Breaking Google's DRM 892
An anonymous reader writes "Google's new Google Print service (that lets you see scanned pages from printed books) has a pile of advanced browser-disabling DRM in it ('Pages displaying your content have print, cut, copy, and save functionality disabled in order to protect your content.'). This works with JavaScript turned off, even in Free Software browsers. Seth Schoen has posted preliminary notes on some breaks to the DRM (beyond just automating a screenshotting process), including a proposal for a circumventing proxy that would fetch Google Print pages and strip out the DRM. A full exploration of the html obfuscation and DRM employed by Google would be very interesting; certainly the ability for a remote attacker to disable critical browser features like save, right-click, copy and cut against the user's wishes is a major security vulnerability in Moz/Firefox and should be fixed ASAP."
That explains those mysterious hirings (Score:5, Insightful)
Security issue? (Score:5, Insightful)
certainly the ability for a remote attacker to disable critical browser features like save, right-click, copy and cut against the user's wishes is a major security vulnerability in Moz/Firefox and should be fixed ASAP
While I agree it would be nice to fix this from a convenience point of view, and a "it's my computer - it'll do what I want" point of view, how is this a security risk? How do I get a trojan, or lose files, because of an inability to copy & paste on a particular page?
It's doomed. (Score:5, Insightful)
i) To display the books, they've got to send that information to the browser, on your machine.
ii) Once its displayable on your machine, there is *absolutely* no way they can stop a determined person from printing it.
iii) If its going to work on Open-Souce browsers, the DRM must be fairly transparent.
iv) If it works on Open Source browsers, someone cleverer than me will modify that browser so that it works as the user intends, rather than the sender. Their only protection is the DMCA, which may stop a US coder from writing/distributing the hacked app, but the rest of us will be laughing.
Frankly, if Google were as smart as they're hyped to be, they'd know this.
Getting stuff for free? (Score:4, Insightful)
Whilst I'm all for breaking DRM that hinders the rights you have to use your content in the way you want - this just looks like breaking DRM to get stuff for free.
If that really is the case, then I'm extremely concerned that someone is doing this. Mainly because it adds extra ammunition to those who (wrongly) try to push the line that the only people who want to break DRM are those who want to rip people off.
Re:Security issue? (Score:5, Insightful)
A part of your security is having control over your computer. Your security has been compromised when you lose that control.
Nature of Information (Score:4, Insightful)
Information, by its very nature, is copyable. DRM schemes may stop a casual user from copying information, but it is theoretically impossible to make an invincible DRM system like this due to the very nature of information.
That having been said, Google is smart enough to know this. They have to put what they can in place in order to convince publishers to agree to their system.
Re:Security issue? (Score:5, Insightful)
There are plenty of sites that go to great lengths to turn off functionality like copy, back button, print, etc. When a major corporation does it, suddenly it's a risk?
Google can only offer that information because they can employ DRM.
We control the horizontal, we control the vertical (Score:4, Insightful)
Re:That explains those mysterious hirings (Score:4, Insightful)
Re:It's doomed. (Score:3, Insightful)
DRM is necessary here (Score:3, Insightful)
What any man can do... (Score:4, Insightful)
It seems rather futile to try and restrict what people can do with images on the net. Given that fundamentally it's an open easily-parsed format, and wget is your friend, it ought to be relatively easy to write a harvester, if anyone could be bothered.
And there's the rub. Unless Google publishers are suffciently stupid (I've not seen much evidence of online stupidity in book publishers to date...) to put significant excepts from the book online, who'd care if you could download the images ?
At the end of the day, the best protection is to make sure that the good information is kept in the book, and the online imagery gives an indication of what you get when you pay for the book. This all presupposes the book is worth buying, of course, and perhaps that's the market they're trying to protect...
I guess this will protect against casual copying by the clueless, and that's probably all they're trying to do, but Google is every tech's favourite lovechild (brought about by those clever marketing peeps, which, er, aren''t most tech's favourite people. Well, moving swiftly on...). So Google are popular, and they do something that those tech peeps will react to (DRM), and quick as a flash there are workarounds. Hell, I expect a firefox plugin by tomorrow! A waste of time, perhaps ? Or just another example where the clueful (Mozilla users) have the advantage over the clueless (IE users
Simon.
Re:Getting stuff for free? (Score:5, Insightful)
You are 100% right.
It isn't about "security" or even "fair use" it's about the ability to cut and paste, save and print someone else's content without their permissions.
I could understand if you owned the books but you don't. Sounds like a good way to bite the hand that feeds you.
If you are really concerned with Google messing with your browser... don't go to any Google domain, ever. Add an entry in your HOSTS file for google, froogle, gmail, gbrowser and whatever else you'd like.
It's a free service, free in the sense that you are free not to use it.
