What does Bruce Schneier think about a proposal to use European anti-terror legislation to combat file sharing?
"Our society definitely needs a serious conversation about the fundamental freedoms we are sacrificing in a misguided attempt to keep us safe from terrorism. It feels both surreal and sickening to have to defend our fundamental freedoms against those who want to stop people from sharing music. How is it possible that we can contemplate so much damage to our society simply to protect the business model of a handful of companies?"
It has occurred to me that this blog lacks a certain laser-like focus on any one topic of discussion. This probably has a limiting function on my ability to attract regualr readership. Just when I start thinking that I need to set up at least three seperate single topic blogs to serve my need to comment on a diversity of subjects, a story like the following comes along. For the first time ever, I have tagged a post with "go" and "copyright"!
Roy Laird has published this interesting article in the American Go Association e-Journal on recent controversy on the application of copyright to the digital records of go games. (Reproduced in full in accordance with the terms in the AGEJ.)
"How did Kitani play against the variation of the san-ren-sei opening you've been studying? Was there ever a game that used the exact same first ten moves as your last match? Who likes the "avalanche" more, Takemiya or Cho Chikun? Thanks to searchable databases, answers to questions like these are now just a mouseclick away with software like GoGoD, GoBase, BiGo, Smart Go, and MasterGo. The latest entry in the expanding go software industry, Frank de Groot's Moyo Go Studio, has reignited the controversy about whether game records can be copyrighted ("A World of Game Records," here), an intellectual property debate that now rages worldwide as Google proposes to put libraries online and cheap Chinese DVD knock-offs show up on American street corners.
After reportedly paying CyberKiwon $600 for the use of their games, DeGroot, a Norwegian software engineer, is now openly and systematically harvesting game records from the collections of his competitors for his own commercial use, without their permission and against their wishes. On his blog (here), he describes the process of siphoning data from other programs in detail: "As I write this, the games on the latest GoGoD CD are importing into Moyo Go Studio and it looks good - thousands of new games!" And later, "I have calculated that it will take me about three months to export all of (SmartGo's) 30,000 games."
The creators of those co llections are outraged at what they consider DeGroot's blatant theft of their work, having invested thousands of hours (and dollars) in the laborious game-by-game manual entry of game records into their collections. While there's a general consensus that no one has exclusive rights to a game record -- many well-known games appear in all the major collections - the question of whether a specific collection can be copyrighted is still being hotly debated. And beyond the legal issues, there's a more fundamental question of the ethics of taking work without permission or compensation.
De Groot's position on the legal issue is that "There is nothing in a set of SGFs (games recorded in the widely used Smart Go Format) that makes them copyrightable, when there are no added comments." However, according to US law, "A (copyrightable) 'compilation' is a work formed by the selection and assembly of pre-existing materials (e.g. uncopyrightab le facts) or of data that are selected, coordinated or arranged in such a way that the resulting work as a whole constitutes a work of authorship."
Phone numbers, for instance, cannot be copyrighted, but phone books can be, as long as the collector exercises a "minimal degree of creative judgment," beyond mere "industrious collecting." Other types of legal protection are also available; for instance, some programs contain a so-called "shrink-wrap" contract agreement in which the consumer agrees not to reproduce the compilation. (see here for a fuller discussion of the law involved) A directive enacted by the European Union in 1996 also explicitly prohibits "unauthorized extraction of all or a substantial part of the data from a database for commercial purposes" and "unauthorized re-utilization of all or part of th e contents of a database for commercial purposes."
Although the legal issues of the use of game records may be unresolved, there seems to be no disagreement on the ethical question. In a response to criticism of his behavior on rec.games.go, de Groot wrote, "I agree. Still, I am going to do it. It is wrong ethically, I fully agree. But not legally." (To view the entire thread go here.)
Interestingly, despite seeming to take an "information must be free" position, de Groot is encrypting the games he has taken, rather than making them freely available in SGF format, as have the creators of more established programs like GoGoD, GoBase, BiG o, Smart Go, and MasterGo.
Game collection developers who have invested significant resources over the years to build and maintain their collections are worried that de Groot's actions threaten the usability and existence of such collections. The obvious response to sticky digital fingers is for programs like GoGoD and SmartGo to remove the handy feature that allows the user to export game records as sgf files. And if someone can simply take such work product without permission or cost, the go software market - which is fairly limited to begin with -- is undermined and may well force out developers, an obvious loss for the go consumer.
Beyond the legal and ethical issues, the reality is that the go community is close-knit and thus far, the general response to de Groot's (who is not a go player) actions has been fairly negative. Major information sources like Sensei's Library and Gobas e contain no references to Moyo Go; go software link pages (e.g. here) don't mention it and distributors don't sell it. The AGA, committed to the free flow of information, does provide a link to MoyoGo on its Computer Go page -- here -- along with dozens of other go software programs, and will include the program in an upcoming series of reviews of such software. Any references to Moyo Go will note the controversy; as informed citizens of the world go community, we each must decide how to live in that world."
