The Little Hacker's Room

Do you remember Darl McBride testifying at trial in SCO v. Novell in April that if you wanted to get Unix source code, the only way to get it was to license UnixWare and that UnixWare was just the latest version of Unix? The court believed that story, so for the sake of history and truth, then, here is a Novell SEC 10K filing from 1994, when Novell was the place you went to in order to license UnixWare and Unix System V. They sold both UnixWare and Unix source code as two separate products.

In-flight Internet access is finally starting to be rolled out by some carriers, and as they do so the inevitable question of what to do about objectionable material is already being debated. Surprisingly, many airlines have decided to not filter in-flight Internet access but instead rely on “peer pressure and the presence of flight attendants,” according to Tim Maxwell, Vice President of Marketing for Aircell, the company providing American’s broadband service.

But others are wondering if that’ll be enough. I share that concern. I can only imagine how ugly things will get on a flight once somebody starts streaming porn from their aisle seat. Flight attendants are going to become “fight” attendants once that happens. And you better believe that somebody in Congress is already cooking up legislation with some snappy title like “The Family Friendly Flights Act” to impose a regulatory solution. (Oh wait, a bill with that title was already introduced last year!! I wrote about it here. But that bill was just for violent movies, not Net access. So expect another measure soon mandating in-flight Net censorship).

Before things get ugly and bills start flying up on the Hill, the airlines need to think about crafting some constructive solutions to this problem. Here are three possibilities:

(1) Offer privacy screens: Airlines could allow unfettered in-flight Net access but also offer those surfing the Net complementary screen privacy filters. If needed, flight attendants could require those screens be used if a certain surfer is prompting complaints from other passengers because of what they are viewing on their laptops.

(2) Seating stipulations: Airlines could offer the back third of planes be “Net-free” and encourage parents with kids to sit back there, or vice-versa (Net surfers sit in back, kids further up).

(3) “Family-friendly” flights: Airlines could stipulate that Net access will be prohibited or tightly filtered during certain flights. That way parents with kids or other sensitive travelers could make sure to book those flights. (I made a similar proposal for cell phones on planes before.)

If airlines don’t adopt plans like this now, they will be in for some serious grief later on. All it is going to take a handful of disrespectful jerks loading up their favorite porn sites in the cabin of plane to set off a firestorm of controversy from travelers, flight attendants, and then lawmakers.

I've been getting email asking if I'll be covering the newly filed Apple v. Psystar litigation. Here's Apple's complaint [PDF]. I must tell you frankly that I was in the "a pox on both their houses" category, so I thought I probably wouldn't do so in depth.

But then I noticed media reports that Psystar has announced that it will be filing antitrust (!) counterclaims. Antitrust? I couldn't help but reflect -- and I confess it was my first reaction -- that it's so odd that all Microsoft's competitors end up dealing with unexpected allegations, sometimes from small companies, against them in court or before regulatory bodies that just happen to threaten their viability in the marketplace.

Remember Google was accused, and cleared, of an antitrust allegation in the US and before the EU Commission? And IBM was accused of copyright infringement in connection with Linux by SCO, as laboriously chronicled right here on Groklaw. And now Apple has to deal with litigation counterclaims that, so far, seem to me to be dubious at best from a company that just suddenly showed up last year doing things that a first-year law student, or even a mere paralegal like myself, would assume were going to get them royally sued into nonexistence. Now there are announced counterclaims that just happen to go to the heart of Apple's business.

The LWN.net Weekly Edition for August 28, 2008 is available.

[This post will be geekier than average. Apologies in advance to non-programmers]

One of the interesting aspects of Intellectual Property and Open Source is the frequent use of programming metaphors to explain legal concepts. Given the audience, it’s a clever approach. Most of the analogies work well. A few fall flat.

I found one analogy particularly illuminating, albeit not in quite the way Lindberg intended. He analogizes the patent system to memoization, the programming technique in which a program stores the results of past computations in a table to avoid having to re-compute them. If computing a value is expensive, but recalling it from a table is cheap, memoization can dramatically speed up computation. Lindberg then compares this to the patent system:

The patent system as a whole can be compared to applying memoization to the process of invention. Creating a new invention is like calling an expensive function. Just as it is inefficient to recompute the Fibonacci numbers for each function invocation, it is inefficient to force everyone facing a technical problem to independently invent the solution to that problem. The patent system acts like a problem cache, storing the solutions to specific problems for later recall. The next time someone has the same problem, the saved solution (as captured by the patent document) can be used.

Just as with memoization, there is a cost associated with the patent process, specifically, the 20-year term of exclusive rights associated with the patent. Nevertheless, the essence of the utilitarian bargain is that granting temporary exclusive rights to inventions is ultimately less expensive than forcing people to independently recreate the same invention.

