Seegras Logbook

I not only wrote a lot on copyrights, but also on patents:

• A (Patent-)Law to promote the welfare of Lawyers Rent-seeking behaviour among patent lawyers.
• Patents kill Innovation The patent-system achieves in nearly all cases the opposite of what it was supposed to.
• Intellectual “Property” and other contradictions Rhetoric of proponents of monopolies.
• Sue Everyone for your genetic pollution How patents in pharmacy and biochemistry are abused.

In contrast to copyrights, in which interests of all involved parties have to be carefully balanced, with patents the case is very clear cut: Nearly everyone, including companies holding a lot of patents, are victims of the system. The only people profiting are lawyers and patent-trolls. The only exception among the patent-holders are some of the pharmacy- and biochemistry companies: They’re perpetrators, and the victims are everyone else.

the only logical course of action

You can’t sustain a system which funnels 20% of all production costs into the legal system.

The state and its bodies are prohibited from
enacting laws allowing temporary or perpetual
monopolies on ideas, inventions and innovations.

Pharmacy

Pharmacy is a somewhat special case, since there the costs associated from patent licenses are actually higher than the legal costs. Also, development costs are very high, mostly due to required tests mandated by the gouvernments. On the other hand, pharmacy companies are among the worst offenders of abusing their monopolies; thus a “special patent law” only for pharmacy and biochemistry would not be warranted.

However, since patents somehow alleviate for costs mandated by gouvernment, it seems prudent that the costs for tests are in turn taken over or subsidied by gouvernment. At least in the initial phase.

I am a pretty verbose critic of todays copyright, and I highlighted several Issues in past blog-posts:

• Aufstand der Toten — per Urheberrecht On the consequences of granting rights beyond the death of the creator.
• Artificial Scarcity When old works compete with your new ones.
• Stealing from the Public Domain Indulging in Copyfraud by claiming copy rights to public domain works.
• Intellectual “Property” and other contradictions The rhetoric of proponents of a prohibitionist and mercantilist copyright
• Urheberunrecht Outlawing cryptanalysis for the sake of “protecting content”.
• Copyprotection doesn’t work On the futility of Digital Restriction Management (DRM).
• Schwarzkopie und Marktwirtschaft Illegal copies are in competition with legal ones.

The general strife of enlarging the protection of copyrights because of rent-seeking behaviour in the past 200 years, pretty much since its inception, both in length, and in breadth, has shown some dire consequences to the “promotion of the art and sciences”.

This post will try to show how these problems could be fixed, and a balance between rights of artists and public may be achieved.

No rights for the dead

Thomas Babington Macauley already warned 1841 in front of the House of Commons from doing that, and the consequences in diminished respect of the copyright and in problems with inheritances and orphaned works are dire. So

Copyright may at most last to the death of the creator
of the work. If the work is made by several artists, at
most to the death of the last one of those.

For works whose author is unknown, this needs to be considerably less, I’d propose 14 years after publication if one does not decide to accept my next proposal:

Making the Long Tail public

Most works generate 95% of its revenue in the first few years. There exist several estimates, ranging from 7 to 14 years. There are only very few works which are lucrative beyond that, leading to the situation that the very long copyright-terms are only useful for a handful of works, while keeping the vast body of works unavailable. So:

Copyright shall expire 14 years after publication,
or with the death of the creator.

There’s room for discussion with this for best-selling works, maybe one could give another 14 years upon request and public note of the artist. Or maybe one could rise the duration to 20 years altogether, but I think that should be the maximum. Anonymously published works will be granted the same duration of copyright.

Protect the Public Domain

There is rampant copyright-infriction nowadays by publishers, which republish public domain works and illegaly assert that they own a copyright on it. So

For works in the Public Domain, everyone has the right to
initiate legal action against illegal assertions of copyright.

This is in line with the practice of the artist able to take legal action against infringers against his own rights.

