87 posts • joined Tuesday 30th September 2008 12:48 GMT
Alan Story's "Copy/South Dossier"
Well worth reading for anyone interested in the impact which Western copyright policies can have on less developed countries:
(The dossier is both Free and free — they'll even send you a hard copy (if they have any left) for nothing, and would not accept a donation...)
Re: Disproportionate effort?
it does not need to supply the data
It could supply a copy of the data, perhaps, just not in an intelligible form — it perhaps depends on whether the storage medium has more than one patients' records on it, and whether it has any way of duplicating the disc without the specialist machine.
It seems that the trust has the information, but not a means of expressing it in intelligible form without reacquiring some dedicated kit, or else finding a trusted third party to perform the conversion. I would be surprised if the trust did not argue that this constituted disproportionate effort, meaning that it does not need to supply the data:
s8(2), Data Protection Act 1998:
The obligation imposed by section 7(1)(c)(i) [to have communicated to the data subject in an intelligible form the information constituting any personal data of which that individual is the data subject] must be complied with by supplying the data subject with a copy of the information in permanent form unless—
(a)the supply of such a copy is not possible or would involve disproportionate effort
The Information Commissioner's Office has a reasonably concise guide on applying this test: http://www.ico.gov.uk/~/media/documents/library/Data_Protection/Detailed_specialist_guides/disproportionate_effort.pdf
Re: I just dont get it
Me, from time to time — I have not been able to get (yet, perhaps, but I've been waiting for a few months now) video editing software on my work machine, and so just bring in my Mac when I need to do it. I'd prefer that I could do it on my work machine, but it's not a big deal for me to use my own machine — I'm certainly not expecting any technical support for it, nor am I connecting it to the network.
Quite a lot of people in the office are using tablets of various guises (although, frankly, most are iPads) too, which are not corporate issue — I've used mine as a handy library of reference documents since I got one, and it's great to be able to have the legislation and cases, guidance documents and the like to which I refer quite regularly available in a small and searchable form.
What can't be done on any opther machine that can be done on macs? Now't!
I think it's pretty good for individual files, but I've had a bad time using it to image a replaced (identical) machine from a Time Machine backup. It took many hours before crashing, and it was far easier to reconfigure the machine by hand, and then sync documents back down from Unison (as I used then; now from my owncloud repository).
As a tool for backing up / restoring an entire system, my experience has been that it is unreliable.
Support agreement with Apple?
I'd have thought that the "harder to fix" nature of the more modern Macs made them more challenging in a corporate environment? With my work Dell machine, when the hard drive dies, it's trivial to pop it out and put in another — if the SSD on my Air were to die, I'm not sure there would be a huge amount I could do without Apple's assistance? Having a stack of spare machines may be a workaround, to give time to get the borked machine to Apple, but keeping a stack of hard drives on hand seems easier and cheaper?
(Purely a guess on my part, based on being a Windows user at work, and a Linux/Mac/BSD user at home.)
> I like a muffin or bagel with bacon and eggs too, this doesn't qualify as a bacon sarnie either
And there was me thinking I might have brought muffin-based enlightenment to the cheap white bread scoffing masses...
Lawyers are the enemy of the cloud
... as opposed to the many situations in which we are beloved?
"Passwords are encrypted: HTTPS"
Any kind security person care to help me understand this? I thought https was a transport layer security, protecting data in the course of transmission, rather than protecting the passwords on the server? Would the use of https protect against / prevent a CSRF attack?
Caffeine, MagicPrefs, GPGMail, Chicken of the VNC, photorec and more...