The caveat at the beginning of the second paragraph is huge. In the software industry, at least, any patent filed in the 1980s is virtually worthless today. But even setting that point aside, Lindberg’s analogy provides a helpful analogy to explain why patents are a bad fit for the software industry: it’s like implementing memoization using a lookup table without a hash function.

The reason memoization works is that we have a data structure called a hash table that allows programs to look up a name:value pairs in a constant amount of time, no matter how many name:value pairs we have. (In big-O notation, lookups are O(1)). However, if someone who didn’t know about hashing functions tried to implement a lookup table, his program might be stuck examining key:value pairs one at a time, leading to a lookup time proportional to the number of key:value pairs (in big-O notation O(n)). And using such a hashtable in large computations would cause terrible performance problems. For example, if we were using memoization to compute the Fibonacci sequence with a properly-executed hashtable, the execution time would be proportional to the size of the input (O(n)). But with our poorly-executed lookup table, the execution time would be proportional to the square of the input (O(n2)). The net result is that if the former algorithm can compute the millionth Fibonacci number in a second, the latter would take on the order of a week.

OK, so what does this have to do with the patent system? For most industries, the patent system works like a lookup table with performance O(n), where n is the number of patents in your industry. There’s no hashing function—no mechanism to quickly hone in on the specific patent relevant to your invention—so your only option is to hire a patent lawyer to review every potentially-relevant patent, one at a time. And of course, doing these lookups is mandatory. That means that the patent system as a whole has a cost O(n2) with respect to the number of firms (holding the patenting rate within each firm constant). Doubling the number of firms both doubles the number of patents and doubles the number of eyeballs that must examine each patent.

In a competitive industry like the software industry, the value of this particular O(n2) cost function is probably larger than the entire revenues of the software industry. That is, if we really required every software company to read every patent issued to every other software company, the legal bills would bankrupt the entire industry. Since it’s essentially impossible to comply with the law, most software companies simply don’t try. And so we get endless stories about companies inadvertently infringing other companies’ patents. This isn’t evidence of malice or incompetence on the part of the latter company. It just reflects a brute force of mathematics.

It’s worth noting that some industries do have a usable hashing function. The pharmaceutical industry has chemical formulas, which may allow O(1) patent lookups. You type the formula of your drug into a database and it pops out a small number of patents that relate to that drug. This may be why the pharmaceutical industry is so much more enthusiastic about patents than most other industries. The costs of the patent system is O(n) with respect to the number of firms (and the number of pharma firms is small) whereas for most other industries it’s O(n2).

I was a HUGE fan of Mattel handheld games back in the late 70s, and I played “Football I” and “Football II” for countless hours with friends. And now you can get it on the iPhone!

Sure it’s probably still primitive as hell — you could only run the ball in Football I ! — but I bet it’s still a lot of fun.

I still have the old Football II handheld at my house and have been trying to teach my kids how to play it. (Colleco’s handheld Football game was actually better but I don’t have that one anymore). My kids don’t quite get the fun in frantically mashing buttons to move little red LED hashes across the screen. They are spoiled I tell you!

The Battlestar Galactica game was just awesome too. Video games have come a long, long way since then, but these old handheld games were addictive in their own right.

I’m reviewing Van Lindberg’s Intellectual Property and Open Source for Ars Technica. The first chapter is an introduction to the theoretical concepts that Lindberg describes as the “foundations of intellectual property law”—public goods, free-riding, market failure, and so forth. I’ve found several of the assertions in this chapter frustrating.

For example, on p. 8, Lindberg writes:

We want more knowledge (or more generally, more information) in society. As discussed above, however, normal market mechanisms do not provide incentives for individuals to create and share new knowledge

Italics mine. Now, this claim is simply untrue. Normal market mechanisms do, in fact, create incentives for individuals to create and share new knowledge. Mike Masnick has offered one excellent explanation of how they do so. See also Chris Sprigman and Jacob Loshin and the restaurant industry. Plainly, lots of new knowledge is created without the benefit of copyright, patent, or trade secret protection.

It’s likely that Lindberg is just being sloppy here, that he meant that markets do not provide sufficient incentives for creativity. This is a perfectly plausible view—indeed, it’s the mainstream view among scholars of patent and copyright policy. But even this weaker formulation is controversial. Boldrin and Levine, for example, are two respected economists who deny it. Even this weaker formulation, therefore, is too strong. Certainly many scholars (myself included) believe markets produce insufficient creative expression, but the point has certainly not been proven conclusively.

