Slashdot Mirror

Maybe Microsoft would agree to sign a TCPA version of Linux. Then the Linux kernel could be designed so that it couldn't re-flash the ROMs or whatever it is that Microsoft is worried about.

You mean this bill ?

Of course they can, but they must do it prior to the sale. If they don't, the transaction walks like a sale, talks like a sale, and is in fact a sale, not a license to use.

The retailers are also within thier rights to make all purchases final on opened products. In fact many retailers have that very policy on hardware as well.

Not if they are acting as agents on behalf of the licensor. If they are, then they are required to comply with their role in the EULA, e.g. to refund the money on demand.

What needs to be done is the Software makers and the Retailers need to sit down and make an effort to make the EULA available BEFORE the sale is made. Perhaps with every case of the software, the EULA should come on a lamanated card, ready for display. This way the customer has the option of reading and agreeing to the EULA before they buy it.

Only if the customer takes some affirmative action to indicate consent. Without that affirmative action, you're back to square one ("Honest, I didn't see the EULA/I didn't know it applied to this software," etc.). "Making an effort" to make the EULA available prior to sale is insufficient.

I'm in retail and I make sure that before the person buys a copy of XP that they know that you are bound to one copy, one machine only BEFORE they sign the invoice. Many once told just shrug and buy it anyway, others scream, yell, bitch and complain and leave...But at least MY ass is covered

Do you also inform them that they are not allowed to resell or lease the software? Or that they are not allowed to "review" the software (which would include everything from a publication to just telling a couple of friends "it sucks!"). Do you tell them thay cannot reverse enginerr it in any way?

You say you are in retail; As an employee, or an owner? If as an owner, did you agree to act as an agent for these software companies and grant them the authority to impose EULA requirements on you? If not, how can you morally sell something that commits you to doing something that you know you will not honor?

If they have access to the License Agreement, don't read it and buy it anyway...I've no sympathy for them at all. However if they're dragooned into it because the agreement is not available until it is purchased (and most are assumed as agreed when purchased) then I feel sorry for them and stand behind them in a suit.

Those "Click to agree" buttons are there to indicate consent. (IMHO, they don't as anyone could have done it, including someone to young to be bound by a contract). The only way to have a legally enforcable contract is for the customer to sign a statement saying that he agrees before the transaction takes place. If s/he doesn't, the transaction has all the characteristics of a sale, and all the benefits thereof.

Money, however, is negative--it's corrupting the body politic. Even though money might be the most self-conflicting force in politics today, there are too many loopholes in this McCain-Feingold bill. All these lobbyists in town who are callous to what the bill stands for are going to exploit it. They'll turn to state parties and special interest groups and the money will keep pouring in. It's a tragedy.

JV: At all costs, the government should stay out of censorship, except in war. When soldiers lives may be at stake, I think you can. Vietnam is the only war we've ever fought in the history of our country, without censorship. But in any other arena, I'm totally opposed to censorship in any form. I'm a great believer and defender of the First Amendment.

JV: But you've already got a DVD. It lasts forever. It never wears out. In the digital world, we don't need back-ups, because a digital copy never wears out. It is timeless.

1. DVD cds and records can become scratched over time and therefore unplayable.
2. All digital media can become broken and do actually degrade over time through not necessarily from "routine" use.
3. All digital media and digital files can be lost necessitating a backup. This loss can be due to losing wither the physical device or the file on a hdd. Who hasn't accidentally typed rm at least once, or discovered that their kid decided to experiment with magnetism or the "empty recycle bin" command.
4. Hard disc drives can fail.
5. Standards can change making old formats incompatible.
6. etc.

If anyone can do it under the rubric of fair use, how can we protect the artists?

Today, it's illegal to copy a videocassette. No one has a fair use to copy a videocassette. If you lose it, you get another one, and there's nothing wrong with that.

Today, it's illegal to copy a videocassette. No one has a fair use to copy a videocassette. If you lose it, you get another one, and there's nothing wrong with that. That's what people have been doing for generations.

JV: What is fair use? Fair use is not a law. There's nothing in law.

Jack Valenti: I wasn't opposed to the VCR. The MPAA tried to establish by law that the VCR was infringing on copyright. Then we would go to the Congress and get a copyright royalty fee put on all blank videocassettes and that would go back to the creators [to compensate for videocassette piracy].