Re:Google are Evil (Score:2, Insightful)
Re:My wishes??? (Score:2, Insightful)
The human propensity to obsess over their wants and wishes is rather puzzling, in my view. This viewpoint reeks of indivduality, a curiously human trait. Sometimes, bowing to the greater good is more beneficial than stubbornly sticking to one's own particular desires.
In the case of 'Windows', that particular piece of programming follows the philosophy of utilizing the combined knowledge of specialists to guide the less sophisticated users of the software and ease their work. That some people object to this on the grounds that it forces restrictions on them is understandable to a point, but this scheme of things is beneficial on the whole. Opponents of this approach may call this approach 'Appealing to the lowest common denominator,' or some variation thereof, but I myself prefer to call it 'Sacrifice for the benefit of the greater good.'
Discussion on this issue is something that I very much look forward to seeing.
Google has to do it, not make it work (Score:5, Insightful)
They have to show the suits at the publishing houses that they are being responsible, safeguarding the suits' ``intellectual property''. It doesn't really matter whether it actually works, just as it doesn't really matter if the features in the checklist on the box of software work. It's a tool for the salesman to use.
If this feature exists but really doesn't work, then the suits get the illusion that their ``intellectual property'' is protected, and they get free advertising of the try-before-you-buy variety. For this best of all possible worlds scenario, it has to work well enough to fool the suits, but not well enough to stop the rest of us.
Sounds to me as if Google has gotten it to work just about well enough to do a good job for all concerned: Google, us readers, and even the suits.
Re:Security issue? (Score:5, Insightful)
Hmmm (Score:5, Insightful)
It already gave me a copy of the work for free, if I chose to burn it, make a hat out of it, or print it out, it's my business.
Re:It's doomed. (Score:5, Insightful)
Do you want Google to drop this technique and go for something more proprietary that won't work at all?
Re:It's doomed. (Score:2, Insightful)
Google adding DRM is a red herring (Score:2, Insightful)
Google me! [rr.com]
Re:DRM is necessary here (Score:2, Insightful)
And? Why should my browser be broken just so Google can make money?
Re:Security issue? (Score:5, Insightful)
Even though most of
Take your pick:
Google offers book searching with DRM
Google does not offer book searching
+ AdBlock on cleardot.gif (Score:5, Insightful)
I seem to recall them using a simiar trick on the official site for Lord of the Rings when it came out.
Re:Security issue? (Score:5, Insightful)
If Google Print doesn't offer the save/print/whatever functionality you desire, then don't use it.
There, you just exercised your control over your computer.
Re:Getting stuff for free? (Score:5, Insightful)
I understand the necessity for the DRM by Google -- without it their library of content will be severely limited; however, do not paint the actions of everyone attemting to circumvent the DRM.
Re:Security issue? (Score:5, Insightful)
Re:That explains those mysterious hirings (Score:0, Insightful)
Re:That explains those mysterious hirings (Score:1, Insightful)
Re:That explains those mysterious hirings (Score:2, Insightful)
Re:Security issue? (Score:5, Insightful)
This is a *feature* of nearly all modern ECMAScript browsers: You can specify what happens when someone clicks on your page! This "feature" is how you (or more likely someone else) can create a swanky custom context-menu for a browser that matches the functionality in your OS. My goodness, the sky really IS falling!
Quit bitching, just because Google does it a little better than the average disable right-click [codelifter.com] page does... (right-click and hold it, hit enter for the Alert() and let go, your context menu will pop up)
WindowsUpdate uses document.contextMenu to disable right-clicking there too, but I don't see anyone bitching about Windows DRM for patch management, only for video/audio.
Oh, wait... M$ uses it, therefore it's evil. Bad Google! No cookie for you!
Re:wget is forbidden (Score:4, Insightful)
Oh c'mon! You only need to change the user-agent string with --user-agent to something generic like MSIE or whatever.
This is just the beginning (Score:5, Insightful)
This sort of HTML onfuscation abuse is just the beginning. This is a general problem with any sufficiently rich presentation language. There are hundreds of different ways to obfuscate things.
Just wait until MS finally decides to properly support PNG alpha transparency! Combine this with CSS absolute positioning, and you'll start seeing images which are composited from many different layers of semi-translucent images; each of which is just noise of it's own. You also have already seen for a long time the cutting up of images into many small pieces.
This could be taken to an extreme as well. With absolute positioning you could also do this with text as well as images. Just position each letter on the page separately and randomize the order in which they appear in the HTML stream. Or even worse, use a custom downloaded font, where the glyphs are all randomized, so although it may look like an "A", it's really in the slot for a "Q"...try to cut and paste that.
Consider the PDF format as an extreme of where XHTML+CSS+DHTML+PNG can go wrt. obfuscation. Sure, the determined and savy can always get the text copied out; but that doesn't mean its not going to be very difficult.
