This article has been going around for a few days now. Basically, a small game developement company opened up and asked why do people pirate their games? The end result of this question was the company is going to remove the DRM from their games and lower the cost.
As wired states at the end of the article. Maybe if this story is passed around enough and this company gets a bump in sales, the other companies in the industry might start to listen.
With the new digital world, copyright is becoming a topic that everyday people are having to become familiar with. It is often hard to find a clear definition/example of the differences between the two. Earlier, I was perusing TechDirt and came across this article.
Take a look at comment #7 by Anonymous Cowherd (A shame he/she chose to remain anonymous on this). It is a great definition and explanation of the differences.
The breach of the Artistic License was presumably along the lines of:
Copyright holder: You can make copies so long as you do X.
Someone: Makes a non-fair-use copy without doing X, and distributes it.
-> Copyright infringement (not fair use & no permission to copy)The “not for resale” on the CDs was:
Copyright holder: Don’t resell
Someone: Resells
-> No copyright infringement (no copy made; original resold instead. First Sale. Arguable breach of contract.)Creative Commons non-commercial licenses:
Copyright holder: You can make and distribute copies for non-commercial use.
Someone: Makes and distributes a copy for commercial use; no fair use defense such as commentary or educational use.
-> Copyright infringement (a copy was made and distributed without permission and it wasn’t fair use)
Another case is:Microsoft: Don’t benchmark this code.
Someone: benchmarks the code
-> No copyright infringement (no permission-requiring* copy made; arguable breach of contract.)* USC Title 17 Section 107(a)(1) creates an exception for normal installation and use of software, so that such private and non-distributed copies as one makes as a matter of course in the normal use of software do not require any permission from the copyright holder. The only possible infringement here is if the guy benchmarking the code pirated his copy instead of buying it at the store.
As for the breaches of contract, USC Title 17 Section 107(a)(1) shows that there is no consideration in exchange for agreeing to typical clickwrap EULAs, as one does not need the copyright holder’s permission to install the software (as separate from buying it; an agreement that had to be signed to get a disk with a copy or to download a copy might be binding, just not one that is NOT tied to obtaining a copy). So, the benchmarking isn’t even a breach of contract by any SANE reading of the law.
That same lack of consideration prevents the NO RESALE stickers from creating a contract, so no breach of contract reselling those disks.
Likewise, there’s no breach of contract selling copies of the software that had been released under the Artistic License, even though in that case there WAS copyright infringement.
Copyright infringement and breach of contract are two separate things, each with its own criteria. The confusion stems from EULAs tending to include up to THREE separate things:
* Advance permission from the copyright holder to copy and distribute under specified conditions;
* A bunch of so-called contract terms supposedly governing use (not copying); and
* Disclaimers of warranty and liability on the part of the vendor.The first gives conditions, additional to fair use and transient/install/personal copies, under which copying isn’t copyright infringement.
The second, separately, gives supposed terms and conditions of use, unconnected with copying and therefore unconnected with copyright (whatever may be said sometimes to the contrary), and generally without consideration (so many jurisdictions are likely to find THOSE terms to be null and void).
The third, separately again, disclaims liability of any sort on the part of the provider of the software (or whatever) arising from your use of it.
What? Blizzard v. BnetD? That decision was, quite simply, flat wrong. Reverse engineering is not copyright infringement, breaching the clickwrap EULA on the software on the disk you bought and installed is not breach of contract, and the reverse engineers never did enter into any contract arising from actually signing up for the online service part, so they certainly can’t have breached THAT one. That judge was obviously on something — probably dirty filthy industry money slipped to him under the table.
For the past 6 months or so, I have had a pretty strong interest in Apple products. I have never owned one to date. My girlfriend has a macbook so I spent some time playing with it, seeing what the differences are and getting a general feel for the OS. After this time an paying attention to Apple, their products, and behavior I am going to have to pass on the company. I have never been a fan of their iPod due to the DRM and incompatibility with other devices/software. Now I see that the Apple mindset I don’t like about the iPod is actually Apple/Jobs and not limited to the iPod.
Steve Jobs is a control freak. It is his way or the highway. I suppose for the 95%ers, that is OK. For me, it is my device, my OS, my computer, and my life to control. I do not need someone else telling me what is the best (only) way to do something or what is or is not safe/appropriate for me. The walled garden that is Apple will not grow much further if it doesn’t tear down some of their confinements.
I have been using Google Hosted apps for my mail domain for over 2 years now and I couldn’t be happier with the service. It is always available and quite frankly keeps getting better. Now Google had an email outage yesterday and at latest count, there are over 125 news articles about it along with COUNTLESS complaints.