I predicted great piracy. We now lose $3.5 billion a year in videocassette analog piracy. It was a 5-4 Supreme Court decision that determined VCRs were not infringing, which I regret. As a result, we never got the copyright royalty fee, but everything I predicted came true.

• The trade imbalance with Japan would be deeply effected as a result: "We are going to bleed and bleed and hemorrhage, unless this Congress at least protects one industry that is able to retrieve a surplus balance of trade and whose total future depends on its protection from the savagery and the ravages of this machine. "
• Producers would get less for their films on the air and less revenues will be availible to networks and producers.
• That commercial skipping would strip away the reasons for free television.
• That the eceonomic benefits of recording movies from tv would reduce the need or desire for people to attend movies in the theatres, buy prerecorded tapes, or rent prerecorded tapes. He did not specifically predict that the desire would be killed just lessened.
• That the inevitable reduction in films availible in the theatrees and on TV (due to the rise of VCRs) will adversely impact "the less-affluent, the disadvantaged people pressed against the wall, out of work, who can't afford these expensive machines, and free television to the sick and the old and the poor will remain the primary source of home entertainment. "
• "substantial portions of any fees will be borne by manufacturers and retailers rather than passed on to the consumer."
• "The audio business today is where the video business is going to be 4, 5, 6 years from now. By that time, Mr. Railsback, it is going to be too late. You can't salvage the business then. " I am not so sure about this one but he seems to be referencing the fact that as of 1982 the music industry had utterly and irrevocably collapsed.

"plus the people on fast connections in universities, making it so easy to bring down a movie in minutes..."

Although this isn't in his article but in the testimony above I feel it should be commented on too:

"I want to go on record as saying that the motion picture industry, and I hope I am including all of those who are allied with me today, we are free traders. We do not believe in duties and import quotas."

Final quotes from Jack:

"One final point, Mr. Chairman, and then I am through and I have taken more time than I should have, but I am so fascinated by what I am saying..."

"They have more than 40,000 artists and they have people who poll and spot check the logs of radio stations and they make allocations of hundreds and hundreds of thousands of musical recordings and they have done it with almost no dissention from the ranks because they have gotten expertise in it and everybody trusts their judgment..."

Money, however, is negative--it's corrupting the body politic. Even though money might be the most self-conflicting force in politics today, there are too many loopholes in this McCain-Feingold bill. All these lobbyists in town who are callous to what the bill stands for are going to exploit it. They'll turn to state parties and special interest groups and the money will keep pouring in. It's a tragedy.

JV: At all costs, the government should stay out of censorship, except in war. When soldiers lives may be at stake, I think you can. Vietnam is the only war we've ever fought in the history of our country, without censorship. But in any other arena, I'm totally opposed to censorship in any form. I'm a great believer and defender of the First Amendment.

JV: But you've already got a DVD. It lasts forever. It never wears out. In the digital world, we don't need back-ups, because a digital copy never wears out. It is timeless.

1. DVD cds and records can become scratched over time and therefore unplayable.
2. All digital media can become broken and do actually degrade over time through not necessarily from "routine" use.
3. All digital media and digital files can be lost necessitating a backup. This loss can be due to losing wither the physical device or the file on a hdd. Who hasn't accidentally typed rm at least once, or discovered that their kid decided to experiment with magnetism or the "empty recycle bin" command.
4. Hard disc drives can fail.
5. Standards can change making old formats incompatible.
6. etc.

If anyone can do it under the rubric of fair use, how can we protect the artists?

Today, it's illegal to copy a videocassette. No one has a fair use to copy a videocassette. If you lose it, you get another one, and there's nothing wrong with that.

Today, it's illegal to copy a videocassette. No one has a fair use to copy a videocassette. If you lose it, you get another one, and there's nothing wrong with that. That's what people have been doing for generations.

JV: What is fair use? Fair use is not a law. There's nothing in law.

Jack Valenti: I wasn't opposed to the VCR. The MPAA tried to establish by law that the VCR was infringing on copyright. Then we would go to the Congress and get a copyright royalty fee put on all blank videocassettes and that would go back to the creators [to compensate for videocassette piracy].

I predicted great piracy. We now lose $3.5 billion a year in videocassette analog piracy. It was a 5-4 Supreme Court decision that determined VCRs were not infringing, which I regret. As a result, we never got the copyright royalty fee, but everything I predicted came true.

