Round two, featuring Bruce Schneier

 Bruce Schneier just wrote a post on all the suggestions to add authentication to the internet. The idea behind those is that if nobody on the internet was anonymous, legitimate users would be largely unaffected and the bad guys would be out of business. Schneier does a nice job refuting this. He says that the technological problem of attaching real names to everyone on the internet is "insoluble", and that trying to implement such a scheme will only hurt free speech, especially in countries that try to censor their citizens. As his first commenter summarizes, "if you outlaw anonymity on the internet, only outlaws will have anonymity on the internet."

Then, Schneier draws a parallel between universal authentication and copy protection:

The whole attribution problem is very similar to the copy-protection/digital-rights-management problem. Just as it's impossible to make specific bits not copyable, it's impossible to know where specific bits came from. [...]

Just as the music industry needs to learn that the world of bits requires a different business model, law enforcement and others need to understand that the old ideas of identification don't work on the Internet. For good or for bad, whether you like it or not, there's always going to be anonymity on the Internet.

Couldn't agree more.

The Elephant in the Room

I'm baffled: why is the debate about intellectual property and DRM so deep in denial? On one hand, I believe in property rights and the rule of law as much as anyone, and I recognize that as people take on increasingly abstract jobs--things like writing, making music, or programming computers--it's important that they be able to make a living doing those thing. At the same time, the business model for non-broadcast media designed for mass consumption--music, DVDs, and stuff like that--seems broken. And there's a huge disconnect between current copyright law and reality.

Blog posts ranting about how awful DRM is or complaining about the RIAA and the MPAA are a dime a dozen, so this one won't be another of those. I think there's a more fundamental problem, one that people don't seem to talk about as much:

You can't protect a sequence of bits while also distributing it for consumption.

Sure, I can protect a sequence of bits I send to one or a small handful or receivers. You and I can get PGP--a freely available military-grade encryption protocol--and I can send you a message that nobody else will ever be able to read, even if they can see all the communication between us. But if I make a song and "sell" it to a million people to listen to, then the idea that I can still protect its distribution at that point is ridiculous. It's like walking into a crowded room, shouting something private as loud as you can, and then getting upset when it comes back to you a week later from someone else. Paper money can be kept in safes. Cars can be locked. Information just doesn't work that way.

The practical manifestation of this is that DRM is famously ineffective. For example, the DVD and HD-DVD formats were both designed, at great expense, to contain strong encryption, with the key only available to licensed DVD player manufacturers and a few other corporations. Both were cracked relatively quickly. There are plenty of cracks in Blu-ray's armor, too. Encrypting something well--keeping it secret--and making it available to millions of people to view are incompatible goals. On a similar note, I once checked out an "e-book" version of a book I owned from a local library, just because I was curious what it would be. It could only be opened in a program called Adobe Digital Editions, with particularly intense DRM--it needed an internet connection to run, so that Digital Editions could connect to an Adobe server, exchange cryptographic keys, and make sure that the book was still "on loan" to you. But, like all DRM schemes, it had a relatively obvious weakness--I could view the pages. It was writing out all the carefully protected content, in pristine unencrypted form, to my computer's framebuffer. So I hit Print Screen, fired up Paint, and pasted in the title page. I wrote a quick macro using the excellent AutoHotkey that did some additional voodoo, let it run overnight, and 1300 automatic Print Screens later I had a folder full of neatly cropped JPGs. I clicked "view as slideshow" and my book was mine again.

You can't share a secret with a million people and expect them to keep it.

There's one more elephant in the room that I think deserves some attention. Two elephants, actually: Apple and Google. Despite its fundamental technical weakness, DRM used to have a bit of efficacy in preventing the average Joe from copying and sharing media designed for mass consumption. This is simply because it makes the fundamentally possible sufficiently inconvenient. The average Joe isn't going to write many AutoHotkey scripts. He's not going to write an audio driver that reencodes all that DRM'd music in his ITunes library as MP3s instead of sending it to his sound card. But nowadays, the average Joe somehow has access to all this stuff. He listens to tons of music. Most of my college friends, regardless of whether they're technically inclined or not, have many gigabytes of music. If they were actually paying $0.99 a song, many of them would have a Bugatti's worth. Clearly, what they're doing is not paying, and it's not rocket science either. And Apple and Google are the big enablers.

