Slashdot Mirror
Slashback: Imagination, Evasion, Watermarks
Frankly, this would have been just too silly. steveha writes: "Microsoft just changed their 're-imaging' payment policy. Companies buying computers that come with Windows installed can once again re-image the system hard disk without Microsoft demanding an extra license payment. Here is the official Microsoft document. Computer Reseller News had the story."
Burn baby burn. rpeppe writes: "briefly, you can download Inferno here, for free.
you might remember from a month or so back that the UK firm Vita Nuova obtained rights to Inferno, a next-generation virtual/embedded OS created by the likes of Rob Pike, Ken Thompson and Dennis Ritchie. Inferno uses many of the ideas from Plan9 but, unlike Plan 9, there are no restrictive hardware requirements - it runs as a "virtual OS" under Linux, Windows, Plan 9 and others, mapping the resources provided by the host OS into a standard form for programs running within Inferno, which will run without change on any platform running it (including on bare hardware, such as SA1100 or MIPS)
we've just made free downloads available (for any use) for Linux, Windows and Plan 9. the actual kernel is not open source, but the download includes open source for all the user-level code in the system (applications, libraries, etc), plus unix-style documentation so there's plenty to tinker with.
this is a system that is genuinely trying to address the problems that are "too deep for unix to fix" and includes all sorts of interesting takes on some of the original unix philosophy (after all, it represents 30 years of evolution from the unix original). plus it's a really nice environment in which to write genuinely (and elegantly) portable programs."
Taking the meat from the jaws of Carnivore. An unnamed correspondent writes "Found a nice article on the circumvention of Carnivore which details steps one can take to avoid big brother. Article is nicely written which has a strange reference to the NSA's Verona project of World War II."
Nothing here may be all that new or surprizing to those already interested in online privacy or cryptography in general, but if you ever need ammunition in an argument about the nice government versus slithering heroin-dealing kiddie-porn terrorists, it'd be nice to point out how accessable these methods are to all involved.
OK, who has what up their sleeves, and why? Fervent writes "Interesting twist in the SDMI boycott -- Don Marti's backing down a bit. Apparently he and Leonardo Chiariglione, executive director of the SDMI, talked and found ways to get along about secure music. The article is here."
I'll be impressed if the music industry or anyone else can come up with a high-quality music format which can't be effectively copied with a modicum of hassle. "Anything that can be read," etc. Thta's not about to stop them from trying on both technological and legal fronts. Of the two, I'll take technological any day.
Anyone remember http://www.atheos.cx ? It seems to have a lot of promise. It seems to be very light and hopefully, fast.
Has anyone tried it?
OSes seem to be getting bigger and bigger these days (I'm going by base installs, not kernel/whatever), something quick and small that stays out of your way is good. That was always the nice thing about DOS.
The court cases seem to hinge on whether or not you have an "expectation of privacy". This can get fuzzy, as in search and seizure of an automobile and its contents.
If you send the email to another Hushmail user, it never leaves their servers. They themselves admit that the email is no longer secure if you send it to someone outside of Hushmail. Do you know how Hushmail works?
--
This can't be done if the vendors of the soundcards sign their drivers with a universal "secure music" key, and the SDMI music refuses to use anything other than a signed driver. These drivers of course will prohibit simultaneous sound in and out.
This would not sell...
Preventing simultaneous In/Out is called Half Duplex and today if your not full duplex (in and out at same time) your dead.
This feature is needed for teleconphrencing and is used by on-line games for live verbal communication...
This means the majority of Hackers, Games and busness people would reject it... thats about 100% of the markets that drives technology sales....
Plus this dosn't prevent users from using TWO soundcards (Windows prevents it Dos, Linux and everyone else allows it so just don't tell Windows about the second card)
Also mass market sound cards are 5 year old high end market cards. The new cards are allways for the high end market and eventually reach the mass market with many clones etc using same or slightly improved chip sets.
Given this most card makers are not intrested in rewriting sound card drivers.. if SDMI dosn't work on the hardware allready on the market it's allready dead....
Burocrats don't reproduce.. they just attempt to reproduce a lot... and throwing bricks at the equipment makes them only want to reproduce more on our freedoms than they do allready
Signal11 holding a press confrence.. hmmm hay it works for Bill Gates... why not....
I don't actually exist.
Is it one of the new LCD terminals that you shove slashdot on?
Respond to s
Well then why hasn't someone bothered to say decompile the windows executables and then take a look at the raw assembler make some raw C or C++ code from that and then modify it and then recompile it to give them what they need?
Respond to s
Heh. If you suspect that you are under surveilance by the FBI using carnivore (and that suspicion will either be paranoid or very very hard without well-paid judges) then there is of course, an infinitely easier way to circumvent it: Get a new ISP for the love of god. Or use public internet access. Or even just STOP DOING whatever illegal activity it is that you're doing. And I don't mean warez. The FBI doesn't care about that.
Script kiddies. Sheesh.
---
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
Bravo. That's absolutely right.
InstaPundit! Ahead of the Curve Since 30 Minutes Ago
>Obfusicating object code? Puhlease.
Your right.. but people do it anyway...
Oh BTW.. thats why Soft ICE exists... otherwise a normal decompiler would do the job FINE..
So this only means you can't use a simple brain dead decompiler to rip out the source code and lay out out like an animal gutting open it's kill...
I don't actually exist.
Why, to guard against insomnia, of course. Otherwise they could be sued by someone whose health has suffered because of lack of sleep while hacking at a truly advanced OS.
Plus, unix-style docs are a good source of job security. Can you imagine how many techs would be on the dole if their bosses ever learned how to administrate their own computers? But one glance at unix docs is enough to send any PHB into convulsions.
Any sufficiently advanced civilization is indistinguishable from Gods.
You can't decompile Command.Com and make it open source becouse it's Copyright Microsoft..
It's allready been cloned however.. more than once... the only thing preventing an open source clone of command.com is... why bother...
Oh wait... FreeDos... Hay maybe they did it...
Decompiling is pritty clean and easy to do adding libarys just shows up as "this libary linked here" it dosn't really effect anything...
Obfuscating the code btw only screws up decompilers... Debuggers and hacking tolls are pritty much immune...
I don't actually exist.
>The FBI really doesn't do Perry Mason-type investigations any more. They only have two tools in their kit, informants and wiretapping.
>That's why they're so worked up about Carnivore, it's their only hope.
In a sense, it should be easy to see that an incompetent FBI is a greater threat to average innocent citizens. viz. Steve Jackson Games, if nothing else.
That said, anyone actually committing crimes who relies on the methods in the linked article is a damned fool and deserves what happens to them. The FBI may not be as immensely clever as the movies would have us believe, but law enforcement relies on more than one method to close a case, and isn't averse to hiring people who do know what they're doing to go over the evidence.
----
lake effect weblog
{Network engineer in Chicago--looking for work!}
I suspect the carnivore system might be smart enough to ignore the last few lines of your emails, to get around deliberate tagging. The obvious solution is to build into mozilla something that adds html comments to html e-mail, so it doesn't bother the reader on the other end (if they have an html mail reader) which have complete sentences that sound really subversive and hit the right keywords. That way the comments can be hidden throughout the message, so the scanner doesn't see them clumped and ignores them. You'd have to be careful about the sentence generator, and make sure it uses some fictional noun in each sentence, so it's obvious it's only a joke. Now, I think that's a system that would be pretty powerful for clogging them up.
WARNING: there is a trojan on your
You're not thinking of corona are you? ;>
The material was intercepted during the war and cracked and exploited after the war.
Combine the major inconvenience with the dilution effect of sending *all* (or most) of your messages this way, and you're looking at a method that's crackable, but not in a practical way. It has the added advantage of being fun.
73 de N5VB (ex-KD5BIV) AR SK
This can't be done if the vendors of the soundcards sign their drivers with a universal "secure music" key, and the SDMI music refuses to use anything other than a signed driver. These drivers of course will prohibit simultaneous sound in and out.
:) Or Bruce Schneider (www.counterpane.com).
First of all, you can write a driver that keeps the original, signed driver in a handy closet and when the request for authentication comes, just pulls it out of the closet, shows it to whoever asked, and puts it back in.
In other words, there ain't no such thing as a secure local client. Just ask people running multiplayer servers
Not to mention that two PCs side by side nicely solve the problem of prohibiting the sound card to do simultaneous in and out (which is called full-duplex and is highly useful in real life).
but sound card manufacturers could always monitor voltage drop on their boards and shut down if it increased suspiciously.
