• Google
    This Blog Web

October 2011

Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          

RSS Feed

Bookmark and Share

Email Feed



  • Powered by FeedBlitz

« Nanoethics Advisory Board | Main | CRN Goes to Canada »

January 23, 2006

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451db8a69e200d8345ebf8469e2

Listed below are links to weblogs that reference Short Fiction: "Printcrime":

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Janessa Ravenwood

I'm rather surprised you guys would link to this. The hero of this story is doing exactly what you guys don't want. I would think that you would want to take the cops' side, not his.

Mike Treder, CRN

Hey, it's only fiction. It's an entertaining little story that highlights some of the issues we may soon have to deal with.

Also, I like giving a plug to Cory Doctorow's work. Has anybody read Down and Out in the Magic Kingdom? An excellent short novel -- and you can download it for free!

Tom Craver

Does CRN really care one way or the other about the IP piracy issue? One can agree that some sort of IP protection laws and technology are likely to be implemented, without needing to strongly favor (or oppose) them. It just seems below the level of dangers CRN should be concerned about.

In fact, if IP DRM somehow threatens to decrease safety (as in the recent Sony DRM'd music CD snafu), CRN should actively discourage at least that form of DRM.

For example, IP design rights protection might be well served by requiring a digital communication link from a nanofactory to report back usage for billing purposes.

But including a digital communication channel creates a strong risk of dangerous viral infections rapidly spreading through that channel. I think CRN should actively oppose incorporation of digital communication into nanofactories.

Matt

I think CRN should actively oppose incorporation of digital communication into nanofactories.

This would be a fight against windmills. A nanofactory without digital communication will be a lot less useful than with it, and that's why it's not going to happen. How do you want to update a nanofactory, or upload new blueprints to it? Personal fabrication would be impractical, and once people know what an unrestricted nanofac can do, some, or many, won't be content with limited nanofactories that can only produce a hard-coded or even hard-wired whitelist of products.

You could solve the Internet's spam and malware problem only by disallowing digital online communication between computers, but of course that's the very essence of the Internet. Obviously, the Internet with all its problems is considered more useful than no Internet at all; that's why it doesn't simply go away.
Just as the only safe computer is a computer that's not connected to any network, the only safe nanofactory will be the one that's permanently disconnected from any other device capable of programming it. By the way, this does include human beings.

Another thought on IP rights and uniqueness of objects: Could you imagine anything even remotely similar to an md5 sum of a physical object? Do you know of anyone who has given this serious thought?

Tom Craver

You could still load designs. Download the design from the internet to your PC, write it to a storage medium, walk it over to the fabber, copy the design off.

The idea isn't to block all data transfer - just to slow data movement down to a pace and mode that humans can better keep under control.

A worm or virus could still spread, but without the ability to automatically copy itself from machine to machine, it'll be substantially slowed, giving people time to recognize what is going on, put out warnings, generate anti-virus patches, etc.

Matt

A worm or virus could still spread, but without the ability to automatically copy itself from machine to machine, it'll be substantially slowed, giving people time to recognize what is going on, put out warnings, generate anti-virus patches, etc.

This hasn't worked for floppy viri (when there even was no www), why would it work in the future? People won't become more tech-savvy just because their tools become more powerful. Maybe even the opposite, because of broader accessibility. Additionally, often people don't even notice they have a virus and just spread the offending data to their friends. Those friends will assume the data/software are safe because they're from their friends and will spread it, ad infinitum. Same mechanism as usual.

Good social engineering can be a lot more successful way of spreading viri than the virus author's technical finesse. The user is usually the weakest link in the PC security chain.

Andrew

Talking about worms/viri for nanofactories... that would make for some really scary fiction: a virus that downloads and runs designs for wireless-enabled mobile nanofactories which communicate via some kind of encryption on a certain frequency. Phase II of the virus would be these newly-made nanofactories printing out armed robots, or biological viri of some kind.

Tom Craver

Matt -

I'm not saying manually spread malware won't be a threat, nor that keeping the fabber offline is a cure-all.

But how many floppy-spread viruses did you receive, back when they were the only way to move data around, and virus scanning software was pretty rarely used and people were much more naive about such things?

Compare that to how often spyware tries to get on your system, or how often an email virus comes in and has to be squashed, or how often there are attempts to take control of your PC via a security hole in some piece of network-software.

And I am certainly not saying we won't have to build up other defenses around fabbers.

The PC with it's internet connection is an obvious weak point. It'll need a design-virus scanner. It should keep an encrypted database with checksums of every design downloaded, to let it detect when a design file on the PC has been modified (infected) since it was downloaded.

Maybe the fabber itself should only run software strictly from ROM, to reduce the chances of malware taking control of it. (No, that's not a 100% protection from software virus infection either, though it does make it much, much harder.)

And eventually we will have to worry about robotic viruses, able to emulate the actions of a human operator to manually take control of a fabber.

Matt

I like the virus scanner/hash database idea, it's a tried and true method that greatly reduces virus threats today and should do just as well in the future.