It befuddles me to think that someone has the rights to bitch about GMail being down for two hours. A service that most and by most, I mean high 90s percentage do not pay for. It may even be 99% don’t pay for. How can you complain about a service that offers soo much for free when it goes down for 2 hours or less? Is your life/business/etc so critical that you can’t not be with out email for two hours? Best of all, it was only the web interface that was down for two hours. You could STILL access it by POP or IMAP.
So I have to ask again, WTF are you complaining about? If your business relies on a FREE BETA application that much that two hours will have a significant impact to you, then you seriously need to reconsider your IT strategy. It is no one’s falt but your own if you go out of business for, again with emphasis this time, RELIYING ON A FREE BETA APPLICATION for business critical services. Period.
I don’t care who you are, what you do, how you do, how much money you make, or who you fuck. You are frankly an idiot if this makes you mad or damages your business. And you can quote me on that.
After some lively discussion on Macworld’s forums I came up with a few more thoughts on the subject.
It continually amazes me how people will trade control/privacy/freedom for “Security”. As if some other person, organization or company will always have your own best interest in mind. How often to we act in our own best interest, let alone trusting someone else to do so for us?
A couple of quotes I used during my debate? were from Ben Franklin and an old proverb.
Ben Franklin:
“Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.”
The proverb goes:
The road to Hell is paved with good intentions.
I feel these two statement illustrate the fundamental issues with Apple giving itself this much control. Never mind the security implications which I will get to in a moment.
In this particular case, a company, Apple, has decided that it should have the ultimate say on if an application can be installed on a device they no longer own. To take this to a mild example which may have already happened.. The initial release of the App Store included an application called NetShare. This allowed users to tether their computers to their iPhone for Internet access. Meaning users could access the Internet over their cell phone data plan. This is against at&t’s TOS and they requested that it be removed from the store. Now, with this kill switch, they could also remove it from the phones that had it installed.
The implication of this is Apple is acting as a cop for at&t and enforcing their (at&t’s) policies. This opens a lot of questions about liability and privacy in and of itself, but that is another topic. Why does apple get to decide or even help in the enforcement of at&t’s policy on a device they have no authority over any more. They have transferred ownership the device to the user in exchange for money. Rudimentary property rights.
A more egregious example is what if Joe Developer created an app, started selling it on the App Store and it became immensely popular. Apple, in their insatiable need for $, after all they are a publicly traded company with stockholders, decides they want a piece of that pie. So they develop their own version of the application and start selling it. Maybe it is not as successful or maybe someone decides it is not making enough money for the amount they invested, or maybe Apple just gets greedy and wants the whole pie instead of just a piece. Apple throws the little switch and bam! all of those users who had an application they loved and paid for is gone. Since they still want the functionality, they have to buy it from Apple now. And they really have no choice in the matter since Apple controls the gates to the App Store.
Do you think this is a little far fetched? Apple already pulled an app called Box Office for no reason. Any chance that little application might end up in some Apple provided application in the near future?
The security implications are much worse than the potential wrong doing by Apple. The very fact this exists means that someone else can exploit it. What does it take to get something added to that list? What other functionality can that list or maybe another list provide? What will happen when some cracker gets creates an exploit to take advantage of this? Based on my limited understanding of how it functions, it appears it could be a VERY simple task to exploit this hole. If the device does phone home to a URL, then that means the address can be faked with the DNS vulnerability that is out there. If we take Apple’s response to patching their desktop operating system as an example of their timeliness to respond to something critical, then chances are their iPhone hasn’t been patched yet. (I can not find any mention of it.) Never mind the fact they didn’t even patch it correctly. Do a little DNS poisoning, blacklist the application that provides the phone functionality, and no more phone. Or an even better one. Depending on how the blacklisting works, setup the blacklist to kill Internet access and the phone. It goes to check for new blacklisting and loses Internet, phone, and whatever else you can kill with it (Maybe the docking port?). Now it can’t even go out to get a legit blacklist because it has no Internet access. Ouch.
All of that with out even exploiting anything but a simple existing DNS issue. What other problems could you cause by having better knowledge of the system? Can it be trigger by a local app instead of the phone home function? Could a web page initiate the blacklisting through malicious coding?
The bottom line is, this functionality is bad news. No matter what the intentions were, by having the ability to exert this kind of control on a device remotely will always result in someone taking advantage of it.
Back on the 7th it was being reported that a secret URL can be used by Apple to disable apps on iPhone. Today it was confirmed by Job’s that the Kill Switch does indeed exist.
I posted a nice comment over on Wired’s article about this.
