I suggested the certificate solution but it's far from being lightweight. I found a simpler solution that may fit some use cases.
The client sends a request, the server returns a response that may be big that also contains a random value. The client must return this random value in a thank you message.
If the server doesn't receive the thank you message, it slows down responses to that ip address and eventually blacklist it if it's repeated.
From the client perspective, the answer is obtained in one round trip time. The price to pay on the server is the need to keep track of the expected thank you messages, and the throttled or blacklisted addresses.
The problem result from the ability to forge a fake origin IP address. This can be avoided by adding a certificate for the IP address. It adds a processing and size overhead, but it also preserves the single round trip transaction.
It doesn't really work. You need to use fairly strong cryptography, and this means a lot of CPU power from your side to validate it. You also need mechanisms to notify users about certificate invalidation and expiration, you need ways to synchronize "time", etc.
At which point, it makes sense to just give up and use a normal TLS/QUIC connection. QUIC also has 0-RTT resumption, which is functionally similar to what you want.
Really, raw UDP makes very little sense in today's Internet. It might have been marginally more useful if BCP38/RFC2827 were more widely adopted.
> Really, raw UDP makes very little sense in today's Internet. It might have been marginally more useful if BCP38/RFC2827 were more widely adopted.
I might agree if the only purpose of UDP was to avoid the handshake. But this issue alone only affects some usecases.
Naive workaround/thought, require the client to pad the first packet to the point where there you can't use it for amplification attacks (not an absurd amount, just 1k or something. Of course depends on the context).
And possibly embed the source IP in the first response so that the indirection isn't as effective either.
I guess, I should have specified that I meant raw UDP for simple request-response protocols.
The other major use-case for UDP is for protocols where loss is preferable to retransmission delay, it's still very much valid. But in this case, UDP is used within a stateful context, with multi-stage handshakes and everything.
I didn't mean to generalize the use of certificate. It would be for a specific protocol for a specific application. I just wanted to justify that we are not required to use three way handshake.
Revocation is indeed a weak point of this solution as it would take time, probably a transaction, to check. This problem might be mitigated by shortening the certificate validity duration.
I don't see why time synchronization would be critical if the validity periods are slightly overlapping.
We probably don't need certificates for IP addresses,and just ensure edge routers sending packets to the internet ensure they are sending pockets with source defined as a network IP only within defined CIDRs.
There have been several plans for deploying IPSec everywhere as a evolution of IP with different key management strategies. There needs to be a way to look up a public key for a ip address, there's more than one way to do it.
In prior configuration, the UDP client must get a certificate which uses three way handshake to verify the IP address. Once a client has it's certificate, it can perform transactions with a simple two way transactions.
When NAT gets involved things get very complicated very quickly for that. For many networks and ISPs this would need to happen at the IP egress level and couldn’t happen on the end device, since the end device doesn’t even know its own IP and neither does the on-prem router.
Thank you. It's the best argument against the certificate suggestion I have read so far. It's a problem I overlooked.
Edit: If the server creates the certificate with a three way handshake, it will use the remote IP address. So the client doesn't have to know it's IP address
Clients could use the same certificate for every server, so there is only a one-time setup. Analogous to how clients need to be "configured" with an IP address, the certificate could be given to them by their internet gateway if desired.
Note: My comment is about communication restrictions and not about Imran Khan or Pakistan.
Restricting communication does indeed introduce a bias in information that people may get and thus the opinion they may forge. As such, freedom of communication is a pilar of democracy. But in some cases, communication may also be harmful and should be limited. Regardless if the info is true or false, if it may generate a harmful mass movement, it should be restrained. It's a bit more subtile than that, but I can't develop for conciseness.
IPFS is a protocol like http or bittorrent, rather than a platform like Twitter. It is a federated file storage, so although individual contributors can choose not to host z-lib or allow it through their gateway, there is not single authority that can ban content.
A better question is - is this a sensible technology for hosting legally dangerous material, and the answer has to be no. It is censorship resistant not anonymising. Like bittorrent but kind of worse. It is trivial for an enforcement agent to find all the servers in the world hosting a particular e.g. book and go after them.