• The trade imbalance with Japan would be deeply effected as a result: "We are going to bleed and bleed and hemorrhage, unless this Congress at least protects one industry that is able to retrieve a surplus balance of trade and whose total future depends on its protection from the savagery and the ravages of this machine. "
• Producers would get less for their films on the air and less revenues will be availible to networks and producers.
• That commercial skipping would strip away the reasons for free television.
• That the eceonomic benefits of recording movies from tv would reduce the need or desire for people to attend movies in the theatres, buy prerecorded tapes, or rent prerecorded tapes. He did not specifically predict that the desire would be killed just lessened.
• That the inevitable reduction in films availible in the theatrees and on TV (due to the rise of VCRs) will adversely impact "the less-affluent, the disadvantaged people pressed against the wall, out of work, who can't afford these expensive machines, and free television to the sick and the old and the poor will remain the primary source of home entertainment. "
• "substantial portions of any fees will be borne by manufacturers and retailers rather than passed on to the consumer."
• "The audio business today is where the video business is going to be 4, 5, 6 years from now. By that time, Mr. Railsback, it is going to be too late. You can't salvage the business then. " I am not so sure about this one but he seems to be referencing the fact that as of 1982 the music industry had utterly and irrevocably collapsed.

"plus the people on fast connections in universities, making it so easy to bring down a movie in minutes..."

Although this isn't in his article but in the testimony above I feel it should be commented on too:

"I want to go on record as saying that the motion picture industry, and I hope I am including all of those who are allied with me today, we are free traders. We do not believe in duties and import quotas."

Final quotes from Jack:

"One final point, Mr. Chairman, and then I am through and I have taken more time than I should have, but I am so fascinated by what I am saying..."

"They have more than 40,000 artists and they have people who poll and spot check the logs of radio stations and they make allocations of hundreds and hundreds of thousands of musical recordings and they have done it with almost no dissention from the ranks because they have gotten expertise in it and everybody trusts their judgment..."

Money, however, is negative--it's corrupting the body politic. Even though money might be the most self-conflicting force in politics today, there are too many loopholes in this McCain-Feingold bill. All these lobbyists in town who are callous to what the bill stands for are going to exploit it. They'll turn to state parties and special interest groups and the money will keep pouring in. It's a tragedy.

JV: At all costs, the government should stay out of censorship, except in war. When soldiers lives may be at stake, I think you can. Vietnam is the only war we've ever fought in the history of our country, without censorship. But in any other arena, I'm totally opposed to censorship in any form. I'm a great believer and defender of the First Amendment.

JV: But you've already got a DVD. It lasts forever. It never wears out. In the digital world, we don't need back-ups, because a digital copy never wears out. It is timeless.

1. DVD cds and records can become scratched over time and therefore unplayable.
2. All digital media can become broken and do actually degrade over time through not necessarily from "routine" use.
3. All digital media and digital files can be lost necessitating a backup. This loss can be due to losing wither the physical device or the file on a hdd. Who hasn't accidentally typed rm at least once, or discovered that their kid decided to experiment with magnetism or the "empty recycle bin" command.
4. Hard disc drives can fail.
5. Standards can change making old formats incompatible.
6. etc.

If anyone can do it under the rubric of fair use, how can we protect the artists?

Today, it's illegal to copy a videocassette. No one has a fair use to copy a videocassette. If you lose it, you get another one, and there's nothing wrong with that.

Today, it's illegal to copy a videocassette. No one has a fair use to copy a videocassette. If you lose it, you get another one, and there's nothing wrong with that. That's what people have been doing for generations.

JV: What is fair use? Fair use is not a law. There's nothing in law.

Jack Valenti: I wasn't opposed to the VCR. The MPAA tried to establish by law that the VCR was infringing on copyright. Then we would go to the Congress and get a copyright royalty fee put on all blank videocassettes and that would go back to the creators [to compensate for videocassette piracy].

I predicted great piracy. We now lose $3.5 billion a year in videocassette analog piracy. It was a 5-4 Supreme Court decision that determined VCRs were not infringing, which I regret. As a result, we never got the copyright royalty fee, but everything I predicted came true.

