Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Censorship Your Rights Online

DMCA Forces Cox To Censor Changelog? 573

Ross Vandegrift writes: "Alan Cox released 2.2.20pre10 today, which includes security fixes. He is refusing to indicate what security holes have been fixed, as Unix-style permissions could be used as an anti-circumvention device. The thread starts here. " It'd be great if people could read the threads here and try to figure out what is going on. I'm a little lost, but it looks like he's being overzealous.
This discussion has been archived. No new comments can be posted.

DMCA Forces Cox To Censor Changelog?

Comments Filter:
  • Overzealous, eh? (Score:5, Interesting)

    by Satai ( 111172 ) on Monday October 22, 2001 @12:18PM (#2460585)
    Hey, remember that time Felten wrote a paper and couldn't release it cuz it was a circumvention device?

    Or that time I wanted to play DVDs in Linux and couldn't because I needed a circumvention device?

    Or when some Russian dude got locked up away from his family because he wanted to let blind people use eBooks?

    Overzealous my ass. This is a problem and we need to take a stand, whether it's "reasonable" or not. People need to understand what is at stake - and what better way to help that process than by showing them?

    • Hey, remember that time Felten wrote a paper and couldn't release it cuz it was a circumvention device?

      Actually, he was threatened by the RIAA. They did not claim it was a circumvention device, but they only claimed it violated that anti-circuimvention provisions. Of course, when he filed suit against the RIAA, the RIAA realized they were trapped and fell on their sword.
      • Re:Overzealous, eh? (Score:4, Interesting)

        by dschuetz ( 10924 ) <david.dasnet@org> on Monday October 22, 2001 @12:33PM (#2460685)
        Of course, when he filed suit against the RIAA, the RIAA realized they were trapped and fell on their sword.

        They didn't fall on their sword, they threw it out of the picture and said "What sword?"

        Which is the most chilling of all chilling effects -- they get to delay publication of information they're not happy with, then when someone calls their bluff they change their story and say they have no objections, and (according to the DOJ's interpretation), therefore, no prior restraint actually happened and you can't sue to prevent it from happening again.

        You know, mid-term elections are happening in almost exactly a year. We all know that voter turnout sucks, especially for off years. What're the chance of a Slashdot party (hell, we're even Green) forming and fielding some geek candidates in key areas? I know my district has had the Republican incumbent running essentially unopposed for years. And we're home to Worldcom, AOL, and many other geek-heavy companies. Hell, these geek companies together probably employ as many people as voted in the entire district in '98, anyway.

        Hm. Maybe I should repost this elsewhere...
        • I'm not 100% sure what district you mean, but if you are referring to the northern-virginia/dulles corridor please email me (supabeast@supabeast.org) if you are serious.
        • by zericm ( 21972 )
          Won't happen. From my experience, most of the folks on Slashdot tend to have a Libratarian slant to their polictics: no unions, business is good, goverment bad. That sort of thing.

          The problem is that most of the real world allies for a DMCA fight tend to be progressive in politics, with the ACLU being the most obvious example.
          • most of the folks on Slashdot tend to have a Libratarian slant to their polictics: no unions, business is good, goverment bad

            Sounds Republican to me.

            Besides, this doesn't mean that it's not possible to find, in a dozen key geeky districts across the country (Northern Virginia, Silicon Valley, Boston, etc.), some lawyerly person who agrees with many of the opinions here without being too unpalatable to the rest of the masses. We just need candidates geeks will vote for, and the machine to get them noticed by everyone else (and to get the geeks to vote, dangit!)
            • Offtopic (Score:3, Interesting)

              by FatRatBastard ( 7583 )
              Sounds Republican to me.

              I disagree. Republicans tend to not like business that deal in porn, etc, things they find morally offensive (however you feel like defining that).

              And they certainly like the gov't when its enforcing the things they like.

              Not that no unions, business is good, goverment bad is a good overview of libertarian policy either. Gov't isn't bad. Big, over intrusive gov't is bad (if you're a libertarian).
              • Re:Offtopic (Score:4, Interesting)

                by susano_otter ( 123650 ) on Monday October 22, 2001 @01:37PM (#2461080) Homepage

                Republicans tend to not like business that deal in porn, etc, things they find morally offensive (however you feel like defining that).

