Mon, 14 Jul 2008
Lawful Ransom
My almost five years old compactflash microdrive in my camera has finally died, so I have decided to buy a new CF card. To my great surprise, about 10 % of the total price is the "authors fee". Which is law-imposed tax (a ransom, in fact) for supposed loss on authors' fees caused by distributing copyrighted work using this CF card. WTF?
Does it mean that having paid this ransom I can now legally use this CF card to transfer copyrighted work, as I have already paid the authors' fee? Or is there a way of getting this money back, provided that the card will be solely used in my camera, i.e. to store and transfer my own author's work? According to the Czech law, these fees are collected by a mafiaa-like organization named OSA, which then distributes it to their members (after subtracting their operating expenses, of course).
But in order to become a member of OSA, there is a minimum amount of author's earnings per year, which is quite high. Well, I really don't need to have a share on the total ransom collected by OSA, I just want back the money I have paid to them myself when buying this CF card. How can I do this, my dear lazyweb? A related question: is this ransom collected even for CF cards in embedded systems (think medical computers and other systems, where is no way they can ever be used for tranfering random files)?
6 replies for this story:
wrote:
Actually, this is quite funny story. The fee was originally set that way, that it was told how much you have to pay for 1MB (on flash media), it is not some percentage of the price. This was long time ago, when 64MB flash cost about 500CZK, and the fee was about a few CZK - nothing worh of writing a blogspot or newspaper article. But the times changed and now you have 2GB falsh for 500CZK and the author fee for 1MB is still the same. (!) It was definitelly some sabotage of the law done by authors lobby. The best you can do is contact your senator.
Vasek Stodulka wrote:
^that was me. :-)
wrote: Yenya
Well, contacting my senator is definitely a thing to do, hope he will find the case interesting enough :-) Just a minor correction: it is not authors' lobby, I think. Real authors (= artists) probably do not have anything significant from OSA. This is a lobby of mass producers (think Eva a Vasek) who create for a job, not for the art itself.
Milan Zamazal wrote:
You can't get your money back in any way. The case of ransom charged on computer hardware etc. was even judged by the ombudsman office and they said it's in full compliance with current law. However they also said that the amount charged per MB should decrease in future as common media capacity increases. But the only way to get rid of the ransom is to change the law. As for copyrighted works, AFAIK we can legally copy works from *original* media, unless they contain some copy protection, from TV and radio and it's at least not punishable to fetch publicly available files from internet. So I'd suggest to copy works from OSA members (and members of other cliques) and to buy works from other authors.
Michal Fabik wrote:
You are right that there is a limit in minimum earnings (among other things) to become an OSA member, but it is possible for virtually anybody, including for example my quite insignificant underground metal band, to register with OSA and become entitled to their own share of the ransom. The only condition is to prove that your work has ever been "publicly used". I emailed an OSA representative to ask how such a "proof" gets authenticated, i.e. why don't I just do a studio recording and mix in some crowd noise to make it sound "live". Her reply wasn't of much use, she basically just confirmed that you have to prove your work has been "publicly used" - "for example by acquiring a confirmation from a music venue proprietor" (her words). So I suggest you bribe your favorite music club owner to call OSA and say something like "Hey, Yenya performed here just yesterday ... sure it was open for the public, the concert was called 'Catslashdevslashurandomgreaterthanslashdevslashdsp'". Then plaster white noise all over the internet and wait some ten years to get your money back:)
petr_p wrote:
Actually, there is a work around: Buy it abroad and persuade customs officer not to open the package (e.g. the seller/shipper claims it as a gift).
Reply to this story:
Thu, 03 Jul 2008
HTTP Referer
One of our customers subscribes to a library system, which has its users
"authenticated" by verifying the HTTP Referer: header.
So they have to register a single authenticated page, accessible by
their own users only, and we have to put a link to the library system
to that page. Leaving aside the stupidity of such an approach to the
authentication, I have found some interesting facts about the
Referer: header:
Firstly, we have found that going from that page, browsers never send
any Referer: header. When looking into it deeper, we have discovered that when you are on a page retrieved via https, the
browser does not send the Referer: header to the
pages with the http protocol.
So we have decided to write an intermediate redirector application,
accessed over http authenticated by a random string
as a CGI parameter. This application would than redirect user to the final
destination. That also did not work.
The problem was that when redirecting using HTTP 301 status code
(probably 302 as well), the client also does not send the Referer:
header.
