Slashdot Mirror

• Irina was the unofficial team leader from move 10 onwards. The world played her recommendations for 41 consecutive moves until move 51, when ballot-stuffing was first alleged.
  This makes the case for ballot-stuffing on moves 51 and 52 quite strong. See Martin Sims' thoughts on moves 51 & 52.
• Kasparov was reading the World Team's analysis on the BBS.

Ross Amann notes that

• "Democracy is not served by vote fraud in any election... Clearly, if MSN were running the world's elections, things would be a lot neater!" referring to Microsoft's deletion of votes for 59...Qe1.

• There was vote stuffing on move 56, even after non-Windows voting had been disabled. The 187 votes stuffed for a queen give-away move added to 4.75% of the vote.
  The difference between the top two votes on moves 51 and 52 was less than 5%; there are two examples of individuals stuffing over 4% of the vote, making it quite likely that the game was influenced by an individual in the critical moves 51 & 52.
  (Microsoft claims the contrary in a carefully worded statement - "never any significant ballot-stuffing until move 59". So 5% is not significant when the vote differences are less than that?).
  
• Finally, the game did not have any problems until move 51. Microsoft did very well for the vast majority of the game - however, it became obvious after move 51 that ballot-stuffing was occurring (despite Microsoft denials) and that Microsoft was unable or unwilling to do anything about it.

• Irina was the unofficial team leader from move 10 onwards. The world played her recommendations for 41 consecutive moves until move 51, when ballot-stuffing was first alleged.
  This makes the case for ballot-stuffing on moves 51 and 52 quite strong. See Martin Sims' thoughts on moves 51 & 52.
• Kasparov was reading the World Team's analysis on the BBS.

Ross Amann notes that

• "Democracy is not served by vote fraud in any election... Clearly, if MSN were running the world's elections, things would be a lot neater!" referring to Microsoft's deletion of votes for 59...Qe1.

• There was vote stuffing on move 56, even after non-Windows voting had been disabled. The 187 votes stuffed for a queen give-away move added to 4.75% of the vote.
  The difference between the top two votes on moves 51 and 52 was less than 5%; there are two examples of individuals stuffing over 4% of the vote, making it quite likely that the game was influenced by an individual in the critical moves 51 & 52.
  (Microsoft claims the contrary in a carefully worded statement - "never any significant ballot-stuffing until move 59". So 5% is not significant when the vote differences are less than that?).
  
• Finally, the game did not have any problems until move 51. Microsoft did very well for the vast majority of the game - however, it became obvious after move 51 that ballot-stuffing was occurring (despite Microsoft denials) and that Microsoft was unable or unwilling to do anything about it.

• Irina was the unofficial team leader from move 10 onwards. The world played her recommendations for 41 consecutive moves until move 51, when ballot-stuffing was first alleged.
  This makes the case for ballot-stuffing on moves 51 and 52 quite strong. See Martin Sims' thoughts on moves 51 & 52.
• Kasparov was reading the World Team's analysis on the BBS.

Ross Amann notes that

• "Democracy is not served by vote fraud in any election... Clearly, if MSN were running the world's elections, things would be a lot neater!" referring to Microsoft's deletion of votes for 59...Qe1.

• There was vote stuffing on move 56, even after non-Windows voting had been disabled. The 187 votes stuffed for a queen give-away move added to 4.75% of the vote.
  The difference between the top two votes on moves 51 and 52 was less than 5%; there are two examples of individuals stuffing over 4% of the vote, making it quite likely that the game was influenced by an individual in the critical moves 51 & 52.
  (Microsoft claims the contrary in a carefully worded statement - "never any significant ballot-stuffing until move 59". So 5% is not significant when the vote differences are less than that?).
  
• Finally, the game did not have any problems until move 51. Microsoft did very well for the vast majority of the game - however, it became obvious after move 51 that ballot-stuffing was occurring (despite Microsoft denials) and that Microsoft was unable or unwilling to do anything about it.

Check out the Decompilation Page at http://www.csee.uq.edu.au/~csmweb/ decompilation/. These guys have published papers on decompiling programs back into semi-readable C code. I'm not sure how well it worked on "real-world" programs. Also, do a search for "binary editors" or "executable editors" (e.g., EEL, ATOM/Alto, Etch for SPARC, Alpha and x86 respectively). These tools edit binaries and have to do some form of decompilation to figure out control flow and so on. But they were not designed for reverse engineering. You could use them for making small tweaks to a binary for which you have no source (or optimizing it).