                More generally, "Republicans" do not favor government interference in commerce, and do favor government interference in "moral" conduct. The Republican definition of "moral" seems to coincide with the Religious Right (which is also apparently a vocal subset of Republicans), and does not address most business/commercial practices unless they are also "immoral" for non-business-related religious reasons (e.g., porn).

                Conversely, the "Democrat" viewpoint seems to be in favor of government interference in commerce, but against government interference in non-business-related moral issues.

                As far as I can tell, "Libertarians" seem to be against government interference in any area. Of course, all of these groups tend to favor any government decision that furthers their more immediate goals, or hinders the immediate goals of the other parties. For the Libertarians, this results in an oddly self-referencing approach where one acceptable role of government is to prevent government interference.

                This applies to the United States of (North) America, naturally. YMMV.

                • by steveha ( 103154 ) on Monday October 22, 2001 @04:48PM (#2462483) Homepage
                  As far as I can tell, "Libertarians" seem to be against government interference in any area. Of course, all of these groups tend to favor any government decision that furthers their more immediate goals, or hinders the immediate goals of the other parties. For the Libertarians, this results in an oddly self-referencing approach where one acceptable role of government is to prevent government interference.

                  I am a minarchist libertarian, and here is my attempt to briefly describe libertarianism.

                  First of all, the difference between "libertarian" and "Libertarian" is that the second one specifically means a member of the Libertarian Party, while the first one just means anyone who believes in libertarian ideas. Thus Thomas Jefferson could be called a libertarian, but he was not a Libertarian.

                  The defining principle that all libertarians must believe in (or else they are not really libertarians) is that people own themselves, and the product of their own labor. All else follows from that.

                  Because people own themselves, it is wrong for government to outlaw behavior that doesn't hurt anyone but the person doing it. Thus it is wrong for government to outlaw smoking, or outlaw eating fatty foods, or outlaw prostitution. (Government may have a legitimate role regulating prostitution, for example to require medical screening of prostitutes for public health reasons, but there is no moral basis for government to outlaw it.)

                  Because people own themselves, government should not prevent them from freely entering into contracts. Government can legitimately have a role in enforcing contracts. (The major areas where government is useful: national defense, enforcing the laws against violence and theft, and enforcing contracts.) Because of this, if Microsoft wants to require product activation, government shouldn't tell them they can't do that. It's up to people to vote with their dollars. (Note that it was not government that finally dethroned IBM from its monopoly position, it was the free market.)

                  So, no libertarian can be in favor of a law like the DMCA. The record companies could have annoying license agreements, and libertarians would not be in favor of using government to force the companies to not have them, but the kind of free speech infringement that the DMCA is all about would be right out. And of course no libertarian would be in favor of outlawing encryption.

                  P.S. In case you are wondering, a "minarchist" libertarian is in favor of a minimal government; an anarchist is in favor of no government. There are many libertarians who believe that we don't need a government at all; the free market can solve all problems. Minarchists like me think we do need a small government to handle things like national defense.

          • by TheCarp ( 96830 )
            I would half agree....

            I see alot of both libertarian and socialist slants actually. (which are very similar on some fronts - moreso than they want to admit - and vastly different on others)

            Who else here remembers when /. had statments from a bunch of the presidential candidates during the last election?

            I dunno about anyone else, but I found myself agreeing about as often and as strongly with the peice by the socialist party candidate as the libertarian one. (and very seldom with others).

            In fact on unions, buisness, and government, It seems there are alot of polar views here and few middle of the road ones.

            • by ichimunki ( 194887 )
              The difference between a Socialist Linux Zealot and a Libertarian Linux Zealot is this: the SLZ would nationalize Microsoft and open their source code for all to use-- and hopefully port the valuable pieces to Linux (eliminates all competition), the LLZ blames the consumers who refuse to make intelligent use of their free markets and figures that if they get screwed by MS on an ongoing basis that they deserve it. And it's hard not to agree with both of them. *grin*
            • Re:Overzealous, eh? (Score:3, Interesting)

              by danheskett ( 178529 )
              I am a libertarian, and I must say that i dont favor elimination of unions.