So many great f/Free utilities out there:
Caffeine: places a coffee cup icon in the menu bar; click, and it changes the power settings to stop the screen from going to sleep. Ideal for presentations. http://lightheadsw.com/caffeine/
MagicPrefs: a (secondhand) Magic Mouse makes a great presentation controller, using MagicPrefs to adjust the functions available by simply tapping the device's surface. (Given there's no IR port on the new MacBook Air, I tried this is a solution a year or so ago, and haven't looked back — it works really well.) http://magicprefs.com/
GPGMail: not yet available for Mountain Lion (although hopefully soon — a donation to oil the wheels of development may help speed it up), but essential if you want to sign or encrypt your email. https://www.gpgtools.org/gpgmail/index.html
Chicken of the VNC: lightweight and simple VNC client. http://sourceforge.net/projects/cotvnc/
photorec: command line data recovery software. It's worked very well for me so far — recovering files from a trashed Windows HDD, "lost" photos from a camera's SD card and so on. http://www.cgsecurity.org/wiki/PhotoRec
MetaZ: once you've used HandBrake, use MetaZ to apply the metadata, to display artwork, actor information and so on. http://griff.github.com/metaz/
I don't appear to have linking privileges yet, so sorry for the bare URLs :)
(Load owncloud onto a spare server, run the owncloud client on your Mac, and you've got a great (and Free) dropbox alternative, under your control. Else, consider running unison on the server, and using the Mac unison client — great two-way synchronisation.)
As presented here, not a great argument...
The government is hamstrung as to what exceptions it can (lawfully) introduce by virtue of the directive. As such, the legislation simply needs to say that the power to implement exceptions by statutory instrument is limited to those exceptions set out in the directive.
The power under statutory instrument is simply to select from a predefined menu of exceptions, and implement them — primary legislation is unnecessary, since the scope is so limited, and would simply slow down the process unnecessarily. Which might be exactly what is intended by some parties?
"you need a copyright system. I don't think anyone in the mainstream is really challenging that"
Especially if this is based on circular reasoning, whereby one must not be challenging the need for copyright, to be considered "in the mainstream."
I'm often unconvinced by what Richard Mollett says...
... but he's one of the best public speakers I've ever heard. Very eloquent and hugely persuasive. His content often bothers me, but I can't fault the way in which he delivers it.
Re: Conspicuous by absence
It's that imbalance which needs to be sorted out.
Part of the irony being that this was one of the reasons for the Copyright Act 1709 — to remove control from publishers, and put it back in the hands of authors...
"Technical work will be undertaken by experts from across the media industry"
Given the basis of copyright as a tool to secure a social good, perhaps involving more than just those set to benefit financially might appropriate?
Whilst this is billed to develop "a universal standard framework for licensing out," and so seems more about rights management, interested members of the public, which is supposed to be the primary beneficiary of the effects of copyright, should perhaps be involved.
"a lot of assertion but less hard evidence"
Finding hard evidence that "digital start-ups were being stopped by copyright licensing processes" would be very hard, I'd have thought, unless people could produce business plans showing that they had assessed an opportunity and turned it down / declined to proceed on the basis of copyright licensing.
If I were looking for a new business model, I'd be ruling out areas which were "too hard" first, to focus on areas easier to access and make money, and likely not give the problem areas a second though — why spend time working on something fraught with problems, unless there's a clear profit at the end, and sufficient time/money to overcome the problems before making a profit? If something is sufficiently hard, the volume of evidence that people have tried and failed is likely to be low, as, once people become aware of the likelihood of failure, they are less inclined to try it for themselves. The presence of a problem with copyright licensing may be the very reason for the lack of evidence of a problem.
It may not, of course. But it's not clear whether the question was asked whether the lack of evidence was because there was no problem, or whether there is a problem (as likely put forward in the "assertions"), for which evidence is hard to find. If not, whilst the conclusion reached seems right as a matter of fact, it does not necessarily tell the whole story, nor form a good basis for policy making.
Re: VPN passthrough?
I have not had a problem with the (few) hotspots I've tried, usually BT-powered, provided that I do the authentication before trying to connect, which is no real surprise.
I have my web browser on my machine defaulted to connecting via a proxy on my home network, to avoid accidentally using an insecure connection / if I somehow fail to route all traffic down the VPN — even putting exceptions in place for the authentication pages, I have not been able to get this to work with the proxy requirement in place, so I have to remember to deselect the proxy before authenticating, then put it back in place afterwards, which is a nuisance.