Check out DCC:


http://www.csee.uq.edu.au/~csmweb/dcc.html

...developed by Cristina Cifuentes, who was instrumental in making this kind of thing legal in Australia.

Despite the rather black box connotations of reverse engineering, it is a legitamate R&D exercise. Car manufacturers reverse engineer their competitors, chefs try to dissect recipes, etc. In the computer context according to the Centre for Software Maintenance,

Reverse Engineering is the process of analysis of an existing software system to create representations of a different form or higher level of abstraction.

and

Reengineering is the process of analysis and modification of an existing software system to reconstitute it in a new improved form.

Given the preenial occupation of engineers is to make things better, faster, or cheaper, tinkering with the electronic toys or source code is a natural pasttime. It is only the marketeers and financial managers that want things to be "hidden" so that the cost (and thus in their mind = value) is higher (basic economics, remember scarcity == higher price). Obfuscation of code is an obvious mechanism to exclude competitors, however, it significantly adds to the long-term cost of maintenance and also reduces the potential market. How many times have you've been given a piece of code with the design specs/architecture residing in someone's head who've just left? Wouldn't it be nice if some intelligent bit of software did the analysis and gave you the answer (yeah, wishful thinking but still ....).

Perhaps people don't realise it but there are 2 information monopolies, one when one party controls everything and there is no alternative, the other when everything is freely available so that there is no competition (and thus no alternative).

LL

Hmmmm ..... looks like some hardware assist to help binary retargetting. For people not familiar with the concept, take a look at an overview. The concept is sound in that as ESR points out 95% of the programming jobs out there are spent in maintaining old code on old machines. However, if there was a way of abstracting and specifying the hardware characteristics and mapping from one to another, then old binaries could be shifted onto newer and cheaper hardware with less hassle. I can think of cases like old Cray binaries where porting them to a new MPP would be too painful manually, some of those timing cases can be really subtle. Given that computer companies are very relunctant to support hardware which isn't current (ie not profitable) and others could potentially go belly-up (correct me if I'm wrong, I think only IBM is one of the few giants left from the 60's), there is a need to protect the million of man-years spent on specific packages. Of course, research has shown that retargetting works better with availability to the original compiler source :-).

Given the rate of corporate take-overs, you could quite easily end up running a zillion different systems and lose valuable time in trying to consolidating everything.

Oh well, add this to the speculation pile along with everyone else.

LL

``People from outside (of your organization) can get at your software,'' said Anne Gardner, general manager of desktop systems for IBM. ``People from the outside can't get to your hardware.''

So there will probably not be a software flash-upgrade for this chip or anything like that: after all, if it can be software-upgraded, it can be cracked: witness the recent virus (forget its name) that wiped your BIOS chip if you had a Flash-BIOS capable motherboard and chip. So the only way to upgrade this thing will be to replace the chip -- and it'll likely be soldered onto the motherboard.

``We want this to become an industry standard,'' IBM's Gardner said. ``We want this on as many desktops as possible.''

Which means that if they get there wish, people who build <buzzword>E-commerce</buzzword> sites will start to rely on their customers having PC's with the chip installed.

The features of the security chip include key encryption, which encodes text messages,

What key length? Is it upgradeable? Considering the "can't get at it with software" statement above, probably not. So either it will have export-grade encryption (weak and insufficient, as most /. readers well know) or the U.S. government will restrict its export from the U.S. Furthermore, what happens when 128-bit keys are no longer secure enough and you need to move to 256-bit keys? Whoops, sorry, can't just get a software upgrade, you need a new computer. More lock-the-consumer-into-the-upgrade-cycle stuff here, even if it's not intentional (and it very well may be intentional).

and ``digital signatures,'' which act as unique ``watermarks'' that identify the sender of the document.

So everything made on a computer can be traced to that computer. Just like typewriters in the olden days (I seem to recall a few detective stories based on that fact). Great -- could be useful in some circumstances; law enforcement would love that, for example. This is where the privacy issues (which I'm not discussing here) come in. BUT this just identifies machines and is useless for identifying people. It will almost certainly, however, be misused for identifying people by what computer they use. What happens when (not if) Joe L. User sits down at one of the public-access PCs at his local library to surf the web, sees a cool "web shopping" site and registers as a customer? Assuming the site uses the chip ID the way IBM seems to be suggesting here, it will send Joe's computer (which is actually the library's) a digital certificate for Joe to make it "easier" for him to shop there since next time he won't even have to log in. Joe likes this, of course: it makes things easier for him. So Joe orders a few things and leaves. (Log out? What's dead trees got to do with things, anyway?) Now Carl Cracker comes along, uses the same computer at the library, and checks the Netscape history to see what he can find. He finds Joe's recent visit to the <buzzword>E-commerce</buzzword> site, checks it out, and sure enough, Joe didn't log out. So he visits the site and their software thinks he's Joe. He orders a bunch of stuff and charges it all to Joe.