Then, on p. 18, Lindberg writes:

For the past 50 years—and especially the past 30—there has been a tide of stronger intellectual property protections across industries. This growth in IP has encouraged people to invest heavily in the development of new intellectual property, and has moved IP to the core of many business strategies. For most businesses in the United States, in fact, the intellectual property part of the business is the most valuable aspect of the business.

The first obvious point to make here is that correlation does not prove causation. It’s true that patent and copyright protections have been strengthened over the last half-century, and it’s equally true that innovation has occurred at a rapid pace. But there’s no particular reason to think that these developments are connected. Indeed, Bessen and Meurer have persuasively argued that outside the pharmaceutical industry, patents created a net negative incentive for invention during the 1990s. For industries such as IT where the patent system is poorly calibrated, patents appear to have made it less profitable than it otherwise would to “invest heavily in the development of new intellectual property”—the potential profits from obtaining patents of one’s own are swamped by the costs of defending against patent lawsuits from others.

It is certainly not the case that “the intellectual property part of the business is the most valuable aspect of the business.” Bessen and Meurer estimate that revenues attributable to patents during the 1990s averaged around $15 billion annually, almost all of which was in the pharmaceutical industry. In a $10 trillion economy, this is rounding error. I’m not aware of an analogous estimate for copyrights, but when we consider that the software industry (the majority of which is services companies that don’t rely heavily on copyright) enjoys revenues of less than $400 billion, and the movie and music industries have revenues in the tens of billions of dollars, the total value of all “intellectual property” activities in the economy cannot be much more than 5 percent of our $13 trillion economy.

It’s certainly true that innovative activity in general is a large part of many businesses. But it’s a category error to attribute all innovative activity to the copyright or patent systems. The market provides large positive incentives for innovative activities in most industries. In a few industries the patent and copyright systems seem to provide significant additional incentives for innovation, although in others they seem to be a net disincentive, albeit a small one.

Perhaps it’s not fair to pick on Lindberg for this. The chapter is a competent summary of the orthodox view of the “foundations” of patent and copyright law. His explanations closely track those you’ll find in most other treatises on the subject. But one reason I found the chapter disappointing is that this is a book aimed at open source developers. That audience, of all people, should be skeptical of claims that patent and copyright privileges are essential for the production of creative works. Plainly, the patent system has nothing to do with the success of Linux, Apache, and Firefox, and copyright has played a peripheral role at best. Lindberg acknowledges Richard Stallman’s views on the subject, and must be aware of other skeptical arguments that are staples of Slashdot discussions on the subject. Given the audience, I would have liked to see him at least give a serious consideration to some of those arguments, if for no other reason then simply to explain why he doesn’t agree with them. Yet the closest he gets is a single short paragraph on p. 16 where he mentions Stallman’s dislike of the term “intellectual property.”

Of course, the book is not designed to be a treatise on the economics of patent law, but a practical handbook for developers seeking to work within that system. So I certainly wouldn’t expect an in-depth treatment of the subject. But Lindberg took the time to explain concepts like “club goods” and “common pool goods” that don’t appear necessary for a developer wanting to learn the rules of the road of patent and copyright law. He could have cut some of that abstract discussion, replaced it with a more balanced discussion of competing views on “intellectual property,” and wound up with a book that arms his audience to better understand the shape of the contemporary copyright and patent debates.

Oh man, I am just in heaven. Ubiquity for Firefox is the coolest damn application for Firefox not just of the year but of all-time. Watch the video. Download it. Change your life.

Ubiquity for Firefox from Aza Raskin on Vimeo.

Xen.org has sent out a rather long-winded press release announcing the availability of the Xen 3.3 hypervisor. "With a full 64-bit address space, Xen can take advantage of massive amounts of physical memory, including new flash-memory based stores, and Xen's memory ballooning features permit dynamic reallocation of memory between guest Virtual Machines (VMs), to guarantee performance, and permit greater density of VMs per server. Xen 3.3 now offers CPU portability to allow live relocation of VMs across different CPU feature sets, active power optimization, to reduce power consumption on Xen-based servers and maximize data center power savings, and significantly enhanced security." More information is available on Xen.org.

In addition to the prospect of new liability, the lesson provisions include a series of draconian conditions that undermine rather than facilitate education.  For example, Section 30(5)(a) provides that the education institution is required to:

destroy any fixation of the lesson within 30 days after the day on which the students who are enrolled in the course have received their final course evaluations;

I am not making this up.  Bill C-61 requires teachers that utilize this educational exemption to destroy the lessons that they have created for their courses with one month of the conclusion of the course.  Teachers must recreate the lessons each year which obviously establishes a strong incentive to run as far away as possible from these new "rights."  If the government is serious about supporting education, it will drop this embarrassing condition from bill.