Plug extender and pico projector
Three-way plug extender from Poundland - perhaps the most useful bit of kit in my travelling pack. I just keep an EU adapter plugged into it, so I know I have one when I'm travelling.
Projector-wise, I picked up a Samsung SP-03 for just over £100 on eBay some time back - a fantastic piece of kit and, with a VGA cable, adapter for my laptop and its power supply (1.5 hour battery not something I'd rely on), it fits into the small pocket of my bag with ease — the whole package, standing on its end, is a mere 1/453 of the size of Nelson's column. Image is no good in a bright room but, dim the lighting, and it's more than useable.
> Would it not be true to say that teh wording of the act still hinges on whether a "copy" has been made
> i.e. if there are now two things where there was originally one?
Now that sounds like a common sense interpretation of what a copy is - which is not necessarily what a copy is for the purposes of copyright law.
You proposed a system that destroyed the original packets once they had been received and verified by the far end. The question, for the purposes of copyright law, is not whether this meant that there were two copies but, assuming we are talking about an LDMA work here (a computer program, for example), whether the act in question is one of reproducing the work in any material form.
Although you are arguing that there is no *re*-production, simply a transfer, my understanding of your method is that there must be two copies (or, at least, two copies of small chunks) for your verification and resend on failure process to work - you must have the same bit at both ends to be able to re-send the bit if verification fails. Whether this is, in the ordinary sense of the word, reproduction, is questionable.
The main problem, however, is that reproduction is deemed to include "storing the work in any medium by electronic means." By using your system, data which are stored on drive A are now stored on drive B; the act of storing the work on drive B would, most likely, be considered to be an act of "storing the work in any medium by electronic means" and thus be deemed an act of reproduction.
In reality, though, how much of this is about the technical issues of copying in a digital, networked environment, and how much is about a recognition that strict enforcement of current copyright laws, which had a very different impact in an analogue environment, provide a powerful tool to create a revenue stream?
s17(2) - (6), CDPA 1988
(2)Copying in relation to a literary, dramatic, musical or artistic work means reproducing the work in any material form. This includes storing the work in any medium by electronic means.
(3)In relation to an artistic work copying includes the making of a copy in three dimensions of a two-dimensional work and the making of a copy in two dimensions of a three-dimensional work.
(4) Copying in relation to a film or broadcast includes making a photograph of the whole or any substantial part of any image forming part of the film or broadcast.
(5) Copying in relation to the typographical arrangement of a published edition means making a facsimile copy of the arrangement.
(6) Copying in relation to any description of work includes the making of copies which are transient or are incidental to some other use of the work.
Pay per view?
Or charge for bundles (e.g. an entire season / series) or content type (e.g. sport)?
I do not have a TV, and watch the occasional program via iPlayer catch-up. If I had to pay £145 per year for the privilege, I would not bother - I wouldn't miss it sufficiently to pay that.
However, if I could pay £10 for a selection of BBC comedy, I'd be tempted - even though, of course, some of that figure would need to go towards subsidising less popular programs.
However, it would need to be on a log-in basis, rather than charging everyone who has an Internet connection, for that way lies madness.
Subject access request
You could always try a subject access request, under s7, Data Protection Act 1998.
Have a day when you make a note of the traffic which you generate when connected to the service, then ask them for a SAR relating to that day.
You may be asked to pay up to £10, but, if they retain information in identifable form, they should be providing it to you after receipt of payment.
Note that the DRD does not require data to be generated.
The DRD does not required data to be generated; rather, it requires retention of data which are generated as part of providing the service. See s3 of the Data Retention (EC Directive) Regulations 2009: "These Regulations apply to communications data if, or to the extent that, the data are generated or processed in the United Kingdom by public communications providers in the process of supplying the communications services concerned."
If the service had not generated data as part of its operation (i.e. it did not switch on logging functionality), a s10 notice has no effect. By choosing to generate logs, the service provider was effectively choosing to bring itself within the ambit of the data retention regime. (For it to be obliged to retain, it must be served with a s10 notice, though.)
