 |
Monday, September 9, 2002 |
|
I have been thinking again about the destinction between source code and object code. You don't need complex destinctions as suggested by Edward Felten. And the fact that both can be identical does not mean the destinction is always meaningles as David Reed thinks; and just because there are people which can read objectcode without hassele that is no reason to assume that there is an often an fundamental change in quality when translating source code and object code.
If we stop pondering on implementation details but look at what this different kinds are meant to be the the picture is nice and simple:
- source code is the stuff the programmer creates. The source of the program. The thing he works on and edits. This might be traditional text file like programm code, a object DB, some kind of drawing in a RAD tool, some hex digits used by an microcontroller hacker. Only that is the source code. If you put your Perl programm through a tool which strips out the comments the output is no source anymore.
- object code is the object of the execution by a machine. Machine can be seen at various levels. A Perl interpreter can be considered the machine exactly like a bytcode compiler.
This means the same thing can be source code for one person and object code for another. Example:
Somebody works on a spreadsheet putting higly compley calculations in it. For him this spreadsheet it is source code. When he saves the spreadsheet on his company's server, somebody else loads it, fills in just the numbers and enjoys the results, the spreadheet file is object code to him.
One problem persitst: what makes the first guys actions 'programming' and the others just 'using'? I'm tempted to look an programming as 'changing the flow control', but I'm afraid this doesn't work out. So we have a new problem: What is writing a programm and what is using it? If I change the toolbar in MS Word and add a Macro to insert my address, is this Programming?
11:52
#
G!
| |
Michael Fabricant, a Lichfield MP for the Tory party, hopes to introduce a new Bill to stop employers from snooping on employees' E-Mail: [Privacy Digest]
11:07
#
G!
| |
Some sectors of British industry are still failing to protect themselves against computer virusesü a security firm has found. [BBC News | TECHNOLOGY]
11:06
#
G!
| |
England - Nach achtmonatiger Verhandlung wurden vier M...nner in Grossbritannien zu Gef...ngnisstrafen verurteilt wegen des Betriebs eines Piratenrings, der Software im Wert von etwa 50 Millionen Pfund schwarz kopierte. Die zwei Inhaber der Firma PC Software bekamen je viereinhalb Jahre Gef...ngnis, w...hrend zwei Komplizen mit vier Monaten auf Bew...hrung davonkamen. Betroffen war im wesentlichen Microsoft-Software. Die Verurteilten m[florin]ssen des weiteren mit der Einziehung von Geldern rechnen, die sie durch die schwarz kopierte Software verdient haben. [Newsbyte.ch]
11:04
#
G!
Translate
| |
While Mac OS X.1 seemed to have no way to chenge the MAC address of the build in network interface of my powerbook Mac OS X.2 did a step in the right direction. By overhauling the Network Stack getting all the nice and new stuff like IPv6 and IPsec from FreeBSD they also added the lladdr parameter to ifconfig - but it seems there is still missing the driver support for it:
[bombadil:src/network_cmds/ifconfig.tproj] md% sudo ifconfig en0 10.0.0.1 lladdr 00:50:de:ad:be:ef
ifconfig: ioctl (set lladdr): Operation not supported
Any suggestions how to fix this are welcome.
11:01
#
G!
| |
|
Prof. Felten tells
us about the
Berman-Coble Bill trying to define what a peer2peer network
is:
'peer to peer file trading network' means two or more
computers which are connected by computer software that--
(A) is primarily designed to -- (i) enable the connected
computers to transmit files or data to other connected
computers; (ii) enable the connected computers to request the
transmission of files or data from other connected computers;
and (iii) enable the designation of files or data on the
connected computers as available for transmission; and
(B) does not permanently route all file or data inquiries or
searches through a designated, central computer located in
the United States;
Felten concludes that 'the definition clearly includes
non-controversial technologies, such as the Web itself, that
were not designed with copyright infringement in mind.' and
that there is no 'easy way to rewrite the definition to
draw a clear technical line between "bad" peer to peer
technologies and "good" ones.'