I am sympathetic to your ethical question, but I'm just answering you on the technical side which is - your question doesn't really make sense but this is a bad idea.
well, that's not how I would address it. Remember here in HN you have many people interested in that subject (experts or not): app makers, artists, lawyers and what not. remember spotify was done based in a whole piracy movement/situation.
Honestly, merely limiting drastically the maximum copyright term would probably cover it. (Not just by making things public domain more rapidly, but also by presumably providing pressure on the business models of companies currently relying on the existing duration of copyright.)
Back in 2006, the UK commissioned a report recommending how to revise the copyright system (the Gowers Review of Intellectual Property), and it particularly recommended against any further increases in copyright terms - contra pressure from the music industry - and essentially only didn't argue for decreases because of international obligations. On pages 52 to 55 of the Review, however, there's quite a lot of evidence suggesting that most producers of creative works would not be meaningfully harmed in earning power if the term of copyright was as short as 10 to 20 years after production.
A 10 year copyright term, renewable for a further 10 on application, would do a lot to redress the balance you mention here.
Piracy is a misnomer used to make people feel like unauthorized copying is "stealing", since "piracy" traditionally refers to people who perform armed robbery on high seas.
Copying can be unauthorized, but when you say it as it is, "unauthorized copying" sounds a lot less terrible then "stealing" and "piracy", and is more precise in meaning.
Everyone calls it piracy, including the people who are active in the 'unauthorized copying' community. I'm not sure what's your objective in this discussion.
My objective is to get people to argue precisely why copying is bad.
Calling it "stealing", "piracy" and other ugly words is a strawman argument - we all agree stealing (physical items) and piracy (on high seas) is bad, so that would imply that copying is bad, too, since "copying is stealing and piracy". It's not, and additional arguments are needed.
ngl your point made more sense in the original sentence.
Using an untethered copy is indeed more privacy-friendly than using most garbage publisher portals and offerings. And yes, piracy can be a problem for the host if she has insufficient opsec.
Copying answers isn't bad because you are infringing on someones "right" to have control over their answers.
It is bad because you are commiting academic fraud and seeking a qualification you have not earned. You are claiming anothers achievement as your own.
Me reading a pirated book does not mean I claim to be the author.
I guess the elephant in the room is that you're not paying the authors for what they created; in this sense it's like "stealing". Someone spends time and resources making something and you use that something without compensating that someone. I agree it's not exactly like stealing (that's why we invented a different word for it), bt ut's still something that is unfair to the book author(s).
I think it's worthwhile to be precise when we argue. Saying it's not stealing isn't necessarily saying it's harmless or that it's not illegal. It's just not the same sort of action.
Eg, if you steal a book from a shelf, then it's gone. The shop can no longer sell it to anyone else, and needs to obtain a replacement. The customer that really need it may not be able to get it now.
But if a 10 year old from a dirt poor family with $100 to their name downloads a whole library of technical literature worth $10M, it's a very different situation. I think it's very arguable that there was no scenario in which the authors would have gotten paid, and that no real harm has been done in this particular case.
> I think it's very arguable that there was no scenario in which the authors would have gotten paid
Just to be sure: do you think that if people can't afford something that's not physically tangible they should be entitled (or at least permitted) to have it free of charge, because they wouldn't buy it anyway? I wouldn't buy (and probably wouldn't afford) a 30-day stay at the most luxurious spa in my country, should I insist that they let me enter anyway?
> no cost is imposed on the producer of the software, because somebody torrenting an installer doesn't cost the company any money.
Lost profit is still lost money. If you run a bar and I falsely tell everyone that your beer is poisoned (and everyone believes me) I'm not costing you any money, but you're still bankrupt at the end of the year.
> When pirating stuff a kid might grab an university book on biology out of curiosity to see how it compares to their high school lessons, but pretty much nobody actually buys books for reasons like that.
You sure that's the only plausible case? Here's another scenario: you need a programming book for your career, but you don't like spending $30 for it and you just pirate it. You would probably have bought it if you couldn't pirate it, but obviously pirating it costs less at nearly no risk; why should you spend $30?
I think this scenario is much more plausible than poor 10-year old kids downloading biology books for fun. But even if it wasn't, piracy enables both scenarios without distinction. Even if it was 80-20, that 20% of not-bought books would have ben bought if piracy didn't exist.