You are confused. It's the RIAA that is paranoid. Sound card manufacturers want to sell hardware and tend to dislike boondoggles which increase the cost of the card while decreasing its usefullness.
[re SoftICE solution] I hear they obfuscate the object code and include commands to crash browsers, meaning that this is not a skript kiddie task.
It only has to be cracked once...
5. Audio cable connected between INPUT and OUTPUT of soundcard.
See above about signed drivers.
See above about two PCs.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Not really. Those are just the same links that appear in the text, grepped out automatically, plus a few generated by keyword matches (e.g. Linux, Wired, etc.)
Links to the original articles only appear under Related Links if timothy or the submitter included them.
There's a conventional copy-protection scheme, which is the first line of defense.
SDMI is supposed to allow to *cough*securely sell digital music online. How do you copy-protect a file that you just downloaded?
This watermarking is supposed to survive speaker/microphone transfer, but that remains to be seen.
It may survive the speaker/microphone transfer, but I doubt it'll survive an attack specifically directed at it. Selective attack at a watermark is going to be orders of magnitude more effective than just adding random noise.
The idea is that either you have a 100% SDMI-compliant system, or a 0% SDMI compliant system; nothing in between will work.
That requires everybody in the world to throw out all their old hardware and buy new, and not just any new hardware, but SDMI-compliant only. I think the SDMI designers have a very good crack dealer.
It's not that it's uncrackable, it's that cracked content only plays on special systems useful for little else.
No, you got it wrong. It's the uncracked content that only plays on special systems.
That's actually (yet another) big hole in this whole scheme. If I have a system that is able to crack SDMI (e.g. through soldering leads to my speakers' drivers), I can produce non-SDMI music files, say, plain-vanilla MP3. Then I can throw them out onto the net (Usenet, Freenet, etc. etc.) for people to use. Anybody will be able to play them. Only people with 100%-pure SDMI systems will be able to play SDMI files. Guess which format is going to be more popular...
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
I know legal consent is 15 in some states. I always found the intolerance of pedofilia very strange, as the human species sexually matures in the early teens. There are a number of studies that are dead and buried (although they once flourished over the net) covering the topic. It doesnt seem very sick to me. Then again, I prefer women with big hooters.
Often wrong but never in doubt.
I am Jack9.
Often wrong but never in doubt.
I am Jack9.
Everyone knows me.
In order to get the driver signed by Microsoft to be SDMI compliant, Creative will disable "what-u-hear" when playing SDMI audio. That's one of the requirements of gaining a digital signature that allows access to the Secure Audio Path of Microsoft Windows Media Digital Rights Management.
<O
( \
XGNOME vs. KDE: the game!
Will I retire or break 10K?
No, you type it into a java applet running locally on your browser, which communicates with hushmail's servers over some public-key-exchange encrypted channel (likely RSA, but that's a guess).
So there are three points of attack:
1) compromise your browser/vm.
2) compromise the hushmail server.
3) compromise the bytecodes intransit.
Obviously number 3 is the easiest way to go. Interestingly, microsoft's ideas with signed binaries would be a [partial] solution to that. You would then have to
4) compromise signer's certificate
and as soon as that happens, basically the attacker needs to compromise the whole infrastructure, which we assume is impractical.
After reading the faq on thier website, I wouldn't trust this, especially with Carnivore -
For one thing, it apparently 'shreds' the message after it has been read. Leaving aside the question of it truly deletes the message from evey machine it is stored on to the point that it could never be recovered, I thought that Carnivore is more a packet sniffer, and would intercept the message as it is being transmitted. Even though it is not using smtp it is still probably not enough to stop carnivore from realizing that data is being sent from a target machine. Yes, the data is encrypted but my second point, and most important in my eyes, is that they give absolutly no information as to how the message is encrypted. They use smoke and mirrors in there faq about 'level of encryption', quote : 'Unfortunately, there is no straightforward answer to this question, because "level" doesn't mean anything in the encryption world. ', instead of dealing with the real issue - that of the algorithm(s) they use. They obviously have some patent issues to deal with, but you would think that after the patent has been applied for they should be able to publicize the algorithms used in order to show that they really are secure. No encryption system should be considered secure for public use unless the algorithm is public.
So, as far as I'm aware from thier faq, SafeMessage is little more than some proprietry email protocol combined with some proprietry encryption protocol(s) that has not faced any public scrutiny into thier actual effectiveness. Maybe I'm wrong, and it's the most secure communication system since crypto was invented, but untill I see proof (and more detailed information from thier website), I wouldn't touch it with a barge pole.
TK
At some point, somewhere, the entire internet will be found to be illegal.
This is why many people argued against the Bill of Rights. Not because they opposed the right to a free press, but because they feared a legal culture would emerge that assumed only enumerated rights exist, and that other rights are not guaranteed. What do you think the 10th amendment is for?
Of course, that's how it works in theory. Most people will let the government do whatever it damn well pleases as long as they've got a job and their house isn't being sacked by roving gangs.
That's what's so amusing about this whole debate. Everyone's screaming as though some big corporation is witholding water from drought-starved 3rd world countries. But in actual fact its the world's elite whining because the new geek toys might no work exactly how they want them to.
2) The SDMI boycott you read about here lately has lost a key proponent; the reasons are unclear and so is the eventual outcome.
Apparently, Slashdot likes to post trolls.
OK, who has what up their sleeves, and why? Fervent writes "Interesting twist in the SDMI boycott -- Don Marti's backing down a bit. Apparently he and Leonardo Chiariglione, executive director of the SDMI, talked and found ways to get along about secure music. The article is here."
This is not what the article says.
Holy christ that all sounds far too complicated. Um, sorry if I sound archaic, but WTF is wrong with simply recording it to a cassette tape and using your walkman/tape deck/ghetto blaster etc.? It's how 99% of the world's population still does it. Are tapes are "too low class" for your bourgeois tastes? Sheesh, what a bunch of spoilt brats you all are.
Ok so it's disabled in the driver.. It's still in the hardware..
With Dos the driver is in each application... just run a Dos recorder under windows and you've bypassed the whole mess..
In the mean time Mac, Linux, BSD, etc sound drivers are not signed and are full duplex at all times.
New Linux sound drivers are allowing multi app accss to sound cards so more than one sound card can tap the card at once..
Mac has similer issues plus Linux and Mac normally allow many sound cards so you can bypass this problem with two cards should they ever find a way to lock the single card into play only.. you use annother card for record...
Older Macs and Sun Sparcs often have more than one sound chip.. one built in one on sound card.. both accessable...
(the sound card is an upgrade from the older simper chip)
I don't suppose BeOS "The" multimedia os would skip the ability to access more than one card...
Ok so it's just one more thing Windows users can't do that everyone else using ANYTHING else can do..
Oh wait... Dos.. yeah well I guess OFFICALLY Windows users can't do it... unoffically... muahahaha
I don't actually exist.
Charon does so accept cookies, and it does that just fine. Why would you say it doesn't? It doesn't do Java or some of the more complex Javascript.
Fervent posted this before. He was criticized harshly for misinterpretting the article. So then he goes and submits it as an article??? What an ass.
Then send this and rely this to all of your friends in big ISPs eventually you will get a knock on the door. Seriously if I use pgp/gpg aren't I immune from the actual evesdropping since my communications originated and end encrypted? Hasn't this already been done with packet sniffers and the like?
Respond to s
The alternative was worse?
--
perhaps jane.something@sampleisp.com can't argue invasion of privacy as a law in the us (assuming you are correct about that). she could however argue on an illegal search and siezure(sp?) as they have searched the entire network and potentially seized information from her without probable cause (since they were, of course, looking for 'jondoe' and not 'jane.something'). protection against illegal searches and siezures *is* guarranteed in the us constitution. of course you'd have to have an excellent lawyer to argue that as courts seem to have something against information and computers currently.
of course i am not a lawyer, but this is how it would seem to me.
doktor eric
I'm pretty sure this is based on Forever Knight, the Vampire/Cop Show that premired on CBS's Crime time after prime time and ran a bit on SCI-FI.
Barring some radical new advance in speakers, I can just put a resistor in series with a tap, and hardwire it into the voice coil of the speaker, and run that back into the audio input of my soundcard. No worries.
--
I still am fond of ROT26.
Democracy is dead. All kneel to the Commander In Thief.