              Unions should be legal because the constitution guarantees the right to free association. Unionize whenever and however you want. Fine by me.

              However, I do oppose most unions on a personal level - for the most part these days they do not represent the people they claim and often have agendas hidden so deep as to obscure the initial beliefs that they claim to support.
        • In Virginia there is an election for Governor. One of the candidates (Mark Earley) was the primary supporter for UCITA. For this reason, I will be voting against him and for his opponent Mark Warner.

          Hopefully, if enough people vote against Earley we can send a message to other politicians that we won't vote for candidates who are willing to sacrifice the rights of computer users.

    • by Rik van Riel ( 4968 ) on Monday October 22, 2001 @12:32PM (#2460680) Homepage
      Indeed, the US outlawing something is one thing. That's their business, if it turns out to hurt them too much they can always revert the law. It's a democratic country, isn't it ?

      OTOH, the US outlawing something shouldn't mean that all these good things are suddenly no longer available to the rest of the world. We need a place to publish the things which are outlawed in the US, without getting prosecuted for publishing these things to the US.

      Such a site has been started (well, not quite, but we're busy getting it up and running) and we hope there will soon be a place to publish crypto research, security information and other useful tools which are not allowed in the US. The only small gotcha is that in order to publish it legally, some kind of access controll will have to be put in place so US citizens cannot get at the archive. Unfortunate, but so be it.

      The site? http://thefreeworld.net/ [thefreeworld.net]

      • by larien ( 5608 ) on Monday October 22, 2001 @12:38PM (#2460719) Homepage Journal
        You gotta love the irony of a site being called "The free world" excluding US, the so-called "land of the free".

        As Bill Hicks said, "You are free... to do as we tell you". Right now, it seems that US "freedom" means the freedom to bribe (sorry, to fund...) senators et al to get your pet bills passed.

      • How does this site (or idea of this site) jibe with the Hague Convention (and other international treaties)?

        Others are bemoaning the fact that USian law is screwing with the rest of the world (IOW, residents of... Portugal, for example, can't get a non-edited changelog because of this), but given the implications of the law (Dmitry can be hassled, whether or not he broke a just/unjust law, as can AC and others) why wouldn't Alan et. al. do something like this?

        Unfortunately, while it may in fact piss off many people, we don't have the fundage to change the law. Now, perhaps Alan could replace the offending changelog with some ideas on how to convince grandparents, soccer-moms, etc. that open information on circumvention is a good thing.

      • by g0at ( 135364 )
        Ok, I'm a Canadian.

        Inevitably, my traffic to/from thefreeworld.net is going to pass through US sites (well, it does, I just did a traceroute).

        The same data are moving along wires in continental US. How is that different from the data being digested by eyeballs in the US? Will you have to draw this distinction?

        Is this going to affect my ability as a Canadian to have access to your site?

        Gotta love the inter[national]net...

      • The only small gotcha is that in order to publish it legally, some kind of access controll will have to be put in place so US citizens cannot get at the archive. Unfortunate, but so be it.

        Please don't block by IP Address or domain name .. Many of us Canadians use American ISP's, such as @Home. Can you use some kind of honer system, such as "By clicking here you certify you are not an American citizen or are not inside the U.S." ?

      • Indeed, the US outlawing something is one thing. That's their business, if it turns out to hurt them too much they can always revert the law. It's a democratic country, isn't it ?

        'Fraid not. The U.S is not a democracy. It's a Republic. And it's very rapidly turning into a Corporate Republic.

        Voting and all this democracy talk is just masturbation. If people's votes actually mattered then you'd have much higher voter turnouts. If you could actually vote for your party instead of an "electoral college" then maybe you'd be closer to democracy as well.

        And the most important distinction between a republic and a democracy is that you can't vote on laws and bills. Only the government can. In a true democracy 51% of the public can piss on the other 49%. But in the U.S the government pisses on everyone.

    • by Cardhore ( 216574 )
      Basically, the DMCA is terrorism.
  • open source UNfriendly?

