Acknowledge the doctrine of first sale and private use.

I blogged about this in May 2005. (Sorry for the verbosity of the following but I am trying to be more precise than concise.)

Current rights without needing permission

The doctrine of first sale ( also called "first-sale" doctrine or "exhaustion rule" ) is a limitation on copyright based on common sense: If you legally acquire an instance of a copyrighted work, you are legally allowed to sell or give away that particular instance of the work without needing permission of the copyright holder.

If you purchase a Paperback Book, DVD or CD, you can sell it or give it away.

Private use is also recognised in copyright law and is also based on common sense: When you legally acquire an instance of a copyrighted work, it is assumed that you must have the right to view the content.

If you purchase a DVD, you can put in a DVD player connected to your TV and view the movie.

It is also common sense that if you legally acquire an instance of a copyrighted work, you should have the right to modify that instance without needing permission of the copyright holder. Furthermore you are legally allowed to sell or give away that particular instance of the work without needing permission of the copyright holder.

If I purchase a book, I can legally write in the margins, rip out or glue in extra pages, and if I wish to, give or sell that one instance of a modified book to someone else.

Depending on the method of content acquisition, you may have other non-permissive rights. For example in New Zealand, you have the right to make and store a temporary copy of a Television Broadcast for later viewing: Time shifting with a Video Cassette Recorder (VCR), something not actually legal in New Zealand until the copyright act was amended in the mid 1980s.

The last Labour government also recognised that it should be legal for private individuals to create "temporary" copies of legally acquired copyrighted content. It is only common sense that if you can purchase portable Ipods and MP3 players ( in some cases made by the same corporations that sell movies and music ) then you should be able to make a "temporary" copy of tracks from a legally acquired CD to play on that device, and retain and use that "temporary" copy for as long as you retain legal possession of the source CD. You should expect to have the right to keep "temporary" duplicate copies of both legally acquired downloaded music tracks and CDs on your computer, for backup and playing, and on your portable MP3 player. These rights go way beyond the limits expressed in New Zealand 1961 copyright act.

Transformation of expectations by advances in technology

The technological revolution over the last 30 years has delivered into the market and to consumers devices that can capture, transform and reproduce content beyond what anyone dreamed of when copyright laws were first conceived. What most consumers today would consider "common sense" ( or in some countries fair use ) rights to copyrighted content far exceeds what worldwide copyright legislation currently grants.

Early adopters of technology often cross the legal boundaries before the rest of the public begin to adopt the same technologies that results in shaping the generally accepted public expectation of what should be common sense in respect to copyright. Democratic institutions and the resulting changes to legislation tend to lag way behind, in most cases by more than a decade.

Modern technologically informed common sense expectations

It is common sense to ask why should one source of content be any different to another, especially when the many of the corporations producing the content are involved in the manufacturing and selling of the devices that can copy, transform, reproduce and play the same content.

Since a laptop can also store and view many DVDs why should you not be legally able do the same as you would with CDs and portable MP3 players - store "temporary" copies of movies on the laptop's hard drive for later playback.

All the expressed rights should apply to all types of physical media and legally acquired digital content. When you legally acquire an instance of a copy of copyrighted work then you should have the all rights to that particular instance. Content providers or retailers of instances of copyrighted work should not be able to hide behind "provision as a service" and/or restrictive end user licenses: when you legally acquire an instance of a particular work, you should "own" that instance.

When you legally acquire an instance of a copy of copyrighted work it is only common sense that your private use rights should extend to view,use,modify,combine,inter-operate with, dispose or resell that one instance and should not be impeded by either legislation or technology or require the permission of the copyright holder. The copyright holder's exclusive rights should not extend to the private use right to deny combining a legally acquired instance of a copyrighted work with other works.

Why should time shifting be limited to only Television broadcasts? Any instances of copyrighted works broadcast by any method or streamed on the internet should be able to be captured and "temporary" copy held for later viewing. You should expect to treat that "temporary" copy as you would any legally acquired copy during the "temporary" time you hold it. The only exception being that you cannot sell or give it away since it is a "temporary" copy.