Yes, this album art is the intellectual property of System of a Down. I'm sure they don't mind. If they ever send me a takedown notice, this post will implode in a puff of irony.

I remember when I got my first IPod in 2004. I bought it used from a friend, and it still had 3GB of his music on it. A few weeks later, I was listening to a different friend's IPod on a bus trip when mine ran out of batteries. I noticed that it had a lot of the same albums, and that the occasional artist name was misspelled in the same way. So I asked around and found out what all the cool kids were doing: swapping IPods. You have a 3GB music library, and I have a 3GB library. I take your IPod home for a weekend, use a little utility off of the internet to circumvent its laughable DRM, and merge all the tracks with my library. Then I put that library back onto your IPod, and now we each have 5GB of music instead of three. (The missing 1GB, in this example, is overlap between our original libraries.) Part of the reason that Apple makes billions from the IPod is because IPod was the new Napster. Copying songs from IPod to IPod is way faster than downloading them from virus-ridden P2P networks and is even less traceable, since there's no internet connection involved. I'm sure that part of the reason the Zune never took off is because Microsoft put a lot of thought into making a really strong DRM scheme, and opening up the kinds of possibilities an IPod offers was apparently more work than people were willing to do.

Google opens up an additional Pandora's box of information freedom so easy anyone can open it. Type in something like "family guy s02e01" and you'll get tons of sites where you can simply download that episode, a number of torrents and a few sites where you can actually stream it without leaving your browser. I know a number of people who get their textbooks by typing in the name plus "filetype:pdf". What really hit me, though, was when I opened Youtube earlier today and typed in "system of a down". On the first page, there was a playlist--a relatively new Youtube feature--containing a wide variety of songs by the band. The videos were just still pictures of each album cover, but they were HD, so the sound quality was pristine. One click later they were all on autoplay. Napster had nothing on this.

As a result, I'm surprised that Apple and Google aren't taking more heat from the likes of the RIAA. If the trade associations want to keep up the Quixotic fight for DRM, Apple and Google seem like the logical targets--not single moms whose kids once used KaZaA. Yet both they and the legal community seem stuck in denial. I know a number of people whose music libraries currently exceed 30GB; assuming 3MB per song, that's about 10,000 songs. According to the Copyright Act, each one of those if punishable by a fine between $750 and $150,000--for a total of, you know, somewhere in the $7.5m to $1.5b range. Between that and the DMCA, most of my friends, your friends, and millions of other people are criminals, and we each owe a corporate association or two astronomical sums of money. Yet those laws have resulted in only a handful of lawsuits, most of which have settled out of court. How can we take this legislation seriously?

What I would really like to see is not the RIAA and MPAA shifting their focus to Apple and Google, though either of those would be lots more palatable than their current victims. Instead, I wish they and all the other parties who care about copyright would be willing to take a levelheaded look at the way media is being consumed. I wish they'd step back and be realistic about the options content creators have. DRM is not really one of them. You can't share your bits and control them, too. There are other, more sustainable ways of making a living. Artists can go on concert tours. They can do private shows for hire. Film producers can show their work movie theaters and get paid at the box office. If you look at it that way, sharing becomes the good thing your preschool teacher always said it would be. The more people see your work, the more will care about you, and the bigger your audience becomes to which you can sell your services. A song or movie you get from a friend comes implicitly vouched for, and you're more likely to pay attention to its creators. As Richard Stallman famously said, information wants to be free. I think its time we stopped fighting that and started embracing it.

Computer Science Bonanza

It's been an adventure. After

• the race
• the vast expanse of nothingness that is Australia
• the carnivore's utopia of New Zealand
• the adventures of Thailand
• joining my dad's project, and
  
• chilling at home in Utah
  

...after all that, I'm back at Stanford now, five minutes out from my first lecture in six months. CS110: "Principles of Computer Systems." Based on MIT's 6.033, I hear. I'm also taking CS108, where I'll write an ungodly amount of Java, and CS109, stats for programmers, taught by the always-awesome Mehran.