Maybe we should all go back to ASCII and lynx.
Re:Security issue? (Score:3, Insightful)
Say your operating system didn't let you choose a custom desktop image--you had to use what you were given. It's a restriction of choice, to be sure, but how is it a security risk?
You're missing the point... (Score:5, Insightful)
The "real" DRM here isn't DRM. As a previous post so astutely pointed out, DRM is schitzophrenic by nature: it involves trying to give someone something without *actually* giving it to them.
Google's "real" protection is that the service won't let you view more than a certain percentage of the book in any given month. That percentage is determined by the book's publisher at submssion time, anywhere from 20% to 100%.
Even if you can copy/paste/print, you're still only going to get a portion of the book - certainly not enough to replace a valid sale. Disabling that functionailty basically returns us to the age of photocopying a few pages of a book/article in a library. Except now we can search, so it's faster.
If one solution is as simple as "grab th data from your browser's cache" this is clearly meant to only stop the "average" user, something that is in very short supply here on
Here's to hoping this headline appearing on
Re:Security issue? (Score:3, Insightful)
Re:Getting stuff for free? (Score:3, Insightful)
However, for years people have had to write things down and now that we have computers don't act like you can't do so. Not to mention the fact that you can just "tile" the windows and transcribe the content into your favorite text editor.
I run a website and I would love to cut and paste portions of lots of books. Would be great elsewhere too, especially when fighting with people here on slashdot. That being said it should be noted that without the service existing you would have to visit the library or book store to view the inside of any one of these books.
The headline should have just said:
It's a shame because my local news (who is tech stupid) has already been singing the praises of this new service.
Re:Security issue? (Score:4, Insightful)
Or it can be viewed as an element of a DoS. Imagine a political website that has content they want to freely distribute. Infecting a number of site visitors with something, that as one of its effects, screws up copying or saving that content, is likely to be taken by most of the site's visitors as just a case of the site not having its HTML up to par. The site is effectively under an attack which it may never know happened, unless it gets enough visitor complaints.
Re:here we go again. (Score:2, Insightful)
And really, why should I be forced to pay $20 for a whole book when only a few chapters in it are any good, and I could just download those from google or have a friend make me a copy.
That argument is already stretching pretty thin when it comes to CDs -- it's complete bullshit in this context.
A book is not a CD with a bunch of (mostly) unrelated tracks. Each chapter adds to the overall story. If "only a few chapters are any good" why bothering reading the damn book in the first place?
There are many reasons to be opposed to this (don't seize control of my browser you worthless SOBs) but your reasoning sounds like an excuse to justify outright theft to me. If most of the book sucks so much then don't bother reading it to begin with.
yay! f**k it up for all of us (Score:2, Insightful)
This is fantastic! The authors and publishers agree to some DRM control over their content so that they can make the content available through Google, because otherwise they wouldn't make the content available at all, so lets just abuse the service, rip off the DRM, and work around it so that we can steal the content without paying for it, and before you know it, the content will be removed, and the publishers will never trust the users any more.
(slightly tongue in cheek)
I'm sick of wanting interesting and new content services, only to find that as soon as somone tries to do such a thing, using DRM as the "protection", that everyone gets in a huff at the mere mention of the work DRM (oohmigosh they are restricting _our_ rights
Re:Security issue? (Score:5, Insightful)
Hey retard (Score:5, Insightful)
Designers didn't pay for my machine, why should they have any right to control what I do with it.
Re:It's doomed. (Score:3, Insightful)
"ii) Once its displayable on your machine, there is *absolutely* no way they can stop a determined person from printing it."
Of course, it's like breaking encryption: it comes down to a matter of economics -- while determination and effort can be used to break it, it's likely to cost you more time and effort than spending money, such as going and buying a copy of the book.
Many things work on this principle.
Re:That explains those mysterious hirings (Score:2, Insightful)
I'll take cool tech over mythology any day.
Re:Security issue? (Score:2, Insightful)
I own my computer. I am the user *and* the administrator; remote websites are not administrators of my system. I am the one who gets to determine which memory I am allowed to access. If somebody tries to hijack that control, that is a security risk.
Why Google is right to do this (Score:4, Insightful)
Let's say that you buy a song/movie and it has DRM which restricts the way you use it - you would be justified in removing the DRM to use it in your own way (provided that you engage in 'fair' use). The content that Google displays in its book search results are *NOT* your media. You do not own it, you have not paid for it and Google is providing it to you as a courtesy. To provide it, they have to ensure that you do not make copies of it since even Google does not own the media to be able to give it away to you. Nothing wrong in restricting your options here.