Protect the future and people with disabilities

The practice of putting on Digital Restriction Management (DRM) schemes has spread from software to works of art, sometimes it is even applied to works in the public domain. Even if DRM-schemes are mathematically proven to be ineffective, there is still a lot of effort needed to break or circumvent them; and they do not automatically disappear when a work becomes public domain. With the latest WIPO-treaty, it has even become mandatory to outlaw circumvention of it, hampering science, outlawing cryptanalysis, and finally enacting barriers to people with disablities. Thus:

Works employing Digital Restriction Management
will not be granted copyright at all.

This isn’t even an issue with online-games, which very well may decide to employ DRM instead of copyright.

Save computing heritage

Computer porgrams are especially protected by copyright, for instance the fair-use clause usually does not apply, meaning every copy without a license is a violation of copyright. Furthermore, a lot of computer programs are distributed in binary form, only runnable on one computer-type or operating system; which is of course not suited for archival purposes. Thus

computer programs only enjoy copyright
if the source-code is publicly available

This would not mean you could legally change it or republish it, but it would be available when copyright expires. But it would make debugging and finding security holes in the meantime much easier, thus increasing software-quality.

Transition Periods

There need to be some transition periods, in order to allow publishers to adjust to these laws. Most noteably, publishers need some years to fix erroneous and frivolous assumptions of copyrights on public domain works, to remove DRM from publications and to publish source-code for their software. The dead need no transition periods, but it might be prudent to allow for an initial transition period in the same length as the coming copyright period if one decides to shorten the copyright ahead of the death of the artist.

Goals

Apart from freeing a large corpus of works into the public domain and thus not only protecting our heritage, but also allowing free incorporation of old works into new ones, one of the goals of this is to actually strengthen copyright. It only lasts a few years, thus people will show more respect towards it. What’s more, since there won’t be so many works in copyright, this will free up legal resources, thus making it easier to take legal action against infringers.

Remedies against infringement

There are absolutely no new remedies needed if copyright does not get reduced to last only a few years; actually, they are astronomically already. But if copyright only lasts 14 years, one might very well decide that copyright violation is much more serious than as viewed today, where people have lost respect towards it due to the landgrab of copyright holders. I however still consider this a matter for civil law.

Copyright-violations are a vast field, from re-mailing a picture of a cute cat to your whole office or to putting a map on your homepage, to wholesale distribution of block-buster movies on DVD. Since most people don’t even know that they’re violating a copyright when e-mailing said picture, the law must be extremely clear cut on what is allowed and what is not.

A clear cut law which everyone understands will help a lot to quash unintentional copyright infringements.

A few notes on Software

Copyleft-licenses like the GNU Public License or various Creative Common Licenses grant the public more rights than copyright before copyright expires. This isn’t actually a problem. Typically, Software gets changed constantly so if copyright would expire for works older than 14 years now, Linux 1.2 would become Public Domain (you can still download that, but you will be disappointed: Personal Computers at this time featured a Pentium clocked at 133Mhz maximum), as would Windows 95.

I already wrote about it, on how Patents kill Innovation. If you’re looking for more background on some of the assertions in this text, they’re explained there.

Right now the german Bundesgerichtshof decided that it would be a good idea to allow software Patents, even if the European Patent Treaty says in Article 52 “The following in particular shall not be regarded as inventions … mathematical methods … programs for computers”. How did the BGH get the idea to rule on such a case in the first place, and not dismiss the whole affair as illegal and contempt of justice?

Either this is, according to Henlons Razor, an act of incredible stupidity, or there were some serious interests in the background lobbying. And in fact, those interests very much exist, and they’re very much part of the judical system itself.

As it happens, apart from Pharmacy, nobody will make money from Patents he applies for. Yes, this sounds like a very bold statement, but keep in mind that this applies to all of the patents of a field taken together; there might be financially successful patents among them, but this is eaten up by all the other patents which just cost money. No where does this money go to? Legal costs of course. So in all fields of enterprise except pharmacy, patents only fill the coffers of Lawyers, Attorneys, Judges and the Patent Office. It has been estimated that those costs make up to 20% of the final product price, making the patent system in the end just a tax-system which funels a tax of 20% to the legal system.