    Kinda looks like that is Cox's interpretation.
  • just making a point (Score:5, Interesting)

    by lophophore ( 4087 ) on Monday October 22, 2001 @12:20PM (#2460596) Homepage
    It seems to me that Alan is just trying to make a point about how ridiculous the DMCA is in this case by taking this relatively extreme position how the DMCA throws a wet blanket onto legitimate security discussions.

    • I hate this interpretation of Cox's action (and similar actions).

      "Hey, by obeying the spirit of the law to an irrational degree, he's pointing out how STUPID it is and making us get our heads out of our asses and CHANGE it!!!!!1"

      No, by doing this, he's letting the law win. And so are other people (including corporations) who restrain/censor themselves "in case" something might violate the DMCA. The way to protest is "damn the torpedoes, full speed ahead," and hope to eventually challenge the law on a constitutional basis. The argument that most people "can't afford" to pursue the case to that extent, is simply a sad commentary on what makes the US justice system go 'round. Let's rally and HELP them afford the challenge, eh?

      Imagine if the American colonies had protested the Stamp Act by paying as much stamp duty as possible, and buying as much taxed tea as they could drink? We'd probably still be singing "God save the Queen" before sporting events.
      • I would have to disagree that he is "letting them win." This appears to be one step of a brilliant plan to get the DMCA thrown out. This change-log can now be introduced in court as an example of the DMCA "chilling" free speech. The EFF should be collecting huge piles of examples to introduce as exhibits in DMCA cases.

        Now another good step would be to find an employee of a large company (Microsoft would be nice) who writes about a bug or exploit in their company's product and have them arrested for publishing a circumvention device. Anyone wanna go through the XP Beta groups and try to find an exploit that wasn't fixed and was discovered by a Microsoft employee? If Microsoft or any major company turns their money and legal teams against this law, it will fall faster than a dot com stock.

        Simply, real examples of the "chilling effect" need to be documented for the Dimitry trial and other trials that will happen. These will go much further in getting the law overturned than messages to our Congressmen.
  • US laws? (Score:2, Interesting)

    by Ed Avis ( 5917 )
    Last time I checked, Alan Cox didn't live in the US. And he has been vocal about not holding conferences in that country - because of what happened to the eBook fair use guy - so I imagine he's not intending to travel there either. Is he trying to establish a precedent that restrictive laws passed in one country apply worldwide?
    • He works for a company that is US-based. I suppose that he would like to travel in US for either business or personal purposes, but since the laws in place and the nature of his work being disputable under these laws. He cannot. To be honest, I would be largely pissed off in his position. And I would fight the laws that prevent me to do what I'd like to do if I would see them as unjust. As long as some laws limit my life, they apply to me and its my duty to fight them if I see them as wrong.
  • by jlv ( 5619 ) on Monday October 22, 2001 @12:21PM (#2460604)
    Here's his key points in the thread (and the points that he was responding to)
    > > 2.2.20pre11

    > > o Security fixes
    > > | Details censored in accordance with the US DMCA
    > Care to elaborate?

    On a list that reaches US citizens - no. File permissions and userids may
    constitute and be used for rights management.

    > Are you saying that we can't divulge security problems in our own software
    > anymore for fear of being sued by affected parties?

    Not even affected parties - the government can do it too without anyone else
    and indeed even if their are contractual agreements between parties
    permitting the data to be released..

    I hope to have the security stuff up on a non US citizen accessible site in
    time for 2.2.20 final

    > Putting pressure on US people to have them influence their
    > legislation? Aka. every people have the rulers they deserve? Won't work
    > out.

    "Until they become conscious they will never rebel, and until after
    they have rebelled they cannot become conscious."

    > Seriously, are you kidding?

    The current interpretation of the DMCA is as lunatic as it sounds. With luck
    the Sklyarov case will see that overturned on constitutional grounds. Until
    then US citizens will have to guess about security issues.

    > This would then presumably lead to password protected access for US kernel
    > developers that need to know? And some kind of NDA?

    US kernel developers cannot be told. Period.

    > 'IANAL', and neither are you, are you sure this sillyness is necessary?

    Its based directly on legal opinion.

    I stopped reading at this point.

    • > This would then presumably lead to password protected access for US kernel

      > developers that need to know? And some kind of NDA?

      US kernel developers cannot be told. Period.