Having spend the whole
spring of 2000 trying to find out what "data" means in the
context of german computer-fraud law (see "Der Datenbegriff im
Recht" in Juristische
Rundschau, 2/2002 S. 52ff, de Gruyter, ISSN 0022-6920 for
results) I can't stop to comment on this:
The court system and legal doctrine is build all arround
definitions. While defining things
like cruelty, carelessness and such stuff is a well understood
problem for lawmakers and courts, technical circumstances seem
to be a major problem. A early and extreme example is the
german Reichsgericht (then the highest court) trying to define what should be
considered an Railway in 1879. (RGZ 1, 247, 252) It took
them 124 words (in german):
An enterprise, directed toward repeated progressive movement
of persons or things over not whole insignificant space
distances on metallic basis, which is defined by its
consistency, construction and smoothness for the transport of
large weight masses, and/or the achievement of a relatively
great speed of the transport motion, and by this
characteristic in connection with in addition to the
production of the transport motion used natural forces
(steam, electicity, animal or human muscle power, at uneven
level of the course already the own weight of the
transportation containers and their charge, and so on) with
that a relatively enormous (depending upon the circumstances
only in aimed at way useful, or also human life destroying
and the human health hurting) effect to produce is capable of
of enterprises of the enterprise on the same. (If
you consider this incomprehensible don't blame it on the
machine translation - the german text isn't any
better
So there has always been a problem for the legal system
describing technical matters. See my snippet "What is software?
What are Computers?", Prof. Felten's Source
Code and Object Code and Prof. Lessig's
Open Code = Closed Code? for examples. I think we need
serious research on the extend of this problem and how to deal
with it.
Some observations on this subject:
- Law professionals (for the sake of argument I
consider lawmakers 'law professionals') are mostly never
techno-savvy. They are even proud of it citing "judex non
calculat" as often as possible.
- Technical people tend to think in binary terms which
makes it hard for them to understand legal matters.
- A responsible law-making process can take years,
which means that the technology landscape can completly
change while a law is in the works.
- With most things law professionals have to discuss,
they think they can understand them in depth with their everyday
life experience. But they usually do not understand thechnical
circumstances. Think of "The signature and the paper of the
check in question could be clearly identified as forgery."
versus "The file wasn't linked from the Website but residing
unprotected in a public readable and listable webdirectory so it could
be easily accessed by modifying the URL."
- Since law professionals are usually not tech-savy or
even technophobe they don't like thinking about technical problems and so the
thoughts are not as elaborate as they should be. "Just write
something down about decentralized networks and that's
it."
- While it might often be helpful that lawmakers leave the courts the privilege of definition (especially in criminal law within certain limits) I don't think this is helpful for technology laws. With them the absence of clear cut definitions seems mostly lead to fear, doubt and court roulings which many consider unfair.
I don't consider this explanations satisfying, if you have better ones, please notify me about it.
But I'm sure that before legal research on anything 'cyber'
could successfully make meaningful steps forward we need a common
vocabulary of well thought terms and definitions so we know the
basics of what we are talking about when we are discussing higher complexity concepts.
9:29
#
G!
| |
|
There was this nasty SSL/TLS-Certificate validation bug. So now MS NBC is spreading "FUD": Windows flaw enables credit fraud. Attackers could use the use the flaw to get your credit card number.
In the mid-ninties there where people planning to do commerce on the Internet. They where told they can't do it, because the Internet "is not secure". - Oh not secure! Encryption makes stuff secure. So we encrypt the transactions via SSL and everything is secure - nobody could sniff your data from the wire. So users where told they should look for a little key icon in their browser and if it's there the site "is secure" and they shoul start shopping as mad.
The problem is: nobody is sniffing credit card numbers off the wire. All the bad guys just r00t the servers and grap thousands of credit card numbers from there. So broken SSL is not a risk to credit card numbers but poor host security is.
2:56
#
G!
| |
|
Found Greplaw from Harward which want's to cover "Geeks, Laws, Everything Inbetween". Example:
Richard Clarke Defines Cyberthreat. 
Richard Clarke is chairman of the president George W. Bush's Critical
Infrastructure Protection Board. Computerworld reporter Dan Verton has interviewed Clarke to get his views on the nature and potential of the cyberthreats to the US nation's critical infrastructure.
Read the entire story. [Greplaw]
1:14
#
G!
| |
Maximillian Dornseif, 2002.
|
|
|