However, since the article talks about a "court order," which is not required for access to stored data under RIPA 2000, it is possible that the disclosure was made under a warrant under s8, PACE 1984 anyway., and so discussion of DRD obligations might be misleading. That being said, if logging / other data generation had not been enabled, there would have been nothing to be discovered under PACE.
(On the DRD point, one might question whether the provision of a VPN service is the provision of a public electronic communications service, but perhaps another story, and not applicable to an order under PACE anyway.)
I must admit...
... to spending £35 on a stainless steel stand, which doesn't even have the port replication and so, frankly, replaces just putting the thing down on a surface. But it does look nice.
I wonder how much it will be...
Lacking an HDMI projector, and having not had a TV for years, I don't have a use for this, but I want to reward this kind of creativity - even better if I don't have to cause the creator to go to the expense of actually building and shipping me something, so perhaps a "happy to accept cash-based recognition for this kind of creativity" approach.
Developing countries and copyright
Alan Story, at the University of Kent, has lead some truly excellent work in this sphere - for a detailed but accessible study of the issues of western models of copyright in the "South", I can highly recommend the "CopySouth Dossier": http://copysouth.org/portal/node/1
"on dodgy legal ground"
Seems a polite way of saying "not a leg to stand on, other than goodwill".
I'd be less "damn sure" :)
Perhaps an *arguable* case of blackmail, but I wouldn't stake anything on it being a clear cut case.
The offence of blackmail is set out in s21, Theft Act 1968:
One of the requirements is that the act in question must be performed "with a view to gain for himself or another or with intent to cause loss to another."
s34(2)(a), Theft Act 1968 provides that "“gain” and “loss” are to be construed as extending only to gain or loss in money or other property." The gain or loss can be temporary, but they must relate to money or property. (http://www.legislation.gov.uk/ukpga/1968/60/section/34)
Here, there is not necessarily a clear monetary / proprietary gain obtained by the person who posted the image (or threatening to release it), nor monetary / proprietary loss suffered by Johnson. One could argue the loss of salary resulting from a resignation constitutes a monetary loss, but it is perhaps questionable would be considered direct enough to be classified as a loss - and, in any case, likely only applicable to the person threatening to release the images if he does not resign, rather than the person actually displaying the posters.
Well, my thoughts, anyway.
"By next May"
"By next May" is, perhaps, the key phrase, which only appears quite a way down the article.
ICO expects organisations to be taking steps to ensure that they are compliant by May 2012, but a lack of compliance is not necessarily an immediate problem:
"Organisations have 12 months to make sure they comply with the new rules. In that time we expect websites to be looking at the cookies they use and where necessary putting in place steps to get your consent.
If a website does not appear to be taking steps to comply with the new rules and we receive a complaint during this 12 month period we will provide advice to the organisation concerned on the requirements of the law and how they might comply. Where we think it is appropriate we will also ask organisations to explain the steps they are taking to ensure that they will be in a position to comply by May 2012."
Source: ICO: http://www.ico.gov.uk/news/current_topics/new_pecr_rules.aspx
"new GPL licence"
A bit like a new PIN number, or an updated ATM machine?
I work as a lawyer
admittedly a geeky lawyer, and *I've* known of directory traversal for years, so I'm amazed that it could be considered "little-known"...
(Heck, anyone (particularly lawyers) familiar with the prosecution of Daniel Cuthbert in 2005 under the Computer Misuse Act 1990 would be aware of it, too...)
For another wire on the desk, and for something which, if the review unit represents those on general sale, does not seem particularly well moulded.
For £10, I could perhaps be tempted, but £45 is a heck of a lot of money for that.
(In any case, if I switch the mouse off at night / when I'm not using it, I have no problems with the operating battery life - I get a month or so between recharges, and then simply recharge the batteries overnight.)
Mine were £40 from Tesco...
... although I was cagey about spending £40 on Tesco own brand speakers. I must admit to being very pleasantly surprised. Transmitter connects via 3.5mm audio jack into the switch, so broadcasts from whichever of the various sources is selected, and no problem at all over the width of the lounge, to the two independent wireless speakers, which do manage to do stereo.