> The alternative reality is that it either doesn't happen or they check it out at a library instead, and again the publisher doesn't get any money.
I'm pretty sure public libraries pay for the books they have, directly or indirectly (with taxpayers' money)
> Lost profit is still lost money. If you run a bar and I falsely tell everyone that your beer is poisoned (and everyone believes me) I'm not costing you any money, but you're still bankrupt at the end of the year.
Yes, but you can't lose a profit you could never have had.
> I think this scenario is much more plausible than poor 10-year old kids downloading biology books for fun. But even if it wasn't, piracy enables both scenarios without distinction. Even if it was 80-20, that 20% of not-bought books would have ben bought if piracy didn't exist.
I'm not arguing that piracy is completely harmless. I'm arguing that it works differently from theft. We can't consider every potential loss as a real one.
Eg, mass torrenting of stuff can get to the point where on paper, if all of that was legally paid for, it'd cost more than the country's entire GDP. That's obviously ridiculous.
> I wouldn't buy (and probably wouldn't afford) a 30-day stay at the most luxurious spa in my country, should I insist that they let me enter anyway?
That's tangible. You consume space, resources, people time, water, energy, etc. People have to clean after you.
For comparison, take the scenario of a 10 year old from a poor family pirating Solidworks, which costs $5000-ish a license. The family doesn't have $5000 in their bank account.
So there exist two possible outcomes of this situation:
A. Kid pirates Solidworks. Company makes $0.
B. Kid doesn't pirate Solidworks. Company makes $0, because it's impossible for them to buy it.
That's precisely why many such companies have huge educational discounts, and offer software for free to students sometimes, and sometimes ignore piracy in some areas. If you could eliminate piracy by non-engineering companies you wouldn't make much of a difference, because pretty much no hobbyist out there spends $5000 on software they might use just a bit. Rather than buying it, they'll make do with alternatives instead.
> Kid doesn't pirate Solidworks. Company makes $0, because it's impossible for them to buy it.
I have this impression that "poor kid" vs "incredibly expensive software" is used as a strawman here, since we're talking of $30 books that anyone who's not incredibly poor can buy just by saving for a couple of months and anyone who's that poor can probably access using a public library anyway, versus the enormous amount of people that could afford those books, but see no incentive paying since they can pirate them for free without even going out of their house.
Obviously I'm using an exaggerated and artificial example to illustrate my point. Which is that it doesn't really work like actual theft. First, no cost is imposed on the producer of the software, because somebody torrenting an installer doesn't cost the company any money. And second, there are plenty situations where they never going to make any money no matter what.
Eg, back when I was 12 I did pirate software, and I didn't have the money to buy it if I wanted to. There was just no scenario under which those companies could have gotten paid. The alternative would be I'd just get my hands on something else, or mess around with the stuff I already had.
This even goes for things like $30 books. I grabbed a whole bunch of stuff just to take a look at what's it like. When pirating stuff a kid might grab an university book on biology out of curiosity to see how it compares to their high school lessons, but pretty much nobody actually buys books for reasons like that. The alternative reality is that it either doesn't happen or they check it out at a library instead, and again the publisher doesn't get any money.
There is an artist's gallery in my town. The artist sells lots of pieces (or tries to; no idea how successful). If I go and look at each piece, really take it in and absorb it fully and internalize it, but buy nothing, have I done the thing that's not exactly like stealing?
If I download a PDF and read it and then delete it as soon as I am done, have I done the thing that is not exactly like stealing?
If I go to a library and read that same book in its entirety without checking it out ... doesn't seem much different than reading and then deleting a PDF.
Stealing someone else's book definitely seems wrong, but reading it while you are visiting their house seems fine?
I am not claiming to know the right (ethical, moral, whatever) action here. I just have a super huge problem calling it "piracy" or "stealing" or whatever. Figuring out a way to support creators is hugely important, but criminalizing the mere viewing or hearing of art/music/words/etc seems extremely wrong.
Anyway, I've been thinking about all this since at least Napster and I still have no idea really.
My perspective: go with what the person who created it agreed to. They’ve set their life up around certain assumptions, and if I don’t like them I will forgo their work.