2. OMG they have control over the browser!
Yes they do not ask you before disabling your browser options. But this does not install a trojan, or do anything permanent with your computer like other sites do. If you do not like the fact that your options have been reduced on that page, all you have to do is hit the back button and scram. (It's like complaining that a particular room in someone else's house is too hot - if you don't like it, get outta there!)
3. The DRM can be disabled.
Sure, it can. If one man can enable it, another man can disable it. The point, as has been noted in several places, on several occassions is that the average person cannot disable it. And no, you cannot automate the process to get complete books since the guys sitting at Google are not stupid and they will have measures built in to prevent automated downloading of entire books (through whatever strategies - searching repeatedly etc)
And yes, I have to mention this : Google has shown me how to push the limits of HTML and scripting - First with Gmail and now with Google Print - they are doing stuff that looks like pure art to the programmer within me. Hurray for ingenuity!
They Own the Content (Score:2, Insightful)
You seem to misunderstand something. The content that you access through your browser is NOT YOURS. It belongs to someone else and they should be free to restrict your access in whatever way they see fit. I agree that certain functions of a browser shouldn't be able to be modified, but only ones that effect data on your computer. I think by visiting a cite you are implicitly agreeing to certain terms of service, one of which is that the content owner owns and can control access to that content. You can secure Acrobat files so that you can't copy or print them, is this a security flaw in Acrobat? No, and you'd never say that it was because you knew this was possible. Just because you didn't think or know that this could be done with a web browser doesn't make it a security issue.
Re:Security issue? (Score:1, Insightful)
Free [books|music|stuff] is not a basic right. (Score:2, Insightful)
These are critical features? What alternate universe are you living in? Since when is the ability to save a web page that someone else wrote a "critical feature"? Not to mention copying and pasting?
Good lord, people... get over yourselves! The things you're complaining you can't copy and print are COPYRIGHTED WORKS. I don't care whether you don't like the law. It's STILL THE LAW. I don't like the law that says I'm not allowed to carry a sword, or run over people who step out in front of my car without looking. The police don't care whether I like those laws; they're going to arrest me if I break them.
Publishers (and Google) don't care whether you like the current copyright laws. Their goal is to make it hard for you to steal from them. Yes, I said steal! If you take something without paying for it, you've stolen it. You want to scream "Fair Use!"? Fine. You've got a text editor. you've got a computer that can run it at the same time as a web-browser. Do it by hand. What? You DON'T have a computer that can run both at once. I feel for you. Somewhere, out in that place with the (sometimes) blue ceiling, there's a place where you can buy this outmoded things called "pens" and "paper." Go buy some, and do the copying by hand. It won't kill you, trust me.
Sorry to rant, but this "I have the right to anything I want, and I shouldn't have to pay for it because The Man is just trying to keep me down by stealing my hard-earned money" ethos pisses me off. People like you are the reason Loki went under. People like you are the reason several bands I liked broke up. People like you, only a little less tech-savvy, are the reason store owners have to put $5000 security systems in their stores so their merchandise doesn't get stolen. People like you are, in general, a bunch of fucking jackasses. Go out and get a job, then buy the freaking book. Or get it from a library if you don't want to pay, but give it back to them when you're done.
Re:Google has to do it, not make it work (Score:3, Insightful)
Re:It's doomed. (Score:3, Insightful)
Re:Security issue? (Score:3, Insightful)
Re:They Own the Content (Score:4, Insightful)
However, according to this reasoning, book publishers (and newspaper publishers, and other producers of print media) should have control over lights in my environment, because I'm using them to read their stuff.
I prefer this approach: Part of the "terms of service" of making content publically available on the World Wide Web is accepting that someone can fetch that content and browse it in any reader they want.
Oh, heavens, yes! (Score:3, Insightful)
Jesus, people, do we have to break everything just for the sake of breaking it? And do we have to bring in the melodrama? As someone mentioned above, the only reason Google *can* offer this is because of the DRM. Why do we have to immediately set to destroying every new toy we get with a hammer?
At some point all information will be digital, and if we don't ever let people have a way to make money from creating content, they'll STOP CREATING THE CONTENT. And then I guess we'll have gotten our way, huh?
Re:They Own the Content (Score:4, Insightful)
YOU seem to misunderstand something. It's OK, IN MY OPINION (have your own opinion, but don't screech at me for having one, and I won't scream at you for having yours) to do things like overlay with transparent GIFs, etc. that accomplish the same goal. But don't actively interfere with the user's expectations. If there's an image etc you don't want them to copy, overlay it with a transparent image (tirerack.com does this and it works well) but don't go disabling parts of the browser that the user expects to be there all the time. Who knows what they want/need it for?
IN MY PERSONAL OPINION, the balance I think is best is different than the one you think is best. Don't bitch at me for having a personal opinion and I won't yell at you for having one. Don't like it? Tough shit.