• The trade imbalance with Japan would be deeply effected as a result: "We are going to bleed and bleed and hemorrhage, unless this Congress at least protects one industry that is able to retrieve a surplus balance of trade and whose total future depends on its protection from the savagery and the ravages of this machine. "
• Producers would get less for their films on the air and less revenues will be availible to networks and producers.
• That commercial skipping would strip away the reasons for free television.
• That the eceonomic benefits of recording movies from tv would reduce the need or desire for people to attend movies in the theatres, buy prerecorded tapes, or rent prerecorded tapes. He did not specifically predict that the desire would be killed just lessened.
• That the inevitable reduction in films availible in the theatrees and on TV (due to the rise of VCRs) will adversely impact "the less-affluent, the disadvantaged people pressed against the wall, out of work, who can't afford these expensive machines, and free television to the sick and the old and the poor will remain the primary source of home entertainment. "
• "substantial portions of any fees will be borne by manufacturers and retailers rather than passed on to the consumer."
• "The audio business today is where the video business is going to be 4, 5, 6 years from now. By that time, Mr. Railsback, it is going to be too late. You can't salvage the business then. " I am not so sure about this one but he seems to be referencing the fact that as of 1982 the music industry had utterly and irrevocably collapsed.

"plus the people on fast connections in universities, making it so easy to bring down a movie in minutes..."

Although this isn't in his article but in the testimony above I feel it should be commented on too:

"I want to go on record as saying that the motion picture industry, and I hope I am including all of those who are allied with me today, we are free traders. We do not believe in duties and import quotas."

Final quotes from Jack:

"One final point, Mr. Chairman, and then I am through and I have taken more time than I should have, but I am so fascinated by what I am saying..."

"They have more than 40,000 artists and they have people who poll and spot check the logs of radio stations and they make allocations of hundreds and hundreds of thousands of musical recordings and they have done it with almost no dissention from the ranks because they have gotten expertise in it and everybody trusts their judgment..."

Cryptome

Share an archive of cryptome.org because one of these days John is going to get thrown into a deep, dark hole.

There is an example for what such a specification might look like. The second pdf document (in English) is especially interesting as it gives some rather technical details of how the surveillence data must be structured (XML) and encrypted (PGP) before sending it to the Swiss authorities.

There is an example for what such a specification might look like. The second pdf document (in English) is especially interesting as it gives some rather technical details of how the surveillence data must be structured (XML) and encrypted (PGP) before sending it to the Swiss authorities.

There is a certain kind of logic to all that. Call it Palladium, wait til everyone gets irate and associates the word Palladium with something they hate then change the name. And if you can change it to a name that's utterly unmemorable all the better. Then roll it out.

There is a certain kind of logic to all that. Call it Palladium, wait til everyone gets irate and associates the word Palladium with something they hate then change the name. And if you can change it to a name that's utterly unmemorable all the better. Then roll it out.

It's a true fact that asbestos insulation was used in the construction of the WTC (up to the 64th floor, when NYC banned asbestos use in 1971).

The real "myth" is if exposure to asbestos fibers causes cancer in the long term. So far the only cases observed have been in extreme exposure cases (like miners), and long-term smokers that were exposed to fibers. The Cryptome article describes the "junk-science" that started the asbestos hysteria in the 1970s (and continues to this day)

The amount of friable asbestos fibers in the WTC collapse certainly exposed many people but the long-term results, if any, won't been seen for decades.

The author also argues that if not for the asbestos hysteria, perhaps the steel columns on the floors above 64 would have been saved from the fire and the towers would have held long enough to get more people out. Interesting stuff.

"Will Linux and other alternative operating systems continue to install and function properly on computers containing AMI BIOSes?"

In answering this question, I would ask that our interview victim clarify whether there are any circumstances under which "alternative operating systems" would need to be cryptographically signed by an authority in order to boot, and if so, who is that authority?

As Ross Anderson pointed out last year,

Now here's another aspect of TCPA. You can use it to defeat the GPL.

During my investigations into TCPA, I learned that HP has started a development program to produce a TCPA-compliant version of GNU/linux. I couldn't figure out how they planned to make money out of this. On Thursday, at the Open Source Software Economics conference, I figured out how they might.

Making a TCPA-compliant version of GNU/linux (or Apache, or whatever) will mean tidying up the code and removing whatever features conflict with the TCPA security policy. The company will then submit the pruned code to an evaluator, together with a mass of documentation for the work that's been done, including a whole lot of analyses showing, for example, that you can't get root by a buffer overflow.