Obviously, those on the receiving end have a strong inventive to keep it this way, and won’t allow anyone to interfere with their rent. And most probably this is what happend with the BGH. As people in the legal system they are bound to know a lot of people also in the legal system, and those Lawyers and Attorneys will have biased views which they probably have communicated to the BGH. By now, the BGH is probably firmly convinced that patents are necessary for innovations to happen (or any suchlike hogwash).

Are you curious about that “Pharmacy exemption”? Well, the patent system works there (with its main effect) as intended, with some severe side effects. Patents are granted, the patents licensed to third parties, and the license-fees not only cover the legal costs but are high enough to make a decent profit. Not anticipated was that the big players in that field lobbied succesively “patents on prducts” and “patents on genome-sequences” into the law, plus that they wreck havoc on smaller players and on the general public, most noteably on the public in third world countries.

So even if patents on pharmacy work as expected when viewed from within the system, the idea of patents as such is inherently flawed in regard of innovation, development, economy and ecology. And if you’re a proponent of free markets, patents as “government granted monopolies” are an abomination anyway. Patents are an inherently mercantilistic idea (especially due to the fact that a patent does not allow you to produce any product, but allows you to forbid your competion to produce it), along the lines of such illuminaires as tariffs, subsidies and protective duties.

Die Geschichte ist nicht neu, aber seit Jahrzehnten herrscht in Deutschland ein riesiges misverständnis über eine Ligatur. Auslöser dass ich nun darüber schreiben muss sind folgende Zeilen aus dem Buch “Generation Doof”:

Durch Mund-zu-Mund-Propaganda haben sich zwei weitere großartige Missverständnisse festgesetzt: ß wird grundsätzlich zu ss, und Kommata kann ich so setzen, wie ich lustig bin. Damit gelingt es auch dem Letzten, seinen Satz so zu verhunzen, dass man, Jahre, braucht, um zu, entschlüsseln, was, gemeint ist.

Es geht um dieses “Beta”, allenthalben auch als “scharfes-s” oder “sz” bekannt, was es natürlich alles nicht ist. Es ist nämlich überhaupt kein Zeichen, sondern im Rahmen des Schriftsatzes allenfalls eine Glyphe, es ist nämlich eine Ligatur für “ss”.

Da wir es nun früher mit zwei verschiedenen “s” zu tun hatten, nämlich dem langen, das welches aussieht wie ein “f” (na fast: “ſ”) und innerhalb des Wortes benutzt wurde, und dem kurzen, welches tatsächlich wie ein “s” aussieht und am Wortanfang oder -ende steht, ergibt sich durch den Zusammenzug von “ſs” eben dieses beta-ähnliche Konstrukt ß.

Selbstverständlich ist es komplett unlogisch und inkonsequent sämtliche Ligaturen zu ignorieren aber diese eine behalten zu wollen, und das ganze auch noch in irgendwelchen Gremien durchzuwürgen so dass es tatsächlich in verschiedene Zeichensätze aufgenommen wurde, oder gar auf Tastaturen auftaucht. Wo bitte ist etwa das st? Und alle anderen Ligaturen: Æ, æ, Œ, œ, IJ, ij, ᵫ, ff, fi, fl, ffi, ffl, ſt? Weshalb sollen die nicht mehr geschrieben werden, aber ein “ss” muss als Ligatur geschrieben werden? Und vorallem, wo ist das “ſ”?