Plausible scenario? You bet. Could <buzzword>E-commerce</buzzword> site designers be so clueless as to use a mechanism designed for computeridentification to identify people? No doubt about it.

The real solution to the <buzzword>E-commerce</buzzword> security issue is software. Ubiquitous, open-source, peer-reviewed software. Like, say, PGP (International version), or GNU Privacy Guard, or SSLeay. The hard part is that "ubiquitous" bit. You want real security? Here's how: Convince your boss to go open-source on the security aspects of the company's new <buzzword>E-commerce</buzzword> site. Read the Linux Advocacy mini-HOWTO first, then point out the advantages of using PGP or GnuPG or SSLeay rather than a proprietary solution. It'll be a hard sell, but stick with it. If everyone works at this, we'll eventually achieve the "ubiquitous" part.

The solution is out there, folks. Let's go implement it.
-----
New E-mail address! If I'm in your address book, please update it.

People forget that one of the original purpose of companies was to raise money to fund risky ventures to plunder ... errr .... trade with the New World. Given the state of navigation technology at the time, nobody in their right minds ventured everything on a single bet. Hence the development of syndicates, then Loyds to insure against loss, and stock exchanges to allow people to enter/exit various syndicates. Over time, the stock exchanges have evolved to the best gambling joint on earth (and of course you know that the only people that are guarenteed to make money is the house). As the old wag goes, "I invest, you speculate, he gambles". The essential role of modern stock exchanges is to shift risk onto people who are willing (and bright/dumb depending on viewpoint) to bear it with the mantra that returns match risk. Thus as a youngster with no life, you can afford to bet everything on obscure startups whereas retirees prefer steady income streams from things like utilities and blue chips.

If you think about human activities, a major determinant is the climate and weather. Sales of ice-cream soar on sunny days. Harsh winters push up demand of heating fuel. Derivatives are a mechanism for rapidly signalling events and allowing people to hedge and avoid being caught out by unexpected circumstances. Energy markets are going to be a key beneficiary as well as agriculture, tourism and discretionary events (if it gets rained out then you don't lose everything). Betting on the weather hedge funds that are likely to appear sooner is probably a surer thing that IMHO some of the current IPOs which seem to be scraping the barrel of good ideas.

Oh well, no laws against stupidity.

LL

Hey.. I'm a research assistant on the University of Queensland Binary Translator project.. The web page tells you everything I'm about to repeat here. UQBT is a "retargetable" binary translator.. we're actually using the term "resourcable" now.. essentially you take a binary that runs on any architecture that you have a spec file for and run it through uqbt.. what you get out is a bunch of .c and .s files (one .c for each function and one .s file for each section) and a Makefile.. you can then take that and put it on any architecture you want (currently we don't do cross OS's so you have to take, say a linux binary and rebuild it on another linux machine or a solaris binary and rebuild it on another solaris machine) and rebuild it there.

My research is taking this C output and getting it to compile to java bytecode and then writing the necessary support routines in java to get the binary running.. currently I can translate small example programs and benchmarks (with some of em running 10 times slower, man java sux.. then again, some of em run faster on the JVM with JIT's turned on).

And that's what I do. We refer to FX!32 in half of our papers cause it is a good example of binary translation.

fravia (east coast)

decompilation page

sandman

greythorne

The more interesting question is, given that most of these sites have been around so long, why dont we see more reverse-engineering of software going on? i think the availability of all this information (especially on fravia) weakens esr's argument significantly. regardless of what he says, reverse-engineering is really, really difficult, even for small pieces of code. i dont think he'll convince very many people based on that argument.

As for the appropriate tools, a while ago i found copies of wdasm and softice using ftpsearch (remember, one version of softice was a fully operational time-demo which could be cracked by itself). much of the other stuff you might need that ive seen are freeware or shareware.

unc_

australian mirror of fravia.org

anyway fravia's friend greythorne is still up.

greythorne

others:

sandman

decompilation

by the way, i doubt fravia is a great source of legal advice on cracking protection. but its still one of the best sites ive ever seen anywhere on the web.

unc_