The solar car team is meeting tonight for the first time since the race. A few fixes and, if all goes according to plan, we'll be rolling around campus on battery power, recruiting freshmen. Sometime between now and this summer, we'll have to build a new top shell and get ready for the North American Solar Challenge.

This will be an interesting quarter. More news as it comes in. Peace.

Two Decades, Two Birthdays

I'm twenty now. This will take some getting used to.

It happened en route from Bangkok, on my way home to Utah, somewhere on the flight from Kuala Lumpur and Sydney. I took in the biggest skyline Down Under for the third time in three months, chilled for a few hours, then got on a plane to San Fransisco. The sunset from the window seat six miles up was gorgeous. It also happened in 2x fast-forward, since the plane was going east almost as fast as the earth's rotation at that tropical latitude. Just three hours later instead of the usual six, it was midnight, December 13. Then we crossed the international date line, and it became my birthday again.

(True-color Earth, courtesy of NASA.)

If I could somehow go back to that other hemisphere exactly a year from now, I'd troll the stewardesses with a ridiculous legal edge case: I'd try buying a beer four times on the plane. It wouldn't work the first time, because I'd still be twenty. Then, after midnight, I could celebrate being twenty-one. Crossing the date line the other way, the date would jump back, to Dec. 11, and I'd be underage again. Finally, by the time we landed in Sydney, my legal age would change a third time.

Not that it would matter, since the drinking age Australia is 18. Cheers!

Heading South

...we've just come full circle a second time. We started our Thailand trip in Bangkok, and after all our adventures in Chiang Mai, we passed through Bangkok again a week ago. Here we are now in Bangkok a third time, looking out across the Chao Prahya river, which is buzzing quietly with millions of mosquitoes and loudly with a handful of overpowered ferries.

We just finished an awesome trip. A side-trip, but still--we spent the week in southern Thailand, on hills, on a beach, and in no less than four caves.

The first two of these were in Petchaburi, our first stop. A place so far off the tourist trail that it was hard to find any signs in letters I could recognize, and where getting food was an exercise in sign language. The town's one attraction was that pair of caves, which had been converted into religious spaces--one was a wat, or temple, while the other was just filled with Buddha images. Both had an interesting, unexpectedly postapocalyptic feel to them, empty and surrounded with stray dogs. Hundreds of monkeys sat in the side streets as much as in the trees, scratching themselves and squawking at us. They seemed to be waiting for throngs of snack-laden tourists that didn't exist. Inside the "cave of a thousand buddhas" were two women in white robes, meditating in silence. The darker corners of the cave were filled with the guano and high-pitched chirps of lots of bats.

...the Buddhas

..and us, waiting patiently for the shutter timer.

The real Terminator vibe, however, came from the wat cave. Its entrance was halfway up a hill that rose out of the otherwise flat outskirts of Petchaburi. As we approached the hill, locals were burning trash and leaves in ditches by the side of the road. The smoke wafted up to large, but decaying facilities--a half-finished parking structure, some food stalls, and a long line of bathrooms. These buildings, like the monkeys that surrounded them, seemed to be waiting for visitors that never came. We were the exception.

Only one other person entered the cave with us--a lady, like those in the by the "thousand buddhas", dressed in white. Three dogs followed her in; they looked as though they had definitely seen better days. We followed the dogs.

Inside, the wat was lit with bare flourescent tubes. The Buddhas were beautiful, but the smell was consitent with the handful of stray animals that seemed to call the place home. Nathan and I found a side cave that was accessible only by crawling through a tunnel a few yards long. It was just big enough to stand in, and black except for the dim glow of Nathan's iPhone. It also contained two floorboards, a broom, and a piece of cloth--we're guessing that a monk spent some quality time alone there.

...then we set the iPhone flashlight to red and Ben took a really long exposure shot.

We kept walking. One of the coolest statues in the cave was a very large reclining Buddha. So Matt whipped out his headlamp and Ben did another 15-second exposure:

...every year during New Student Orientation, there's a slideshow of the wildest pictures people have taken with the word "Stanford." With a little luck, this might qualify. (Also, the way the word overlaps the Buddha a bit was unintentional.)