Übrigens läuft nicht der gesamte deutsche Sprachraum diesem Blödsinn nach. In der Schweiz wird diese Ligatur tatsächlich offiziellerweise niemals verwendet, ausser man würde in einem Text auch alle anderen Ligaturen verwenden. Das hat natürlich in der deutschsprachigen Wikipedia auch zu einem halben Krieg geführt, als man herausgefunden hat dass da Schweizer nicht in Baskerville oder Caslon schreiben und ergo auch keine Ligaturen verwenden…

Ich persönlich liebe ja Ligaturen (und Baskerville und Caslon) aber entweder man schreibt konsequent mit Ligaturen, oder man lässt es sein. Aber die Generation Doof hat offensichtlich immer noch nicht mitgekriegt dass ß eine Ligatur ist und wird dessen unzeitgemässe Verwendung vermutlich bis aufs Blut verteidigen. Vorher werden sämtliche Kommaregeln abgeschafft.

The thing about Conspiracy Theories is, that there are so many of them. You can choose whichever suits you best, one that confirms to your beliefs, and finally, one that puts those in charge of a whole super-conspiracy you really thought were in charge all along. Sadly, there’s the trouble: They all end up explaining something complicated in a very easy way, draw the world in black and white, and there’s Them, the conspirators, and Us, the victims.

It works like this: Take any event that happened, the more media covering it got the better, blatantly ignore some facts, and fill in the gaps with fabrication.

So, for instance, we’ll take the event of two planes crashing into two skyscrapers 15 minutes apart, with the skyscrapers subsequently crashing into themselves, plus some other buildings nearby also crashing into themselves.

• The first thing we’ll do is to define that this was a “Terrorist Attack”, which is a pretty sound assumption given the low chance of this kind of something like this happening as an accident.
• Next we’ll need to define who the terrorists were. Quickly produce a list of people which might have been on these flights and correlate them with a list of known terrorist suspects. If you’ve got hits, go with them.
• Now you’ll need a mastermind, because its inconceivable that these terrorists did it all by themselves. Find one hiding in some goats shed in a third world country, preferably one who will at least gloat over your misery on television.
• And, the mastermind has of course to have an organisation. Take a name from an earlier but irrelevant guerilla group. If questions turn up, why this organisation wasn’t known, state: “its existence was still a closely held secret.”

Yes, you noticed where this is going. The point is, the official story of what happened on 9/11 satisfies every criterion of the pejoratively used term “Conspiracy Theory”. It’s simple. It clearly identifies a villain drawing strings in the background. It has a mysterious secret organization in it.

Or what about this definition “Conspiracism is a particular narrative form of scapegoating that frames demonized enemies as part of a vast insidious plot against the common good, while it valorizes the scapegoater as a hero for sounding the alarm”? Yep, sounds about right. Now we know of those insidious terrorists.

This of course, is only a preliminary judgement in order to decide whether this theory qualifies to be called a “Conspiracy Theory”, and does not make any assertions about the veracity of its claims. It might be the truth, but this official version still qualifies to be called a “Conspiracy Theory”, unless those claims can be backed up by hard verifiable facts and no falsifiable claims appear.

So to go further we have to investigate the claim separately. Some common standards to assess this are:

• Occam’s Razor: Is this the simplest possible explanation, or is it a more complicated and thus less useful explanation of the evidence?
• Logic: Do the proofs offered follow the rules of logic or do they use fallacies of logic?
• Methodology: Are the proofs offered using sound methodology? Are there clear standards to determine what evidence would prove or disprove the theory?
• Whistleblowers: how many people – and what kind – have to be loyal conspirators?
• Falsifiability: Are there some parts “unfalsifiable” or could it be proven that they’re wrong?

A bit less common known is Henlon’s razor, which states that everything attributable to malice is probably the result of incompetence.

