executable content vs plain data (was Re: [LINK] Pascal's Wager
applied to GLobal CLimate Change)
cas at taz.net.au
Sat Jan 19 08:20:38 EST 2008
On Fri, Jan 18, 2008 at 03:26:55PM +1100, Rick Welykochy wrote:
> I started looking around the interesting website posted easlier
> by Mr Scheid (regarding Yellow Pages), and found this little gem.
> The video clip sums up quite nicely the consequences of
> doing nothing about GCC (and being wrong) vs doing something
> perhaps costly (and being wrong).
> How does this apply to Link? Reasoned analysis like this is
> easily disseminated now like never before. Public opinion can
> be better informed and force policy changes like never before.
another reason this is relevant to Link is the disturbing fact that the
video is only available as a flash movie hosted on youtube. i.e. it's a
program that you have to run rather than just video data in a file which
can be played by any video player program (any player that has the right
video codecs, of course).
which means that you have to be willing to run unknown, untrustworthy,
and untrustable executable programs in order to view it.
or download it (which can be a difficult exercise in itself - youtube
wants you to stream the video, not download it and view it at your
leisure) and attempt to extract the video data from the executable.
while i'm tempted to do just that in this particular case, it's
generally not worth the bother (and isn't always successful anyway).
it's disturbing not just because this particular video file is an
executable flash program but because it is becoming, or has become,
standard practice on today's internet. and, most likely, whoever made
and uploaded the video to youtube didn't even think about the security
implications, they thought only of the utility or convenience of
this is a serious problem with youtube and similar sites - it encourages
dangerously risky behaviour on the part of users, most of whom don't
know any better and, now they've got used to the "convenience" of sites
like youtube will refuse to be convinced that it's dangerous, that there
are better, safer ways that such sites could - and should - work.
e.g. one very easy way to improve the situation without being dependant
on a single commercial site that has revenue protection and DRM control
as part of its aims is for blogging software (such as the Typepad
software, used by www.kn.com.au) to have a built-in torrent tracker,
so that small and/or personal sites could easily host their own videos
without being too worried about the bandwidth consumed if the video
(for those who don't know how bit torrent and similar p2p protocols
work, every downloader also becomes an uploader - sharing the parts
of the file they already have with others who don't have that part
yet. they'll do that for at least as long as they're downloading for,
and most torrent users will continue to 'seed' the file until they've
uploaded at least twice as much as they have downloaded...some torrent
sites enforce such a ratio, with others it works on an honour system)
the obvious extension to that is for individual blogs to join forces (as
they do now with blogrolls) and agree to act as 'seeds' for each other's
torrents, so a well connected blog will always have several (perhaps
several dozen) seeds for their videos.
craig sanders <cas at taz.net.au>
BOFH excuse #352:
The cables are not the same length.
More information about the Link