We walked deeper into the cave, and into the most surreal experience I've had on this trip so far. We heard someone's voice echoing from the walls, piling syllables on top of each other in a fast staccato rhythm. It was the lady who had walked into the cave in front of us, and it was clear that she wasn't saying anything in any language. She was exerting herself visibly, though, taking short sharp breaths between long stretches of sound. This was glossolalia--"speaking in tongues." I had only known it from the book Snow Crash (which, by the way, is awesome.) In real life, however, there was something seriously disconcerting about it. I watched open-mouthed for about a minute. The three unkempt dogs stared back, presumably hoping for food, but the lady was facing one of the Buddha images and never acknowledged our presence.

We left the cave and climbed to the top of the hill, which is capped with an enormous (20-ish yard tall) sitting Buddha.

...and some extreme scaffolding

The statue was under renovation, surrounded by an abandoned-looking construction site. The hilltop also had some excellent views of Petchaburi and the countryside.

...like this one

The next day, we took the slow train to Hua Hin, through some scenic farmland. Hua Hin is only about 100 km south of Petchaburi, but in many ways the cities seem to be opposites. Hua Hin, it turned out, is a sunny beachside resort town. Once an annual destination for the Thai royal family, it is now full of Hiltons, Courtside Marriotts, and middle-aged vactioners in beach chairs. Nathan found some really good seafood.

Our last stop was lots more memorable. It was Khao Sam Roi Yot National Park, and it was almost as devoid of tourists as Petchaburi. Steep, dramatic, jungle-covered limestone peaks rose up next to a white-sand beach. We had a bunglow surrounded by palm trees.

...yes, it was this good.

That night, I walked over a short, steep path to a nearby fishing village. The boats were all ridiculously colorful. No English was spoken or written anywhere, so I just walked up to some dude who was loading fishes into a giant cooler and asked "khao lai"--"how much?", one of the five or so phrases of Thai I know. (I have the same understanding of Thai that a parrot might have if it was still in training. It worked, though, and with a bit more gesticulation and waving of Baht bills, I got some fish.) I got a few other things from two little shops. (This town was so small, it didn't even have a 7-Eleven. Those are totally ubiquitous in Thailand, kind of like McDonalds in America, and like McDonalds, you know you're really off the map when you find a place that doesn't have one.) In any case, I carried the fish back and Nathan showed me how to cook them Japanese style, encrusted in salt. We made a bonfire out of coconut shells and palm fronds.

...the fish was ridiculously delicious.

We got up the next morning to go caving again. These were a different kind of cave altogether, though--no black chambers or hair-raising utterances here. Instead, these caves were gigantic, and most of their roofs had caved in, creating two gaping sinkholes. Lots of sunlight filtered in through really tall trees reaching toward the surface. We shared the space with a couple of butterflies and a group of elementary-school kids.

We rolled back to Bankok again by the scenic route--chugging along in a German-built diesel contraption from a couple of decades ago.

...yours truly and friends

Until next time... peace!

Welcome to the Jungle

We're in Chiang Mai now, the center of northern Thailand and gateway to the madness that is the Golden Triangle jungle. We trundled in a few hours ago on a sleeper train. It smelled strongly of grease and chunked its way relatively slowly over a rough track. Nevertheless, I slept well after walking around Bangkok all of yesterday.

Tomorrow morning, we're going on a three-day jungle trek. Of all the places we've been on this trip, this is the least beaten path. According to those storytelling history bubbles in Lonely Planet, Northern Thailand only became reasonably stable in the 1980s. Before that, it was torn between Burmese, Chinese, and, during the Vietnam War, even CIA influence. It was home to a vicious drug trade, a lot of the world's opium production, and to some colorful personalities like this guy.

then...

That's Khun Sa, the Burmese warlord who got his start with the Kuomintang, amassed a personal army big enough to have territorial feuds with the governments of Thailand and Burma, and trafficked more than 1000 tons of heroin to America. The party, it seems, has since moved to Afghanistan, and the indigenous people now cultivate rice paddies where the poppy fields used to be.

...and now

The plan is to ride some elephants, go bamboo rafting, and hang out with some hill tribes. I'll have some pictures and updates when I come back.