But how many floppy-spread viruses did you receive, back when they were the only way to move data around, and virus scanning software was pretty rarely used and people were much more naive about such things?

To the best of my knowledge, none. However I wouldn't consider myself an authorative source of info on that, because back then I was naive myself (I wouldn't have noticed a floppy virus unless it had had obvious effects) and the time span from when I got my first PC to when I went online (that must've been around '97) was only 2 or 3 years. During this time I didn't spend much time with the PC.

Compare that to how often spyware tries to get on your system, or how often an email virus comes in and has to be squashed, or how often there are attempts to take control of your PC via a security hole in some piece of network-software.

For me, this is quite rare nowadays, because I believe as a CS student and because I'm interested in how my computer works and by what it can be negatively affected, I take more care to my computer's security than the average guy. I can roughly estimate what actions bear which risk, which download might be dangerous, which kind of sites and .exes I should avoid, I know how to google if I have a problem I can't solve and I know that people abuse search engine rankings, and so on. Today, my own PC's security is almost second nature to me, but I know many, many people for whom it's not. And I have much confidence that this personal statistic really is representative.

In short, even a (fully patched) Windows PC with enough security software can be safe from the Wild Wild Web if but only if its user knows and cares about security. No system or combination of systems is absolutely fool-proof if it's supposed to do something significant, and the more one tries to give that impression, the less users will feel like they have to take on any responsibility for themselves and their net security. Ever heard of the quote "If one designs a fool-proof system, only fools will want to use it."?

Of course you did not propose a fool-proof system, it was not my intention to say that. However, if you merely delay the inevitable, the Big Bang will in the end be a lot bigger than if people start making mistakes right away and thus can learn with the threat, releasing pressure gradually instead of abrubtly, so to speak. If all goes well for x years, then in the x+1st year the catastrophe will presumably be even bigger than if a series of smaller blunders happens.

The common user is usually the limiting factor in computer security, and from my experience, sufficient basic user education can already consist of teaching how to recognize and learn from mistakes, so that "learning along with the growing threat" doesn't remain just a nice illusion.

Maybe the fabber itself should only run software strictly from ROM, to reduce the chances of malware taking control of it. (No, that's not a 100% protection from software virus infection either, though it does make it much, much harder.)

It depends. If you can conveniently create your own ROMs and exchange them for the installed ROM, you have just added another layer of inconvenience without adding significantly to security, because it's just another form of floppy. And if there's a sufficiently large demand for such modification, you can't just legislate it away, just as you can't legislate away P2P trading of copyrighted files today.
If the ROM content can be modified only by, say, the (licensed) manufacturer, there is more security only if the manufacturer has close to perfect network security and legislative government backing. One serious, unnoticed breach can have really bad consequences if the cracker has write access to future ROMs. And I predict that A LOT of manufacturers would want to enter that market, increasing the number of targets.
Lastly, if you can't modify the ROM or its content at all, it's nothing but a hard-wired/coded whitelist, which people probably won't accept for long, because it's very much against the idea of personal fabrication and merely an quantitative, not qualitative, extension of today's centralized production/distribution schemes.

Of course, of all that babble of mine doesn't even touch the problem of malware that is not hiding in a legit design, but where the design itself is the (intentional) threat.

Tom Craver

Matt:

Your own experiences seem to back up my point regarding having on-line connection being dangerous - for most people.

By software in ROM, I did not mean putting designs in ROM. The main ROM software needed is to translate the design from its compact form into a simpler but much larger form for the individual robotic workstations to follow. No one will have reason (or practical means) to replace the ROM data - if there's a better version, just get a whole new fabber.

Why would you WANT an online fabber? DRM copy control might be a bit inconvenient if you had to load a design for every product made - but I'd expect the fabber to allow "bulk design" purchases - 100 copy-rights of a roll of toilet paper. You could load open source designs once and make as many copies as you like.

Your point regarding easing people into the dangers may make sense - but I'm sure there'll be plenty of other fabber security problems for people to "get experienced" on. Once people are familiar with fabber dangers, perhaps then an online fabber becomes less of a risk, if for some reason we want it.

Regarding dangerous designs - that might be another good reason to keep the fabber offline. Simulate fabbing the design on the PC, before it gets loaded into the fabber.

Chris Phoenix, CRN

Tom:
"Does CRN really care one way or the other about the IP piracy issue? .... It just seems below the level of dangers CRN should be concerned about."

IP "piracy" is not a large direct danger. But companies will be concerned about protecting their IP. And those companies could lobby for bad policy, or could take destructive action unilaterally--like Sony did.

Another reason to care about IP is that DRM mechanisms may be useful for more than just IP. For example, a mechanisms that scans blueprints for patent infringement might also form part of an anti-malware program.

Janessa: "I'm rather surprised you guys would link to this."

Well, you may have noticed that we aren't afraid to see opposing views on this blog. And anyway, I think this story is a good cautionary tale for the Powers That Be: Too much oppression, and you'll get not just a black market, but a rebellion.

Chris

The comments to this entry are closed.