The next try was redirect using <META HTTP-EQUIV="Refresh">
tag inside the generated HTML page. Also did not work.
Finally, I have tried to redirect the client using Javascript (rewriting
the window.location parameter in the onLoad
handler), and it worked. So non-Javascript users are out of luck,
but the majority is OK. Still, this system of "authentication" is stupid,
because faking the Referer: header is not hard.
UPDATE 2008/07/04: MSIE and Referer
Apparently MSIE does not send HTTP Referer: header also when
redirecting using window.location in Javascript. So for now
I have disabled automatic redirection for MSIE, and I am just displaying the
text "Use firefox or click to the above link manually.". In the meantime,
I have found a really comprehensive guide on browser type detection.
3 replies for this story:
Jirka Vejrazka wrote: Referer is optional
... also, if I remember correctly, the Referer field is completely optional and some users configure their browser to always send blank Referer. Having web security relying on Referer was good (barely) in 1996 :) I feel sorry for you that you had to deal with that...
Vasek Stodulka wrote:
Microsoft used this "authentication" too. When I wanted to download some software, I filled up all the forms and then I came to page with "download" link. I wanted to place the file on some other machine, so I copied the addres to clipboard and then I used wget with no luck. Fortunately wget can fake referrer attribute, so second try was successfull.
Věroš wrote:
Welcome to wonderfull world of libraries... Once upon a time, there was one library system I weren't able to access with my browser. Wiser colleague told me that my browser sent too long User-Agent header... (And yes, that was the problem).
Reply to this story:
Wed, 02 Jul 2008
Owner Free Filesystem
It seems that somebody finally got the eight years old idea of Schizzors (which is essentially a one-time-pad) with respect to the absurdities of the copyright law into something useful in a real world: meet the owner free file system.
The interesting feature is that in theory, you don't need to have the whole 2*n bytes of "random" data stored for retrieving n bytes of the data you want - the "truly random" seed can be reused to some degree: for example, if I want to store the files A and B (for the sake of simplicity suppose they have the same length of n bytes), you have to generate another n bytes of truly random data (let's call it C), and then store three files: A xor C, B xor C, and (for example) A xor B xor C. From them, either A, B or C can be retrieved, while all three stored files are "truly random" data, i.e. provably by themselves bear no relations to the original data A or B.
What this brings is not (only) an easy way to commit a copyright violation, but it allows the storage subsystem (i.e. a P2P network) to plausible deny the responsibility for the actual data they store, because they are truly random and bear no relation to the possibly copyrighted material. For example - I would happily offer my free hard disk space and bandwidth to some distributed computing project or whatever, but the risk of somebody storing a copyrighted material on my file system and then police seizing my computer is too high. With OFF client and protocol, the situation might be different, as no possibly copyrighted data is actually stored.
6 replies for this story:
petr_p wrote:
I can't see any difference between XOR encryption and just other encryption from point of view of legality. If you dive into copyright law you will see it doesn't bring to you any benefits. The only difference is XOR is unbreakable teoretically, other strong encryption is unbreakable only practically. Local notes: In Czechia, server owner is not responsible for data somebody else stores or retrieves. In UK, you are obligated to reveal decrypted plain text disregarding wheter you know the key. In France, you are forbiden to use strong encryption. Desicion to seize your server and analyse it doesn't depend on your screams `I don't know the content'.
Yenya wrote: Re: petr_p
The problem is not in "encryption". The problem is that the three data files bear _no_ relation to the original file. You can safely say that it is just a redundant way to obtain file B, which is your personal photo collection, without having your photo collection on a set of untrusted servers. The fact that also file A can be obtained from them (if you know how to do it) can be completely hidden. So yes, if you publish the recipe how to obtain (copyrighted) file A, you are committing a crime in certain countries. But by distributing the three data files you are not. BTW, in .cz the server owner is not responsible, but probably has to comply with a takedown order. With OFF, the takedown order on each of the three files can be easily dismissed as unwarranted.
wrote:
The three data files (OFF(A,B,C)) are related and you need permission to modify and share the modifications of original ones (A,B,C). If you haven't, you will infringe copyright law. So, once you do it, you are the bad guy. If you are asked to reveal all plain data and you show only B, then you lie a trick the justice. The only thing you can protect itself without breaking law in some countries is to reject revealing plain data at all. So I still don't see any argument why distribution of any file from OFF(A,B,C) separetelly or together could be legal.
petr_p wrote:
In other words: A xor C is random noise from point of view of mathematics. However it's derivated work from point of view of legislation. So you have two points of view, both of them are fine but in contradiction. Guess which of them choose the judge.