Re:Getting stuff for free?-Again? (Score:1, Insightful)
Nor does it revolve around a "content provider". My "rights" are equal to their "rights", as both are provided for by the same body of law.
>> Why should copyright violations be consequence free?
By saying this, you're completely missing the entire point of the discussion. There isn't a copyright violation unless you make a copy contrary to copyright law - and copyright law PERMITS me to make copies without the consent of the copyright owner under certain conditions.
Someone earlier had a link to a nice discussion on DRM by Cory Doctorow (from a talk he gave to some Microsoft employees).
>> And the flips side which is never heard here, is that Google doesn't have to deliver a free service to you.
You're right. And they don't have to offer it if they don't like the way the law is.
Re:So? (Score:3, Insightful)
Re:They Own the Content (Score:3, Insightful)
Nuh-uh. They don't own that content completely and totally, they own copyright to that content. They can legally and morally prevent me from reproducing it, displaying it publicly, and doing the other things that copyright regulates -- nothing more. They have no moral right to regulate use beyond these limited ways -- and if they try, I consider myself well and far within my rights to stop them.
Re:Security issue? (Score:2, Insightful)
Would you be making this same complaint if the content were served in a Java applet or Flash? Your browser offers a number of ways to prevent content from being used in a way the creators don't approve of.
If you don't like these restrictions, you can choose a browser that allows those kind of restrictions. Of course, I think you'll find that such a browser will also have *very* limited functionality, since entire content types will be excluded because they don't meet your standards for open usage.
Re:So? (Score:3, Insightful)
Re:Security issue? (Score:5, Insightful)
Web content shouldn't be able to affect browser functionality without the user's consent, just the same as an application shouldn't be able to disable a part of the OS.
Finally, and I've said this elsewhere: It's not "someone else's" material in the sense that they have complete and total ownership; it's "someone else's" material in the sense that they own copyright over it. Copyright is, by intent, limited: It controls reproduction, public performance, and several other actions, and no more. It also have a number of execeptions where reproduction and so forth can be permitted (for instance, exerpting for a review).
Pretending that ownership of the exclusive right to reproduce (and some other actions as well) is equivalent to complete and total control is a modern myth -- but if folks folks don't fight for that distinction, we may well lose it; and in that case, it's the public as a whole that misses out.
Re:That explains those mysterious hirings (Score:2, Insightful)
Same rule apply in real life. If I'm hungry and a fast food chain would force me to take special steps, I would simply skip it and go to a better restaurant. I will never make extra efforts just to eat unhealty shit.
If Google ever managed to cripple my browser without the use of CSS or Javascript, how about I just tcpdump packets into files as they pass by.
Google: 0
Me: 1
So now Google's evil? (Score:3, Insightful)
It's perfectly appropriate in this case. You are not permitted by law to download copies of books...or photocopy books in the copy machine, beyond a certain number of pages.
So why do we want to break Google's DRM, used in exactly the way DRM should be used? You have free access to something you wouldn't otherwise access, but you still don't own it, and thus can't copy it.
Slashdot,and F/OSS in general, distaste for authority is never going to allow it to be taken seriously. Until people learn to get a clue that they don't need to break something just because it exists and they don't like it, F/OSS will never be taken seriously precisely for this reason.
If I don't like some new windows you installed, I can't break them. That's illegal.
Why is it any different to break the obfuscation of the material Google is letting you access as a courtesy?
Re:Security issue? (Score:2, Insightful)
Re:Security issue? (Score:5, Insightful)
Counter Example 1: Many popular games won't run without the CD in the drive. In other words, if you try to start the app without the CD, it will not do what you want (it will exit). Did you just lose control of your computer? Is your security at risk? Of course not.
Counter Example 2: Hard drives have firmware built into them. It is this firmware, not any software on the machine itself, which controls exactly where on the disk data is written. If this firmware fails, data can be lost. This firmware is in ROM, on the drive itself. When you save a file you are trusting it to do the right thing, whatsmore, there's no way you can actually tell what it is doing, or affect what it does. Have you lost control? Is your security compromised?
Mandatory Access Control (Score:4, Insightful)
This used to be called "Mandatory Access Control" (MAC, as opposed to the kind of multiuser protection most people deal with... "Discretionary Access Control") before Microsoft decided to change the definition of "trust".
As soon as you run an untrusted app, you cannot run a trusted application.
This is one way of doing it. Another way is to create a compartmentalised environment, where applications can not get information from compartments with a higher classification, nor transfer information to compartments of a lower classification.
Ironically, THIS kind of MAC environment under administrative control can be a major security enhancement. You could create a compartment with "untrusted classification"... which would effectively have fewer rights than even a normal application... and force users to run their web browsers and other untrusted applications inside it. Not only couldn't they bet attacked through the browser, they couldn't even be suborned or tricked by a social engineering attack into breaking the security (that's the main point of MAC, really). Unfortunately, Windows doesn't seem to have any kind of generic MAC mechanism that could be used this way.
