Ed Felten pointed to a
fascinating LawMeme article on the subject of the privacy
interests of e-mail users -- not against search and seizure, but against
ordinary Internet users who forward things indiscriminately. It's a good
read and thought-provoking.
There seems to be a whole genre of thought-provoking articles of the
form "our experience of the Internet contains a vacuum with regard
to legal and social norms around ________, as was dramatically
revealed by this singular event". (Variants include "how should our
everyday off-line intuition and institutions map to the Internet
world? -- a question highlighted by this singular event" or "the
Internet is really maturing and becoming an important and complicated
part of everyday life, because now Internet users even have to deal
with problems such as _______, as was dramatically demonstrated by
this singular event".) Maybe the most influential piece in this
genre is "A
Rape in Cyberspace". These essays used to be more common than
they are today. They rarely propose any kind of conceptual solution
to the problem or conundrum they explore. They are not useless.
Even long-time, sophisticated Internet users haven't thought about
all the gaps between kinds of experience.
The good thing is that the "et in Arcadia" ("et in
Cyberia"?) pieces have gotten a bit less breathless and
gee-whiz. They take for granted that there is this network,
and it's useful, and people actually use it and rely on it.
Maybe that evolution is helpful. There are conflicting influences
about this. Remind me to write about the old days of
Wired.
(That's the Douay-Rheims version of a passage from the Catholic
apocrypha, which is
inscribed on
a Catholic church in San Francisco's Chinatown.)
Last week I bought a watch, and I became a member of the
ACLU and the
FSF.
I hadn't had a wristwatch for about three years, since my watchstrap
broke. It's a great feeling to have one again; I'm trying to get used
to actually knowing what time it is.
I'd delayed joining ACLU for many years because I disagreed with them
about
affirmative
action (though I agreed with them about almost every other issue they
work on). But when I read about some recent events (I have an unfinished
diary entry about this), I thought that I really needed to join the ACLU.
So I did.
It's pretty well known that ACLU membership is booming.
Troubling times and events tend to increase their membership numbers -- a
phenomenon we're familiar with at EFF. (If I remember correctly, more people
joined EFF the week Dmitry Sklyarov was arrested than any other week that
year.)
Suppose you are a station attached to an unswitched Ethernet segment
through which traffic is passing. You don't have an IP address.
You can't get one through DHCP, because either there is no DHCP
server or there is one, but it isn't configured to give your
station an IP address.
The network has no access control (which is pretty obvious when we
say "attached to an unswitched Ethernet segment") and it has a
default gateway which is willing to route IP traffic to and from
the Internet for all local machines with IP addresses appropriate
for the local segment.
By observing local traffic on the segment (and perhaps by making
non-destructive active probes), how can you identify the gateway's
IP address and a valid but unused IP address for yourself (and,
preferably, the IP address of a name server which will perform
recursive queries on your behalf), and so autoconfigure yourself
as an IP node on the network without the benefit of DHCP service?
I think I know a solution to this problem, which I call the
"Ethernet mimicry" problem. The short way of phrasing the problem
is "how can you autoconfigure yourself on a network which won't
give you an address with DHCP"? I talked to Anirvan about this
a couple of weeks ago and worked out an approach I think would
work.
I talked about this with Dan Kaminsky at CodeCon. He seems more
likely than I to be able to implement it. The basic parts of
the solution include an ability to recognize gateways (they
receive traffic not addressed to them and send traffic not
originated by them, whereas ordinary machines receive traffic
not originated by them and send traffic not addressed to them)
and an ability to tell whether a particular IP address is in
use on a local segment (by sending ARP queries for it -- a
capability apparently already included in the current MacOS
and used when you try to set an IP address manually).
When we told Kragen about this, he revealed that he'd already
invented it. Oops!
I had a great time at CodeCon over the weekend. I saw an
exciting GNU Radio demo, heard about a lot of other interesting
work (Dan Kaminsky's Paketto Keiretsu, for example), and had some
neat conversations with people. I got to hang out with Robyn Wagner
(now "Esq."!) and Lucky Green, and play a bit of Scrabble with the
former. I also saw Ben Laurie, visiting from far away, and talked
with him and Raph Levien about a lot of interesting issues.
I went to dinner with an extremely geeky group on the first
evening of the conference, and got to ask them a question about
attacks on watermark detectors. The group came up with a great
solution, which I might write up as a
Cruelty to Analog post
or try to publish as a paper. I also heard a lot about capability
systems and (as on other days of the conference) found myself
repeatedly impressed by how eclectic the interests of many
programmers turn out to be.
The best part of CodeCon might well have been the opportunities
for conversation with such a fascinating group of people. It was
a really good conference.
I passed up an opportunity to go snowshoeing in the mountains
in order to attend CodeCon, but I still ended up completely
exhausted at the end of it.
Microsoft announced its Rights Management Server (or Rights
Management Services, which is the platform the Rights Management
Server is part of) last week, two days after telling us about it
in a conference call. I'm writing something up about this, which
I'll publish at my EFF site shortly (and link to from here).
Everyone is finding it amusing, or peculiar, that Microsoft
now has a DRM product called
RMS. While the
capabilities and architecture of Microsoft RMS aren't
precisely the same as Richard's depiction, there is some overlap with
the functionality of the system
described
in Richard's 1997 science fiction story about digital rights
management, published before the concept was widely known
or widely implemented. (I think the story is better
without the "Author's Note", but maybe that's just because
I'm following DRM pretty closely. That story might be part
of the inspiration for Kathryn Myronuk's clever slogan "Reading
is a right, not a feature", which I've been quoting in e-mail
since a little after Dmitry was arrested.)
What English word has six consonants in a row?