      Just curious... Is Linus considered a US kernel developer? He lives and works in the US, so I guess so...
    • This archive [insecure.org] still seems to be responding OK. Hopefully it won't get nailed too hard since this link isn't in the story header. The mailing list thread is an interesting read.
    • On a list that reaches US citizens - no. File permissions and userids may constitute and be used for rights management.

      By that theory, telling somebody how to set the root password on their Linux machine constitutes trafficking in circumvention technology.

      There are two conclusions from this. One, Alan is being stupid and overzealous, even if he did find a lawyer who told him that posting information about the security fixes could violate the DMCA. Two, the DMCA is a stupid and ridiculous law, and the full level of its stupidity (and the stupidity of our lawmakers and law enforcers) is being demostrated by the DeCSS, Felton, and Sklyarov cases. I am embarassed to be a citizen of a country that has such a law (although it will take the SSSCA to force me to flee the country as a political defector, the DMCA isn't enough to push me that far).

      The DMCA has got to go, but I fear I see no way in the world that we'll ever be able to get rid of it short of it being declared unconstitutional, or short of extreme campaign finance reform that remakes Congress into representatives of their constituents.


    • by Anonymous Coward
      Does this mean that soon the source code to the linux kernel will not be available in the united states? From what Ive observed, the main argument in the DeCSS case was that source code itself is a form of communication among programmers and is protected under the first ammendment. Can I not just find out what changes were made, and figure out what the vulnerability was by reading the source code?

      Would that make diff and vi circumvention devices?

      I do beleive that Alan is being overzealous, but do agree that *something* must be done about this and quickly. Unfortunately, I am not in a position of to do much more than wear a Free Dimitry T-shirt. IMHO what Alan has done is illogical. Perhaps the better thing to do would be to cut the US from the linux source code all together.

      Now THAT would raise a stink.
    • There's more to it (Score:3, Insightful)

      by gotan ( 60103 )
      He not only tries to make a point, but he has valid reasons for fearing to be dragged into an US court. Maybe it wouldn't make much sense for the US to sue him, nevertheless he is avoiding to act against the letter of US-law, and that is what is held against you when you end up in court: Neither your intentions, nor the intentions of the law, but the letter of the law.

      If any of the patches or future patches even touch the handling of DVD-Players, or future FUCK-ware (Futile Unnecessary Control Keping Hard/Software) he'd better present, what US-lawyers consider a clean west to avoid being dragged through courts until hell freezes over because some corporation is then likely to use the DMCA as a lever and make a public example of him.

      Since Skylarov this law has become a very real threat to non-US-citizens.
    • The US is workin it's way into an information tyrrany. The reaction to the 'terrorist threat' is being used as an excuse to accelerate that process.

      The laws associated with copyright and information are so vague and general that it's not surprising that it could be determined that they prevent people from talking about security problems...

      Think about it for a minute. Skylerov is in a US jail for a program that his employer sold -- this despite the fact that he put in safeguards to prevent his program's rampant misuse.

      If current 'anti-terrorism' laws get passed, things are simply going to get worse... The government is going to be able to spy on us on spec, and arrest us because they 'suspect that he may do something nasty' -- like (in some cases) simply go on strike.

      If our course doesn't change radically and quickly, I think that we are in for an information-age Mcarthy era. Cox was made aware of this specific writing on the wall, and he decided to take it seriously. He is, in his own way, inviting us to do the same.

      There are times when it is appropriate to willfully break the law, but it should be done carefully and sparingly. Breaking the law just because it is 'inconvenient' is a bad idea. It opens you up to getting your ass really nailed to the wall later on when you do something to get people pissed off.

      Cox is a high-profile person. The fact that he doesn't want to risk going to jail for a Skylerov style test case is not something that we should be denouncing him for -- we should be denouncing a law that is so broad that he has to reasonably worry about making security information available to people who have a reasonable need to know.

  • too late (Score:5, Funny)

    by jayhawk88 ( 160512 ) <jayhawk88@gmail.com> on Monday October 22, 2001 @12:23PM (#2460619)
    It'd be great if people could read the threads here and try to figure out what is going on.

    Unfortunately, it looks like the site might already be hosed. How about if we just speculate wildly, make irrational calls-to-action that will never commence, throw in a few anti-government rants, and top it all off with a good old fashion linux/bsd flamewar?