The business model, I believe, is this. HP will not dispute that the resulting `pruned code' is covered by the GPL. You will be able to download it, compile it, check it against the binary, and do what you like with it. However, to make it into TCPA-linux, to run it on a TCPA-enabled machine in privileged mode, you need more than the code. You need a valid signature on the binary, plus a cert to use the TCPA PKI. That will cost you money (if not at first, then eventually).

Anyone will be free to make modifications to the pruned code, but in the absence of a signature the resulting O/S won't enable users to access TCPA features. It will of course be open to competitors to try to re-do the evaluation effort for enhanced versions of the pruned code, but that will cost money; six figures at least. There will likely be little motive for commercial competitors to do it, as HP will have the first mover advantages and will be able to undercut them on price. There will also be little incentive for philanthropists to do it, as the resulting product would not really be a GPL version of a TCPA operating system, but a proprietary operating system that the philanthropist could give away free.

I seem to recall a story about another young Irish student who had developed a "revolutionary" encryption engine a while back. That was largely all claim and no solid documentation as well, and what has become of her efforts since then? Not much, not even a single update.

Bullshit. Get your facts straight before you malign someone. Sarah Flannery

• won the Ireland's Young Scientist of the Year, and
• the European Young Scientist of the Year awards,
• was awarded a third-place Karl Menger Memorial Award from the American Mathematical Society and a fourth-place Grand Award in Mathematics,
• won Intel Fellows Achievement Award,
• wrote a paper on her algorithm, with a postscript exposing a successful attack,
• wrote a book, In Code: A Mathematical Journey, on her experiences (5 stars, 13 reviews, sales rank=35K).

She used Mathematica, so the Wolfram website has review of the book.

Here's a quote from Bruce Schneier in his 15 Dec 99 newsletter .

To me, this makes Flannery even more impressive as a young cryptographer. As I have said many times before, anyone can invent a new cryptosystem. Very few people are smart enough to be able to break them. By breaking her own system, Flannery has shown even more promise as a cryptographer. I look forward to more work from her.

All of this was easily found with a Google search that garned 24,000 hits.

The encryption story wasn't snake oil, and had very solid documentation. Sarah Flannery won Irish young scientist of the year, and subsequently the EU-wide prize, for her work. Her paper is here.

The Cayley-Purser algorithm she developed was subsequently shown to have security flaws; I don't recall if this was before or after the EU prize, but thats immaterial, the work was original and interesting, and worth a prize for a 16 year old!

She has subsequently written a book , which is a pop science introduction to crypto, and I understand from the blurb she's now studying maths at Cambridge.

-Baz

Its probably not fair to characterize Sarah Flannery's work as having had, "no solid documentation." As this page at Cryptome points out, Sarah's work did not "revolutionize cryptography" because several mathematicians -- including Sarah herself -- identified a "definitive attack" on the technique described in her winning paper (which was an application of the Cayley-Purser algorithm). Her book remains a good read, especially for young women, and I don't think anyone believes that the math in her original paper is anything less than exceptional for a 15-year-old.

She (Sarah Flannery) made a claim, and during a review process someone found a flaw in the underlying theory (Cayley-Purser) as used by her work, and so the whole thing collapsed as it was essentially useless as a high-grade encryption engine. Details can be found in the (amended) paper here.

As for documentation, I'd say the link above covers it. Also, she wrote a book about the whole thing, including the problems found.

As I recall that was covered here at the time...

I lead the security group at the laboratory, where I hold a faculty post as Reader in Security Engineering.

I don't think Andersson is, as you suggest, biased against TCPA / Palladium and certainly not "heavily biased" (see Bill Arbaugh's comment below). His analysis does however point out very serious consequences of the TCPA / Palladium infrastructure. The consequences are what they are, Anderson just made a very good job in formulating them.

He is far from alone in his view on TCPA / Palladium. In fact, Bill Arbaugh, one of the inventors of TCPA (US patent 6,185,678 here), has second thoughts. His comment on Anderson begins:

We are all aware of the criticisms that the TCPA has received. Ross Anderson did a good job of explaining the problems in an abstract fashion, but I felt that there were some things left out (Privacy concerns).