In addition to the prospect of new liability, the lesson provisions include a series of draconian conditions that undermine rather than facilitate education.  For example, Section 30(5)(a) provides that the education institution is required to:

destroy any fixation of the lesson within 30 days after the day on which the students who are enrolled in the course have received their final course evaluations;

I am not making this up.  Bill C-61 requires teachers that utilize this educational exemption to destroy the lessons that they have created for their courses with one month of the conclusion of the course.  Teachers must recreate the lessons each year which obviously establishes a strong incentive to run as far away as possible from these new "rights."  If the government is serious about supporting education, it will drop this embarrassing condition from bill.

CentOS has updated ipsec-tools (denial of service) and libxml2 (denial of service).

Debian has updated libxml2 (denial of service).

Mandriva has updated libxml2 (denial of service).

Red Hat has updated the kernel (for Enterprise MRG: multiple vulnerabilities), tomcat (multiple vulnerabilities), openoffice.org ("numeric truncation error"), and ipsec-tools (denial of service).

CERT has sent out an advisory on key-based attacks being used against Linux systems. "The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as 'phalanx2' is installed." There's no talk of where the original stolen keys come from. CERT's advice includes disabling key-based authentication, which, of course, runs counter to the advice given to those trying to defend against brute-force password-guessing attacks.

Mozilla Labs has announced the first release (an "early experimental prototype") of "Ubiquity," a Firefox plugin intended to add a high-level command-line language to the browser. The best place to see what Ubiquity is trying to do may be the Ubiquity user tutorial. "Let's say I've found an interesting fact on a web page and I want to send it to Chris. I can select part of the page, including links, pictures, and anything else, and then issue 'email this to chris'. Ubiquity understands 'this' to refer to my selection."

The Debian Live project has released its first product in the form of a set of beta Debian Lenny live CDs. "Although live-helper is a toolkit to produce your very own live systems with only a few steps, we also provide prebuilt images that are meant to be used as reference systems for end-users. Currently, this consists of the three major desktop environments (GNOME, KDE and Xfce), as well as a small 'standard' image without a graphical environment." They are looking for testers to help find the inevitable glitches.

Wirelessnorth.ca with a great post that shows where your $75 monthly wireless bill goes (hint: lots of profit).

The CBC reports that Howard Maker has been named the full-time head of the Commissioner for Complaints for Telecommunications Services.

Wired covers a talk given at DefCon about vulnerabilities in the Border Gateway Protocol (BGP) which is the protocol used to advertise routes for internet traffic. The attack can hijack packets bound for a particular IP address, then silently send them on to the proper destination—possibly after modifying them. "The issue exists because BGP's architecture is based on trust. To make it easy, say, for e-mail from Sprint customers in California to reach Telefonica customers in Spain, networks for these companies and others communicate through BGP routers to indicate when they're the quickest, most efficient route for the data to reach its destination. But BGP assumes that when a router says it's the best path, it's telling the truth. That gullibility makes it easy for eavesdroppers to fool routers into sending them traffic."

… environmental attorney Dusty Horwitt, who recently published this outlandishly stupid and highly offensive editorial in the Washington Post calling for an information tax to reduce the supply of information in society. “[I]n our information-overloaded society,” he argues, “the concept of [too much information] is no joke. The information avalanche coming from all sides — the Internet, PDAs, hundreds of television channels — is burying us in extraneous data that prevent important facts and knowledge from reaching a broad audience.” His repressive solution?

It’s possible that over time, an energy tax, by making some computers, Web sites, blogs and perhaps cable TV channels too costly to maintain, could reduce the supply of information. If Americans are finally giving up SUVs because of high oil prices, might we not eventually do the same with some information technologies that only seem to fragment our society, not unite it? A reduced supply of information technology might at least gradually cause us to gravitate toward community-centered media such as local newspapers instead of the hyper-individualistic outlets we have now.

Mike Masnick of TechDirt and Richard Kaplar of the Media Institute do a fine job of ripping Mr. Horwitt’s absurd proposal to shreds. As Kaplar argues, it is “sheer lunacy” to “tax the technologies of freedom.” Unlike gasoline, there are no good reasons — not one — for government to ever take steps to reduce the supply of information. Mr. Horwitt is calling for public officials to use their taxing powers to destroy or limit opportunities for human communications and the free exchange of speech and expression. It is completely antithetical to a free society.

Moreover, if Mr. Horwitt really thinks there is too much information in this world, then perhaps he should lead by example and take his own site offline first! The rest of us will take a world of information abundance over a world of information scarcity any day of the week.

Apropos Julian’s excellent story of watchlist incompetence, a Slashdot commenter linked to this gem: