Slashdot Mirror
Identification By Typing
crazy_speeder writes: "Musicrypt.com is developing a biometric identification system that captures user keystrokes to verify the user's purchase of specific copyrighted materials (i.e. downloaded music), and only that user can use it."
I'm really skeptical about them getting something like this to work,
I mean, I make typos in my 12 charachter password, but to be expected to type a sentence with the same rhythm? I still want retina scanners.
I learned how to touch-type when I was very young. I'm even hesitant to say "learned." I learned how to touch type like I learned how to speak. I just grew into it. After 16 years, a friend of mine said something to me as I was working on the computer(this is about 4 years ago, now). I was writing a letter for her(she was dictating), and then she stopped, and looked a bit mad. She said "are you actually typing anything?" I was sort of dumbfounded, and said "Yes, of course, look." Anyways, the gist of it was that I apparently don't type in a usual way - I guess all the keypresses are more evenly spaced, and I use different fingers for different keys(but not like you're supposed to). So, if you could track, for a while, how a user types, you'll find interesting relationships, ie: 90% of a time, there's a 0.35 second pause in between hitting the "r" key and hitting the "t" key. This particular user often puts a space in "often", like "of ten", and doesn't notice until the word is written, at which point the user goes back and corrects it, hitting the backspace key approx. 2.4 times a second.
:)
I imaging these things are extremely individual. It really does make sense, you know.
Dave
P.S.: It'd be moderatly hard to reproduce someone's typing style, but it'd still be harder than re-producing their password
Barclay family motto:
Aut agere aut mori.
(Either action or death.)
Part of this is expense. The most secure building that's still useful is one with one door and no windows. But that's an emergency-evacuation and traffic-control disaster waiting to happen, as well as a workplace-standards tragedy, so you add a freight dock, a rear entrance, a bunch of windows in the Managers' offices, a skylight with louvers that close automatically at sunset (oops, pardon me, too much MI:2...)
Now you have to secure all these potential access points (windows count too, unless they're built like arrow-slits) and sheer numbers work against you -- the first time somebody leaves a window unlatched when the room is empty the probability wave of an undetected intrusion starts to spike.
(You can think of intrusions in a quantum fashion -- given how long that access point was left unguarded, and the configuration of the facilities, and the traffic patterns, what is the probability that someone had access to various points and no one's noticed yet? Los Alamos take note...)
The rules for system security much resemble those for facility security in many ways:
Anyway, that's just rambling on a bit. The dominant paradigm of strong security is "something you have, something you know, and something you are". Any security system where one of these is sufficient to grant access is inherently insecure. Any system where all three are required in a specific form is probably very secure, but probably also very annoying to its users.
A system where you have to satisfy, say, two of the three in one of various ways is probably going to be OK for most purposes. Say you can use a voice-print, retinal scan or fingerprint scan plus your electronic access card, or you can show another form of ID to the guard (there better be a guard) and he can optionally clear you in manually if the other check is passed. Filling out your I-9 form for Immigration (to prove you are allowed to work in the US) works sort of like this. Note also that by this method ordinary shell password authorization is very insecure, (right, we knew that) while the SSH model of key + password is relatively secure (unless you set your ssh up to authenticate solely off the key, in which case you should now go back to grinding out code for IIS you sick little monkey!)
But real security takes real thinking and real money, and most companies don't want to expend either if they can help it. They'd rather have something that looks cool so they can brag about it. In this case they're not only using a single fallible authentication method, they're using one that, as pointed out before, has so much inherent noise in it that it's easy to defeat and thus nearly useless.
The article doesn't say whether you're typing a set sample text or a user-selected passphrase. The "right" (well, not right, but at least better) way to do this is to have the software try to verify the user through both a passphrase (something you know) and the typing biometric (something you are). If they both match, fine. If either one matches perfectly and the other is close, that should by default allow use, not restrict it (which is to say, the system should "fail open" like an emergency door).
But what are the odds of that happening?
-- Old Man Kensey
Doh! So, if I make all kinds of typos like Rob you'll respond, but if my brain shifts a bit out of phase and I misread something you type I become an idiot?
Yep. My post was plain stupid when I read the original (I even quoted it for cryin' out loud). That doesn't make the one who posted it stupid. By your reasoning I'd have to judge you abusive and would urge you to get professional help.
Thanks for finding me exceptional though!
carlos
--
As a matter of fact, I am a lawyer. But I play an actor on TV.
1) Digital IDs do not prove personal identity, they make it blydi unlikely that a link between particular identities is fake. ("I" is one identity of mine; I might own two keys, I have records with assorted authorities in the UK, there is a "me" who ordered from Apple computers, you name it. I can have *different* signatures for each of the above mails, as well.)
.|` Clouds cross the black moonlight,
2) Digital certificates are issuable by people for anyone for free. Try GPG for size.
3) See part (1), but you can't *guarantee* anything. You need to double-check fingerprints of keys, but even then if they used telnet to access their mail remotely and somebody sniffed the private key password then all you'd know is that they are one of the people on the planet who can unlock that key (not the best example but the point holds. It's no *guarantee*.)
4) DCs don't cost money. You accept my GPG key, you can talk to me. Nice, Free, free, open-souce, you name it.
~Tim
--
~Tim
--
Rushing on down to the circle of the turn
Damn, I got a nasty papercut on my index finger. Now I won't be able to listen to my music for a week.
...burns, jammed fingers, scraped knuckles, fingers caught in doors, arthritis flareups, changed keyboards, same keyboard but dirty, having a few beers -- even hand lotion can make me type a little different.
There's no shortage of reasons why this won't fly.
If you can go to bed, knowing you did a valuable thing today, you're very lucky. If you can't... it's not bedtime
Not only is this a blatently bad idea, but it comes from the same great minds that brought us Net Nanny.
... BY LAW... Technology such as this is taking away my rights. I will never purchase any music that I can no longer exercise my fair use rights. If I can not copy the music to multiple media forms/playback devices, then I do not buy it. It's that simple. Until the music industry understands this (or is FORCED to acknowledge this) they will continue to throw good money after bad attempting to develop technologies that infringe on customers LEGAL rights.
I do not type consistantly from moment to moment. Heck, I don't even "type" I hunt and peck really fast... Sometimes I type one handed... sometimes two... This software has NO chance of correctly identifying me.
Add that to the great "hit rate" that is consistant with Net Nanny, and you will find that this software will more often than not block legitimate users from accessing the music.
Besides, as another user mentioned, this whole idea is based on a flawed premise. Music purchases are not tied to a single user. I may be buying this music as a gift. I may be buying this music to transfer to my car mp3 player (which has no keyboard) Or my Lyra (also no keyboard)
When I buy music, I get FAIR USE RIGHTS
Copying music is NOT a crime. This is the reality. The RIAA is the fiction...
-Count Zero
I also hunt and peck for passwords most of the time so that I can keep my hand on the mouse. Or how about network lag between keystrokes over a slow network connection when using telnet, WinVN, or other remote access? Or how about as your typing changes over time as you get better, or as you develop carpal tunnel syndrom and it gets worse?
I don't think I'll be buying music with this security. Sounds a bit too easy for me to lose it or not be able to listen to it.
PawSense[tm] detects whether cat or human is typing, and disables the keyboard if the former.
A more recent paper by Fabian Monrose and Aviel Rubin with the title Authentication via Keystroke Dynamics might enlighten those interested in this, and I am sure that you'll find some interesting references on the above web page.
Scepticism is often healthy, but when it comes to new ideas, "new" being used in a very relative sense here since the idea is apparently "new" to Slashdot staff, one should be more keen to understand them before writing them off.
-Bjørn
It must be Rob, look at all the typos!
Anomalous: inconsistent with or deviating from what is usual, normal, or expected
Anomalous: deviating from what is usual, normal, or expected
Canard: a false or unfounded repor
Then they will probably try to hang you out to dry via the DMCA provisions about defeating a copyright control mechanism.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
One day, I'd probably come home to find I'd bought 337 copies of "Gilligan's Island Collector's Edition DVD Box Set" or something like that.
Cat owners will understand.
I use Macs for work, Linux for education, and Windows for cardplaying.
I can't type and I rarely do things the same way twice, I wonder if this would still work for me.
I worked for a company that was trying to implement the exact same technology. They found that differences in keyboards and ergonomics made a world of difference. I don't know if this other company has overcome these obstacles.
-- You see, there would be these conclusions that you could jump to
"Identification please: Insert Retna in slot below..." - eww.
BlackNova Traders
It would do it by default. By lesson 5 or so your typing style just might possibly change!
"I'm sorry. You're not the same 'hunt-and-peck' typist that registered this product. Access Denied."
carlos
--
As a matter of fact, I am a lawyer. But I play an actor on TV.
I know what you mean in terms of certian words just "spitting" themselves out; however, different keyboard types make for different patterns. What if you're one of those people who likes to switch between different key layouts? (QWERTY vs more ergonomic layouts) Or someone who has a funky split-vertical keyboard at home and a standard bad-for-your-wrists one at work? Your patterns would be different. Switching keyboards could mean not accessing your accounts.
Do something about world hunger. Click here
Sigh.
Time for another /. round of "spot the holes in the crap copy protection system".
The type-speed thing works on a specific pass-phrase rather than a computer-generated one-time "type this please" string, so typing speed should be easily duplicatable. Or one could set the input keypresses to a constant rate, to make it easy to fake.
And I presume this system is just as vulnerable to the likes of unfuck as anything else. Not much use being resistant to distribution schemes "like Napster and Gnutella" if you can turn them into MP3s or OGGs at the flick on an audio capture.
This is a particularly worrying part of musicrypt's 'technology' spiel (black text on a black background in my browser - nice):
Read: the publisher can at any time revoke your right to listen to the music you have purchased. And knows about every bit of music you listen to, but that's kind of obvious and expected these days, isn't it.
Once again, musicrypt, you lose. Once again, legitimate customers, you lose. Pirates? Well you're kind of unaffected. Hey ho.
--
This comment was brought to you by And Clover.
Okay.
What happens in the case where you haven't listened to the music in two years, and your typing skills have dramatically improved or changed?
I can see how something like the authentication system you are talking about might work, but that is something that is used on an ongoing basis. If I change the way I type I can't access my music any more?
Besides, what if I decide to switch to the DVORAK layout?
The thing about biometrics is that they rely on secure hardware/software. Ie, it's a great idea for ATMs because the bank has incentives to make it tamperproof.
But for home computers in a hostile setting ("cmon, Johnny, help mom get rid of this annoying password scheme on my Bette Midler collection") it is completely unworkable. It is relatively easy to figure out where the biometric input is collected and collated (ie, after the NN has had a chance to guess on whether the variances in typing speed / retina patterns are pass/fail).
It can't stand up to more than five minutes of reverse enginnering.
That's why the only good solution is an onboard urinanalysis machine, bolted to your computer's case. This will indisputably verify your identity, and will also help prevent you from buying products on Ebay while drunk. Of course, you will need a six-pack on hand by your computer if you want to listen to a long playlist, but then again, who doesn't have that already?
This has very little to do with anti-piracy and a lot to do with the intense, ongoing effort of the recording industry to do away with all of the "details" of copyright law that they don't like.
... Right now if you want an album that is out of print, you can buy it on the used market. This new system will eliminate that. Once an album goes out of print, no one will be able to buy that album anymore. That album will in effect cease to exist when the last person passes away who purchased that album.
... it has nothing to do with "piracy."
The DMCA is designed to outlaw fair use. They don't like that you can legally use excerpts from copyrighted works, so they purchased a law that effectively allows them to "opt out" of fair use by simply encrypting their material.
Now they are out to do away with the first sale doctrine. First sale means that once you buy a copyrighted work, you have the right to turn around and resell your copy. That's why used record stores are legal. That's why you can go to a used record store and buy an old record that is out of print.
If the recording industry is successful in adopting biometrics (which I don't think they have a chance in hell of), then old music will, by design, wither away and die after it goes out of print. Think about it
The industry is well aware that their biggest competitor is their own body of old work. If people spend their time purchasing and listening to old music, that is less money and time they are spending listening to the brand new music that the industry wants us to pay attention to.
That's what this is about
If someone gets into the backend and gets your retinal hash (or whatever stored representation they used), that could the could conceivably use it as a "password-eqivalent" later to impersonate you.
Can't change that shared secret once it's compromised, no sir. (well, maybe you could switch eyes, once)
And then, even though more recent systems depend on the eye being alive to work, there are still the stupid uninformed goons who would go around gouging people's eyeballs out.
Not to mention you're SOL if you have an accident or something.
DNA just wants to be free...
This is a bit long winded, but bear with me here. I actually have a point, not only about technology but also about privacy.
I used to work at a government related thing. One of the places had a very secure computing center.
They discontinued using retinal scanners when it turned out that an identical twin had a better than 10% possibility of fooling the system. That was just as well. No-one wanted to have access to the "retina room." The thinking was that if the Russians or Libyans wanted in, they'd just borrow what they needed to open the door. Obviously, borrowing just your eye wouldn't work very well (it would damage a lot of delicate blood vessels), so we figured they'd borrow your whole head if they really wanted in. Well, that probably wouldn't work either, but we wanted to avoid the risk just in case they'd try it.
So after the retina scanner went away, they put in a palm scanner. Evidently, early environment effects fingerprints sufficiently that a palm scanner (which gets prints from four fingers, and several different areas on the palm itself) has a higher discrimination, and can much more reliably detect tricks like identical twins. Of course, using the same logic we all used before, we tried to avoid having access. If we had to get signed up for that room, we'd ask if we could get our left hand keyed (at least those of us who are right handed).
Of course, the actual risk was probably infinitesimal. But just the same, why should we have taken those risks? If the "enemy" wants your password enough, they'll get it, whether it's a phrase, body-part, typing pattern, DNA sample, or whatever. They may have to kill you for it, or threaten someone you love. But if they want it enough, and they have the means to access you, they'll be able to get your password.
If we extrapolate out to music, it's a bit ridiculous. No-one's gonna cut your hand off so they can listen to your MP3s. But it's the wrong direction to be taking this. By emphasizing biometrics, we not only give credence to the idea that they're secure (which they're not), but we also start irrevocably linking our security to our selves.
Think about it. The Evil entity snags your computer: if the data is protected by a password, there's no way that they can prove that the data is *yours*. You might know how to decrypt it, but the ownership is not provable by that fact. You could plausibly argue that the file was placed on the server by someone else. Now, if that same file was encrypted by your palm-print, that defense is gone. Suddenly, they KNOW that they're your DeCSS sources, or Metalica MP3s, or $cientology documents...
-
bukra fil mish mish
-
Monitor the Web, or Track your site!
Eloi, Eloi, lema sabachtani?
www.fogbound.net
Input Password:
***** - sorry, you missed a beat
Input Password:
***** -
Input Password:
***** - nope, i got at least a 5 ms discrepancy there
Input Password:
***** - maybe it's just lag, but that one was WAY off
Input Password:
***** - you just don't get it, do you
Input Password:
***** - Keystoke rythm confirmed; password incorrect.
At this point the user will be forced to find a new monitor after he puts his keyboard through the one he's using now.
--Forager.
student of animation and the fine arts
The story emphasized the geek's contempt of older users and human-engineering issues; the kid was caught by an older engineer who identified his fake logins by his typing pattern.
As soon as he was identified, he was switched to a honeypot where the trade secrets were replaced by porn files. His "customers" were pissed enough to leave the kid have a very intimate explanation with a sumo wrestler...
--
Here's my mirror
They can get the sequence of the characters you type, but can they get the time between the characters?
If Quake can read the time (to within 15 ms) when you pressed a key, then this biometric software can.
Will I retire or break 10K?
try:
ifconfig whatever whatever whatever hw ether any:mac:adresss
You can have whatever mac you want, see man ifconfig.
This might be more useful to help someone log in w/o having to memorize long, obscure passwords.
The login screen can just display a sentence or two, the user types those sentences (mistakes and all), and the biometric algorithm will allow them in or not.
If you want to combine this with a normal password-type situation, then just don't display the sentences - expect the user to remember them. If you combine the entropy of the words in the sentence with the entropy of the biometric authentication, then you might have entropy for a decent password (even if you build in a little error correction for discrepancies in the biometric or typing the sentence).
I guess I am the only person in the world who uses several different computers with several different keyboards. Oh, and my typing patterns is absolutely identical across all of them. Not! Has anyone else had the misfortune of trying to play Rogue/Hack/Angband/etc. on an ergo keyboard that was clearly split by someone who doesn't understand that programmers type differently?
The net will not be what we demand, but what we make it. Build it well.
From Willy Wonka and the Chocolate Factory...
Hmm.. so if you get a new keyboard (with either a new feel or a new layout), you need to buy all new keyboards.
If this takes off, I expect there to be an explosion of new types of keyboards on the market. A return of the IBM hard clicking keyboard (god I love these), "chicklet" keyboards (remember Atari 400 and ZX81?), ergonomic and "split" keyboards, and DVORAK layouts, etc. All secretly backed by RIAA's slush fund. :-)
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
The thing to understand here is that if you are making use of someone else's property, you should expect to abide by the conditions imposed on its use.
;)
That's true. However, if I play music in my house, chances are that my family will be able to hear it. If I turn up the volume REALLY loud, my neighbors will probably be able to hear it. However, they haven't paid for the rights to listen to the music; I have. Can I call the cops on them for breaking the copyright -- before they call the cops on me for disturbing the peace?
For more information, click here.
From what I heard, people are backing away from retina scan. Though it is a very good identification method, it has an evil side effect: Your retina can tell a lot about your health. The problem is thus not reliability, but privary issues. You don't want retina scan as an identification when signing up for a life insurance!
Opus: the Swiss army knife of audio codec
Sounds like Cryptonomicon's theory of identifying morse code messengers by their "wrist" (is that the term he used?). Apparantly the individuals could be identified based on their morse-code styles.
I suspect the same would be true if we were all disciplined typists, like the stereotypical 1940's-era business offices crammed with female typists pounding on keyboards round-the-clock.
I think this method would require that the person to be identified has been typing for some time. A newbie typist would require several months (years?) to develop a distinct style.
But I can see where they got the idea.
---
https://www.accountkiller.com/removal-requested
I can think of a number of delightfully mean things to do with such software.
1. If you type your Smashing Pumpkins passphrase in too perkily, the program forces you to listen to Brittney Spears instead.
2. If you make a spelling error in your passphrase, you have to listen to Hason's "Mmm-bop" at least 4 times.
3. If you type too slowly, you have to listen to Leonard Nimoy's redition of Proud Mary -- but only once.
4. If your passphrase isn't politically correct, you have to listen to a Tracy Chapman song before your perferred choice.
5. All other errors require the playing of Motley Crue at the highest possible volume.
-- Diana Hsieh
-- Diana Hsieh
GeekPress: The Weirder Side of Tech News
You paid and own a laser-engraved piece of metal and plastic, but how does that make you the owner of its semantic content (at the very least, legally, it doesn't)?
Strictly speaking, these sorts of "protection" schemes don't take that plastic disc away from you, they only limit the manner in which you may interact with certain aspects of its symbolic content.
They aren't stopping you from playing frisbee with it, using it to resurface your roof along with your AOL CDs, or cleaning the toilet with it.
DNA just wants to be free...
You're basically just worried about the right of first sale, aren't you?
.. er ... CD, and the licensed information is transmitted digitally, then the aforementioned "right of first sale" really doesn't have much meaning anymore. There's no physical media to tie the license to.
That's not specifically addressed or infringed by these technologies.
It seems to me that the state of affairs that the record companies have brought about is this:
When you buy a CD, you buy that round piece of laser-engraved metal and plastic, and you also buy a license to use its information content. (The latter accounts for most of the price of the CD)
The piece of plastic is your property. The information content is just licenced to you.
That's just how it works now.
In this context, right of first sale just means that the license must be transferred with the CD, and nobody is allowed to prevent that.
Where there IS no spoon
Sorry.
I'd also like to note that it's not really possible (semiotically or practically) to impose restrictions on the copying of information while simultaneously allowing its use in any way.
(just try to come up with a 100% consistent definition of a practical "no copying" rule -- keep cacheing and related techniques in mind)
It is relatively more practical to achieve some semblance of control over use directly, however, hence the sort of draconian things that the industry is suggesting.
DNA just wants to be free...
There's an existence proof for this. R. Stockton Gaines developed a system called "Keyprint" at The RAND Corporation over fifteen years ago, in the days when RAND invented the MH mail system and other cool stuff (they've now assassinated all their high-tech efforts and gone in for policy analysis).
We researchers had our reservations about that one, based on many of the same concerns shown here. Imagine our surprise when the blamed thing actually worked. There were enough degrees of freedom that the aggregate of the correlations it used was immune to "off days" and other such variations. This is described in Rand Report R-2526-NSF.
I guess what we really need to do is make a device that anylizes urine. Would'nt that be perfect at the office...
I'm sure my cubicle-neighbors would just love that.
"DEAR LORD, JASON WHY ARE YOU PEEING INTO THE COMPUTER?"
"Relax. I just want to hear some music. I'm also signing in to post things on Slashdot."
(confused employee runs away terrified, notifies security)
For more information, click here.
Last time I checked, IP was not really a time sensitive protocol. It makes sure the packets get there but not when, hence the trouble with webphones and streaming media in the early days. So to use this they're either going to have to record the whole string in a trusted client, a bad idea when security is an issue, or they are going to send the sentence letter-by-letter across the internet, where noise is going to cause serious problems with their time-based metrics. I sense possible implementation problems coming in the future...
Still it might be an interesting way to encrypt stuff on your computer. Not only would you have to know the password phrase to type, but you would also have to be able to type it properly to get access to the data. It makes passwords lots harder to crack and the extra security is almost transparent to the user.
So far I've gotten all my Karma from telling people they are wrong... :)
Undoubtedly, it will. Why? It absolutely has to. All of these schemes such as typing rhythm, retina scan, fingerprint, are all nothing but disguised password schemes. It doesn't matter if your password is the word "secret", your credit card number, your SSN, a vector of your typing speed, or a GIF of your finger. In ALL cases, a program on the client gets the "password" and sends it to the server. In ALL cases, the client software has to be "trusted" by the server. In other words, any kind of open source is completely out of the question. Otherwise, the server can't stop someone from putting together a version of the program that reads it's input from a file instead of from the "legit" source. And how are you going to know whether or not the client is saving your ID to a file? Actually, you can't stop them even with a binary-only solution. It's just security thru obscurity.
What's worse, is that all of these schemes rely on you giving the server all the information the server needs to impersonate you every time you sign in. What if your bank and your favorite pr0n site both use a fingerprint scan to ID you? Congratulations, the only thing keeping your pr0n dealer out of your bank account is their skill with a debugger! It's just like the crappy security on credit cards. Every single vendor you do business with has all the information they need to impersonate you. It's a testament to how honest the majority of people are that the entire industry hasn't gone belly up.
But the biometrics are the absolute worst, since you can't change your password. At least you can close a credit card account and get a new one. I don't know where to buy new fingers or retina's, however. The only long term solution will be based on some sort of public-key algorithm. Anything else is just a scam. Actually, the one place where a fingerprint scanner might be handy is to authenticate you to a hardware smart-card that does your public key for you. Since the whole thing is built by a single vendor in hardware, it could be made pretty secure. At a minimum, a crook would have to steal the card and have a fair amount of hardware skill to get anything useful out of it. But this whole idea of using biometrics over the internet is just a bunch of snake oil. And poisonous snake oil at that. You're better off sticking with what you have now, at least then you can be concious of that fact that your security sucks.
Dear Mr. Moderator,
May I know why this guy's posting was moderated as Flamebait ? He posted his idea on the subject and it seems to me that it's a valid point.
I'd like to add that I don't like the idea of an identification system to listen downloaded music : it's a move in the wrong direction.
The present system of audio CDs, which you buy once and on which you have property rights (usus, fructus, abusus) is far better than those fuzzy rights. For me it's OK to buy music I like, but please, don't turn my music experience in a techno-nightmare.
Stéphane
Have you checked out Badtech The daily online cartoon?
Have you checked out Badtech The daily online cartoon?
Instant Karma's gonna get you, Gonna knock you right on the head (John Lennon, 1970)
Repeating the exact same rhythm accurately is a skill that takes years to master. It sure doesn't happen by accident.
Memory of rhythm fades rapidly. Unlike the patterns that grow on the ends of your fingers.
Supposing that people did have characteristic patterns - by ear, a trained musician can easily copy and conterfeit them.
On top of that, *nobody* is going to be happy about getting a retinal scan or anything remotely resembling that before they can play a piece of music they bought and paid for. This idea is so far out in left field that I can't see it as anything other than grasping at a straw - an act of desperation.
I was reading a fine piece today that sums up exactly my thoughts, better than I could. The problem is defined perfectly, and the reasons why recorded music is *never* going to be expensive and restricted again, like it has for much of the 20th century. (The solutions he proposes for compensating musicians in that piece are too utopian, IMHO, but other solutions *will* work.)
The RIAA and their toadies are on the run. They may be able to attack dotcom's and bring them to heel, but they can't successfully overwhelm the entire net.
Disclaimer: I would *never* encourage anyone to violate a copyright, even to hasten the demise of an evil cartel like the RIAA - instead, listen to the music of musician's that *want* you to, and don't unfairly restrict you.
--
Life's a bitch but somebody's gotta do it.
Saying it wouldn't work because people make typos might be like saying that gait analysis won't be able to identify people who stumble sometimes.
My question would be, does it work better or worse on people who actually learned to touchtype "properly"?
-Kahuna Burger
...will work for Chick tracts...
I remember the University of Louisville messing with this technology almost 10 years ago... they were using chips that were suppossed to better simulate Neural Nets so that they could "learn" how an authenticated person typed and then later recognize them by that typing. Glad to hear someone finally got this stuff to work.
What if I become handicapped (blind, lose arm/hand/finger)? Suddenly I can't use my software because I don't type the same?
What about other people in the same house? What if I sell the software? What if what if what if?
This is just dumb. Of course, knowing the software industry, the first product to include a license management scheme that locks you out if your keyboard skills change will be "Mavis Beacon Teaches Typing"...
--
Compaq dropping MAILWorks?
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
Anyone else type differently on each?
Lessee...
At work I have one of those nifty ergonomic jobs on the pc, and a generic extended board on the Linux rack.
At home, one of those little iMac boards on my G3 tower, and an IBM 101key (better tactile/audio feedback than other brands) on the Linux box.
Plus, I have an old beater of a Thinkpad, with keyboard oddities of its own, I use for email on the road.
And by the end of the summer, I plan to have a new Powerbook.
Five keyboards (now... six in a couple months), all with different feel and feedback, and almost certianly, all with different typing habits.
I don't think it'll work.
john
Resistance is NOT futile!!!
Haiku:
I am not a drone.
Remove the collective if
Imagine all the people...
I'm really skeptical about them getting something like this to work, I mean, I make typos in my 12 charachter password, but to be expected to type a sentence with the same rhythm? I still want retina scanners.
I would hope that the system they're developing does NOT expect the user to put conscious effort into typing with the "same rhythm." The process of typing a full sentence, with timing data, has much higher dimensionality than any human observer could possibly take advantage of. Whether or not there are relevant parameters to be extracted from this remains to be seen, but I would stay clear of making statements such as the above until a good learning algorithm spends some quality time with the data. The only way this will work is if a learning algorithm manages to extract parameters which uniquely identify the user no matter what the user "tries" to do.
// zyqqh
I'd give it... oh, I dunno..5 minutes before someone comes up with a Perl script to replicate someone's typing style?
I remember doing this when I was like 12. Dialing into local Commodore 64 warez BBS'es acting like I had a terrible grasp of English, and typing terribly slow to convince the Sysop I was dialing in from l33t-land, Europe. A whole big charade to give me an unlimited ratio. Worked nearly every time.
There are so many holes in a technology like this that i'd shitcan it before it even got off the ground. If you're going to identify someone, there are far, far better ways of going about it than this, i'm afraid.
Bowie J. Poag
Bowie J. Poag
_I'm really skeptical about them getting something like this to work, I mean, I make typos in my 12 charachter password, but to be expected to type a sentence with the same rhythm?_
The typos are part of that rhythm.
If this were speech recognition, then every slur, drawl and lisp would be part of that rhythm. That's how biometric identification works: it doesn't measure and record EXACT patterns, it is looking for _rhythmic_ approximations that are typical, or representative, of user X. Further, it is amazingly effective. Think how often, when proofreading, that you discover exactly the same errors - teh instead of the - again and again and again. And that is just a trivial example. I'm sure there are many others.
Neopets - the best free game on the Int
The point that everyone seems to be missing here -- the RIAA especially -- is that we're talking about taking draconian measures to control access to art. Or, to put it another way: no one here is actually talking about "art"; instead everyone is talking about controlling the access to the art.
... er ... listen to MP3s? Or even to watch "Big Daddy?"
And it's utterly absurd.
Think about it: do we really need retinal scans and fingerprint scanners or biometric typing tutors to
All of these "copy control measures" are in place solely to *guarantee* the flow of profits not to the artists but to the corporations that contract the artist.
I mentioned this in today's Napster story, but -- and come on, where is Katz when we need him? -- no one is talking about what's really going on here: the fact that 'intellectual property' as the studios would have us believe it is dying a slow, expensive death.
And, if that wasn't enough, all this should start people thinking about the notions of 'intellectual property' in the first place.
Come on, Katz, for chrissake: write one of your grand editorials about this -- about how technology is (finally) questioning the very notions of "property" -- and what it is that makes this a so-called "property" in the first place.
What we're witnessing with all this biometric nonsense and CSS absurdity is the very loud gasps of corporations attempting to stay afload on yesterday's notions of 'property' and 'profit.'
This, finally, may be the single most important contribution of the internet: the paradigm shifting notion that yesterday's 'intellectual property' cannot survive in an age where 'democracy' plays itself out not in parchment 'constitutions' or 'declarations' but across fiber optic cables and digital switches.
'Property' has always depended as much on the presence of an object as much as its absence. Property has value when, say, you have a Lexus and you know that not everyone else does. This makes your Lexus valuable in the marketplace. Everyone *could* have a Lexus, sure, but not every one does. Everyone *could* own a house, but not everyone does.
But what happens when you realize that your highly prized commodity (as determined by an artificially designed marketplace) suddenly loses its intrinsic value?
Short of the specific things we need for survival -- food, shelter, sex -- the value of everything else is artificially assigned by the culture in which it is commodified.
You go ape shit and attempt to preserve its value. But the question is this: for whom is this value being preserved for? And, more importantly, why? Are you preserving its value because without value the object will disappear? Well, this is what Jack Valenti will have us believe. If there is no copy protection for the next Brad Pitt movie, there will be no Brad Pitt movies. (Now, if this means that there will be no more absurd films like 'Fight Club', I'd be delighted. But Valenti would have us believe that even another 'Seven' -- a brilliant film -- would never get made, which would, indeed, be a shame.)
Of course, this is bullshit. Art won't stop if suddenly there are no more corporations to exploit it. All that will happen is that a lot of the dead weight will be jettisoned.
My point is that the link between 'art' and its earning potential for corporations is an artificial link. Art will always exist -- and art will continue to exist, even when it loses its status a 'property' by the corporations that use it to make money.
Somewhere in a junk box in my garage is an old AT-style keyboard adapter box commonly called a "keyboard wedge". These are still used sometimes to do things like provide input from barcode scanners and the like.
The one I've got has a small 8-bit micro in it that also has the ability to capture and replay keystroke sequences delimited by truly odd and awkward command key sequences. Heck, IIRC, someone even posted something here a while back about a keyboard with a built-in capture and playback buffer. One thing I noticed about the way mine works is that it preserves the timing of the input in order to make sure it doesn't get ahead of the applicaiton. Any such gadget would defeat this scheme.
"The future's good and the present is nothing to sneeze at." - Roblimo's last
There could be trouble if they encrypt porn files this way, unless you always type with one hand...
The fatal flaw is that if it records, it can be played back. Sorry guys, no dice.. digital protection is flawed for exactly one reason - you can't obscure whether the bit is there or not. Solve that and I have a quantum physicist that wants to talk to you.
[ begin devil's advocate mode ]
Then they should pay to hear it, the same as you.
The thing to understand here is that if you are making use of someone else's property, you should expect to abide by the conditions imposed on its use.
If you don't like the conditions, don't use it. It's not like this is food or anything: you don't need, say, Metallica's Black Album to keep breathing for another week.
The music is the property of its owner. If someone wants to, they may let you or your family members use it for free if they want, but they shouldn't be forced to do so.
It's only now that technologies like this are giving the owners an option in these matters. Forcing them to let people use their property for free is morally wrong and it's only now that we're beginning to see technology that can rectify the situation.
[ end devil's advocate mode ]
In my own opinion, while I believe that private property rights are a consequence of natural law (woo, look at the cute widdle 18th century philosophy), they are such only because of exclusivity. Two people physically can't posess or control a physical object.
I don't think the notion of "property" should be perverted to include things that aren't naturally, in enconomic parlance, excludable, and I don't think scarcity should be imposed where there is naturally none soley for the sake of making a profit.
If people get mad when someone creates artificial scarcity even in a naturally scarce good (e.g. OPEC with oil), why is making a naturally non-scare good scarce just for the sake of making money suddenly okay with everyone?
Now, making sure artists eat is a different matter, but the record companies aren't generally doing any better -- the majority of musicians would be living in cardboard boxes on the street (and not eating) if they relied on revenue from the record companies for their livelihood.
Personally, I think we need to start thinking more about artists as people who actually do WORK (they do, you know, composing ain't easy) for which they should be paid (they generally aren't now, except when they're paid for performing), rather than thinking of them as people who need to be subsidized by someone playing tollkeeper to their ideas.
The new technology is also enabling schemes like the Street Performer Protocol area which are I think a good start in the right direction. I only hope more people pursue them, instead of strangling ourselves like we are now.
We have real world scare resources that have economic value: scare creative talent (labor). There is no real need to make "pretend" scarcity in information-space to subsidize that labor, unless you expect <sarcasm>the lazy artists to do their thing for free (they're not really DOING anything, after all)</sarcasm>.
DNA just wants to be free...
I will just get a monkey to randomly mash and bash the keyboard with it's hairy paws, now that is security.
But, say you wanted to crack this, couldn'y you just get a realtime video cam and record the rate system admin mashes the keyboard with his fat hands? Get the rhytem from the tape and then make a robtic device to mimic system admin bob's keystroke rate.
Eye scanners would be cool, cause to crack though, you would have to cut out the users eye, remove your glass eye, insert their's into the empty socket and crack that puppy open like a nice cold beer.
On thing I seriously though about doing is a IR interface that is embedded into the body and can send the signal automatic when a correct password is typed into the machine.
Seriously though, the above is just bs. Let's thinkg about this, what if you are drunk or stoned and want to check email? do you think your type rate will be the same? What if you are intoxicated on large amounts of caffeine when you "insert" the password rythems, then when you wake up slow in the morning and try to see what is on slashdot, you type rate is differant. What if you finally get one of those big ass old sytle IBM "click" keyboards that slows down your type rated compared to your sleek space age "fluffy" keyboard?
And most of all, what if you a typing class?
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
...but apparently some people don't.
I suspect the goober will probably get smacked down in metamoderation, anyway.
Family situations aside, though, there are a lot of things that we do now (e.g. campfire singalongs) that violate copyright, it's just that there isn't (currently) a good mechanism to enforce it in those circumstances. (except some ASCAP sabre-rattling now and then)
People ignore the inequities in the law because it's not consistently enforced. Technology is changing that.
Really, my only reservation is that I'd like to make sure there are other ways artists can get equitably paid for their work BEFORE the copyright system falls apart.
DNA just wants to be free...
What I want is a Linux module that monitors the typing of whoever is logged in as root, and sends an email to a remote address of mine when a violation is detected. That would be extremely useful.
Forget this music crap. If I can route it to my speakers, I can burn it to cd, make an mp3, or record it to tape and take it to my car. Let them develop the technology, then eventually we'll put it to good use.
During WWII army intelligence were able to identify individual enemy radio operators from intercepted morse signals, due to the fact that each opererator had a distinctive style, known as a fist.
Given that this was possible in 1940 with no computing power, biometrics based on keyboard style is probably not so stupid...
... an anecdote from IBM's Yorktown Heights Research Center. When a
programmer used his new computer terminal, all was fine when he was sitting
down, but he couldn't log in to the system when he was standing up. That
behavior was 100 percent repeatable: he could always log in when sitting and
never when standing.
Most of us just sit back and marvel at such a story; how could that terminal
know whether the poor guy was sitting or standing? Good debuggers, though,
know that there has to be a reason. Electrical theories are the easiest to
hypothesize: was there a loose with under the carpet, or problems with static
electricity? But electrical problems are rarely consistently reproducible.
An alert IBMer finally noticed that the problem was in the terminal's keyboard:
the tops of two keys were switched. When the programmer was seated he was a
touch typist and the problem went unnoticed, but when he stood he was led
astray by hunting and pecking.
-- "Programming Pearls" column, by Jon Bentley in CACM February 1985
-Yarn - Rio Karma: Excellent
And to people like Stephen Hawking, they can forget about listening to music this way.
And if I want to play a huge collection of songs, legally bought by myself, I must authenticate each and every time the song advances.
Do the companies that think of this "innovative" stuff even bother to think about what they are doing? Are these people morons for thinking that such a thing would work?
See my post below about R. Stockton Gaines's work at RAND around 1978-1980. You don't happen to remember your instructor's name, do you?