Door number three... (Score:3, Insightful)
Google offers book searching with DRM
Google does not offer book searching
I'll take door number three: Google implements DRM using an application intended to provide that kind of protection, rather than taking advantage of a security hole in a browser. If that option means Google doesn't offer the service, or if that means I can't run their application so I end up in the Google does not offer book searching box, that's still better than if I end up in the my browser can be subverted box.
I have only bought one DRM-protected ebook in my life, and that was a very very special case. I normally won't buy ebooks that only run in one application, or that encode my credit card number, or that I can't read if the seller goes out of business.
I have already chosen, and I'll make that choice again and again. No DRM, no copy-protected games, no encrypted eBooks. Why is that so hard to understand?
Re:That explains those mysterious hirings (Score:3, Insightful)
The premise that every entity must be caused does not lead to the conclusion of God existing. It leads to no conclusions whatsoever since it sets up an infinite recursion. In order for it to be true, there must be an infinite length chain of causes, or a loop of causes. If there is any endpoint whatsoever, even if that endpoint is God, then you've just violated the very premise itself that was used to conclude that such a God exists. Or, in other words, if the universe needs a cause because of this premise, then God does too. Why does god get to just appear from nothing, in violation of this premise?
If there is a rational reason to believe in God, this can't be it. The first cause argument is self-contradictory.
And yes, I went to public school. I can also think logically and see when an argument has holes.
Re:That explains those mysterious hirings (Score:3, Insightful)
Does that mean it's right to hold out a little bit of benefit of the doubt for these things existing? I say no. I just treat the question of god existing the same way - with a healthy degree of skepticism. While it isn't proof there's no god, that isn't that signifigant to say, since proof of things not existing is practically impossible. Does it bother you that there's no proof that there exist no aircraft carriers painted pink with green polkadots? Does it make you think you need to keep the door open on that possiblity and act accordingly? I don't. And the question of God existing doesn't deserve any special treatment differently.
Re:Security issue? (Score:1, Insightful)
This is not so with google's web-based approach, in that you cannot predict its behaviour. Currently, it uses browser peculiarities to disable certain operations. If I wrote a new browser that didn't have the same quirks, google's page would not operate predicably (i.e., copy/paste would be possible). As such, it is different than the firmware example, because it is dependent on the browser quirks.
It's kinda like the webpages that try to prevent you from right-clicking or saving their images. These pages and authors are missing the entire point of web browsers and the internet in general. By definition, web browsers MUST retrieve your content from your server in order to display it. This basic fact is lost on people trying to "prevent" certain operations. If they end up figuring out a hack to do it, then it's just that... a hack. It is a perversion of the browser/client relationship, and extremely naive.
As soon as the server sends out the content, it's out of your hands. That's the end of it. Your browser has viewed it. If the server negotiated a connection and decided it was okay to send out the content, then that's the end of the transaction. Anything beyond that is just presentation control, and entirely up to the discretion of the user.
You can't count on the user having CSS, or having javascript turned on, or having images enabled, and this is exactly how it should be. The raw content is transmitted to the browser, and the developer also gives a "best guess" at presentation. If the browser decides to present it differently (for deaf/blind/etc users) then that's up to the user, not the developer.
Re:Getting stuff for free? (Score:3, Insightful)
No, actually, it falls *exactly* under fair use. Would you like me to quote the law on fair use doctrine? Okay, I will:
"the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright."
I think we can agree, quoting of a copyrighted work falls under this definition (presuming you are doing it for the purposes of criticism, comment, news reporting, etc, etc). And if you still don't believe it, feel free to read the law yourself [copyright.gov].
Re:Security issue? (Score:3, Insightful)
Re:Security issue? (Score:3, Insightful)
Um, no. This story seems to be about Google remotely disabling certain functionality of your computer (does that count as "gaining unauthorized access" or something else illegal ?). Obviously, if Google has disabled some functionality of my computer, then I do not have complete control over my computer.
So, your first argument is false, and the second one is true.
It's a pretty bad analogue, actually. Museum has a right to impose some rules, because I'm physically in the museum premises. Google, on the other hand, is trying to dictate what I can do in my own home.
A better analogue would be a museum moving to the opposite building and then nailing planks over my house's windows to prevent me from taking pictures with a teleobjective trought their windows.
Um, why should I abide by Google's rules ? Is there some kind of binding contract between me and Google ? Is there some kind of law saying that I need to obey Google ? Am I physically located at property owned by Google ? Do I owe Google something ?
No is the answer to all these questions. I've never entered any contract with Google, the lawbook doesn't even mention the company, Google doesn't rent apartments, and I owe them nothing. So why should I obey Google's rules ?