Adding value, increasing demand

You should have the right to distribute and/or sell, patches, recipes, digitised mixing instructions ( automated DJ producer! ), annotations and add-on components that refer and link to the content of the copyrighted work, as long as the distributed items do not contain content from the original copyrighted work. The resulting combined and/or transformed work that contains content from the copyrighted work sources can not be legally redistributed without the permission of all the copyright holders.

This last ability may seem to the content creators to be a major violation of their exclusive rights to a work that copyright grants, even if the derived combined result can not be redistributed. But consider, it legally requires an "original" copy, which the recipient is free to view in its original unmodified state.

Just as extra features distributed on DVDs tempt consumers to purchase even if they have seen the movie in the theatre or on TV, third party add-ons can dramatically increase the demand for the required original product. Also fan based user generated content, especially when combined with social networking, can deliver a large audience for comparatively little outlay.

Thinking beyond "free"

Participants in illegitimate content websites and Peer to Peer (P2P) networks distribute content on the expectation of other participants providing new and differing content. They still pay for bandwidth and local storage and not all older content remains available after the initial flood. There are undoubtedly a few hard-core providers with the personal goal of all digital content being "free". However, based on statistics from pirate bay, the majority of users of these illicit services will, after the initial rush of discovering the service, download only a few songs and one or two movies a month. Many who can afford to will switch to local legitimate content providers ( Itunes, Amazon ) when they become available because the wider range of immediately available content and better download speed.

The relative size of any black market is the product of two factors . The first is the relative cost of producing and distributing a reasonable quality facsimile in comparison to the price of the legitimate item. The second is the size of the prospective market of consumers who are alienated enough to choose the cheaper illegitimate option.

There is nothing that the current content industries can do about the first factor other than lowering the price to consumers of the legitimate item. All attempts to use a combination of technological restriction/obfuscation/DRM methods and legislative enforcement have failed and will always be circumvented in the future. The secondary effect of restrictions has resulted in a larger section of the prospective market becoming even more alienated, driving many more of them to choose the cheaper illegitimate option.

There is a lot more that the content industries can do about the second factor, reducing the level of alienation:-
* The reduction of private use restrictions, for example: the recent move of legitimate music services from DRM to unencumbered MP3/AAC formats. Make your content fully accessible by all digital technology.
* Making available legitimately freely re-distributable instances of digital content. Maybe lower quality, missing features and/or incorporating advertising.
* Easy and immediate access to legitimate downloadable content, directly though as many legitimate content providers ( Itunes etc ) as possible on first worldwide public release.
* Associate marketing via blogs and social networking sites. Make as many of the potential consumers part of the legitimate economy as possible. "Amateurs" can be "paid" via loyalty program discounts, professionals can be paid in cash.
* Transparency. People like to know what proportion of their payment will actually dribble down to the artists involved.

Conclusion

The potential gains from these liberating technological leaps, especially when combined with the relatively low cost of internet distribution, can deliver far greater profit for those who can see beyond the confines of the current, and almost obsolete, business models.

The above article is licensed under the Creative Commons Attribution-Share Alike 3.0 New Zealand . Please feel free to publish it anywhere under the linked terms and attributing it to David Mohring ( http://itheresies.blogspot.com/ )

I have a question regarding the bundling binaries including code licensed under the GPL/LGPL/AGPL ( henceforth collectively as xGPL ) and Non-xGPL licensed binaries including code/data/game-files/trademark protected items etc.

It is perfectly legal to "bundle" collections of xGPL and Non-GPL/Non-Free binaries packages on installer medium or on a live CD/DVD or in a hardware appliance as long you abide by the terms of the xGPL licenses for the xGPL binaries. ( For example Redhat's trademark protected or Novell's proprietary enterprise distribution bundles - Still OK to do so? )...

... but what about combining xGPL code and non-GPL licensed items inside an application bundling system ( i.e. Glick http://www.gnome.org/~alexl/glick/ ) ...

