Re: maximize best case, worst case, or average case? (TCPA)
James Donald writes:
On 3 Jul 2002 at 10:48, xganon wrote:
Do you really think that DRM systems could eliminate cypherpunk applications? Have you thought this through in detail? Please expand on it.
The system as specified is harmless, because it can run anyone's code, and thus can run napster like applications (break once, copy everywhere.) It also has many useful and valuable privacy protecting applications.
However it is a system and set of institutions that can validate that properly authorized code is running, and thus with a relatively minor change can ensure that ONLY properly authorized code may be run -- (Hey, we will protect you from all viruses, and all poorly written code, and all code that facilitates anti social behavior.)
Okay, you are afraid that only "properly authorized" code will run. Let's talk about one area: programming languages. What about compilers? Development systems? No doubt you'll claim these will be restricted. They'll be like assault weapons. Use a compiler, go to jail. This despite the fact that they are necessary tools for technological progress today. And what about interpreted languages? Python, Ruby? What about Perl? Seriously: will they ban Perl? Half the web depends on it! How can they keep people from running Perl? Or do you think that only "properly authorized" Perl scripts will run? That will never work. Perl is tweaked all the time; the whole point of using it is so that you can adapt your site functionality quickly and easily. The whole idea of outlawing programming languages and allowing people to only run software on an approved list is utterly ridiculous. Custom software is widely used throughout the world for all kinds of mission critical activities. Business would never allow the government to forbid custom software. People point to guns. Computer languages aren't anything like guns. You can ban handguns and it doesn't hurt anyone's business except a few gun sellers. Banning custom computer software will drive a stake through the heart of business innovation and competition. It's time for cypherpunks to remove their paranoia-colored glasses. One apocalyptic prediction after another has been proven false. Even post 9/11 the government floated one timid trial balloon about possibly restricting crypto, and it was shot down in a hail of criticism from all directions. If they can't even ban crypto, you think they'll be able to ban Perl? People who believe this are utterly disconnected from reality. To the extent that people fear the TCPA and DRM because they think it will take us down a path to the mythical state where only approved software runs, they need to think again. It can't be done. Software is infinitely malleable, and it is this property that makes it so crucially important in business today. The government can no more ban unapproved software than it could require companies to forego the use of computers entirely.
-- On 4 Jul 2002 at 7:38, Anonymous wrote:
Okay, you are afraid that only "properly authorized" code will run. Let's talk about one area: programming languages.
What about compilers? Development systems? No doubt you'll claim these will be restricted. They'll be like assault weapons. Use a compiler, go to jail. This despite the fact that they are necessary tools for technological progress today.
Similar controls are applied on biotech, severely impeding biotechnology progress. There are lots of people who just plain do not like progress, precisely because it is likely to upset the status quo. Lots of people say biotechnology makes women infertile, causes the cows milk to dry up, all the usual accusations that were made about witchcraft. The Chinese government was alarmed by paper and printing 1900 years ago, and made it a state monopoly and state secret, so that it was only used by official people for official things. Five hundred years ago it became alarmed by the potential of ocean going ships, cannon, and compass, and put an end to ocean going ships, and so on and so forth.
Or do you think that only "properly authorized" Perl scripts will run? That will never work. Perl is tweaked all the time; the whole point of using it is so that you can adapt your site functionality quickly and easily.
Tweaking is hacking, hackers are evil, and must be punished for their sins.
The whole idea of outlawing programming languages and allowing people to only run software on an approved list is utterly ridiculous. Custom software is widely used throughout the world for all kinds of mission critical activities. Business would never allow the government to forbid custom software.
Businesses would get licenses not available to individuals. It would be like medicine, reserved for special approved people.
People point to guns. Computer languages aren't anything like guns. You can ban handguns and it doesn't hurt anyone's business except a few gun sellers. Banning custom computer software will drive a stake through the heart of business innovation and competition.
Most businesses do not want innovation and competition, and most governments do not want it and do not permit it. You do not realize how extraordinary and unusual the USA is in permitting comparatively free innovation and competition. In most countries you cannot even rent out laptops without a permit. If you cannot rent out laptops without a permit, why should you be allowed to program outside a sandbox without a permit? As soon as a sandbox is available, there will be a movement to restrict all unauthorized people to that sandbox. Most governments in the rest of the world see the innovation coming out of the US as a form of aggression and imperialism, and they are angry about it and want it to stop.