Michael Geist has publiushed a sobering Law Bytes column decrying the sorry state of privacy legislation in Canada. This discussion is in the wake of Canada's Privacy Commissioner's unpleasant surprise.
"Although major Canadian telecommunications providers such as Bell Canada sought to characterize themselves as 'victims' of fraudulent activity and claim that a rapid response to the incident is proof that the Canada' s privacy laws are working as intended, the reality is that Canadian law is simply ill-equipped to deal effectively with such incidents."
SANS released version 6.0 of their top 20 list of information security vulnerabilities today. In addition to the Windows, UNIX, and networking specific sections of the list, a section on cross-platform applications has been added this year. For those of you not familiar with this list, my advice to you is that if you take no other security management action at your place of work this year, at least make certain that your systems are not vulnerable to these few vulnerabilities. The list includes detailed descriptions of each vulnerability complete with recommended mitigating actions. Enjoy!
The Identity 2.0 blog reports that Identity 2.0 (infocard, sxip, ping, or something else) is under consideration for inclusion in Firefox 2.0. Interesting... could this be the first step towards secure, transparent, and ubiquitous (on the web at least) identity services?
Cultural amnesia in our schools and retail outlets
One day last year when I was feeling scrappy, I asked a representative from my children's prospective school a loaded question. "How do you handle the teaching of cultural diversity and religious beliefs in the classroom?" I asked. I knew the answer, of course, but I wanted to see how she would respond. [The answer is that the public school system has a policy of avoiding all mention of the religious beliefs of those around us, except when safely couched in the cold framework of positivist history.]
After an uncomfortable pause, the representative, herself a confirmed secular imperialist it turns out, answered something along the lines of, "In the classroom, we try to focus on things that are physically tangible. For example, if we study dinosaurs, we try to focus on the study of fossils rather than imagining what living dinosaurs may have been like." Think about this statement for a moment as it is rich with ideological juices. I can think of a number possible interpretations of this statement:
Utilitarian learning is more important than fostering creativity and learning about ideas.
Religion in particular and meaning in general is of less value than utilitarian learning.
Pondering ultimate reality and the divine, or by extension engaging in prayer, meditation, or contemplation, is an activity of similar value to daydreaming about the lives of dinosaurs.
Imagining how dinosaurs lived is an activity of low educational value.
And the list could go on...
I forget exactly how I responded, but I recall that I raised a few eyebrows and prompted a rapid change of topic. I did try to get across that the sort of thinking represented by this statement does a disservice to our children who need to be equipped to live and work in an increasingly pluralistic world and that the "dinosaur" statement at best represents fear on the part of the school board or at worst is a form of secular fundamentalism.
As an illustration of exactly what schools are afraid of if they were to actually engage in a serious conversation about culture and meaning, consider this recent story from el reg about a Wal Mart employee known only as Kirby who was let go after responding to a custom complaint regarding the change of a "Merry Christmas" greeting to "Happy Holidays".
"Christmas is actually a continuation of the Siberian shaman and Visigoth traditions,' Kirby replied. 'Santa is also borrowed from the [Caucasus], mistletoe from the Celts, yule log from the Goths, the time from the Visigoth and the tree from the worship of Baal. It is a wide wide world,' the helpful Kirby replied, making sure every I was dotted and every T crossed."
How would you feel if you found out that your private information, your cell phone call history for example, was available on the web? Here is Jonathon Gatehouse's description of Jennifer Stoddard's reaction when he showed her what he had bought online.
"Her eyes widen as she recognizes what has just been dropped on the conference table in her downtown Ottawa office -- detailed lists of the phone calls made from her Montreal home, Eastern Townships' chalet, and to and from her government-issued BlackBerry cellphone. Her mouth hangs open, and she appears near tears. 'Oh my God,' she says finally. 'I didn't realize this was possible. This is really alarming.'"
See Schneier's blog for some discussion of the matter.
The Sabaki Go Club based in Edmonton, Alberta held its annual go tournament this weekend. There were around 40 entrants ranging in strength from 6 dans to 18 kyus, ranging in age from 60 something to 8 years old, and with entrants from as far away as Manitoba. The top spot was taken by an outgoing fellow named Wei (sorry, I did not catch your last name), a 6 dan visiting from Calgary. He narrowly defeated one of Edmonton's strongest, Luke Chung 6 dan.
On a more personal note, I attended only the second day of the two day event entering the "Lightening Tournament". The tournament director, in a moment of madness, entered me in the upper division of this handicap tournament as a 3 kyu which is four ranks stronger than my rank in the club. Nonetheless, I won my first game, only to fall in the second round to the winner of the affair, Terry Fung 4 dan.
