« So this cracker walks into a mosque… | Home | H8 my hosting provider »

Oh frabjous day!

I’ve been talking a lot, both on this blog and off (mostly off, believe it or not), about issues of piracy and how the RIAA and MPAA deserve the horrible, slow death they’re both dying. One of my most recent examples of the utter evil these organizations emanate was the creepy traffic analysis toolkit the MPAA just distributed to 25 major universities in the U.S.

The toolkit sets up an Apache Web server on the user’s machine. It also automatically configures all of the data and graphs gathered about activity on the local network to be displayed on a Web page, complete with ntop-generated graphics showing not only bandwidth usage generated by each user on the network, but also the Internet address of every Web site each user has visited.

Unless a school using the tool has firewalls on the borders of its network designed to block unsolicited Internet traffic — and a great many universities do not — that Web server is going to be visible and accessible by anyone with a Web browser. But wait, you say: Wouldn’t someone need to know the domain name or Internet address of the Web server that’s running the toolkit? Yes. However, anyone familiar enough with the file-naming convention used by the toolkit could use Google to search for the server.

Frightening, no? Well here’s the clincher, the way to resolving this whole mess:

The University Toolkit is essentially an operating system (xubuntu) that you can boot up from a CD-ROM. The package bundles some powerful, open-source network monitoring tools, including “Snort,” which captures detailed information about all traffic flowing across a network; as well as “ntop,” a tool used to take data feeds from tools like Snort and display the data in more user-friendly graphics and charts.

Gee, last time I checked, Xubuntu is an open source operating system distributed under the terms of the General Public License (GPL). That means that if the party utilizing the GPL’d code redistributes it without providing access to the source code, they’re in violation of license.

Do you get it? The MPAA is infringing on intellectual property rights. This is pure gold. After years of stamping their feet petulantly, demanding that consumers pay them tons of money, many times over (did you know it’s illegal to play DVDs in Linux?), they go and steal someone else’s work, completely ignoring the written license under which it was offered.

Interested parties were of course notified, and have successfully had access to the toolkit stricken from the MPAA’s website. (That’s a Slashdot summary of the event. Make sure to check out the comment threads for a few laughs.) Evidently, the MPAA was less than cooperative, so the individual—Ubuntu developer Matthew Garrett—notified the MPAA’s ISP and forced it to be removed that way.

MPAA don’t fuck with my shit.

(And yes, I did attempt to contact them by email and phone before resorting to the more obnoxious behaviour of contacting the ISP. No reply to my email, and the series of friendly receptionists I got bounced between had no idea who would be responsible but promised me someone would call back. No joy there, either.)

This is a common tactic of the MPAA and the RIAA, to serve ISPs subpoenas demanding IP addresses for individuals allegedly pirating.

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Oops.