By the way, trustedcomputing.org does not allow the general public to view the member list anymore. You can however see one list of 170+ member companies in Lucky Green's presentation below (links from http://www.cypherpunks.to/:

The slides from Lucky Green's DEFCON X talk, Trusted Computing Platform Alliance: The mother(board) of all Big Brothers, are now available in the following formats:

• PowerPoint (309k)
• PDF (511k)

Other resources with much information are:

• http://www.notcpa.org/
• http://cryptome.org/

Cryptome have their own mirrors at eu.cryptome.org, at.cryptome.org and nl.cryptome.org. Right now, the subpoena is posted only on the .nl one, though.

Cryptome have their own mirrors at eu.cryptome.org, at.cryptome.org and nl.cryptome.org. Right now, the subpoena is posted only on the .nl one, though.

Cryptome have their own mirrors at eu.cryptome.org, at.cryptome.org and nl.cryptome.org. Right now, the subpoena is posted only on the .nl one, though.

about 1/2 way down the page you get the gist they were looking for anyone who visited the page http://cryptome.org/sec-con.htm

Of course, the page was taken down / slashdotted, I guess. Google to the rescue!

http://www.eu.cryptome.org

We have seen oh so many Micropayment schemes. Millicent, Digicash, Cybercoin, etc. etc.
Before you think you can do it better, read this to not repeat mistakes from the past ...

• The Eagan, Minnesota Kinkos Computers

  19. The Initial September 2001 Inquiry at the Eagan, MN Kinkos: On October 17, 2002, I spoke with Minneapolis FBI Special Agent David Rapp. At that time, SA Rapp told me that, to the best of SA Rapps unrefreshed recollection, on or about September 19, 2001, SA Rapp went to the Kinkos store in Eagan, Minnesota, to inquire about a receipt found on the person of Zacarias Moussaoui at the time of his arrest. At that time, SA Rapp met with a person who represented himself as a Kinkos employee responsible for managing and maintaining customer computer workstations. At that time, the Kinkos employee informed SA Rapp, in substance, as follows:

  (A) The Kinkos receipt did indicate that a computer workstation had been utilized;

  (B) It could not be determined from the copy of the Moussaoui receipt alone which computer workstation was used;

  (C) In response to SA Rapps inquiry about the possibility of acquiring any information from the computer workstations regarding the use of the computers by Moussaoui, the Kinkos employee stated that, since the date of the receipt, all computers had been wiped clean/formatted and started with a fresh install; and,

  (D) The computer workstations were generally wiped weekly or bi-weekly approximately, even though Kinkos policy called for weekly wipings. At a minimum, the Eagan Kinkos store wiped the computers at least once per month.

  [....]

  21. Eagan Follow-up: On October 11, 2002, I requested that the Minneapolis FBI Field Office contact Kinkos personnel at the Eagan store and determine if, as alleged by the defense, the Kinkos computer could still maintain evidence of defendant Zacarias Moussaouis use from August 2001. On or about October 15, 2002, Special Agents Brendan Hansen and Christopher Lester visited the Eagan Kinkos and interviewed Brian Fay, who, as of August 11, 2001, was one of two Kinkos employees who knew how to restore an image onto the six computers with internet access designated for customer use. Mr. Fay stated that the six computers presently at the store are the same computers (with the same hard drives) that were present in August of 2001. These six computers are leased and scheduled to be replaced at the end of this year.

  The computers are maintained by formatting the computers hard drives and reloading an image using Norton Ghost whenever business is slow and time allows. There are no logs recording the dates or frequency of loading images on to the computers and Fay could not estimate how frequently they were imaged. Although Fay was not personally familiar with the exact details of the formatting and imaging process he administers to the computers, Fay had been advised by Kinkos that the formatting and restoration process destroyed all files associated with previous users.

ouch

Do you still think business works with some idealistic crap like capitalism? It's about extortion and mafia tactics! See for yourself.

You can post a dozen reasons why nobody will ever be able to fake them. You can probably invent and post a hundred different reasons. But that doesn't even slow down the people who ARE faking them today.

Arguing a negative is usually pretty worthless. But it's even more worthless when the positive has already been proven.

The gummy mold is just an ordinary photo-etched copper-plated printed circuit board. (I made lots of them when I was a kid from stuff I bought at Radio Shack.) Take a photo of a fingerprint. Make a full size transparency of it. Expose the photosensitive circuit board using the transparency as a mask. Etch the circuit board. Pour ordinary hot liquid gelatin over the board in an even (3 mm or so) layer (the original paper gave a recipe, but you should be able to use any old recipe for "Knox Blox". It's just ordinary gelatin mixed with boiling water.) Harden it in the refrigerator. When it's time to use it, simply cover the tip of your own finger with the sheet of gelatin.