Other than the bulky wall-wart power adapters, which I guess are not uncommon, there's very little to dislike for the money.
For AirPlay wireless, a second hand Airport Extreme plugged into Harman Kardon Soundsticks does very nicely, for £150.
Have you misread the decision?
This is not what it says at all?
Even if you only read the summary on here, it's clear: "the ECJ has said that marketplaces are not responsible for infringement when all they do is allow third parties to display infringing goods for sale on their site."
Your carboot analogy stands - the organiser would not be liable.
If, however, the carboot organiser put up signs saying "buying fake [Chanel] handbags here", it's more likely that they are doing something wrong - and that's the view of the court here, too.
This is nothing new - it's been around since 2000, when the eCommerce directive was passed. If a provider is not aware of an infringement, or circumstances from which an infringement would be apparent, it cannot be found liable. If, once aware, it fails to take action, it can be found liable - it loses it shield. There is no obligation on an ISP to inspect every bit of tat - but, if it does, it needs to ensure it inspects well, to mimise risk.
turning a profit
"Hmmm, turning a tidy profit by copping a percentage of the bunce generated could be seen to qualify there"
I would suggest that turning a profit is insufficient in itself to cause the loss of the protective shield of Art. 14 of the eCommerce directive (2000/31/EC), for a couple of reasons:
Firstly, Art. 14 provides a shield to providers of certain information society services. "Information society services", within the context of EU communications law, includes within its definition that an information society service is a service "normally in return for remuneration". If an information society service should be provided "normally in return for remuneration", but that turning a profit rendered the protection of Art. 14 void, it would seem to only protect business which charged, but which were not commercially successful.
Secondly, in the Louis Vuitton v. Google case (C-236/08), the European Court held that, in respect of Google's operation of its AdWords programme, "... the mere facts that the referencing service is subject to payment, that Google sets the payment terms or that it provides general information to its clients cannot have the effect of depriving Google of the exemptions from liability provided for in Directive 2000/31."
Paying not with cash...
... but potentially with personal data:
"The Promoter may, for an indefinite period, unless otherwise advised, use the information for promotional, marketing, publicity, research and profiling purposes, including sending electronic messages or telephoning the claimant." (clause 15)
It should, of course, be easy to unsubscribe, and exchanging personal data for a £4 cable may seem a fair deal for those rich in data and poor in wires .
you'll need a fast, unmetered connection
Apparently - and I cannot find the source for verification - you wil be able to take your Mac to the nearest Apple store, and use their connection to download, if you so wish.
Of course, depending on where you live, this might not be an option, and it would be rather less than fun to lug iMac to the middle of a shopping centre to get some new software, but I seem to recall that the option will be there...
When this happens, use VLC or other DVD playback software to view the first few seconds of the desire, and just look at the title - this gives you the number. Then, in HandBrake or whatever, set it to prompt for title number, so that, when you out in the number from the playback software, it only scans that title. Irritating, but still pretty fast.
I bought a USB-powered LED-based light with a flexible housing about five years ago, from the pound shop, and it stills works well.
I have not tried to modify it to work with an iPad / Kindle / other connector, so I've no idea whether the circuitry would supply sufficient power, but, at £25, this seems remarkably expensive.
Sticking with FreeNAS 7 for a while, then
I was hugely impressed with FreeNAS - I found it very easy to configure, and it "just works".
Since FreeNAS 7 is working fine for me at the moment, and uPnP support is important to me, I'll just keep an eye out for features - but I'm not going to risk messing up a perfectly good system for the sake of a later release number!
- Review Samsung Galaxy Note 8: Proof the pen is mightier?
- Spin doctors brazenly fiddle with tiny bits in front of the neighbours
- Nuke plants to rely on PDP-11 code UNTIL 2050!
- Game Theory Out with a bang: The Last of Us lets PS3 exit with head held high
- New material enables 1,000-meter super-skyscrapers