If the watermark is totally inaudible, what's to stop BandX from putting the SDMI watermark on the released studio album?
Alex
So again, if you can see where the watermark is changing, can't you still excise that location? Or is the watermark somehow checksum'ed? Perhaps if each copy permutes the entire song, it would be more difficult.
Of course, if the Watermark *is* generated on the fly each time, that makes having a standard diff of the watermarked track difficult, but still not impossible.
-- "I am disrespectful to dirt. Can you not see that I am serious!"
Charon accepts cookies just fine. um, you did read the man page, right? RIGHT?!? `man charon`, buddy. it's got problems with some JavaScript (thanks to crappy standards and Netscape and IE pretty much ignoring them anyway), and no Java at all (thank God), but it's got cookies, and is quite usable. i'm using Charon to post this, logged in and all.
i speak for myself and those who like what i say.
> The FBI isn't stupid.
They built a box that needs to run unmaintainned and unobsured for long piriods of time....
and used Windows...
There are quite a few operating systems that could do this job quite nicely... including Dos...
The FBI may not be stupid but whomever designed this box isn't the first person I'd turn to when it comes to turnning on a flash light....
I don't actually exist.
(Note that this assumes buying things online actually works this way. It's extremely likely that someone will figure out a way to compromise that scheme and there is always the "Give a wino some booze after he buys it for you" approch, involving either those kiosks they've been talking about or an Internet cafe.)
-
There's a conventional copy-protection scheme, which is the first line of defense.
-
SDMI audio is watermarked so that SDMI-compliant devices, including USB speakers, won't play
it without authorization from the authentication system. This watermarking is supposed to survive speaker/microphone transfer, but that remains to be seen. (If that really works, we may see watermarked live performances.)
-
There's a handshake scheme so that all peripherals (and maybe everything on the LAN) have to do a
cryptographic SDMI handshake before any protected content will play. The idea is that either you have a 100% SDMI-compliant system, or a 0% SDMI compliant system; nothing in between will work.
The SDMI designers figure that while building a 0% SDMI system is possible, few people will bother, and it will be so nonstandard it won't be very useful.
Anyway, that's the concept. It's not that it's uncrackable, it's that cracked content only plays on special systems useful for little else.I think the artical assumes Carnivore is a Windows box not an FBI agent...
:)
If all Carnivore dose is log all data... he's toast..... If it accually dose some work then it's brain dead easy to bypass a simple scanner...
Someone else made a recomendation that bypasses even an active log.... (Same thread right here) good thinking guy...
How? Get an new ISP... blah
and one my mother wants to do anyway...
Get a free account (for herself not for me.. I like my radio IP...)
Yeah... now how to tap my line... I"M USING A RADIO IP for cripes sake it's pritty braindead to read every packet I transmit
I don't actually exist.
Maybe you should think about this one a little harder; the NSA is smart enough to know that ignoring any part of the data they capture would make it the ideal covert channel. -- the clueless American pigdogs with their sig parser will never see this message. Attack at dawn.
Cause your 2400 baud modem is too slow. Do you feel Echelon owes you a faster modem?
Oh yeah, and your comment is pure abstract crap. Don't disregard extant solutions without a valid one of your own.
Blar.
Don't forget the value of steganography. It'd be exceedingly difficult to tell that one person's random-looking grep bait is generated according to the data they want to transmit while the other 99.9% of the people sending messages with X-Echelon-Bait headers are generated from /dev/random. Since a good encryption system's output will be close to random, even a very simple system using a custom dictionary could sent 6-10 bits of encrypted information with each word choice. More complex systems would be much harder to track.
sure thing, job 13...
;)
eudas
Blessed is he who expects the worst, for he shall not be disappointed.
HAHAHAHAHA! I have been communicating my secret plans with my fellow terrorists by sending innocuous sounding messages about the weather and my cats, with our plans appended after the "-- "
--
send the uranium to secret meeting place #4 for final device assembly! The cities of the infidel americans will drown in the blood of the unholy tonight!
If you send the email to another Hushmail user, it never leaves their servers. They themselves admit that the email is no longer secure if you send it to someone outside of Hushmail. Do you know how Hushmail works?
I happen to know that the data you type in to your email does not just magically jump through the air through TCP/IP by Magic Fairy, and therefore the data itself, as well as the face you were connected to hushmail, is obvious to anyone sniffing traffic. What's the security? https? Yeah right.
angstridden wrote:
Frankly, I was quite underwhelmed with the suggestions. They all basically add up to cheap, low-tech encryption or security by obscurity methods. Some were flat-out wrong. Going through an email proxy doesn't help if they're sniffing your connection by IP address. I'm not convinced that Carnovore doesn't do this (nor am I convinced that it does. But I wouldn't base my security strategy on the weaker assumption). Likewise, forging an email address is not going to trick the system. The FBI isn't stupid.
Hear, hear. Almost nothing is known about Carnivore's technology. Just about the only thing that is known is that it is installed under a warrant, the same as a telephone wiretap. In order for this to happen, the FBI will have to have had sufficient circumstantial evidence already in order to lay out their case to a judge. They will have made the decision to dedicate scarce manpower and equipment to the investigation of a particular individual, you. If Carnivore is sniffing you, as a practical matter, they must already suspect you of a crime.
In this case security by obscurity is nonsense, as is any kind of chaff or spam. The reasonable assumption is that the design of the system includes user specificity -- that is, even if you make the assumption that this hearsay about Carnivore is correct, and it searches by keyword, that keyword is very unlikely to be "bomb", and instead is very likely to be "youremail@thisisp.com", if it's a mail sniffer; and your.logon.IP.address if it's an IP sniffer. I'm guessing from what I've read that it's more the former than the latter, but both are equally technologically possible.
Thus, if you are possibly the target of an investigation, it would be reasonably prudent to assume that all your email (or possibly IP traffic) is logged at whatever choke point. This leads, of course, to desperation measures: move all criminal communications and activity to the Big Blue Room Backchannel; or use strong encryption, or just possibly steganography on what you do send. Either is risky, since Carnivore's presence means that they are trying to build a case against you, and once that case is built, they will have no compunctions about seizing the equipment you used to send those communications. Commonly, of course, that will give them all the evidence they will ever need -- the standard level of security, as most slashdotters should know, for almost anywhere, being "hoping nobody ever looks", or password="password" or foldername="stoleninfo". The wily criminal will have used Blowfish or equivalent to completely secure files, but even Blowfish has vulnerabilities, because Windows and other computers have pesky needs to write files on different parts of the disk while they're in use.
No, if you even have an inkling of a suspicion that the FBI is pointing Carnivore at you, best to melt your hard drive before they can get to you. One day, whether because of your computer, or because everyone has talky friends, they'll get a warrant to at least see what the hell you've been doing.
Now to the greater question, the legitimate worry that privacy advocates have regarding Carnivore's overspill capability. That is, just like the White House lost months worth of e-mail archives because of a sloppy search parameter (whether that was intentional I'll leave up to the reader), Carnivore could very easily accidentally log traffic that does not belong to the target of the investigation.
Once again this information will be standard internet e-mail. E-mail contents may be obscured, but e-mail recipients and senders cannot be -- and you can tell a lot about e-mail just by who sends or receives it. Those mails to "patrick naughton" just may not go unnoticed. It would be illegal to do so, but it wouldn't be the first time a law enforcement agency developed a lead based on illegally-obtained information. In short order you'd be back in the original situation: whatever you do being logged, whatever you send, even if encrypted, being noted for its circumstantial nature.
Bypassing Carnivore is technically possible, even if they're doing packet logging. Encrypted VPN, SSL, and other techniques could allow you to connect to a remote system and do what you need to there. Again, however, the where is easily determined, and the remote system would become the focus of the investigation.
Really, I don't think that there's an easy "defense" against Carnivore. The defense is in not attracting suspicion in the first place, and if that's too late, by pathologically practicing probably-impossible levels of security both in communications and on the node systems. It's like suggesting there's a defense against the cops staking out your house. All you can do is move the allegedly criminal activity elsewhere.
Note that none of the above assumes that you are involved in actual criminal activity. I know someone who works for an attorney who is under federal indictment for a fraudulent land sale that was arranged by a client, and who involved my friend via a forged signature. I know that my friend is completely innocent, although I can't with certainty say the same about the attorney. Mostly, it looks like it was a tax investigation of the client that ballooned into a fishing expedition and found this one thing. Anyway, I wouldn't be surprised if the FBI had used Carnivore at some point in this investigation, as some documents were exchanged by e-mail. Possibly my friend's personal e-mail. Possibly, thereby, my e-mail between myself and my friend. Innocent activity, all of it, but still subject to investigation. Frustrating as hell, and arguably a form of harassment, but probably completely legal. Now, in practice, they haven't seized any computers here -- I'm just saying that this is an example where they could very easily have obtained a Carnivore warrant.
----
lake effect weblog
{Network engineer in Chicago--looking for work!}
Anyone know what this one is based on?
Looks like episode 117 of Forever Knight...
I know this is a joke, but:
10. Write a device driver that emulates a soundcard. Dump output to disk. Optional - sending to the real soundcard. Bonus points if you use DirectSound.
This can't be done if the vendors of the soundcards sign their drivers with a universal "secure music" key, and the SDMI music refuses to use anything other than a signed driver. These drivers of course will prohibit simultaneous sound in and out.
9. Attach leads to the DAC of the soundcard, design daughterboard to resequence for raw wave output. Optional: 64MB stick of RAM and a memory overlay for copying back out to the system. Estimated cost to hire an EE to do this: $25k
An impractical idea, but sound card manufacturers could always monitor voltage drop on their boards and shut down if it increased suspiciously. Don't think anyone's seriously going to do this though, not in mass quantities.
8. SoftICE, a pack of mountain dew, and an SDMI decoder.
I hear they obfuscate the object code and include commands to crash browsers, meaning that this is not a skript kiddie task. And what if the obfuscation differs between each copy of the SDMI binary on each users machine? Eventually this becomes a big pain in the ass and not sufficiently general to pirate music.
7. 15 minutes alone with developers of SDMI and a backpack full of bricks.
Yes, I believe there is a backdoor in there somewhere. Probably would work. It's criminal, but hell, they'll be passing laws chopping of the right hands of MP3 traders pretty soon, so where's the risk differential?
6. 45 minutes alone with legislators who signed DMCA into law, backpack full of bricks (note: bricks may be damaged by contact with thick heads of legislators - Aim lower)
Unfortunatley, beaurocrats seem to spawn asexually.
5. Audio cable connected between INPUT and OUTPUT of soundcard.
See above about signed drivers.
4. Hold press conference. Compare SDMI to DivX. Drop plenty of rumors so retail outlets won't carry it without large cash advances.
Attention The World At Large! Signal11 sez...
-konstant
Yes! We are all individuals! I'm not!
-konstant
Yes! We are all individuals! I'm not!
Wow, he ripped that one entirely!
:)
Thanks, I probably should have been able to figure that out; I watched Forever Knight a few times, and I thought it was alright, and somewhat similar to the Highlander TV Series.
...I just couldn't figure out what this one had to do with the usual topics; Microsoft, Open Source, and whatnot. At least it had Natalie Portman, eh?
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
And extremely easy for them to crack/fix. (P.S On a related note there seems to be a web hosting/internet access company that I saw caled Echelon hmmm...) Basic statistics would indicate that if you have say 20 keywords in one single message and that they are all the same type of words that it would be a little suspicious wouldn't it? Also even if you wanted to clog the system what prevents the NSA from actually using beowulf techniques and analyzing data at a later date? Here is what I would do if I were the NSA: 1. Get a whole bunch of programmers who are paid well (and threatened sufficiently) that they code an adaptive system to look for keywords. 2. Get say 10,000 computers in several buildings and in fact place monitoring computers all over in various areas which you wouldn't syspect them to be like walls and various government contractor locations. 3. Get a nice OS like Plan 9 or Inferno and create a distrtibuted app around the one in 1. 4. Divide the network traffic to analyze from 3 and divide in amongst thousands more computers in a distributed fashion. If a computer dies it's work will be picked up by another computer. In this manner it would be trivial to get most of the major perpetrators who are too stupid to use encryption or are using weak encryption.
Respond to s
I believe he means your computer hardware, stereo and speakers will all need to be SDMI capable with some way to verify this to the player, or it won't play.
Now, did you ever hear about how guitar players used to get that super distorted, screaming guitar sound at a reasonable volume level? It involved a sealed (soundproofed) box with a speaker and a microphone. Remember, it only has to be cracked once...
Lexington PD rolls up, says they received a noise complaint, funny, the neighbors on all sides are here, and I had just came from the street, stereo was inaudible. They ask where the keg is, I lead them around the backside of the house, they ask have you been serving minors "no of course not officer, please check the IDs on the people that were outside with me" (12 21+ year-olds.)
They ask can we come in, I mention that they don't have a search warrant, they cite me on a bullshit charge
126.90 to Fayette county, just because I don't smoke in my house
Read my plan to save the Bengals
Well, assuming I'm BandX and I record my new CD "BandX Live" and I want to release my hit single "It's Not Goatse.cx" for paid download as a SDMI-watermarked track. So, I take my CD, rip the track, slap the watermark on the track and release it.
My question is, what's to prevent one person who owns a copy of "BandX Live" from comparing a direct rip off their CD to the downloaded version and just locating the watermark that way. Once that is done, I imagine you can generate a list of altered bytes. Package that list into some form of standard format compatible with a de-SDMI program (call it "The SoDMIzer") that can take a track and the byte list and remove the watermark.
So all you need is an on-line repository of the byte-lists (or whatever, I'm sure there's a more elegant way of diff'ing the tracks) and the problem goes away.
It's an extra step, but not a big one. What's the catch?
-- "I am disrespectful to dirt. Can you not see that I am serious!"
troll wrote:
PROVE it works. It has never been shown to work.
Good gravy, man, I could write a Carnivore sniffer myself sitting in the vanity room. It's dead simple to log traffic, and Carnivore aside, there are hundreds of tools that already do it.
The fact that the government is using it is, by itself, evidence that it works to at least their satisfaction.
You may be confusing Carnivore with Echelon. Echelon scans broad swaths of public traffic looking for things to listen to or read carefully. Carnivore, though, is aimed at specific users. The difference in scale is tremendously important.
----
lake effect weblog
{Network engineer in Chicago--looking for work!}
The only reason they get away with it is because nobody plays SDMI music.
Vendors are still free to provide 'non-certified' drivers on their websites that are fully functional, except for the fact that the SMDI player can refuse to use them. (Most clueful people run with the more up-to-date non-certified drivers, so this should be enough user pain to prevent SDMI from making any traction in the short term.)
A side effect of all this is that you'll probably never see a SDMI player for any open source OS (including Apple Darwin/OSX?!).
When I hear the word 'innovation', I reach for my pistol.
Hee, it's sure a hot operating system!
Oops, the great heat is already burning out my brain, and extremely bad puns are dribbling out of the charred remains.
A truly excellent pizza parlor is a delight unto the heavens. Treasure the sauce and the toppings!
It's a convience thing. Dedicated MP3 computer plugged into the stereo let's me easily play all the music in my collection, in any order I want, with no annoying lags for a CD changer to swap discs or for me to get up and physically replace a tape. If I want a custom mix for the car it's a helluva lot easier to sort a dozen songs on the computer in the order I want and burn them to CD. MP3/Vorbis type technologies give the user far greater control over how he/she is able to listen to music. Plus I don't even own a tape deck.
"Listen: We are here on Earth to fart around. Don't let anybody tell you any different!" - Kurt Vonnegut
It took me 10 minutes the other day at work to find and get connected to a local free internet service. (wanted to do something the firewall doesn't allow)
I had to fill out some marketing questions but there was no way to check to see if I was lying about who I was.
There are so many of these free internet connections avalible now that it would be tough to monitor them all looking for a particular user.
If you had a laptop with a modem and were willing to move around it would be even harder.
Every wrong attempt discarded is a step forward - T. Edison
The point is that in a battle between automated systems, the better programmers generally win. Outsmarting automated systems requires intelligent, creative thought. Lazy, automatic work, even if done by a human, is vulnerable to automated attack.
-- the clueless American pigdogs with their sig parser will never see this message. Attack at dawn.
This would get through once, be flagged by a human reviewer as harmless nonsense, and not show up on their monitors again. Come up with an automated .sig generator, and you will be repeatedly flagged until you cross a critical threshold, at which point automated systems will just ignore you until you exhibit some novel behavior, like encrypted .sigs or unusually long contents. Even then, a flexible and adaptable monitoring system will be able to filter you out.
I rather doubt the NSA does very much keyword filtering for the same reason that keyword-based search engines are increasingly useless on the web. It is more likely that they use some fairly sophisticated natural language parsing engines and n-gram analysis, or something on that order.
--
Proud member of the Weirdo-American community.
Still, if you ignore it, people will use their .sigs to pass data. If you analyze them, you'll have a huge amount of chaff to search and only be able to hope that the people you're looking for screwed up on implementation. Bit of a lose-lose situation, really.
As far as windows can tell everything is legit. You could hack up the Linux surrounding it to let you do whatever you want.
Depends whether VMWare emulates the real hardware of a certified soundcard, or uses a non-certfied 'dummy' driver to talk to the Linux sound device.
When I hear the word 'innovation', I reach for my pistol.
Do you have an analog amplifier or speakers? Whoops! A SMDI player can refuse to play because your Audio channel isn't "secure" from end-to-end. Makes it hard to play the music you want to if you have to buy all new equipment and a new OS...
When I hear the word 'innovation', I reach for my pistol.
From experiences with DVD region encoding etc, it is likely that manufacturers will take as few steps as possible, to keep their profit margins as large as possible. Somewhere along the line a manufacturer will slip up, and will let the proverbial cat out of the bag.
You are apparently misunderstanding SDMI. SDMI is a watermarking system. Basically, they use a form of steganography to embed an identifying mark in the music to say who originally bought it. This identifying mark is supposed to survive all attempts at copying at a reasonable fidelity, even analog ones.
Need a Python, C++, Unix, Linux develop
I think you underestimate the state of the art in OCR. If human eyes can make sense of it, computer ones probably can too. The only way to really avoid this is to make it into a visual rebus sort of puzzle - require the human to exercise language comprehension as well as character (or word or even sentence) recognition. This has the advantage of making terrorism fun, but since these sorts of games generally play with ambiguities in language you also open up the possibility of misinterpretation by the intended recipient (I didn't mean to bomb *that* kindergarten!).
However, I think the original poster was referring to digital steganography, where the message is distributed through the (digital encoding of the) image as ordered noise - digital watermarks use this. This one is strictly digital though.
The only reason Inferno made it into this Slashback was the fact that Inferno can run on a Lego brick. Pathetic.
Freedom Network. Look into it.
They're apparently coming out with a version for linux soon, and the next version for Winblows will support "Internet connection sharing", so you can still use your linux box by just point to the crappy windows gateway.
Need Free Juniper/NetScreen Support? JuniperForum
1. It runs on Java/Javascript/cookies all are equally bad but together they are horrible 2. That's no guarantee that your connection isn't being sniffed or even rerouted en route to the hushmail server 3. What a perfect cover for the government to operate under or at least make sure that the company that is running hushmail is bribed sufficiently.
Respond to s
Why is it that the SDMI (with 300 "members" including such heavyweights as Microsoft and AOL) is only offering a measly 10 grand to be divided among the 10 thousand hackers who will no doubt present cracks in one way or another? You would think that if they really wanted to put on a media circus they would offer $1million and all the fish you can eat.
How we know is more important than what we know.
Hmm, that hex encoded ASCII "encryption" technique looks familiar...rather like the way slashdot stores userids and passwords in a login cookie to be sent over the net in near-cleartext with every damn HTTP request. And about as useful for preventing interception.
%2532%2532%2535%2532%2535%2534%253a%253a etc...
If you're going to pass the text through some automatic munger anyway, why not use strong encryption? And in the case of slashdot user cookies, it should be a one-way hash (an account can still be temporarily hijacked, but the password wouldn't be compromised and thus couldn't be changed).
Well then don't look at the saints at your local PD. Hell most local cops are about as crooked at they come. Personally I would choose the3 FBI and federal prision systems than the state ones. State prisions are dirty and not well kept anyway as statistics will show. I think they do a good job of investigating that is why they actually have field agents (you know those guys like Mulder who go out and try to solve crimes albiet without aliens/secret conspiracies with tobacco using villains).
Respond to s
I never thought of the writers of Slashdot and Richard Stallman as characters in a cheesy vampire cop show. It may be a direct rippoff of Forever Night Episode 117, but the choice of cast is hilarious. Kind of like how the Wizard of OZ goes along with Pink Floyds Dark Side of the Moon when they are both started together and played simultaneously.
It's happened:
Source
When I hear the word 'innovation', I reach for my pistol.
That's odd, I could have sworn I logged in. Maybe it's because Charon doesn't accept cookies. :-)
Glückwünsche, haben Sie Slashdot ermordet, indem Sie zum korporativen Druck beugten und Subskriptionen einlei
I think you overestimate it. CAR systems at banks have a relatively low recognition rate (compared to humans, anyhow), and they're only looking at a limited number of possibilities. It hits a point where you start spending lots more money to recognize only a few more percent of the entries. It quickly gets impractical to do at any significant scale.
Slashdot's token middle-aged housewife
Did you miss the sentence before the section you quoted? He wasn't talking about signed drivers being crippling, he was talking about the removal of full duplex capabilities from soundcards being crippling.
Hard work and careful thought no doubt could muck up the works. The benefit of success is that you begin to receive tell-tale signs that you've pissed someone off: your ISP mysteriously loses your account -- six times in as many days; your computer seems to be suffering from some kind of high-intensity, highly-focused EMF interference; bland-looking guys in black suits move into the next apartment over, etc. ;-)
--
Proud member of the Weirdo-American community.
I have always considered putting suspicious keywords into the .sig to be a joke. A good joke but still a joke. If the NSA really filters all email based on keywords, we in the geek liberation front ofcourse have two choices.
Use euphemisms. When discussing fort knox, write bahamas (which is where were going after the raid).
Put our real messages into the signatures, and write a program that splits long messages up.
Warning: This post may (at the present time, or some future point) voilate the DMCA.
It's easy to record SDMI-protected music, even with 'digital' speakers that use bullet-proof encryption, and tamper-resistant enclosures.
All speakers, even 'digital' ones, at some point produce an analog signal.
All speakers of the dynamic type (read: cheap, common) have fly leads heading to the voice coil, which sit directly beneath the cone, that carry this analog signal.
Tools required:
1 beer, any size
1 printed copy of the SDMI spec
1 printed copy of the DMCA
1 drill
1 large drill bit
1 sharp knife
2 alligator clip-equipped wires, per speaker
1 suitable connector, per speaker
Optional: Variable potentiometer, and/or large-value resistor
Instructions:
Determine where the driver/cone (whichever you want to call it) is located inside the speaker enclosure. Drill through speaker grill in the approximate center of te driver. Having done this, the dustcap of the driver should be visible, and perhaps the fly leads as well.
If you can see the end of the fly leads (they look like two small bumps, encased in goop), skip this paragraph. Else, cut away the dustcap using your knife to expose the flyleads.
Now, also using the knife, scrape off the glue which entombs the fly lead ends until you find substantial bare metal.
Attach one alligator-equipped wire to each lead. Consider one lead to be positive, the other negative (it is beyond the scope of this document to describe methods for determine which is which), and connect (via the suitable connector) to the desired non-SDMI-compliant audio recording device's analog input. Optionally, use a resistor or potentiometer in series with this circuit for level control.
Push play and record at the same time, and have a beer while the song transfers.
When done transferring, use the consumed beer to piss all over the printed SDMI and DMCA papers.
Kid-proof tablet..
Well, my solution would be connect digital output of one soundcard into digital input of the other soundcard in the other computer.
Of course, the majority of people don't have this luxury and I realise the real difficulty is to remove the watermark.
Here the proposed micro-payments are the solution. The plan (in the UK) is for pay-as-you-go mobile type cards for internet micro-payments. The pay as you go mobile market is essentially anonymous - the telcos do not know who owns which phone and I suspect that the internet cards will be similar.
Then it's easy to distribute music that will only play in cracked players.
After all, we are currently assuming that the players will refuse to play non-SDMI music, just like all DVD players obey the region coding....
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. (Einstein)
This looks like the (slightly doctored) output of a script (like the Postmodern Essay Generator, for instance). But what script? And where can I get it?
"Knowledge is the continuation of ignorance by other means"
Well, I am no kind of Uber Hacker, but I have followed this entire digital music story very closely. Further, I live in the L.A. area where the topic is much discussed, and I know a variety of struggling musicians. I am not pretending to be an expert (I do that during the day), but I know a little about this issue.
Just to go against the tide, I don't think there is any need to fight or boycott SDMI technology development. (Although I admire the idea.) In fact, it is possible that an effective SDMI technology may actually hasten the decline of the music oligopoly.
Here are my main thoughts:
1. The market will speak. Given the choice of today's CD's versus some kind of "secure" format with its many limitations, who would buy it? I think the music suits have underestimated how tech saavy today's consumers are becoming. Sure, they may eventually pull "classic" CD's off the market, but that will only increase used sales and copying of them. (Question - how long before an attempt is made to actually outlaw the sale of classic CD's and/or players as some kind of piracy tool?)
2. Today's CD's won't go away, at least for years. As we have learned, one CD and any modern computer can generate an almost unlimited number of virtually perfect digital copies. Even if suddenly tomorrow I wake up and no more classic CD's are sold, the 15 billion or so that are out there and the millions of players will last for years and years to come. Further, once Napster and its ilk are shut down via legal challenges, people will simply become more sophisticated and private with their digital music swapping. The year or so of Napster has provided a music swapping foundation that will continue for years to come.
3. How much new music do we really need? OK, let's say all new music by the big labels is sold on secure CD's, until a time when they can try and make you pay for music every time you listen to it without even selling CD's. Hey, I can live just fine without ever hearing Ricky Martin's next album. With c. 250,000 CD's in print I personally could live the rest of my life just discovering more of what is already out there. Even being a big music fan, a week does not go by that I don't discover something new from the past. No one likes this argument because it seems anti-creative, but it will simply be a market response. If "new" digital music has all sorts of costs and restrictions on it, "classic" digital or even analog work will seem more attractive by comparision.
4. More performers will bypass the labels. As more and more people have high speed connections, music by downloading will become commonplace. More and more performers will be able to distribute their music directly to fans, instead of giving away their first child in a standard music industry contract. Sure, there may be fewer multi-millionaires overall, but so what? Just like open source, some will always create music for the love of doing it, not just to make money and groupies. In the creative world, there is often not a correlation with talent and financial reward, contrary to the constant copyright owner claims that "Artists won't create if they won't get paid" This may be true for hacks, but not for artists in the true sense of the word. I mean, do we really need another Stephen King novel?
5. Free music will flourish. No one seems to be saying this, but clearly there will be tons of free as in beer music for download. There seems to be an idea among some that anything amatuer or
DIY is junk, and sure, much of it may be to some. But to me, there is a lot of junk in any music store these days as well. Music creation software will continue to improve, and no matter how much DIY material is posted, the "buzz" of what is good will spread among friends, much like undergroud Metallica tapes did some 20 years or so ago. People will also see that you don't have to live in New York, L.A. or Nashville to be talented and have a reasonable chance of being discovered.
So in summary, whether we like it or not, the big music industry has the money to buy U.S. legislation to suit its current goals. But that's OK. If anyone wants to buy a secure copy of Britney Spears's latest CD five years from now, that will be their choice. But there will also be a lot of lower cost choices as well that will possibly give you even better (in the sense of matching your personal tastes) music.
TWR
inferno doesn't currently run on either macos X or BeOS, but there's no reason at all why it can't. in a previous life, i was a nextstep/openstep hacker, so i imagine that if apple haven't mucked around with the APIs too much, then i should be able to port inferno reasonably quickly (it's almost entirely portable C).
BeOS i haven't programmed under, so i don't know how easy the port would be, but i doubt it would be that hard. we've got about a million priorities right now though, so adding another supported OS with a fairly small userbase is probably not near the top, unless there's a significant demand.
the inferno source is not expensive (<$300, given the strong dollar), so someone keen could probably do it themselves.
cheers, rog.
Um, if you used SoftICE to step through the decoding process for an SDMI stream, it'd allow you to step through and hack out any parts of the player that wanted authentication from the sound driver. You'd only have to do this once for each version of each player, not a hugely massive task.
Oh, and your also talking out of your arse. Obfusicating object code? Puhlease. Object code is optimised compiled code ready to be linked, 'obfusicating' it in any way will just degrade performance. Hell, its all in binary machine code anyway which is about the most obfusicated form any code can be in. Doesnt stop a disassembler from ripping through it and giving you a raw assembler dead listing though.
Also, fineally, about forcing signed drivers to not allow you to play and record at the same time (i.e. turning off full duplex). That has to be the shittiest idea I have *ever* heard to stop people copying music. I seriously doubt any sound card manufacturers will want to cripple their products in such a manner, and so wont release SDMI signed drivers, leading to the death of SDMI.
Nick
Nick
Note: Some of these evation tactics make the legestaure go "See I told you the HACKERS need to be put in there place! So we are going to give the big corps lots of laws to sue the with!"
Just a veiw from the outside.
I am training to becaome a foxbase programmer
(foxbase is a microsoft language)
go figgre
Terrible is the fall of the mighty, for their pain is great to behold [Personal Quote(TM)]
Don't forget that QNX will release RTP on Monday, and Sun has released Solaris on both Sparc & Intel platforms (and source too).
Additionally Nortel has released FIPA-OS for agent based transactions.
Add these to Linux (don't forget HURD), BSD, Inferno, Plan 9, the traditional UNIXs, and of course the Windows family there are almost too many choices.
All we need now is for Palm & Microsoft to joint the open source crowd.
Any chance of Compaq releasing VMS? How about IBM releasing VM & MVS?
It's a download, it was mentioned on slasdot a while ago. I never knew about it being this monday, though.
--Giving to trolls for the benefit of us all
The cracking of public to private keys takes a great deal of computational almost comparable to something that is older than the known age of the universe ~15,000,000,000 years. Also I don't think that anyone from the NSA ever actually sued anyone who worked on pgp/gpg. The only legal challenge against the technology was from a private corporation.
Respond to s
I don't know what to make of Microsoft's actions. On the one hand, it behooves all of us to understand that under different circumstances, Microsoft's cronies might have ended up as arrogant big-mouths drifting the streets -- perverted churlish iconoclastic-types pressing tracts crammed with conspiracies into the palms of startled passersby. But on the other hand, it can be distinguished only with difficulty which of Microsoft's lackeys act out of inner stupidity or incompetence and which only pretend to for whatever pathetic, daft reason. And that's why I feel compelled to say something about contemptible windbags.
Microsoft's views are continually evolving into more and more foolish incarnations. Here, I'm not just talking about evolution in a simply Darwinist sense; I'm also talking about how every time Microsoft gets caught trying to make bribery legal and part of business as usual, it promises it'll never do so again. Subsequently, its henchmen always jump in and explain that it really shouldn't be blamed even if it does, because, as they think, all any child needs is a big dose of television every day. Has Microsoft told its assistants that it wants to ridicule, parody, censor, and downgrade opposing wisecracks? Has it given any thought to what would happen if it did? Of course, these questions are ridiculous -- as ridiculous as its insane viperine offhand remarks. If there is one truth in this world, it's that we must lend support to the thesis that if Microsoft opened up its abhorrent mind just a teeny-weeny little bit, maybe it could understand that. Our children depend on that.
Is there a chance that Microsoft isn't lethargic, deplorable, and batty? From what I've seen, I doubt it. Did it ever occur to Microsoft that maybe its helpers argue, against a steady accretion of facts of already mountainous proportions, that we'd all be better off if they'd just divert us from proclaiming what in our innermost conviction is absolutely necessary? Dream on. Microsoft and its toadies are illaudable scofflaws. This is not set down in complaint against them, but merely as analysis. Shame on Microsoft for thinking that people like you and me are nugatory! Anyone who follows today's debates on imperialism and, by happenstance, is also familiar with Microsoft's nefarious pronouncements, is struck by that old truism: Microsoft has found a way to avoid compliance with government regulations, circumvent any further litigation, and make mountains out of molehills -- all by trumping up a phony emergency.
As I gaze into my crystal ball, I see that Microsoft's supporters will put the gods of heaven into the corner as obsolete and outmoded and, in their stead, burn incense to the idol Mammon in the coming days. You know what I mean? If I hear Microsoft's slaves say, "Microsoft is a model organization" one more time, I'm doubtlessly going to throw up.
This is not wild speculation. This is not a conspiracy theory. This is documented fact. We can all have daydreams about Happy Fuzzy Purple Bunny Land, where everyone is caring, loving, and nice. Not only will those daydreams not come true, but Microsoft keeps telling us that it knows the "right" way to read Plato, Maimonides, and Machiavelli. Are we also supposed to believe that it has achieved sainthood? If I weren't so forgiving, I'd have to say that Microsoft's beer-guzzling opinions are in full flower, and their poisonous petals of denominationalism are blooming all around us. Microsoft maintains that it can achieve its goals by friendly and moral conduct. Even if this were so, Microsoft would still be fastidious. But Microsoft's accusations all stem from one, simple, faulty premise -- that the Earth is flat.
The practical struggle which now begins, sketched in broad outlines, takes the following course: I'm sticking out my neck a bit in talking about Microsoft's propositions. It's quite likely it will try to retaliate against me for my telling you that I will never give up. I will never stop trying. And I will use every avenue possible to comment on a phenomenon that has and will continue to leave us in the lurch. Microsoft's perspective is that the Queen of England heads up the international drug cartel. My perspective, in contrast, is that when Microsoft hears anyone say that its stupidity concerning Dadaism is laughable, its answer is to progressively enlarge and increasingly centralize the means of oppression, exploitation, violence, and destruction. That's similar to taking a few drunken swings at a beehive: it just makes me want even more to recall the ideals of compassion, nonviolence, community, and cooperation while remaining true to those beliefs, ideals, and aspirations we hold most dear.
My message is clear: Microsoft's musings are one of those things that will stretch credulity beyond the breaking point. To top that off, Microsoft's most progressive idea is to doctor evidence and classification systems and make oppressive generalizations to support disgusting, preconceived views. If that sounds progressive to you, you must be facing the wrong way. Catty ignoramuses (like Microsoft) are not born -- they are excreted. However unsavory that metaphor may be, several things Microsoft has said have brought me to the boiling point. The statement of its that made the strongest impression on me, however, was something to the effect of how it is the one who will lead us to our great shining future. Even people who consider themselves patronizing gutter-dwellers generally agree that it strikes me as amusing that Microsoft complains about people who do nothing but complain. Well, news flash! It does nothing but complain. Microsoft wants to encourage every sort of indiscipline and degeneracy in the name of freedom. What's wrong with that? What's wrong is Microsoft's grasp of reality.
Hey, it's not my fault that Microsoft extricates itself from difficulty by intrigue, by chicanery, by dissimulation, by trimming, by an untruth, by an injustice. Even though supposedly distancing itself from rabid pesky carousers, Microsoft has really not changed its spots at all. Will raucous pettifoggers ever protect little children from brain-damaged knee-biters like Microsoft? Don't bet on it. If Microsoft isn't scummy, I don't know who is. There are lessons to be learned from history, and everyone with half a brain understands that.
Just think: Microsoft doesn't use words for communication or for exchanging information. It uses them to disarm, to hypnotize, to mislead, and to deceive. As I noted at the beginning of this letter, if Microsoft is going to talk about higher standards, then it needs to live by those higher standards. Microsoft's "I'm right and you're wrong" attitude is venal, because it leaves no room for compromise. Although I can no more change the past than see the future, it's safe to say that if Microsoft has spurred us to change the minds of those who turn the trickle of absolutism into a tidal wave, then Microsoft may have accomplished a useful thing. I must emphasize that that statement can be most easily defended, since it is not quantitative, but qualitative. Let me rephrase that: At least 80 percent of the people in this country recognize that Microsoft's ability to give voice, in a totally emotional and non-rational way, to Microsoft's deep-rooted love of despotism is astounding. The best example of this, culled from many, would have to be the time Microsoft tried to pit people against each other.
Although Microsoft has tremendous popular appeal, the last time I told its minions that I want to work together towards a shared vision, they declared in response, "But individual worth is defined by race, ethnicity, religion, or national origin." Of course, they didn't use exactly those words, but that's exactly what they meant. Other mephitic usurers are also consumed with a desire to deny both our individual and collective responsibility to live in harmony with each other and the world, but, as you know, I'm not a psychiatrist. Sometimes, though, I wish I were, so that I could better understand what makes organizations like Microsoft want to pour a few drops of wormwood into our general enthusiasm. Does anybody else feel the way I do, or am I alone in my disgust with Microsoft?
The subject line says it all
stick to the subject
Please
Terrible is the fall of the mighty, for their pain is great to behold [Personal Quote(TM)]
See above about signed drivers.
Oh, goodness. So you mean I have to back up two computers butt-to-butt and go from one to the other? Lord, no! How could a single man afford such a robust hardware implementation such as this?
Any VCs out there willing to take a risk?
Send your friends messages of love at fuck-you.org
Use digital USB speakers, and tap/copy the signal. either in hardware or software.
While I am not at all sure that USB speakers will replace the soundcard/analog combination, they are likely to become too big a market share for RIAA to ignore, just like those annoying integrated sound chips that audiophiles deride, but that still manage to live in millions of budget and office systems.
True, it is possible to encrypt the signal to the speakers, and use decrypting speakers, but there is unlikely to be enough market clout to force speaker manufacturers/system integrators/buyers to adopt encrypted speakers to support SDMI. I think that we are too far along the USB audio roadmap for it to be easily diverted now
Recall, a format that doesn't catch on means lost time/money/opportunity for the RIAA, as well as the manufacturers and buyers.
------------------
If you can go to bed, knowing you did a valuable thing today, you're very lucky. If you can't... it's not bedtime
Did you read the pages at the MS website? That's exactly what Microsoft's driver model does, if the audio player requests it.
Yeah, it's stupid, but that's the price of getting your drivers onto the Windows ME CD.
When I hear the word 'innovation', I reach for my pistol.
So all some mp3 release group would have to do to steal the music is make the watermark tie to someone else.
Since the theory is to sell it online, which in this world means it has to be done quickly, do you really think they're going to require more information from you than your credit card number and billing address?
Credit Card numbers get stolen every day. People buy things with them all the time. Some of them get caught. So, the record company finds out someone is distributing a copyrighted song. They expend the effort to track the person who purchased that song down. And they track it down to a credit card that was cancelled as stolen a week after the purchase.
It's not that hard to be untraceable over the Internet, if you really want to spend the time to do it. So all they would have is a dead-end credit card number and some IP Addresses to some machine in North Korea.
That'll stop music theft. Sure.
So, music release groups of tomorrow will be doing something a little more illegal than they are now: credit card fraud, various electronic crimes...
But has that ever been enough to stop all the young kids that make up most of these scenes? The 14 year old script kitty with a credit card list he stole from a porn site?
So they manage to lock some kid up for doing something dumb and the music he released is still out there.
How ... effective.
Perhaps it's too early to say they "get it", but this recent turn of events demonstrates that even Microsoft isn't above responding to criticism from its userbase. First Kerberos, and now the reimaging issue. Maybe there's hope for them after all.
-- Douglas Adams, So Long, And Thanks for All The Fish
Top 10 Ways to Hack SDMI
------------------------
10. Write a device driver that emulates a soundcard. Dump output to disk. Optional - sending to the real soundcard. Bonus points if you use DirectSound.
9. Attach leads to the DAC of the soundcard, design daughterboard to resequence for raw wave output. Optional: 64MB stick of RAM and a memory overlay for copying back out to the system. Estimated cost to hire an EE to do this: $25k
8. SoftICE, a pack of mountain dew, and an SDMI decoder.
7. 15 minutes alone with developers of SDMI and a backpack full of bricks.
6. 45 minutes alone with legislators who signed DMCA into law, backpack full of bricks (note: bricks may be damaged by contact with thick heads of legislators - Aim lower)
5. Audio cable connected between INPUT and OUTPUT of soundcard.
4. Hold press conference. Compare SDMI to DivX. Drop plenty of rumors so retail outlets won't carry it without large cash advances.
3. Hold shareholder conference. Compare SDMI to DivX. Using the rumors created in #4, draw on their fears that SDMI will collapse into a dense black hole, taking their profits with them.
2. Use genetic algorithms (GA) to predict prime numbers without using brute force. Optional - for speed, do it using an analog computer. Send result to spook@nsa.gov, move to antarctica, dig hole in ground, call up UUNet, ask for net feed under an alias.
1. Go to local high school, offer the kid with thick glasses in the computer lab $20 to crack SDMI. Return after lunch to pick up detailed documentation of program, and the program itself which was ported to 8 platforms and has bilingual support. Thank kid.
| Permission is granted to distribute this document |
| in any medium, provided this notice is attached. |
| Copyleft, 2000 Signal 11 |
--
Frankly, I was quite underwhelmed with the suggestions. They all basically add up to cheap, low-tech encryption or security by obscurity methods.