Indeed, some of the above claims do fail some of those tests miserably. Occam’s Razor would be in favour of a) planes crashing into buildings b) buildings crashed because of demolitions, not because of the plane-impact c) planes ignored by air-guards because somebody told the guards to look away d) planes piloted by said terrorists e) terrorists entered USA with consent of the customs f) mastermind not responsible for the attack (but very sympathetic towards it) g) secret organisation invented by the media. Other criterion of course contradict this (as do some of Occam’s Razor; but that’s because they offer the simplest explanations of every separate claim). The Whistleblower-criterion says b) it’s too difficult to wire the building, people would have noticed c) it’s not very likely the air-guard was ordered to look away and e) neither is the customs. Henlon’s razor of course refutes c) and e) outright: The air-guard and the customs were of course incompetent nincompoops. Also a) the planes hitting the towers by accident and b) the buildings crashed because they were built unstable f) there were no terrorists and Bin Laden had nothing to do with it and g) Al’Qaida is a invention of the media by chance.

The hardest evidence against the truthfulness of this Conspiracy Theory come from Methodology, and they concern b), f) and g). b) There is no coherent official explanation of how the plane crash could have brought down the buildings, and even less explanation why they crashed into themselves. And still less explanation for WTC7. f) the official 9/11 report explicitly says “we did NOT follow the money trail”, and only offers circumstantial evidence on how Osama Bin Laden should be linked to the attack. g) There is no evidence given for an organisation by the name of Al’Qaida before 2001.

Surely, some of the claims of the “official theory” of what happened on 9/11 really correspond to reality. But as a whole, the “official theory” qualifies just as much as “Conspiracy Theory” as some other theories on 9/11.

I’ve been sceptical about offerings of Security as Service. It’s sounds an awful lot like “Outsourcing Security”, and security is a process which involves every aspect of business or life.

However, I’m working now in a company which does just that, selling Security as Service. And I think it can work. As opposed to any other company which sells you a product, or some other services, if you’re selling security, you’ve got an interest in your customers security not being breached. Because you will loose that customer.

If you’re a Bank, you sell banking services. As long as the cost of one of your clients accounts being misused is not really your cost, the security of your clients is a total non-issue. The same goes for vendors of security-appliances. The client bought it, and already paid it, so if somebody hacks it, it’s not really your problem, unless you get bad publicity out of it.

And we’ve seen with the whole “full-disclosure”-debate, that bad publicity is a very weak instrument, and some companies can take hideous amounts of it before they improve security. Microsoft is the classical example; it took them aeons to do something about security, and the security of its products is still very weak.

On the other hand, if you get paid by subscription, you have a very real interest in keeping the customer. That means you have an interest of providing the services you are being paid for. If it’s not security the client pays for, this also means that security is probably not your concern (as seen with banks and credit card companies).

Of course, security embedded in you company will be much more capable and resilient. You can design every process with security in mind. You can choose specific products with a good security track-record. You can have system administrators with a very intimate knowledge of your network and IT-landscape, who can provide for a very fine-grained incident-response and emergency management.

But most smaller companies can’t have that. Because they don’t have the expertise, the money to hire specialists, and most of all, an IT-landscape that is not modeled by security-considerations but by habit. And habit is of course the biggest foe of security. It could be his friend too, but old habits die hard, and most people today grew up in a world where not everything was networked, and where systems of a company which gave a damn about networks and security were, and still are, prevalent. So the people in these companies don’t have the slightest clue about security, e-mail their passwords around, get their negotiations eavesdropped on mobile phones, infect their computers with viruses and get their e-banking accounts phished.

And this is where Security as Service can help. It can’t make you into a company where everything is secure. But it can mitigate some of the effects the security-unconscious acts of your employees cause. It can filter out malicious emails before someone can click on it, or some stupid mail client executes the malware-payload on its own. It can encrypt the emails at least between hosts. It can keep the botnets at bay that try to penetrate your servers. And it can provide incident-response if something goes wrong.

And finally, Security as Service is the fundamental better idea than Security as Product. Because Security is a Process, it never ends; and because with any product you bought, the sale is done, and the supplier is only interested in selling you another product, but not in making the already sold product better. Furthermore, if you lack the expertise, will you even be able to manage the product correctly?