"An application bundle is a single file that contains all the data and files needed to run an application, so all the user has to do is start it. There is no need to install it, and if you don't like it you can just remove that file and the whole program will be gone." ...

I'm thinking of the use of something similar to Glick for the distribution of products with all GPL/LGPL/AGPL licensed source code combined with Non-GPL licensed game/service/customized data.

The Non-GPL items in the application bundle could require Per-seat/unit/person licensing, and the combined bundle in some cases may not be legally redistributed...

Assuming that application bundling system could give the the user the ability to :-

• (a) un-bundle the xGPL'ed licensed binaries ; AND

• (b) the vendor/packager provides the xGPLed source and downstream rights under the terms of the xGPL ; AND
• (c) the vendor/packager provides tools for the end user to combine modified xGPLed compiled binaries into a modified clone of their copy of the application bundle ; Then ..

Nothing would prevent retribution of the xGPL source or binaries, or the creation of third party rebuilds that replace the non-xGPL components and trademarks. For example projects that provide replacement game-files for the GPL Quake engines or rebuilt clones of Redhat's enterprise distribution that remove Redhat's trademark. However, depending of the licensing of the application bundle, any modified clone of an end users application bundle might not be legally redistributable.

Is distributing such application bundles, as described above, legal under the terms of the GPLv3, LGPLv3 and AGPLv3?

Network Neutrality : Two question for the great debate. In California there was an outrage when it was disclosed that electricity companies had deliberately idled plants while supplies were tight and then waited for prices to skyrocket on the spot market. If the current Internet network infrastructure provided by the backbone providers and Internet service providers can currently support much higher speeds and data quantities to current customers, then is the act of packet filtering and setting arbitrary low speed and data caps also effectively providing an "idled" service? Is a tiered Internet service, where content providers would be effectively competing on a similar market to the electricity "spot market", a market based entirely on Artificial Scarcity?

The Pierce Law IP News Blog points to a paper on software patents.

Bronwyn H. Hall and Megan MacGarvie's The Private Value of Software Patents takes an economic view of the patent system.

The first conclusion of the paper states "First, we conclude that, as measured by the stock market's reaction to legal decisions expanding the patentability of software, there is no evidence that the expansion of software patentability benefited firms in the software industry."

The second conclusion, derived from an analysis of stock values, states "Combining these two sets of findings, we conclude that the market evaluated software patents as unimportant ex ante and expected that the expansion of software patentability would negatively affect firms in downstream sectors and firms without patents."

If there is no actual benefit to the software industry why do we need to grant such monopolies?

What anti-software patent advocates want.
In answer to Douglas Sorocco

See My February 24, 2005 Questions to USPTO On-Line, which may in part have prodded the USPTO and open source community into this latest action.

Failing direction from governmental legislation, software and other abstract method patents have been forced on the USPTO and the rest of the world by the back doors of legal and administrative precedent. How many countries have actually passed legislation explicitly legitimizing software or abstract patents? Not the USA for one.

Can the you point to any instances where the granting of software related patents has been an actual benefit to the progress of science, useful arts and the software industry in general? In a similar vein, can the you point to any instances where the granting of business method related patents has been an actual benefit to the progress of science, useful arts and industry in general? Have the intellectual property gurus even attempted to address the issues raised by the critics of software patents over the last two decades?

If no positive answer can be given to the above questions, why do we need to grant such monopolies?

Because of the time it takes to get a patent and the six to ten years it has taken to drag the first cases though the courts and appeals, the major negative effect of software patents have just begun to become noticeable. It is going to get a lot worse.

Because of the existing precedent, removing software patents will require the introduction of explicit legislation. That will take time, probably many years to undo the damage from the lobbying by intellectual monopoly advocates such as yourselves.

Until then, helping he USPTO track down prior art in publicly available open source software will greatly reduce the number of patents the software development industry will have to concern itself with.

Also opening up the patent application process could end up improving the quality the remaining granted patents.