It passes live tests easily. The thin layer of gelatin is almost invisible. It's transparent, so your own skin shows through. It's conductive: it has a moisture content similar to your own body. And it's warm: your body heats up 3mm of gelatin quite rapidly.

And once you pass through the scanner, you just lick your fingertip and the evidence is gone.

Extensive testing of this was performed against eleven different fingerprint scanners earlier this year. EVERY TESTED SCANNER ACCEPTED THE GUMMY FINGERS, including those advertising "live and well detection", with acceptance rates varying between 65% - 100%. John Young's website has a copy of the paper here.

Biometrics, in general, are not sufficient for high security. They work best only in conjunction with other security measures.

For anything involving financial transactions, I'd want a token+knowledge system (credit cards and checks technically fall into this category: card/check + signature) or at least a way to limit my exposure beforehand (toll tags: you purchase a set number of "clicks"). A fingerprint scan may be convenient, but without some sort of backup verification, it's the thin edge of the identity theft wedge.

Is directX9 how Billy G. will attempt to get Digital Rights Management onto my computer? Tie a bunch of really kewl games/graphics features to a "protection" mechanism that makes a colonoscopy look like a walk in the park? I really need to be protected from all that content I've purchased.

Taste of their own medicine - Poindexter gets TIA'ed.

asscroft writes "[H] has this scoop - The head of the government's Total Information Awareness project, which aims to root out potential terrorists by aggregating credit-card, travel, medical, school and other records of everyone in the United States, has himself become a target of personal data profiling. Wired has the article. The whole idea was started by Matt Smith, a columnist for SF Weekly. And the folks over at cryptome have continued on in fine fashion. Reminds me of the spammer getting spammed. If you have any dealings with mr. Poindexter yourself, you may want to "randomly" select him for security checks, whether you work in the airport, mcdonalds, ace hardware, etc. Let's remind this bozo why we have a 4th ammendment. and remember to support the EFF's efforts against TIA."

The strain's attack and mortality rates were highest among people aged between 20 years and 50 years. Are you scared already?"

Homer: Eh, not the end of the world.
Marge: No, it's the Apocalypse! Bart, are you wearing clean underwear?
Bart: Not any more.

Seriously though, if you want an article that will make you soil yourself silly, read the Demon in the Freezer. It's a long read, but definitely worthwhile. And scary as hell...

For example how it was known a week before the first letters... Read about it

Slightly OT, but there is a similar effort regarding the Total Information Awareness initiative being run by John Pointdexter. (I mean, Pointdexter is running the initiative, not the similar effort).

Basically the idea is that Matt Smith is going to publish in a consolidated place all information on John Pointdexter that is available publicly/legally, in order to demonstrate just how thoroughly scary the TIA project could be.

(Background: the TIA is yet another US government database project to track "undesirables", with the definition of undesirables being left alarmingly vague, and without a defined scope as to the usage of the gathered information...)

Call John Poindexter at his home:1-301-424-6613.

Tell him how you really feel by sending him a letter:

John M. and Linda Poindexter
10 Barrington Fare, Rockville, MD, 20850

source 1

source 2

How about -

Indymedia

BBC

or for some partial journalism / general questioning and sometimes odd, but certainaly not bland corp media

Michael Moore

DisInfo

then there are specialist sites for different topics -

Cryptome

Statewatch

"People in the US have a right to travel and associate without being monitored or stopped by their government, unless they are actually suspected or convicted of a crime, and unless that suspicion is reasonable."

From the Gilmore v. Ashcroft FAQ at Cryptome

I'm certain that whatever motives ROC government had in requesting Windows source code from MSFT are far from pure. However, given the NSA_KEY episode and the existance of things like ECHELON, I have to believe that any foreign government has to suspect US government spyware might be in Windows.

If the government of ROC doesn't at least think about the possibility of TLA agency spyware or trojans in such a massive closed-source OS, they aren't being paranoid enough.