There are those who can, with in-house security expertise, where it would be stupid to outsource it. But for the rest of us, there’s at least a certain measure of security available with Security as Service.

Die Credit Suisse will auf ein neues SMS-Sicherheitsverfahren umstellen. Benutzbar mit a) Einem Handy b) welches eine Schweizer Landesvorwahl hat c) eine Vorwahl von 076, 077, 078 oder 079 hat.

Sobald man auf der DirectNet-E-Banking-Seite einzuloggen versucht wird einem mitgeteilt dass die bisherige SecurID-Authentifikation noch 7 Tage lang gültig sei.

Was haben die Sicherheitspezialisten der Credit Suisse geraucht? Oder sind die aus einer Anstalt entflohen?

Wer auch nur die geringste Ahnung von “Sicherheit” hat, dem fallen sofort einige ganz gravierende Probleme (abgesehen von “Usability”-Problemen, für Leute im Ausland z.b.) mit diesem “SMS-Sicherheitsverfahren auf:

• SMS sind abhörbar. In Real-Time. Das wurde am Chaos Computer Club Congress 2009 bewiesen (und sämtlicher SMS-Traffic auf dem Kongress gleich live auf einem Beamer angezeigt).
• Smartphones werden immer mehr als Ziel für Malware interessant, je mehr sie Funktionen übernehmen für die früher ein ausgewachsener Computer benötigt wurde.
• Das “Token” (das Mobiltelefon nämlich) an das die Authentifikation gebunden ist, ist DER Gegenstand weltweit der am meisten verloren und gestohlen wird.
• Es ist eine enorme Datenschutzverletzung. Nun ist jedes Konto mit einer Telefonnummer gekoppelt. Gleichzeitig ist es auch noch möglich den Standort von Mobiltelefonen zu Triangulieren.

Und das ist nur das was mir sofort eingefallen ist.

Der einzige Vorteil der ersichtlich wäre, ist dass die Authentifizierung Out-Of-Band erfolgen könnte, was für Benutzer mit kompromittierten Windows-Kisten einen Vorteil darstellen kann. Der ist aber sofort wieder weg wenn man a) dasselbe Smartphone gleich fürs E-Banking benutzt b) sich Malware auf den Telefonen verbreitet. Aber vorallem c) muss der Code den man per SMS erhält so wie es jetzt implementiert ist trotzdem per Browser zurück übermittelt werden. Was die ganze Übung hinfällig macht.

Es gäbe schon ideen wie man sowas wirklich sicher machen könnte, aber die involvieren dann Karten mit Keypads und Methoden zur Out-Of-Band Übermittlung. Und nicht dasselbe wie vorher, bloss neu nun auf einem Gerät welches abgehört, gestohlen und verloren wird.

Es handelt sich hier um eine offensichtlich reine Geschäftsentscheidung. Für die CS ist die Frage einzig und allein die: Was kostet das System, was sind die zu erwarteten Aufwände für den Token-Verlust und schlussendlich, was sind die Aufwände wenn es von Dritten misbraucht wird. Mit dem SecurID-System bestehen die Aufwände in der Ausgabe der SecurID, und den Auswechseln derselben bei Verlust. Mit dem SMS-System ist es im Betrieb das senden der SMS, der Aufwand bei Verlust ist für die CS geringer da der Hauptaufwand da vom Benutzer getragen wird. Bei den Aufwänden durch Misbrauch seitens Dritten dürfte die CS erwarten dass die in etwa dieselben bleiben, da das neue System etwa die selben Schwachstellen hat wie das alte (respektive die Kosten für neue Schwachstellen nicht von der CS getragen werden müssen, z.b. in Form von Privatsphäreverlust) und Entwicklungen wie Smartphones die das ganz Ad-Absurdum führen könnten hat man vermutlich ignoriert, da bisher noch keine entsprechenden Misbrauchsfälle aufgetreten sind. Man hat sich wohl gegen eine wirkliche Out-Of-Band-Authentifizierung entschieden, da das vermutlich wesentlich teurer würde, und sich die momentanen Aufwände bei Misbrauch offenbar in Grenzen bewegen.