It's time for cypherpunks to remove their paranoia-colored glasses. One apocalyptic prediction after another has been proven false. Even post 9/11 the government floated one timid trial balloon about possibly restricting crypto, and it was shot down in a hail of criticism from all directions.
The SSSCA appears to have similarly sunk, but "anti circumvention laws" were not, neither were "privacy" laws that prohibit some forms of privacy, nor overly broad anti hacking laws. The camels nose is in the tent, even if there is no immediate danger of the rest of the camel. COPA and the rest of that alphabet soup with "Children" in the title are still on the books. Businesses have found ways around them, and there is no vigorous enforcement, but eventually congress will come back for another bite, and close the loopholes.
If they can't even ban crypto, you think they'll be able to ban Perl?
They cannot ban crypto without first banning Perl. That was the point of the Crypto-on-a-T-Shirt movement. Obvious solution. First ban Perl, then ban crypto ten years later. After all, why would anyone want to use Perl unless they are running a web site? If just anyone is allowed to run a web site, they can do all kinds of scams and push all kinds of lies. Besides which hacking will make the cow's milk dry up.
To the extent that people fear the TCPA and DRM because they think it will take us down a path to the mythical state where only approved software runs, they need to think again. It can't be done. Software is infinitely malleable, and it is this property that makes it so crucially important in business today.
Approved businesses will get licenses, and will be very happy that there is one more hurdle for potential competitors to jump over. If you are running a long established business, rather than starting a new one, the more regulation the better. After all, we cannot risk the cow's milk drying up. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG d9PIH31teeAWscL+PT9c3fd8hA2wyFLNnFSCsdMq 2lna9XnSiut372FRyn3baSiqMWZPAuJRA+x7kynJ8
Quoting Anonymous <nobody@remailer.privacy.at>:
Okay, you are afraid that only "properly authorized" code will run. Let's talk about one area: programming languages.
What about compilers? Development systems? No doubt you'll claim these will be restricted. They'll be like assault weapons. Use a compiler, go to jail. This despite the fact that they are necessary tools for technological progress today.
Basically, the concern I have is not that any *particular* end-user developed application, in a post-DRM/TCPA world, will be rendered illegal, but that the core of the machine will be modified such that a remote attacker can deploy targeted or general sniffer/reporter trojans. If you remove the ability to compute in secret, with all communications widely . The code which will be "illegal" on a DRM/TCPA/etc. machine, which would actually be illegal if only those machines existed (which can be done through restrictions on sales of new machines, or just special kinds of I/O), is anything whihc can circumvent this DRM microkernel. The DRM microkernel will inevitably be implemented in a non-transparent way, allowing remote attackers superuser over OS-superuser access. Switching to machines with one local root and lots of dumb terminals would be roughly the same, except users have more explicit knowledge of the power of root, and some influence over the selection of that root. Simply eliminating the ability of most users to have a locally-secure fully trusted execution environment, with processing, intermediate storage protected from tampering or disclosure, etc., and network communications, will kill cypherpunk applications. If any cypherpunk application requires the users to jump through hoops to get a reasonable hardware platform, vs. just using a normal PC on his desk, there is a bit of difficulty -- it's hard enough to get cypherpunk applications deployed today, even without such restrictions. It's possible the system will be designed to prevent remote control at the microkernel level, but then the signed OS required to deal with signed media objects on a daily basis, which most users will require, may support this functionality. Since this code will be signed, third party patches will be prohibited. -- Ryan Lackey [RL7618 RL5931-RIPE] ryan@havenco.com CTO and Co-founder, HavenCo Ltd. +44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F
At or about 09:22 AM 07/04/2002 -0700, jamesd@echeque.com replied thusly:
If they can't even ban crypto, you think they'll be able to ban Perl?
They cannot ban crypto without first banning Perl. That was the point of the Crypto-on-a-T-Shirt movement. Obvious solution. First ban Perl, then ban crypto ten years later. After all, why would anyone want to use Perl unless they are running a web site? If just anyone is allowed to run a web site, they can do all kinds of scams and push all kinds of lies. Besides which hacking will make the cow's milk dry up.
The point was more that the programs were trivial and short, and Perl was used because it's good for writing short unreadable programs. There were also LISP implementations in about four lines, though I don't think anybody got them down to three or two - but they were much more readable, being basically straightforward mathematical notations wrapped in lots of parentheses. However, good crypto and compact Perl both have the advantage that it's hard to distinguish them from line noise, and thus it's hard to detect either one....
participants (4)
-
Anonymous
-
Bill Stewart
-
jamesd@echeque.com
-
Ryan Lackey