Before and after the formal tournament, there were many friendly games to be had and a great deal of boisterous game analysis - including extensive analysis of the top games in Cantonese which was lost on me. One interesting turn of events for me was losing to a friendly fellow when he gave me a five stone handicap only to later defeat him when he gave me two stones. What does t mean?
"Here's the story, edited to add lots of news. There are lawsuits. Police are getting involved. There's a Trojan that uses Sony's rootkit to hide. And today Sony temporarily halted production of CDs protected with this technology..."
El reg El First Trojan using Sony DRM spotted: "Roots you, Sir. Virus writers have begun taking advantage of Sony-BMG's use of rootkit technology in DRM software bundled with its music CDs.…"
Slashdot California Suing Sony Over Rootkit DRM: "carre4 writes 'California has filed a class-action lawsuit against Sony and a second one may be filed today in New York. The lawsuit was filed Nov. 1 in Superior Court for the County of Los Angeles by Vernon, CA. It asks the court to prevent Sony from selling additional CDs protected by the anti-piracy software, and seeks monetary damages for California consumers who purchased them. The suit alleges that Sony's software violates at least three California statutes, including the 'Consumer Legal Remedies Act,' which governs unfair and/or deceptive trade acts; and the 'Consumer Protection against Computer Spyware Act,' which prohibits -- among other things -- software that takes control over the user's computer or misrepresents the user's ability or right to uninstall the program. The suit also alleges that Sony's actions violate the California Unfair Competition law, which allows public prosecutors and private citizens to file lawsuits to protect businesses and consumers from unfair business practices. EFF has released a list of rootkit affected CD's and Slashdot user xtracto also has a list.'"
First off, I hate the term "OPAC", but I had to make sure that I got the attention of all of the librarians out there. For non-librarians, OPAC stands for "online public access catalogue", which is a ridiculously antiquated way of referring to a library's search interface. These days, this is usually a web-based search interface of an integrated library system or "ILS". Your local public library probably has one, your local university and college libraries probably have one, and your local school library probably does not (most school libraries do not make this a priority).
Anyway, much has been said lately of the short comings of most library search interfaces. My favorite critiques come from Mr. Lorcan Dempsey and of course Ross Singer's classic post Polishing the turd: the dangers of redesigning the OPAC. Now, virtually every library uses COTS for their ILS as there is really no other option (go www.openils.org!). Now there is a way to theoretically transcend the limitations of your ILS web interface without being limited by the API or web templating language, or without tampering under the hood in a way that might violate your licensing or support agreements. The Ajaxian blog brings to our attention monkeygrease!
Monkeygrease is for the server-side what greasemonkey is for the client side (at least with firefox). Basically, it uses the filtering function of current Java Servlet engines to rewrite HTML en route to the browser. This could be a significant tool in modernizing your web search without having to wait for your ILS vendor to do it. The possibilities really are endless - from including information from outside your ILS in search results to a fully Ajax enabled search, and everything in between.
I find this humorous. Slashdot reports that Sony's rootkit thwarts Blizzard's spyware:
"First, news of Warden -a bit of code from Blizzard's WoW to trounce game cheats. Then, a Sony rootkit to make your computer safe for music. Now, news that you can use the Sony rootkit to make your game cheats safe from the Warden."
Schneier has blogged a paper published on the SANS site that exposes the weakness of the Oracle password hashing algorithm. Reading this gives me a warm feeling of validation as I think back to a number of debates I have had with colleagues over the past few years. These debates typically went like this:
Colleague: "Chris, why does your design include building a password hashing algorithm when we could just use [insert commercial database name here]'s password encryption function?"
Chris: "Because I want to be able to demonstrate to our clients that we are protecting passwords with strong cryptographic hashes with a transparent easy to audit process."
Colleague: "But [insert database vendor name here] says this new password protection function is top notch." (Holds up whitepaper from vendor's website)
"In this paper the authors examine the mechanism used in Oracle databases for protecting users' passwords. We review the algorithm used for generating password hashes, and show that the current mechanism presents a number of weaknesses, making it straightforward for an attacker with limited resources to recover a user's plaintext password from the hashed value. We also describe how to implement a password recovery tool using off-the-shelf software. We conclude by discussing some possible attack vectors and recommendations to mitigate this risk."
As part of Halloween fun, my family and I were quite proud of the grave that we created in our front yard, complete with a partially exhumed zombie seemingly clawing at trick-or-treaters on their way to our door.
It seems, as we move now to the Catholic feasts of All Saints (today) and All Souls (tomorrow), that there is some concern about graves not being taken seriously and what that means to our spiritual and psychological well-being. Deutche Welle has this interesting piece on the matter. Here is an excerpt.
"The church remains critical of such changes in burial culture. Joachim Wanke, Bishop of Erfurt, who is himself responsible for questions of congregational policies, put forth this reservation at the German Bishops' Conference.
'It used to be that dead were at the center of funeral ceremonies,' he said. 'Now it's also those of us who are left behind who need a ritual.'"