    You know, the usual.
  • by Phantasmagoria ( 1595 ) <loban.rahman+slashdot@gmai l . c om> on Monday October 22, 2001 @12:25PM (#2460632)
    People. He's just using this humorous approach to show us how ridiculous the DMCA can be.
    • by Simon Brooke ( 45012 ) <stillyet@googlemail.com> on Monday October 22, 2001 @01:12PM (#2460915) Homepage Journal
      I don't think he's joking at all. I think he's dead serious, and I think he's absolutely right to be. European programmers can no longer travel to the United States without risking being arrested for doing things which are perfectly legal where they did them (and in 95% of the rest of the world). Until you guys get this sorted, you have to face up to the fact that the rest of us can't safely share stuff with you.
  • by eAndroid ( 71215 ) on Monday October 22, 2001 @12:27PM (#2460652) Homepage
    We can't bomb the RIAA et al so we'll have to resort to other methods of getting attention to have the DMCA reviewed. We could write letters until we are blue in the face but that isn't working.

    I'm not sure if Alan's actions will get the attention it needs but it is certainly a step in the right direction.
    • We could write letters until we are blue in the face but that isn't working.
      Or, we could write e-mail until they are blue in the screen.

      Think that would work?
      • so heres a question.

        What makes a "denial of service" attack ?

        Lets say the RIAA has something on their website saying "please email any questions, comments, or concerns to fuckass@riaa.org"

        Is this illegal ?

        while 1
        cat letter_to_riaa | /usr/lib/sendmail fuckass@riaa.org
        sleep 1

        Hell. What of letter_to_riaa included an opt-out URL at the bottom ? :)

  • by hoggoth ( 414195 ) on Monday October 22, 2001 @12:31PM (#2460671) Journal
    In related news today Senator Fritz Hollings [slashdot.org], author of the SSSCA proposal, recanted stating:
    "I just downloaded the latest 2.2.20pre10 and found censored changelogs! This will seriously impact my l33t hax0r activities. I finally see how my SSSSCA proposal will impact freedom. I am official withdrawing my proposal effective immeditely."

    Apparently Alan Cox's plan to publicly demonstrate the absurdity of the DCMA and SSSCA in a place that would hit congress where it hurts has paid off.

  • by guru_steve ( 205501 ) on Monday October 22, 2001 @12:31PM (#2460672)
    Correct me if i'm wrong, but doesn't the DMCA only apply in cases of devices meant to enforce copyright protection?
    • Which, of course, you can build one using Linux and its file-permission system ...
    • by Mr Z ( 6791 ) on Monday October 22, 2001 @01:03PM (#2460854) Homepage Journal

      And if you read the thread, you'll see that Alan Cox's assertion is that UNIX-style permissions can be used for digital rights managment purposes. That is, they can be used as an access control to protect copyrighted works that are covered under the DMCA. Therefore, disclosing a security vulnerability which can subvert UNIX-style permissions is equivalent to describing how to circumvent an access-control device as described under the DMCA.

      I would guess that the specific DMCA clause that Alan's affected by is this one:

      • (2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that--

        • (A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;

          (B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or

          (C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.

      It would seem Alan's conjecture is that describing a specific vulnerability in the Linux kernel that allows subverting some aspect of Linux's permission structure (which can be used as an access control device to a protected work) constitutes "traffic[king] in any technology [...] or part thereof" that would allow someone to circumvent the access control. Under the current interpretation of the law (re: Skylarov), detailing a security weakness in a product seems to (a) constitute such trafficking, and (b) seems to fit one of the three clauses 2(A), 2(B), or 2(C) above. (Notice they're connected by an 'or', so it's is necessary to fit only one of the three to be in violation of DMCA. I'm guessing the kernel information would fit 2(A).)

      I'm so proud to be an American, where at least I know I'm free[*]. :-P


      [*] For a suitably narrow definition of free.

  • Well, I smell Redhat lawyers behind this. I even read in the thread that its done based on legal advice. This is a good thing (TM).