Given the common practice of 'WarDriving' that most young people seem to be 'in to' these days, it is probable - nay, inevitable, that these wireless points will be detected by someone and posted at a site such as cryptome. The interesting question, of course, is whether the publishing of data about the presence and location of these acccess points will be considered illegal, and whether the 'War Drivers' will be arrested for detecting the signal.

One would hope so, but you never know.

see here

U.S. Patent and Trademark Office:
Microsoft's patent on a Digital Rights Management Operating System

http://cryptome.org/ms-drm-os.htm

Microsoft Digital Rights Management Patent Applications Pending 2001-2002

Consumer Broadband and Digital Television Promotion Act

Security Systems Standards and Certification Act

U.S. Patent and Trademark Office:
Microsoft's patent on a Digital Rights Management Operating System

http://cryptome.org/ms-drm-os.htm

Microsoft Digital Rights Management Patent Applications Pending 2001-2002

Consumer Broadband and Digital Television Promotion Act

Security Systems Standards and Certification Act

U.S. Patent and Trademark Office:
Microsoft's patent on a Digital Rights Management Operating System

http://cryptome.org/ms-drm-os.htm

Microsoft Digital Rights Management Patent Applications Pending 2001-2002

Consumer Broadband and Digital Television Promotion Act

Security Systems Standards and Certification Act

U.S. Patent and Trademark Office:
Microsoft's patent on a Digital Rights Management Operating System

http://cryptome.org/ms-drm-os.htm

Microsoft Digital Rights Management Patent Applications Pending 2001-2002

Consumer Broadband and Digital Television Promotion Act

Security Systems Standards and Certification Act

Well, the Official Secrets Act is a pretty good censoring tool as was also talked about (sort of) here Relating to a Cryptome article which is a quite recent display of its powers. I'm sure that if you Google for it you'd be able to find many, many more cases.

> Apparently this Biddle guy doesn't know very much.

Well, he's the freakin' Product Unit Manager for Palladium according to this, so I'd expect that he'd be at least familiar with the basic feature set of the product he's responsible for, don't you agree? (btw, according to Steven Levy's article in Newsweek, Biddle used to run a paintball arena before he got to Microsoft...)

Note the doublespeak in the latter article: "This isn't just about solving problems, but expanding new realms of possibilities in the way people live and work with computers", says product manager Mario Juarez. - Excuse me? Expanding new realms of possibilities by limiting the freedom to do what I want with my computer? Yeah, right.

Try searching for "shayler" on the BBC news site...
Looks like public interest in this story officially expired back in March.

Even stranger, the Financial Times [subscription required] reports "No matches" for the same search.

At least The Guardian are on the case, although even they have had some articles censored.
Of course, they can't actually report that this censorship occurred.

Scary.

It happens fairly often -- Ministry of Defence blocks TV show is from back in April, for example. The prefatory remarks to another crytome file, Enquiry: The Killing Years in Ireland, show the efforts they make to stop this kind of thing becoming known.

Freeh needs to find a whipping boy for the failures of correlating the various peices intelligence datum, which occurred on his watch. Restricting legal access to crypto will only assist in the illicit observation of constitutionally protected speech by private individuals, and destroy what little competitive advantage is enjoyed by U.S. software industries over their counterparts in Israel and India.

The algorithms and the source will not go "back in the can."

Louis Freeh is responsible, in a large part, for the biggest intelligence failure in modern recollection. None of the failure in this effort was for lack of access to encrypted communications, but from standard failures of organization and communications within the concerned agencies.

The Heritage Foundation - not normally critical of the FBI's mission - has this to say:

But what if FBI intelligence fails to collect, analyze and share this information? This could happen, the commission found, because "the guidelines under which FBI agents operate ... are badly written and confusing. These are guidelines that set out the terms under which the FBI can open a preliminary inquiry against somebody who may be suspected of being a terrorist. All of us read them (they run to about 42 pages) and we had a number of current and former FBI agents testify that they found them confusing."

The commission recommended that then Attorney General Janet Reno and former FBI Director Louis Freeh rewrite the guidelines into "more easily understood English."

Moreover, the FBI had no procedure for disseminating useful information for analysis within the agency or sharing it with other government agencies.

Information which was obtained, in Los Angeles, for example, but did not immediately apply to the case at hand, would simply not leave the regional office, even though it might provide important clues for another investigation, says Ambassador L. Paul Bremer, Ambassador at Large for Counterintelligence during the Reagan Administration and former Managing Director of Kissinger Associates.