18.08.06
Posted in DRM, Legal at 5:46 pm by Jens Hardings
We have become used to think of DRM-related laws in terms of one-sided issues that consider only the publishers and completely ignore the general public as well as the potential authors of new material. The EUCD, DMCA and other implementations of the WIPO Performances and Phonograms Treaty.
Reading the articles on PRM as the next step by Ed Felten, about how the reasons put forward to justify DRM-related laws have shifted, I started reasoning about what such a law should look like. So, here I present some thoughts on what a law regarding DRM, that really considers the general public (society) and potential new authors, should look like.
…
Read more »
Permalink
10.08.06
Posted in FLOSS at 12:11 pm by Jens Hardings
Drivers for Graphic Cards has been a pain in the ass for open source communities. Since the market is still evolving very fast, the vendors are reluctant to give any information to their competitors. The problem is that they consider open source drivers to be one way of giving away information. I will not comment on that one right here, just mention it as a fact: vendors have been very reluctant to deliver open source drivers or even information to others who would be able to create those drivers. Hence, the end-user in most cases has the choice of using a less-featurefull, lower-performance but open source driver or to use a binary-only driver provided by the vendor.
The open source driver is generally of lower performance because of the lack of information, making it difficult for the programmers to make use of the hardware capabilities. They need to go through a long and difficult process of reverse engineering in order to guess the way the hardware works.
…
Read more »
Permalink
07.08.06
Posted in Education, FLOSS at 2:45 pm by Jens Hardings
The 2006 OSS Watch Survey is available (you may also take a look at the executive summary). This survey studies the usage of Open Source Software (FLOSS) in Higher Education (HE) and Further Education (FE) institutions in the UK. The previous survey was from 2003 and some improvements have been made. This time, 23 institutions answered the questions.
The study not only looks at the usage but also into the reasons behind it, contribution to the OSS community and others. Contrary to the 2003 version, this time the vendor lock-in was said to be an issue among the institutions. The study is definitively worth a look.
One of the results states that 56% of the FE institutions use Moodle. This is consistent with the feeling you get about the issue here in Chile, but I would not be surprised that the usage percentage would be higher here (mostly because of the lack of legacy systems and because licensing costs tend to have a greater impact).
Permalink
02.08.06
Posted in Legal, State at 7:34 pm by Jens Hardings
Thiru Balasubramaniam writes an interesting entry about Public Domain and Open Standards. The position of Chile is particularly interesting, since our delegate gave an impassioned defence of why WIPO should engage in further examination of proposals to “consider the protection of the public domain within WIPO’s normative processes” and to draw “up proposals and models for the protection and identification of, and access to, the contents of the public domain”. However, the laws governing the country do not consider such an agenda. The following are the main points:
- There are no exceptions related to disability of certain users
- There is no right to private copies
- There is no specific exception for libraries
- Exceptions for educational development are excessively restrictive
- Right of illustration has been derogated
- Right of quotation has been excessively restricted through a regulation
The details of this schizophrenia are explained in a public letter (spanish version also available). It is to hope that the face shown to the outside world will have an impact on how the law regulates the life inside the country. It is a step in the right direction to have this new speech, so at least somebody has the right intentions. Let us hope that somebody will prevail. At least that somebody has a lot of support on the part of civil society.
Permalink
28.07.06
Posted in DRM, FLOSS, GPLv3, Legal at 4:12 pm by Jens Hardings
So, the second draft of the GPLv3 is out. Changes include a rephrasing of the anti-DRM aspects of the code. In fact, the wording DRM is not there anymore. As Richard Stallman has made it clear in his presentation at barcelona, the purpose of these clauses is to avoid the “tivoisation” of programs. That is, even if the source code of the GPL software is available, you cannot change some bit and trust it to be installed on the same hardware it was distributed with, and work. This is because you need a special key to do so, or the hardware will refuse to run the modified code.
If we assume as a fact that software enforcing DRM will exist in the future, I would rather like to have the code available, and being able to reproduce the compilation exactly as to generate the same binary that has been signed as “trusted”. That way, at least I would have enough information to choose whether I could trust the system enough or not, and this would set abuses on the part of publishers to a minimum. This does not mean that the code should be under the GPL, though. So up to this point there is really no problem.
There are some issues, though, where I’m not so sure about. One phrase in particular states:
…
Read more »
Permalink
12.07.06
Posted in Security at 2:52 pm by Jens Hardings
This is yet another flame to the online banking systems in Chile (and elsewhere).