    Hey, I am now working in US and 12 years ago when I was 14, I have circumvented copy protection on Atari games for profit, some of which are still avaiable in the local Atari Club. It was perfectly legal back then and there. But does it mean I am a felon now that I moved in US? Does it mean that I can expect up to 5 years in prison and $5 mil of fine? I'd rather not think about it, but even more I would like this DMCA law to by GONE!

  • He's not only being over-zealous. He's being downright dumb. The chance of this actually being used against the developers is so small that it's almost unimaginable. He's just trying to piss off the US citizens who want to know what the vulnerabilities are so they'll get the law changed. We've been trying to change the law but Congress doesn't give a damn. If he's too much of a damn coward to take a chance and post known security flaws so that we can look for other ones which might be related then he needs to pass the torch to someone who won't be such a coward. Hell, he can email me with all those vulnerabilities and I'll post them publicly. I'll be your damn martyr if that's what you want because I'm not afraid. This is getting ridiculous. It's no longer open-source anymore. Now it's open-within-the-confines-of-the-law-source.
  • Civil Obedience (Score:5, Insightful)

    by Per Abrahamsen ( 1397 ) on Monday October 22, 2001 @12:57PM (#2460795) Homepage
    Imagine a law so stupid that civil obedience becomes an efficient way to fighting it...
    • Work to Rule (Score:2, Insightful)

      Actually, this is an example of Work to Rule [iww.org]. It's a tactic often used in the workplace to win against a boss. Unionized workers often use the strategy when laws or contracts forbid strikes and other activities, but even non-unionized workers often use it to effectively protest (and eliminate) ridiculous rules.

      While this current example won't take down the DMCA, the idea is that the DMCA will hurt U.S. corporations in the long run. Specifically, it will hurt the vast majority of corporations that don't get any benefits from the DMCA. We can only hope that these corporations give bigger bribes than the record and movie corporations.
  • But I admire his making a stand. After all.. he can document his changes however he sees fit.

    As for the DMCA... Doesn't it only protect technical control mechanisms that enforce the rights of the authors?

    In other words.. a company can't pick 'rot13' as an encryption method, because you can't claim that a rot13 decodes is 'primarily intended to circumvent copy control protection' on a work.. because they have existed for ages and have other, well defined uses.

    DECSS, on the other hand, does not. Sure, it can be used in a DVD player.. but other than that, it has no practical applications.
  • More here... (Score:2, Informative)

    by Anonymous Coward

    More info linked from here [kerneltrap.com]...

    Includes links to more DMCA info, and some of Alan's thoughts on the matter

    Alan Cox [linux.org.uk] being a major figure in the Linux world. He maintains the 2.2 stable series, as well as a 2.4.x-ac stable series. When Linus Torvalds moves on to the 2.5 Linux development series (soon), Alan will be fully in charge of the current stable 2.4 series.

  • by pubjames ( 468013 ) on Monday October 22, 2001 @01:20PM (#2460962)

    Firstly, he's a Brit. They have a sense of humour which is sometimes very subtle and is usually based on 'irony' (as in the saying something different to what you mean, rather than the more American 'Alanis Morissette' use of the word). Some Americans take ironic statements at face value, as is often seen on Slashdot.

    Secondly, he's a clever guy. He's being stubborn about this to make a point. If he wasn't stubborn about it, the point wouldn't be made. He is acting correctly according to an unjust law to highlight the danger of it.

    He is not being 'dumb' or deliberately annoying, he's highlighting the potential effects of a worrying development in the American legal which could have significant negative impact on all Open Source software developers.
  • I'm not sure how Unix permissions can qualify as circumvention of any device. Which device or software? Maybe copyrighted material could be (badly) protected by

    chmod 600 metallica.mp3
    chown riaa metallica.mp3

    Then only programs with suid riaa could access metallica.mp3. Of course, that wouldn't do much good when you know the root password. I assume that what's going on isn't so simpleminded.

  • by haplo21112 ( 184264 ) <haploNO@SPAMepithna.com> on Monday October 22, 2001 @01:32PM (#2461037) Homepage
    I used to be proud to be a Citizen of US. But it seems everyday that the "land of the Free" becomes a little less free. This is beginning to reach insane proportions. Everyday we seem to pass more and more laws that are seemingly(to me anyway) directly in conflict with Our Constitution. Our politicans don't listen to us anymore. I am disgusted...and angry...so much so i can't even think of words to express my rage at what is being done to this great nation. Our laws were ment to protect our citizens, and ensure the right to "life, liberty and the persuit of happiness" I feel as if I have none of these lately.

