not a problem anymore, millions can be find a common place to discuss and debate and find solutions to problems, what is needed now is just a trusted platform and some guidance from people who usually do those things although the guidance is not needed.
When people start doing that, others will start planing how to undermine that power, but to do so also undermine theirs.
Re:
… i suspect that was the point, with the possibility that it might take a little longer with the republicans because of the other things they’d be doing upon taking control.
that or he just forgot to include that line.
Re:
the solution to ballot stuffing here seems to be to have observers from multiple parties in the room at all times and have the boxes the votes go in sitting right out in the open in the middle of the room where everyone can see the damn things.
also, to have enough boxes that there is never any need to swap them. add in voters wandering in and out all day and, while not impossible, it does become difficult to do.
(also, one is Registering to vote is compulsory, though actually voting is not, so there is a List of everyone who can vote in a given electorate, and if you’re not on that list you don’t get to. also, if your name is checked off at multiple polling stations i’m pretty sure your vote is tossed. when you go to vote, they fill out your name and number on the top of the sheet on their pad of voting papers, then tear off the ballot paper itself and give it to you to go vote with. i believe the two bits of paper have corresponding numbers on them, but i’m not sure. that’d be so that in the event of irregularities they can pull the right papers. the people who count the votes only see the ballot paper which, if i remember rightly, does Not have identifying marks on it appart from that number… i could be wrong though, this is from memory from some months back.)
Re:
Most Republicans are horrid and they represent the monied interest of the ones paying their bills. It’s ridiculous how hyperpolarized they’ve become that they want to suggest war in Iran even though most of the country doesn’t want war.
The direct problem that needs fixing is electoral reform. We need a way to punish political parties for being too focused on the needs of a small segment of the US culture.
I could care less if there are people that want a Socialist country or a Communist America. So long as they aren’t the majority, that shouldn’t happen. Yet our democracy is mixed with special interests on a massive level and the 538 delegates are a horrid mix of barriers to individual liberties. Our law makers moved to the authoritarian right since the 1980s. And it’s not by accident. When the marching orders are to try to help special interests over the American people, you know there’s a problem.
You just scared me...
“The gatekeepers won’t be successful in this effort until they can control software distribution all over the world and outlaw computers which can be modified by the user”
Ever heard of UEFI? Microsoft is already implementing it in the Real World(TM) and it’s really going to take choice away from computer “owners”. Besides already being in force, it’s a bit like SOPA.
Re:
Paper votes have the advantage that many people have to be involved to have a large impact, meaning more people that can blow the whistle, brag about it while drunk or otherwise slip up and reveal the tampering.
If you only need to bribe/threaten a handful of sysadmins, the situation is quite different.
How to crash a web server:
Hack it and replace the website with a page selling Raspberry Pis.
Re:
What if you had to bribe the entire population that wouldn’t make it more difficult do it?
Give a unique key to every voter that he/she/it can use it to verify his vote online, who better to check that then the people who did the deed?
Re:
Well all those things were done 30 years ago and it didn’t work then I doubt it is any better now.
At some point the ballots must be moved and people swap those things then, voters registration is what was used to get a list of all the voters and create the fake ones, party lines are weaker than allegiance to local powers so you can have many watchers in the room but if they all work for the same guy in the city nobody is going to blow the whistle, in big cities each district had some sort of power guy that commanded the scheme he just needed to know who was choosing the watchers and how the names came to be and put there his own people.
No, it is not difficult at all to rig elections, is hard to detect it currently, people can’t check how their votes were counted or if they did really go to vote, maybe voting should be a 2 step process, the guy goes to vote, receive a unique key that will give him online access and he can see what happened to his or hers vote and confirm those votes would be more reliable, although it cannot be mandated since there are many people who don’t have the knowledge yet to do so.
I'm scared too... Bill C-11 is coming to Canada
“The gatekeepers won’t be successful in this effort until they can control software distribution all over the world and outlaw computers which can be modified by the user, and I just can’t see this happening in a post-SOPA world, no matter how much the gatekeepers would like to believe that the SOPA backlash was a one-off event caused by “misinformation” and “undemocratic” processes. “
Erm. As per Grumpy, the new improved UEFI is coming, so Microsoft will be able to lock down all our general purpose computers…
Especially as our government is on the verge of passing copyright law that will make circumventing TPMs (aka digital locks or DRM) illegal, even if what you are doing is not otherwise illegal.
Say you want to watch the DVD you just bought on your linux box: no can do.
Or maybe read that Project Gutenberg public domain book. Or perhaps, installing linux on my general purpose computer… if the manufacturer doesn’t grant me permission to replace their OS with free software, and if I go ahead and do it, I’d be breaking the law. Yeah, I can see Bill Gates giving me the go ahead…
The moment this law is passed (and since we have a majority government, nothing can stop it) I expect there won’t be a device sold in our market that is not riddled with drm/tpm.
This power could very easily be translated into preventing us from accessing independent digital content.