December 22, 2024

Archives for February 2004

NYT On "Hacking" Car Engines

In today’s New York Times, Jim Motavalli writes about people who tinker with, or replace, the software controlling their car engines. Some people do this to improve engine power or fuel efficiency, and some do it out of curiosity.

In a now-standard abuse of terminology, the article labels this as “hacking”. Worse yet is this sentence: “Perhaps inevitably, the hacker culture has also produced automotive pirates who buy legitimate chips from makers then copy the programming onto blank chips, selling the results at sharp discounts.” There you have it: tinkering is “hacking”, and “hacking” leads to copyright infringement, “perhaps inevitably”.

Sadly, the article misses a much more obvious link to the time-honored American tradition of automotive tinkering.

Windows Source Code Leaked?

Neowin is reporting that the source code for Windows 2000 and Windows NT4 has been leaked to the Internet. I haven’t looked at the code, and I won’t, so I can’t tell you whether the report is accurate. But based on the fragmentary information available, it appears more likely than not that the leak is real. If there was a leak, what are the consequences?

First, whoever leaked the code is obviously in big trouble. And Microsoft might respond by reducing the number of people who get to see the code, a number that had been increasing lately. In fact, a leak is not too surprising given how widely Microsoft distributed the source code.

Second, the leak will do some damage to the security of Windows machines, but it’s not clear how much. There’s a longstanding debate about the security implications of open source development. Source code access makes it easier to find security bugs. With open source, you make it easier for honest outsiders to find bugs, which is good, but you also make it easier for malicious outsiders to find bugs, which is bad. This kind of leak give us the worst of both worlds: honest outsiders will avoid looking at the stolen code, while malicious outsiders use the code; so you get the security drawbacks of open source without the security benefits. This will only matter, though, if the bad guys would otherwise have trouble finding bugs, which may not be the case.

UPDATE (February 13): The Associated Press is reporting that the source code leak did occur.

Is BayTSP a Cyber-Trespasser?

Next week in my “IT and the Law” course, we’re discussing cyber-trespass. Reading the course materials got me to wondering whether BayTSP might be a cyber-trespasser.

BayTSP is a small company that works for copyright holders, monitoring the contents of P2P networks. Among other things, they query individual computers on the P2P networks, to see what they contain. Are those queries trespasses?

The closest case is probably eBay v. Bidder’s Edge, in which a Federal judge granted a preliminary injunction that stopped Bidder’s Edge from using a web crawler to access eBay’s site. The judge found it likely that the automated accesses by Bidder’s Edge to eBay’s site were trespasses. And it wasn’t that Bidder’s Edge was hammering eBay’s site with so many requests that the site’s reliability or response time were affected – the impact of the accesses was minimal, but the judge found that that was enough to get over the legal bar.

To be precise, eBay claimed that the accesses constituted “trespass to chattels”, a legal term that is defined roughly as intentionally messing around with somebody else’s stuff in a way that causes damage. It’s a step, but not a huge one, from the Bidder’s Edge ruling to a claim that BayTSP’s activity constitutes trespass to chattels. It’s far from certain that a court would take that step; and bear in mind that the Bidder’s Edge ruling was criticized by many at the time.

BayTSP argues that what they are doing is legitimate, because P2P users are publishing the information for anybody to see, and BayTSP is only doing what any member of the public could do. That argument seems pretty strong. But Bidder’s Edge made the same argument, and it wasn’t enough to save them.

My guess is that a lawsuit against BayTSP, even if brought by a sympathetic plaintiff, would be a long shot. And I think such a lawsuit probably should fail, just as the Bidder’s Edge ruling should have gone the other way.

"Hacking" Revisited

I wrote yesterday about the degradation of the term “hacking”. Today, the perfect illustration of my point turned up: a Hacker’s Hall of Fame published by The Learning Channel. It includes legitimate uber-programmers like Ken Thompson and Dennis Ritchie, along with computer criminals like Kevin Mitnick and Vladimir Levin. Putting those guys on the same list is an insult to Thompson and Ritchie.

Journal of Algorithms Editorial Board Revolts

The editorial board of the Journal of Algorithms has resigned en masse, to protest what they call price-gouging by Elsevier, the company that publishes the journal. The journal’s annual subscription price had risen to $700, which is beyond the reach of many libraries, not to mention individuals.

The resigning board includes very distinguished computer scientists such as Donald Knuth. They have announced their intention to work on a new journal, Transactions on Algorithms, to be published by ACM, the leading professional society for computer scientists.

It’s surprising that this sort of thing doesn’t happen more often. The value of a journal comes from the quality of articles in it; and this quality derives mostly from the reputations of the editorial board members and the work they do in choosing and editing articles. If a journal’s management takes a direction that the scientists on the editorial board don’t like, there is something they can do about it!

Elsevier says they will find a new board and continue publishing the journal, but it’s hard to imagine that anybody in the field will take it seriously anymore.

Computer scientists are lucky, in that most of our best journals and conference proceedings are published by our professional societies at reasonable prices and terms. The new Transactions on Algorithms will be yet another example.