    --"The refuses to bend, he refuses to fall, he's always at home with his back to the wall" --Bill Joel- Angry Young Man.
    • by cluge ( 114877 ) on Monday October 22, 2001 @02:02PM (#2461201) Homepage
      You can go live in the UK and get your nice unhappy face photographed a thousand times a day. You could go live in the UK where certain books are banned because ??(Add inane reason here). You can go live in the UK where the ability to protect yourself with a firearm has been taken away by the good Government.

      Every country (and I've been to quite a few) has limitations on peoples freedom somehow. As a modern society we are fast approaching big brother if we aren't careful (UK has had big brother for a while hasn't it?).

      Instead of being "Disgusted" perhaps you should pay an attorney to help "wage the war". You know we still have the ability to change the law and it has yet to be constitutionally tested. With all the "open source" companies out there I'm suprised there hasn't been a class action lawsuit for damages to the "open source product" caused by the RIAA.

      Oh yeah, and next time there is an election, vote.

      • 1. I vote in Every single election
        2. I realize that despite what has occured this is still by far one of the better places to live.
        3. I shouldn't have to hire a lawyer to fight my own govenments stupidity, I am a poor working guy with barely enough money to keep the heat on in the winter at times. I it shouldn't take $$$ to change laws, it should take desire. I have tons of that and write letters to congressman till my fingers ache, and get replys that basically add up too "Thats the way it is and I am not gonna do anything about it, sorry but thanks for your thoughts" I have one from MA-Sentor John Kerry, I can transcribe it if you would really like.
        4. For what its worth monitoring the populous for doing stupid illegal things doesn't even bother me, as I do my best to act within the law. Our representivies passing laws that the people never get a say in, or are many times not even aware are happening, annoys me!
  • I guess he's saying one bit constitues a device.
  • Since many are accusing this of being the United States of Corporate America, one must realize the target of AC's jab, here.

    Businesses are getting to be dependent on Linux, more and more. They see the benefits.

    Isn't that the point, after all?

    But now this little DMCA thing is being surfaced as a possible negative to the business community. So far it's been below their radar screen. The only significant business awareness of the DMCA has been from the proponents on the media side. Here comes a warning shot saying that the DMCA is bad legislation, not only out of a 'principle thing' that /.ers gripe about, but because it's ill specified and poorly written, and thereby has unforseen consequences. Those unforseen consequences can mean bad things to other businesses.

    We need allies on this, because as long as it's only a Geek Issue, we're going to get rolled over. IMHO this is a recruiting effort.
  • It'd be great if people could read the threads here and try to figure out what is going on.

    Isn't that your job, mister slashdot editor???

    - A.P.
  • by Speare ( 84249 ) on Monday October 22, 2001 @03:26PM (#2461998) Homepage Journal

    The SSSCA, which could become DMCA's darker sibling, has even more for Alan Cox to ponder. In fact, I just finished a weekend writing a fairly long letter to my representatives, and sent it only a few moments ago, so that it may get there in time for a Senate Commerce Committee hearing on the 25th.

    The full letter is at http://www.halley.cc/ed/politics/2001-10-22.conten t.control.html [halley.cc]. I welcome comments, and the letter may be reprinted with attribution.

  • by gotan ( 60103 ) on Monday October 22, 2001 @08:27PM (#2463703) Homepage
    Security lists should be even more aware of DMCA legislation. When dealing with US-based businesses security experts should demand an outside US contact-address to send the report to, as well as a document stating that the information will not be divulged to US citizens or residents.

    Posting the report to a Site accessible from USA gives anyone who wants the means to sue to their liking, and the only reason Microsoft didn't already sue bug-reporters into submissive silence is the cry of outrage to be expected after such a move. But we'll probably soon see that nevertheless with their hacked Mediaformat.

After the last of 16 mounting screws has been removed from an access cover, it will be discovered that the wrong access cover has been removed.