For example, that person whose works are in the gallery has built their business on a balance of exposure - letting anyone who walks in look at things - and the fact that people who buy art are willing to pay a fair amount to own a physical object for display. Looking without buying is expressly part of their business model.
Book publishing is different, with the author assuming they’ll get payments from readers - much smaller than that artists but many of them. Since I don’t have any ownership rights over their work, I don’t attempt to change the terms.
There is an artist's gallery in your town. The artist charges $10 on entry to see the pieces, that's how he/she makes a living. You enter from a backdoor that someone left open to avoid paying, and you additionally help anyone who wants to enter for free by showing them the backdoor. You know that what you're doing is illegal, but you don't care because the building where the gallery is hosted doesn't have anyone to check the backdoor at night, so you're extremely unlikely to get caught.
It's not exactly stealing, but it's still a) illegal b) selfish c) damaging to the artist
You cannot really "steal" military secrets by photograping them either, but it's still a threat to national safety. You cannot really "steal" trade secrets by photocopying documents, but it's still an incalculable damage to the company you target if you do. You cannot really "steal" someone's privacy, but if you look at their private correspondence or their electoral card you're still infringing on their right.
Does it really matter if you can call an action "stealing" or not? An action could still be damaging even if it's not technically "stealing".
If you gave credit to the source of the answers... then most teachers would just not give you the marks for the bits you copied.
The cheating here is faking attribution - claiming yourself as a source of something you didn't originate, not copying - a legally and morally distinct thing to copyright infringement.
Indeed, part of the point of copyright infringement is that you do know (and reveal to your clients) who made the thing you're copying, which is why it has value.
I'm obviously talking about ebooks downloaded from commercial platforms like KDP Amazon, and distributed for free on Z-library without permission from the author.
Comparing this to your comment is whataboutism. Comments on hacker news are free to read. If you want to be payed for your writing, use a platform that support this.
However, you do have an automatic copyright on everything you write and I would need your permission (eventually by paying you a fee) to republish it in a book or somewhere else. Fair use is an exception to that, but the amount of text we can reuse without permission is limited. These are rules.
When governments make exact copy of existing fiat money (i.e. engage in money printing) they increase supply of fiat money and as a result cause inflation, which decrease the value of fiat money existing before the money printer was turned on. So while such a copy did not completely eliminate your ability to use your money, it did in fact decreased its utility. And indeed can be a valid case of "stealing".
It's not stealing, government didn't steal anyone's money, they just devalued it. In a similar sense, gold miners are increasing the supply of gold and lowering its price, but they still aren't stealing anyone's gold - they're making more. The fact that fiat money is completely fictional does make it more prone to systemic abuse - but even in that case, what the government is taking away from people is value and labor, not money itself, and those two are a little more abstract and harder to reason about.
The word "stealing" has a specific meaning related to physically taking something away from someone else, let's not use it in contexts where it doesn't apply. Especially when the use of the word is mostly perpetuated by copyright holders who want to persuade the public that not giving money to them is equal to stealing from them. That's bullshit, and it will always be bullshit. To me, it sounds horribly similar to narcissistic abuse: "How could you not give money to me? Do you have any idea how much that hurts me?".
> When all my fiat money is taken, I cannot use it anymore, therefore it's removed.
Ok, so if your intellectual property is stolen ... err, sorry, "copied" of course, how do you get monetized for those "copied" copies? By your initial statement it's not removed, now you tell me it is? Weird.
There's no such thing as "intellectual property". If you don't want other people learning the information your mind has come up with, don't release it into the public where it can be easily shared.
> but I want money! I don't care if everyone else loses their right to sharing information!
These are pretty nice ideas fixing existing problems for desktop computers.
How would these work with mobile devices ? It doesn't seam compatible.
Also, these are user interaction suggestions. What about the encoding ? There are plenty limitations with Markdown (the pseudo standard) on this aspect.
The client sends a request, the server returns a response that may be big that also contains a random value. The client must return this random value in a thank you message.
If the server doesn't receive the thank you message, it slows down responses to that ip address and eventually blacklist it if it's repeated.
From the client perspective, the answer is obtained in one round trip time. The price to pay on the server is the need to keep track of the expected thank you messages, and the throttled or blacklisted addresses.