As the old proverb goes.. “The road to Hell is paved with good intentions.” Sure, Apple could have all of the best intentions to “only” use the switch when there is a ‘bad’ app out there. But as it has already been proven, Apple has not been very clear on what it defines as “bad”. Take a look a the I Am Rich app. It did nothing malicious, but Apple didn’t like it so they yanked it.
What about jailbreaking? Will it allow them to kill apps that were installed after the phone has been jailbroke?
Take it a simple step further, what else can they do with this ‘kill switch’? Is it limited to killing 3rd party applications or can it also kill your phone? What about look through your contacts, email and private content? Is there a limit to its functionality?
Historically speaking, very few companies can be trusted to do what is right instead of what will strengthen their bottom line. Apple is NO different.
By simply allowing this kind of functionality, Apple is opening themselves up to scrutiny, risk, and a HUGE PR problem.
And finally, the biggest reason why this is not and never will be a good idea. EVERY piece of DRM, and don’t be fooled, that is exactly what this is, has been cracked. What kind of controls does Apple have in place to keep this kill switch locked down? How long till Joe Hacker down the street finds it and starts abusing it? If Apple’s response to the DNS vulnerability is any indication, which is has been shown, of their corporate position on security and ability to manage risks, then I would be VERY afraid of the chances it gets released into the wild. It is not a matter of IF, it is only a matter of when. Also, again given their response to the DNS vulnerability, who is to say that this function is not bug free? What if some glitch in the function causes any of the previously mentioned?
This is no different than the police having a kill switch for your car or Microsofts newest Digital Manners Management scheme. The bottom line is, who gets to make the decision and how long till it is out in the wild?
A few weeks ago I purchased a new video card for my laptop. It was originally configured with an ATI x1400 and due to piss poor drivers from AMD for Linux, I decided to see how the other half lived.
I found a decent deal on a NVidia GeForce 7300 Go for my laptop, got it, installed it, and was having some artifacting. I ignored it for a while and then I tried to watch a movie. It was not possible. So I contacted Doug Heihn, the proprietor of TXcess Surplus and explained the situation. He was very professional, checked to see if he had any others in stock since I still wanted the card, he did not and said that he would issue an RMA by the end of the day.
A few hours later, much to my surprise, I received an email from UPS with a return shipping label. I was fully expecting to pay shipping back and here was a label to cover that cost.
In short, I wanted to say thanks to Doug Heihn of TXcess Surplus for his superior service and professionalism.
Thanks Doug!
If I have the need in the future, I will do business with you again.
This is an interesting comment made by John Timmer and if his interpretation is correct, then that could open a very LARGE hole in the DMCA.
http://arstechnica.com/news.ars/post/20080804-air-force-cracks-software-carpet-bombs-dmca.html
But the court also addressed the DMCA claims made by Blueport, and its decision here is quite striking. “The DMCA itself contains no express waiver of sovereign immunity,” the judge wrote, “Indeed, the substantive prohibitions of the DMCA refer to individual persons, not the Government.” Thus, because sovereign immunity is not explicitly eliminated, and the phrasing of the statute does not mention organizations, the DMCA cannot be applied to the US government, even in cases where the more general immunity to copyright claims does not apply.
Based on this statement alone, it is easy to take the next logical step in what “other” organizations are not covered by the DMCA? Does it clearly state that corporations or non-profits are covered? What about associations? They are clearely organizations. If this pattern applies, then what about single person organizations?
I am sure there is some text in the tome that is the DMCA that could easily kill this line of reasoning, but it makes for an interesting loophole the government may have carved out for the rest of the world.
We went and checked out the Vibram Five Fingers shoes today. (http://www.vibramfivefingers.com/) Anna is dieing to get a pari and I have to say, they are pretty cool. I may have to splurge and get a pair before the trip to SE Asia. It would make for an interesting journey.
Since I am now a 100% work-from-home luck SOB, I figured it would be a wise idea to have internet service that I could be demanding of. So, I swaped my residential Comcast service over to Business class. I wanted to ensure that when I called them stating that they are fucking up my VPN connection, they would have to listen.
My experience so far has been fantastic. I have an Account Manager, a phone number to reach the Business Class tech support team, 2 static IPs (1 I get to assign, 1 assigned to the Comcast 8014), and a guarantee! Service activation went well. I called up my fancy techsupport number to setup a RDNS entry and instead of being led around by a fool I was politely told that the tech really didn’t understand everything I was talking about and transferred me over to the techs who actually manage DNS! It was amazing. He asked me what I wanted and which IP and POW it was done. No silly “wait 6 weeks” or I can’t do that.. just done. No hassle.
In addition to all of this goodness, which is quite contrary to everyone’s experience with residential service, VPN performance has increased. What a wonderful thing.