The open eleven steps to telecommuting

I have set up and supported remote sites and home based telecommuting. Listen to my advice, listen very carefully and save your sanity.

If your organization is large enough then it is likely that you will have a few older desktop PCs that have been or are due for replacement during an upgrade cycle. PCs that are inadequate for Microsoft XP and Office2003 are more than powerful enough for many current versions of Linux, especially for the role of server. Also second hand PCs with the required specifications are very cheaply acquired.

1) Find an older PC, at least a PII 300 with 256 MB memory, to set up as a headless ( no display or keyboard ) server and firewall. A simple web based interface ( or even an external hardware push button ) can be used by the local users to start/stop the server and internet connection. All other maintenance should be handled remotely via ssh, webmin and VNC.
2) Install a second NIC or connect the modem directly to the server. Connection to the Internet should be through the server and connection to the Office should be through a VPN on the server. Use a dynamic IP service for each site so you can remotely log on to the local server via ssh.
3) Install a new IDE hard drive in a 3.5" removable rack and tray. The drive should be than big enough for the operating system (Linux of course) and copies of some of the local desktop partitions. A telecommuter can shut down the server and bring in the drive during the day to resync and repair.
4) Install a DHCP demon on the local server to allocate local IP addresses, DNS and gateway settings. If the desktops are network boot capable then install TFTP to remotely boot and use Knoppix via PXE and the network. If the desktop OS is constantly crashing, or is infected by malware, the user can select PXE/network boot via the BIOS, and boot into Knoppix. The user can then be instructed over the phone to enable the ssh server to allow remote scan,repair and reimaging of the desktop partitions. The user can use the Knoppix desktop to continue working with full access to files while the the remote administrator fixes/reimages the drive in the background.( Consider hiring someone who knows how to customise Knoppix or another live Linux system for your setup )
5) Partition the desktops with as small as required C: partition ( or in the case of Linux the root partition ) for software. When software is install, use dd and netcat via live Knoppix to copy/clone a snapshot of the partition to the server. You can allocate the remaining free space as a persistent partition where documents are stored.
6) Install and enable remote VNC service on all the platforms, but only allow incoming connections from the local server ( which is redirected over a SSH tunnel ).
7) For local backup, create share directories on the desktop accessible by the server. On the local server create loopback encrypted file systems, unmount and copy the images to the desktops shares in chunks, using redundancy if enough space is available on the desktops. Checksum ( MD5 is enough ) each piece.
8) If the network load to the Office is taking up all the available internet bandwidth or the connection is just too slow then install proxy servers on the local server. You can also consider using a distributed filesystem ( OpenAFS is still the best ) with access to the local users via a SAMBA share.
9) If phone charges are eating into the budget, and the internet connection is good enough, then install Asterisk on the local server ( upgrade the server to a Celeron 800Mhz or better ) and PCI cards with enough FXS ports for each local user. Don't bother with software based phones/headsets. The phone will work when the desktop does not.
10) Set up a Linux server at the Office that operates as a thin client application server. Allow remote access though both FreeNX and VNC. Create login accounts and logins that operate as virtual meeting rooms, with multiple users logging in via VNC. Use VNCserver with a screen size of around 1000x600, that will operate via a VNC viewer on any 1024x768 desktop. Use phone based conference calling for voice -- it's a lot less hassle for the users
11) Add the usual list of cross platform applications: Firefox, Thunderbird, Gaim, and even OpenOffice etc.

The return on investment from the reduction in desktop downtime will quickly outweigh any initial outlay for any new hard drives and possibly FXS cards.

Our Data:an appeal - a "Plimsoll line" for apps

From June 14 2002

However relatively bad the security of Microsoft's products are in comparison to what the free licensed and open source communities ( as well as practically every other vendor on the planet ) provide, Microsoft is not alone in the presence of vulnerabilities, this is a major issue for Linux/BSD and Unix as well as ever other OS and vendor.