Die Sicherheit für den Endbenutzer war für die CS nie das Thema. Solange sich die Kosten der CS für misbrauchte Konten im Rahmen bewegen, und sie nicht übermässig schlechte Publicity wegen mangelnder Sicherheit bekommen, hat die CS nicht das geringste Interesse daran E-Banking sicherer zu machen. Nur billiger.

Ganz schlimm ist auch dass man den Kunden offensichtlich nicht die Wahl lassen will, die für sie meist sicherere SecurID weiterzubenutzen. Wenn die nicht von Fall zu Fall einlenken (in meinem nämlich ganz bestimmt), dann werde ich das tun was man in einer Marktwirtschaft in so einem Fall tut: Mit den Stiefeln wählen gehen.

Addendum: Ich habe angerufen, und scheinbar haben sie nun die Laufzeit für meine SecurID verlängert. Mir wurde aber mitgeteilt dass sobald eine andere Lösung für nicht-schweizer Mobiltelefone etc. exisitert, das SecurID-System abgeschaltet würde.

Tote erzählen keine Geschichten

Zumindest nicht bevor sie nicht seit 70 Jahren tot sind.

Denn erst 70 Jahre nach dem Tod des Urhebers läuft das Urheberrecht und die zugehörigen Nutzungsrechte aus. Zumindest in der Schweiz, der EU und der USA. Mit dem Erfolg dass kein Rechteinhaber ein Interesse hat mässig erfolgreiche Werke, auch wissenschaftliche, nachzudrucken, da diese in Konkurrenz mit neuen Werken stehen könnten, und gleichzeitig niemand anders die Werke nachdrucken darf, bis die Zombies nach 70 Jahren endlich wirklich tot und begraben sind und das Werk gemeinfrei wird.

Wer die Toten weckt…

Die Konsequenz dieser absurden Frist ist auch dass nun das ganze Urheberrecht von einem Grossteil der Bevölkerung nicht mehr ernst genommen wird, wie schon Thomas Babington Macauley 1841(!) gewarnt hat: “And you will find that, in attempting to impose unreasonable restraints on the reprinting of the works of the dead, you have, to a great extent, annulled those restraints which now prevent men from pillaging and defrauding the living.”

In Deutsch: “Und ihr werdet herausfinden, dass ihr mit der Versuch unvernünftige Restriktionen über das Nachdrucken von Werken von Toten einzuführen, zu einem grossen Teil die Hemmungen die heute die Leute davon abhalten die Lebenden zu Plündern und zu Betrügen, annuliert habt.”

Und er hat recht behalten. Die einzig sinnvolle Konsequenz daraus kann nur sein die Urheberrechtsfristen rigoros zu kürzen. Weder ein drakonisches Urheberrechts-Regime noch immer längere Fristen werden diesen Respekt zurückbringen im Gegenteil; mit jeder Verschärfung und Verlängerung verliert das Urhberrecht noch mehr an Glaubwürdigkeit.

Mehr Lebendig als Tot

Die zweite Konsequenz kann nur mit absoluter Dummheit und Ignoranz seitens der Gesetzgeber erklärt werden. Aus der Tatsache dass diese Rechte über den Tod hinaus geltend sind leitet sich nämlich ein Erbrecht ab. Und damit ist die Büchse der Pandora geöffnet die das ganze Urheberrecht selbst seiner Funktion beraubt.