And no one is forcing them to send scanned pages (or any other data) to my computer.
google probably had to do this (Score:1, Insightful)
If it can be observed, it can be recorded. If it can be recorded, it can be stored and duplicated. DRM and copy protection are physically impossible and serve the short term to make content producers more comfortable that someone can't "steal" their content.
Long term, the market probably won't see the need. If you have information for the general public, then the general public will have it. If you have specific information for specific individuals, then they will probably buy it because you will withold it. But you can't have it both ways. Either some of the public gets it or no one does.
The law as an enforcement mechanism. Speeding is a crime that many people do every day. It is usually harmless but does _kill people_ from time to time. If the law was serious about the crime of speeding, automobiles capable of violating speed limits would be outlawed on public roads and gps-aware governors would be placed on the cars for when they are driving by schools. But they aren't that serious about speeding even though it can kill.
Has anyone ever _died_ from making an illegal copy of a book? How about an mp3? Are people starving in the streets with no hope of a job because someone copied a book? Keep some context on this. No real damage comes from copying some crap off the web that you will probably forget about in a day anyway. Information doesn't want to be free it already is.
Google probably spent way too much money developing this dumbass copy protection scheme that only limits the usefulness of all the OCR work they are doing when they could have used that money to help cure cancer or something else important...like making gmail faster and have more space for all of my mp3 collection. Instead, to get buy-in from the publishers who "control" the content, they had to waste their time doing this. I'm sure they didn't want to...at least the people in google who have a clue probably didn't. Just don't let the publishers see how crappy the copy protection is...or they may not feel like they are getting their money's worth...oh wait...the only thing they gave up to allow a wider audience for the work was --- let me get this right --- _one_ copy of the book for google to scan and index.
Both sides should quit whining. Send your content to the distributor and let people see what you write. If they copy it themselves and reproduce it BFD. Its much easier for me to click once and hit buy right now then be surprised when it shows up on my doorstep because the purchase was so easy I forgot it.
Welcome to 2004.7726.
Re:Security issue? (Score:3, Insightful)
The vulnerability is that the print function of my browser will stop working for the entire duration of the display of the google print page on my screen.
I visited a web page, and that web page broke a feature of my web browser. The fact that there is a fix (closing the google print page and never going back) does *not* imply that the attack was unsuccessful. Only easy to circumvent. Easily circumvented attacks are still attacks.
Just because I run apache on my webserver, and not IIS does not mean that all the lovely URL overflow attacks I get aren't attacks. They just fail.
Re:That explains those mysterious hirings (Score:3, Insightful)
The existence or otherwise of God has serious repercussions, and will therefore tend to be treated seriously by some individuals. The existence of unicorns - while undoubtedly interesting, if it were to be demonstrated, has no serious repercussions.
People can dismiss unicorns easily because it doesn't really matter. People can't easily dismiss the existence of something with total control over them and everything else.
Personally I find the idea of an all-powerful supernatural being who must be obeyed frankly repugnant to my sense of decency and personal moral responsibility, so even if there were a God, two fingers to him and he can burn me after death if he wants - ouch - at least I'll have my honour intact (I did it myyyyy waaaayyy)!
Re:Security issue? (Score:3, Insightful)
One of the core issues with regard to DRM is that it completely eliminates this grey area, where copying may or may not be allowed depending on what's done with it, the financial impact to the copyright holder, and so forth. Suddenly, all copying is prohibited (or limited according to some machine-enforcable black-and-white guideline unilaterally set by the copyright holder), even in cases where a judge would clearly find it within the realm of Fair Use.
That's the first line of argument. The second line of argument distills down to the idea that the user's computer should be acting as an agent of the user, not of the entity whose content it runs or displays. Taking away the user's control over their own property simply because it manipulates content covered by some 3rd party's copyrights is a cop-out, a cheap attempt to prevent some people from infringing upon some other people's rights, that in the process infringes on everyone's freedom of action as a whole.
I'm a registered Libertarian. I support private ownership of guns, sharp knives and SUVs, with the provisio that someone who hurts someone else with their property is going to suffer the consequences of their actions. "Dumbing down" computers to make it a little harder for people to hurt others with them thus rubs me against the grain... and thus my position here.
Re:That explains those mysterious hirings (Score:3, Insightful)
People conflate the meaning of "faith" a *LOT*. Faith that a thing exists is very different from faith that a person will act a particular way. I don't need faith to believe the catching person is there, in your example. I just need faith that the catching person will behave a particular way - and that's not even really faith - it's based on observations of past human behavior and realizing that the likelyhood is very high that any randomly chosen person would choose to help keep me from falling. It is no more an act of faith than going out to check the mail at 3:00 pm in the hope that the mailman came by like he usually does is an act of faith. It's based on extrapolating previously observed behavior.
Re:Security issue? (Score:3, Insightful)
Browsers can be hijacked. It happens daily, Internet Explorer gets usurped by some naughty website. Let's say for instance that Jimbob Smith wants to check his bank balance so he goes to www.bankofamrica.com (note the lack of an E) and then a pop-up window jumps up onscreen. And then another, and another. The user goes to click "stop" to make the pages stop loading, but the remote site has put instructions in the HTML to DISABLE the stop button. One of these windows conducts and exploit and roots the box, installing a trojan of some kind. It all goes downhill from there, I'm afraid. Hell, just recently the bug in the JPEG decoder was found, that's an IDEAL way to sneak a virus into a computer. Just because you have physical control over it does not mean you are in control OF it.
The "you" of which you speak can be (and is often) a family of more than one person, all using the same single-user PC. Eighty year old Billy who cannot type worth a damn trying to go to toysrus.com may mistype it and find himself in the situation I have above described. The internet isn't populated solely with geeks who know the ins and outs of their browsers and how/why certain features may be disabled.
And this doesn't even consider the bugs that could arise or the other potential explots, like a page which downloads a piece of software that permanently disables your stop button and forces you to go to xxxlittleteenz.com every time you boot up. Everything outside the document should be user-controlled. The document itself is the only thing which the publisher should have control over. If they don't want the document copied, then THEY shouldn't publish it.
Take it one step further: What if the only applications that can open files are those that are AUTHORIZED to do so? No more opening up HTML in notepad, no, end-users may only BROWSE HTML files. Got a file with no extension? You don't get to open it! But you've still got physical control over your computer, y'know, so you retain full control.. (um, right..)
A publisher should not able to dictate how their publishings are used (within reason). The people at the newspaper don't mind if I take newspaper clippings and assemble them into a book or put them up on my wall, I don't see how saving one page of one book 300+ pages long is going to do any severe harm to anybody's business. Google should restrict the amount of information they release (ie, not let you read the whole book online, etc) thereby controlling the information which is published as it is published, instead of trying to publish everything and control it once it's onscreen. In my view, once it's on my screen, I can print it out if I feel like it. If you don't want it getting printed out, don't put it on my screen.
Applications should determine the behavior of documents, not the other way around.
I think your comment is narrow-minded, not insightful.
Re:Can you back that up? (Score:3, Insightful)
While you are correct that Trusted Computing does not prevent you from running software, I can indeed cite a source that Trusted Computing is intended to go WAY beyond what you suggest. I cite the Pressident's Cyber Security advisor! He gave a speech at a Washington DC Gobal Tech summit, he called on ISP's to plan on making Trusted Computing a mandatory conditions of Terms of Service for internet access! Obviously they need to spend a few years rolling out Trusted machines, but the plan is that you will have no choice but to run the MANDATED software, or be denied internet access. Cisco has alread started advertizing routers to impose such restrictions.
So the claim that you can run any software you want is PURE DECEPTION. If you do not run the mandated software, if you run software of your own choice, then you get locked out of essentially all new Trusted software and essentially all new Trusted files, and you can be denied any internet access at all. Under those conditions you in fact have NO choice or freedom to run different software.
If you don't believe me I will happily dig up a link to the Global Tech summit speech calling for making the system mandatory, I will happily dig up a link documenting Cisco's routers to impose exactly such a system.
You don't get an automatic, blanket right to do whatever you want with content just because you can see it in any other field; computing is nothing special in this respect.
You are absolutely right that there is nothing special about computing! When I play a vynal record on my record player the copyright holder has absolutely no rights over my record player! I can change and control it however I please! So long as I do not commit copyright infringment I can do anything I like and the copyright holder has no right to say squat about it. When I When I engage in perfectly legal and legitimate Fair Use the copyright holder has no right to say squat about it.
The same goes for a CD or a book or whatever. I do not have a Trusted record player. I do not have a Trusted CD player. And I most CERTAINLY do not have Trusted lightbuls in my house for reading books.
What *I* want to know is why people think computing is somehow different and subject to different and vastly more restrictive rules that goes INSANELY BEYOND COPYRIGHT LAW. Under copyright law copyrightholders have NO right to restrict fair use.
Just because the RIAA and MPAA and whoever are constantly sreaming for more power and more control and entirely NEW and UNPRECIDENTED rights on computers that no copyright holder has ever had in any other area.
What's wrong with keeping your side of the bargain, or if you don't like that side, not accepting the bargain in the first place?
The only bargain I am aware of is the copyright bargain. Under the copyright bargain I have fair use rights. If copyright holders are not happy with their side of the bargain then they are perfectly free to decline that bargain and not give me the content. They cannot simply say they are not happy with that bargain and expect some sort of rights over MY property. So long as I do not infringe copyright I have every right to do whatever I like with MY computer.
-