From the Plimsoll Club history

Samuel Plimsoll brought about one of the greatest shipping revolutions ever known by shocking the British nation into making reforms which have saved the lives of countless seamen. By the mid-1800's, the overloading of English ships had become a national problem. Plimsoll took up as a crusade the plan of James Hall to require that vessels bear a load line marking indicating when they were overloaded, hence ensuring the safety of crew and cargo. His violent speeches aroused the House of Commons; his book, Our Seamen, shocked the people at large into clamorous indignation. His book also earned him the hatred of many ship owners who set in train a series of legal battles against Plimsoll. Through this adversity and personal loss, Plimsoll clung doggedly to his facts. He fought to the point of utter exhaustion until finally, in 1876, Parliament was forced to pass the Unseaworthy Ships Bill into law, requiring that vessels bear the load line freeboard marking. It was soon known as the "Plimsoll Mark" and was eventually adopted by all maritime nations of the world.

The risks,issues and solutions for providing a more secure operating and application enviroment have been known for decades.

Those who do not already comprehend the issues and are willing to learn, should take some time out to listen to some of the speeches at Dr. Dobbs Journal's Technetcast security archives, starting with Meeting Future Security Challenges by Dr. Blaine Burnham, Director, Georgia Tech Information Security Center (GTISC) and previously with the National Security Agency (NSA)

The design and implementation of some applications and servers are just too unsafe to use in the "open ocean" of the internet.

Numerous security experts have railed against Microsoft's lack of security, best summed up by Bruce Schneier Founder and CTO Counterpane Internet Security, Inc who rightly said:

Honestly, security experts don't pick on Microsoft because we have some fundamental dislike for the company. Indeed, Microsoft's poor products are one of the reasons we're in business. We pick on them because they've done more to harm Internet security than anyone else, because they repeatedly lie to the public about their products' security, and because they do everything they can to convince people that the problems lie anywhere but inside Microsoft. Microsoft treats security vulnerabilities as public relations problems. Until that changes, expect more of this kind of nonsense from Microsoft and its products. (Note to Gartner: The vulnerabilities will come, a couple of them a week, for years and years...until people stop looking for them. Waiting six months isn't going to make this OS safer.)

However Microsoft's products are not alone in the presence of vulnerabilities, this is a major issue for Linux/BSD and Unix as well as any other OS and vendor.

In a recent speech "Fixing Network Security by Hacking the Business Climate", also now on Technetcast, Bruce Schneier claimed that for change to occur the software industry must become libel for damages from "unsecure" software. However, historically this has not always been the case, since most businesses can insure against damages and pass the cost along to the consumer.

The Ford Pinto and more recently the Ford Explorer's tires are two examples of public and media pressure being more successful than just threat of lawsuits. Even so, just as with the automotive industry, eventually though public pressure the governments around the world have to step in and pass regulations that set up a minimum set of requirements an automobile has to meet to be deemed "road worthy". This includes crash testing as well as the inclusion of safety equipment on all models. The requirement are not constant and change to meet the expectations and demands of the public and lawmakers.

The onus is not only on the automotive industry itself but also on the users. Most countries require that all automobiles undergo regular inspection and maintain an up to date "Warrant of Fitness".

In the same way, if you want a secure IT infrastructure, eventually the software design, implementation and each deployment will have to undergo the same type of regulation and scrutiny.

Unix,Linux,BSD and especially OpenBSD are currently far superior in terms of security, both in closing the vulnerabilities in applications before they have the chance to be widely exploited and implementing more secure access subsystems ( SELinux/LSM etc ).

However, should the Unix, open source and free licensed communities and vendors be taking a more active approach, including lobbying government, to
1) set up a minimum set of expectations, in the design and implementation of internet "accessing" software ; and
2) ensure that all deployments are more securely implemented ; and/or
3) remove inherently unsecure products from the marketplace,

IMO the above three are preferable to all software vendors, including Microsoft, than attempts to allow liability lawsuits against vendors for deployments which the vendors do not necessarily have any control over.