In einem Forum sucht ein Erbe in der 4. Generation herauszufinden wer denn sonst noch Erbe eines bestimmten Malers sein könnte, von dem er im Rahmen eines Zeitschriftenartikels Werke veröffentlichen wollte. Mit anderen Worten, die Urheber- und Nutzungsrechte für diese Werke sind nun auf beliebig viele Personen verteilt, Anzahl unbekannt, es könnte eine Person sein, aber auch 50. Jede dieser Personen hat kein Recht selber etwas davon zu veröffentlichen, aber jede davon hat ein Recht jegliche Veröffentlichung zu verhindern. Und das ist noch nicht der schlimmste Fall. Bei Werken die von mehreren Urhebern gemeinsam geschaffen wurden wurden gilt dies für sämtliche Beteiligten, respektive deren Erben. Was bei Filmen durchaus hunderte Personen sein können.

Tot und Begraben

Das ist das was diese Schutzfrist über den Tod hinaus schon lange sein sollte.

• Sie verhindert Nachdrucke in dem sie es Verlegern ermöglicht die mit neuen Werken um die Aufmerksamkeit des Konsumenten buhlende alte Werke unter Verschluss zu behalten.
• Sie vernichtet aus obigem Grund auch gleich alte Zellulose-Azetat-Filme welche zwischenzeitlich zu Essig werden. Und manchmal auch andere Werke die entweder nur in Kleinauflagen vorhanden waren, oder noch gar nicht publiziert waren und Opfer eines Brandes oder einer anderen Katastrophe werden.
• Sie verhindert Publikationen durch Aufspaltung von Erbmasse. Und vernichtet damit ebenfalls Kultur, da auch diese Werke Opfer einer Katastrophe werden können.
• Sie verzögert Neubearbeitungen von älteren Werken und führt damit ebenfalls zu einem geringeren Korpus an Publikationenen.
• Sie vermindert den Respekt gegenüber dem Gesetz selbst.

I tried to make hostapd use a separate psk-file, with a different PSK per MAC-address. On Debian the file is called /etc/hostapd/wpa_psk and according to /etc/hostapd/hostapd.conf:

# Optionally, WPA PSKs can be read from a separate text file (containing list
# of (PSK,MAC address) pairs. This allows more than one PSK to be configured.

This is fucking WRONG. The file-format is not documented anywhere else, and the above is utter bogus. The file has to look like this:
00:00:00:00:00:00 somepskstring

The 00:00:00:00:00:00 of course would have to be replaced by a real MAC-address. The MAC-address all zeroed out might signify a wildcard, but then, this isn’t documented either.

By the way, if you do not want it bloody bridged, you need to set up the interface just like normal in /etc/network/interfaces, and take care that it’s served by dhcp and has appropriate firewall-rules.

Stupidity and misunderstanding on how security works has reached new heights in the USA: TSA: Enhanced screening for people flying to U.S. from certain nations.

How bloody stupid must one be to react this way to a failed attack? Yes, failed means exactly that a security measure — in this case a terrorist attack that was thwarted by passengers(!) — works. But instead of relying more on what obviously works, the TSA (and of course, this one is backed by the government; proving that Bush and Obama really do the same bollocks) has decided to implement something else, something incredibly stupid which will actually lower security.

Security professionals worldwide don’t even know if they should laugh or cry at such a bold display of imbecility. I’ve not yet seen what Bruce Schneier has to say about this specific idiocy, but here’s an essay which essentially explains the issue: Screening People with Clearances. Just so you can see that I’m not the only security professional who thinks this way, and Bruce Schneier has rather more clout than me. ;)

Do you really think terrorists won’t be likely to fly NOT from those 14 countries? Or — gosh — use a false passport? Hell, they might even recruit people from a country deemed “safer”, the USA itself for instance. And of course, increased scrutiny of certain passengers will draw resources from scrutinizing other passengers.

Congratulations, you’ve just implemented a fast lane for terrorists while harassing other passengers coming from some 14 countries. Mindbogglingly stupid. According to Hanlon’s Razor I’m forced to conclude that the USA is run by drooling idiots.

Addendum: Bruce Schneier has now put it nicely: Christmas Bomber: Where Airport Security Worked. I can only add “and in whose aftermath common sense did not”.