The problem is as follows: apparently to make the system faster for visitors (requiring only one click), many banks make their login form available on a non-secured page. When everything works as intended, the form directs the request to an SSL-enabled page, so the transmission is effectively encrypted before your browser begins to send any data. But what happens when you get to a web-page that seems exactly like the original but that doesn’t redirect you to that SSL-enabled page? Your data goes unencrypted, probably right to the hands of someone you should not trust. You might notice this if you pay attention, but it would probably be too late and there are many ways of how to make it look as if you really did go to the bank’s web after giving away your login credentials to some unknown server on the internet.
So, how are the odds of getting to a fake bank page? Not very high, unless you get some phishing e-mail or somebody plays with the DNS resolver you use, both very simple and common activities nowadays.
Many banks are using marketing strategies to show how secure they are by giving (actually, selling) tokens for enabling 2-factor authentication. This is good for avoiding your fixed password to be captured by some keylogger (either a software or hardware keylogger). But it does not protect you from a man-in-the-middle attack like the one published on Washington Post.
Ironically, to get to the login page of my bank (Banco de Chile), you have to make an extra click. I can understand that, since not everybody who connects to the main page of the bank needs authentication or encryption, the main page is not secured. Probably most customers would not care to make one extra click (or store a bookmark so they won’t have to) in order to get to the secure login page. But in my case, even when I have to click on the link to get to a second page, that second page is also not secured by SSL, even when the most common use for that page is for logging into the customers bank account. There is not even the alternative for a security-aware customer to go to a, maybe slower but secure, login page. The only way to log in securely is to first enter a valid ID and a fake password, verify the authenticity of the server, go back to the non-secure page and assume that the second time you will also connect to the right server (which is not necessarily true). Or, you may have come across a dark and upublished way to access the server and obtain the login form.
Permalink
23.06.06
Posted in DRM, FUD, Legal at 6:35 pm by Jens Hardings
The Consumer Electronics Association (CEA) published an interesting ad in a Capitol Hill newspaper this week. It contains a few quotes of arguments that have been repeated over the time to oppose different technologies, and are basically the same we are hearing these days:
“I forsee a marked deterioration in American music…and a host of other injuries to music in its artistic manifestations, by virtue—or rather by vice—of the multiplication of the various music-reproducing machines…” -John Philip Sousa on the Player Piano (1906)
“The public will not buy songs that it can hear almost at will by a brief manipulation of the radio dials.” -Record Label Executive on FM Radio (1925)
“But now we are faced with a new and very troubling assault on our fiscal security, on our very economic life and we are facing it from a thing called the videocassette recorder.” -MPAA on the VCR (1982)
“When the manufacturers hand the public a license to record at home…not only will the songwriter tie a noose around his neck, not only will there be no more records to tape [but] the innocent public will be made an accessory to the destruction of four industries.” -ASCAP on the Cassette Tape (1982)
Seen via El Diablo en los Detalles and Arstechnica.
Permalink
14.06.06
Posted in Security at 2:19 pm by Jens Hardings
Should I be glad for not being the only one that cares about the reckless attitude of banks with the usage of SSL? It would be preferable for the problem to be solved (since the solution is pretty much straight forward). I first wrote about the situation of chilean banks back in december 2003, and it hasn’t improved. Now I see that the same is happening in USA, with more or less the same answers.
Permalink
26.05.06
Posted in Legal at 1:22 pm by Jens Hardings
This comes as a surprise. In the last few years, the debate in Europe around the patentability of software had the European Commission arguing that it was necessary to legislate according to current practice of the European Patent Office (EPO), in a “harmonisation of the status quo”. The EPO should not be granting patents on software, however there are over 30.000 such patents already granted.
Finally the European Commission has ruled that the European Court of Justice (ECJ) can and should question the validity of patents granted by the EPO without following the rules set by the European Patent Convention. While this is not the final word on forbidding the granting of software patents in Europe, nor a solution to the problem, it is a first step in the right direction.
Read the press release of the FFII for more information.
Permalink
02.05.06
Posted in Legal, Transparency at 12:47 pm by Jens Hardings
Question to Sony: Are you licensing or selling those songs?
Sony: It depends on who is asking. Are you an artist or a customer?
According to Yahoo! News (via BoingBoing), Sony is being sued for treating incomes due to internet download of songs as normal record sales rather than song licensing. This means that artists receive 4,25 cents per song instead of 30 cents. However, when a user downloads a song, the indications are the opposite: “you are buying a licence and thus not the same rights as in a normal record sale”.
Sounds a lot like the mexican saying “Jalisco nunca pierde, y cuando pierde, arrebata” (“Jalisco never looses, and when it looses, it seizes”). Some decision has to be made on which way it’s gonna be. Probably the contracts will be seized corrected to give 4,25 cents to artists on song licensing, or else Jalisco would loose.
Permalink
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »
