[PP.Skane] non-compliance med standarder vanligt --> hur?

[Amelia Andersdotter]

On Fri, Mar 12, 2010 at 05:12:46PM +0100, Anders Hedberg wrote:
> Just USB är väldigt välstandardiserat och har ett certifieringsprogram som
> ger en rätt att trycka USB loggan på prylen och förpackningen. Kikar du
> Kjell o Co's USB prylar kommer du att hitta väldigt många varianter på
> USB-loggan som är snarlik den riktiga. Billigt kinesiskt skit ibland. Fullt
> fungerande ibland. Tillverkarna har bara inte tagit sig tid och pengarna att
> certifiera grejerna helt enkelt och så händer sånt här. (det tar runt tre
> veckor att få en pryl USB certifierad och du lämnar bort den till ett lab
> som tar hyfsat betalt för det. Du kan åka till pluggfester och testa dina
> grejer mot andras etc.)
>

Ptja. Jag skulle aldrig få för mig att argumentera emot kommersiell
piratkopiering men antar att det är svårt att få pirater att helt
konformera sig med tillgängliga standarder och/eller söka bevis för
att de konformerat sig. Det ingår lite i deras affärsidé att inte
betala pengar för att visa sig vara autentiska :P

Det är mer intressant om det finns några "legitima" kommersiella
aktörer som öppet _inte_ konformerar med standarden för att de kan. Å
andra sidan vore det väl kanske opraktiskt eftersom USB-portarna bara
ser ut på vissa sätt. Men hur är det med...Gah. Jag kan inte
tillräckligt om USB-stickor för att kunna säga något annat om portarna
:P

hälsar,

Amelia
 
ps. Jag inkluderar följande text som jag skrev till en kompis nu på
morgonkvisten för att jag är sjuk i huvudet:

My goal is to show that patent-pools and cross-licensing are not
enough to guarantee interoperability and privacy by design on the
market. That is. The market will not be capable of self-regulating
when it comes to privacy by design (I firmly believe this).

Imagine you have a patent pool that contains _most_ of the RFID
technology but not all. Or that you have a second pool that contains
_most_ of the positioning tracking technology but not all. And that
you have a third pool of patents relating to medium-range network
technology.

Now imagine that you need to create a security tool for these
different aspects that is easy to use for consumers, so that privacy
guarding is a default and not an extra, and definitely not something
that ismore costly than it has to be.

One way of doing this is mandating that all producers of WAN, PSs and
RFID incorporate privacy guards in their applications for free ("the
option for privacy cannot be more costly than the option not for
privacy"). However, this will give a thousand different privacy
guards, and for a consumer this might be too many applications.

Another way of doing it is cross-licensing to third party vendors who
can create a single tool to guard privacy (I believe such a tool would
have to be commercialised to reach "the masses"). They would have to
purchase licenses, trade licenses, or become external licensees of a
pool (or several pools as it were, see above). This is impractical and
expensive.

Further, for academics and independent producers or SMEs and new
entrants on the market, gaining access to a useful amount of licenses
and/or knowhow will be nearly impossible.

Therefore, the policy option remaining is either _mandatory_
interoperability or _mandatory_ open architectures. That is, a very
invasive approach to manufacturing on the free market. 

I believe such an approach or argument would in fact be useful in many
situations where we have other market invasive regulation today. So in
theory, if we could replace some of our existing regulation (but
that's not going to happen probably :)) with that provision, everyone
would benefit.

Richard Stallman has argued something similar when it comes to source
code in relation to the Pirate Party's lack of a specific free
software friendly provision in the program of principles (the argument
goes: "free software and proprietary software would have to compete on
the same terms"), with mandatory escrows and/or mandatory distribution
of the source code with every binary (this to me seems impractical, to
be honest - I like the escrow idea better: perhaps upon installation
of a binary source code from a CD or a package repository is
immediately uploaded somewhere? Don't say everyone does not have an
internet connection, I am already aware of this problem and believe in
infrastructural subsidies to remedy that). 

Do you follow, and does it make sense?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.pirateweb.net/pipermail/pp.skane/attachments/20100313/c90f28da/attachment.pgp>