Yenya wrote: A xor C
A xor C is not a derived work of anything (or, more precisely, in the same way it might be a derived work of everything). Think of it as a "compression" or better "file retrieval" algorithm: you have a world full of "random" blocks, and the "compressed file" is an algorithm saying "take block 123, 456, and 789, xor them, and you have the final file". This algorithm is actually the compressed file which you are prohibited to distribute under a copyright law. Not any single of the files 123, 456, 789 (esp. when you can also use some them for constructing different copyrighted files, possibly such that you own their copyright). As for the earlier comment (I don't know whether it was also yours) - in many countries including .cz you are not obliged to tell the truth (or event the whole truth) as a defendant in a criminal case. But then, we agree that publishing recipe how to obtain the copyrighted file A may be a crime. What I am trying to emphasize is that with OFF, publishing any of those random noise files separately is not a crime. So the mafiaa-like agencies would finally have to go against the real copyright infringers, and not against the storage providers.
petr_p wrote: Re: A xor C
"This algorithm is actually the compressed file which you are prohibited to distribute under a copyright law." – Then you can say any (encryption) algorithm is prohibited by law because it can be applied to some suitable data. However that's not true because you need data beeing processed by the algorithm. That means that only complete set of data together with algorithm can infringe law. But then you can say that sharing any data minus first bit is fine because it doesn't provide complete data. Then copyright holder can say he holds rights for first and second halfs of the data block. Then you can remove bit from every part of data block and this process can recurse to 1-bit long data subblocks. And that's obviously false because we forget on the order of data subblocks. But the order can be expressed as another data block and we have the same problem. Thus copyright law solves only obvious cases and requires some fuzzy level of similarity. And such obviousity is based on posibility to exhibe data decryption on the court. And here we go to the next part: "you are not obliged to tell the truth as a defendant in a criminal case" – No, you are obligated to say truth or to be quiet (in Czechia; in UK you it doesn't cover revealing encrypted data). You are not allowed to say lies. And final part: "agencies would finally have to go not against the storage providers" – That's true and Czech law sais storage providers has no reponsibility. Take down can be demand only by judge order.
Reply to this story:
Tue, 01 Jul 2008
E51
On the mobile devices front, I have decided to buy Nokia E51 phone and a n810 tablet PC. So far I have got only the phone, so this is my experience after using E51 for a week or so:
- It is fast. Having seen E50, the user interface is much more responsive.
- The UI is good and configurable. For example, having a separate "Delete" key can make some operations fast. Configurable buttons and icons are also nice.
- The web browser works even with javascript.
- I have not figured out how to display letters from foreign alphabets. Probably a full unicode font has to be installed, but I don't know how to do it. Some sites suggest putting it to
E:\System\Font\Ceurope.gdrand reboot the phone, but it did not work for me. - Gnokii supports only identifying the device, not the data and contacts transfer. OpenSync gives an error when trying to synchronize contacts. I hope they will fix it soon.
- Useful apps include cCam (a third-party camera capture program, which features no fake shutter sound), and Symbian Ogg Play (an audio player with Ogg/Vorbis and FLAC support).
- It has a SIP client, which is well interconnected with the Contacts list. I have been able to phone home over SIP over WiFi. On the other hand, I have tried to call the E51 over SIP: it started ringing, and when I picked up a phone, it has crashed - I had to remove and re-insert the battery. But having SIP is definitely a step in a right direction.
- The 2.5mm headphone jack is a disadvantage as my headphones have 3.5mm one.
- The battery life sucks. It has died after two days of usage. Maybe I am leaving WiFi on or something.
- Custom ringtones are nice, but they still have to be an MP3, not Ogg.
- The only Japanese dictionary for S60 is a commercial software.
I have decided to try what it means to have a supported commercial non-free OS, and asked the Nokia technical support about unicode fonts. Their reply was something like "we do not know, use a freeware sites if you want."
2 replies for this story:
Martin wrote: Spare N810
Do you want to try N810? I have one here at ICS MUNI that I do not use I can borrow to you (maybe even sell, I do not use it so heavily as I have expected).
Yenya wrote: Re: Spare N810
Thanks for the offer, but I think I will have mine in a few days. Besides, I have a n770, so I can imagine how the UI feels.