Some were flat-out wrong. Going through an email proxy doesn't help if they're sniffing your connection by IP address. I'm not convinced that Carnovore doesn't do this (nor am I convinced that it does. But I wouldn't base my security strategy on the weaker assumption). Likewise, forging an email address is not going to trick the system. The FBI isn't stupid.
Obviously, strong encryption is the best solution. Although there is a precedent for having passwords *not* protected as free speech under the 5th amendment, it does give you your best shot at keeping communications secure.
Steganography's also probably a reasonable choice. Get a good digital camera, and send out a lot of pictures to your friends. Some may have messages. Most don't.
Chaffing models might be good, but might not.
Also, techniques like the old "saturate Echelon" approach, where you *always* tag on keywords like semtex, Nidal, West Bank, UN, ammo, NSA, NRO, ZOG, etc. to your messages. If everyone did it, and varied the list, it'd clog their system eventually...
-
bukra fil mish mish
-
Monitor the Web, or Track your site!
Eloi, Eloi, lema sabachtani?
www.fogbound.net
Second, Microsoft isn't completely evil, thanks to good hardware such as the Explorer mouse, which holds the place of honor on my desk; the good gaming hardware at good prices (the original M$ Gamepad, the first FF Joystick that worked w/ many games); and the timely support that they give to new hardware, thanks to their marketing efforts. Thanks to the >75% margin of Windows 9x on desktops, most hardware manufacturers include a windows driver, while few put linux drivers inside the box.
While Linux may be technically superior, Windows is still the only operating system that can give rise to a good game of Half-Life: Counterstrike. (Lest you count the dedicated server for linux)
Tell me what makes you so afraid
Of all those people you say you hate
Why, God? Why?
*sob*
because unix-style documentation is concise, clear, and tells you what you need to know?
and because it's infinitely better than the style of reference documentation found all too often these days, in tutorial style, telling you randomly distributed pieces of information that you need to know, but will never be able to find again...
the unix reference-manual style might require a certain amount of knowledge as a pre-requisite ("you mean i actually have to read the intro?!"), but for conveying to the reader the specifics of how to use components of a system, i've not seen anything to beat it.
for overview and tutorial information on how the various components fit together, there are various papers which try to provide this. (and more to come, when we get some space away from software development to work on documentation, yum!)
cheers, rog.
This should not fall under the provisions of the DMCA as it doesn't concern any form of copy protection - until DMCA2 prevents removal of watermarks.....
When the RIAA discover that all the mp3s on the net were ripped from CDs bought using cash how long before it will be illegal not to give ID when buying music? I mean forget fertillizer for home-made bombs, we can't have unlicenced music.
----
I hereby inform you that I have NOT been required to provide any decryption keys.
I read the blurb on Inferno with a great amount of joy. ,Styx® , Dis® and Limbo® are the registered trade marks of Vita Nuova Holdings Limited". YOU may only use these trademark as permitted by and in strict compliance at all times with VITA NUOVA's third party trade mark usage guidelines which are posted at www.vitanuova.com/trademark.htm.
A freely downloadable OS that seemed to be focussing on the lacks of all the OSs it ran upon. A nice little tool if ever I saw one, and one that I'd greatly love to try.
Then I read the licence.
You may not: 2.6 use the "Inferno®", "Styx®", "Dis®" and "Limbo®" trade marks without the following trade mark notice - "Inferno®
2.7 use the "Inferno®", "Styx®", "Dis®" and "Limbo®" trade marks other than in relation to the LICENSED SOFTWARE and/or ADAPTATIONS of the LICENSED SOFTWARE.
Well, for starters, the trademark.htm URL doesn't exist, so there is no guideline for use of these 'trademarks'.
What is a classicist to do then? "I'm sorry, you can't have your lecture on Greek mythology, as all the names are currently trademarked..".
Looking at some of the names that go alongside this project, I'm much more inclined to believe they've just got the company lawyers to stamp out a quick default boilerplate, but, in the current times of acquisitions of companies by larger, predatory ones, this boilerplate could be a huge pain in the butt if someone decided to try and enforce it as stands.
Hey, I'll just go out and trademark the word 'Binary'... That'll really put the cat amongst the pigeons.
Well, that's about it for the rant.. Not yet checked the software, 'cos I don't agree to it's licence (I don't agree not to use all those trademarks, unless using them in context to the inferno OS)..
Wake up guys, and be sensible with your trademarking!!!
Malk
Those of us with more... esoteric... taste in music will always have it easier in this regard, since the more esoteric bands will be trying harder to reach us.
As noted on burzum.com:
Big Record companies don't work and can't work by selling 20,000 of Der Blutharsch, 20,000 of Immortal, 20,000 of Rosa Crux. They need to sell 2,000,000 of Metallica, 2,000,000 of Britney Spears, 2,000,000 of Boyzone. The internet is segregating their target audience. Metallica fans turn into Darkthrone fans, or Cannibal Corpse fans, or Entombed fans. They need to kill this medium which is letting people like *you* discover specialised music which is personal to *you*. And which is letting the musicians amongst *you* find your target audience. They have to stop this, because it's in their way.
--Perianwyr Stormcrow
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
This does explain the extreme lack of relevant pokes..... Other than the name changes it's entirely a non-slashdot article.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
I heard of SoftICE never actually tried it I guess because it's some DOS/windows program. Also isn't it possible to simply use various proprietary libraries and make it next to impossible. Isn't this why you really cannot easily decompile command.com and make it into your own open source program?
Respond to s
Well, they do, in fact, on every story. Look on the right side of the page under "Related Links."
"Well kids, you tried your best, and you failed. The lesson is, never try."
Ok you really, really, really got my attention with that one. I was looking to get my free CDs when they first came out but they never came. Is this release as in buy or download? They say at http://get.qnx.com that it is going to be released for download "later this summer" unfortunately that is the score. Are there any OSS apps and are there any good IDEs for it? What of it's random # generation facilities? Does it support virtual memory? Does it support multiple filesystems? Does it have a comm program? A good API for program creation?
Respond to s
This means that if Joe MCSE decides to re-image some OEM boxes, and re-images them in a manner both different from the OEM boxes and the rest of the network boxes, either Joe's company is in license violation, or someone needs to cough up the moola.
This is one case where it's difficult to enforce a license. You have an X seat license for X users. You hire more workers and buy OEM boxes w/Win2K.
You want to give them a newer better configuration with the original software? Too bad. This looks as though the license change is publicised as a customer relations thing, but is actually an enforcibility thing. Show the license, show the number of new OEM boxes, you're fine, as long as they all have the same installation. I work in an academic situation where we reimage all the time. This license appears to remove one major financial pain, and exchanges it for a finicking pain.
No, a company does things like this (users complain, they fix the problem) when they have real competition. When a company doesn't have competition it won't do anything (except maybe laugh) when you complain about something they are doing.
1997:
User: Hey Microsoft, I don't agree with your license on this issue...
Microsoft: HaHaHaHa <CLICK>
1999:
User: Hey Microsoft, I don't agree with your license on this issue...
Microsoft: We are not a monopoly, we have lots of competition... here's one of our competitors now, Bob, He makes an OS that <CRACK> Virus Detected! Now running suspected executable for you. <BSOD>
Soon (hopefully):
User: Hey Microsoft, I don't agree with your license on this issue...
Microsoft: We are soory for the inconveince how may we solve this problem? Please don't use one of our competitors...
User: <CLICK> <Calls new number> Hello, I'd like to buy the new BobOS 2.1, but I don't agree with this part of the license...
Bobsoft: <CLICK>
And the cycle continues.
That was fun.
Devil Ducky
Devil Ducky
MY peers would get out of jury duty.
First, in response to a lot of people's complaints about my wording of the article, read here and here. I also submitted that Slashback article several days ago, so it hasn't aged well.
To the response I am simply a "troll" (which I don't agree with in the slightest) read here. This is another article I recently submitted and got accepted.
Remember, deep breaths.
- I don't care if they globalize against free speech. All my best free thoughts are done in my head.
>
> plus unix-style documentation
>
Why, God? Why?
*sob*
Check out my sysadmin blog!
So the test begins. With a proxied Netscape browser we find proxy.foo.com and slightly obscure our information and change our hostname to whatever@wherever.com. In theorum mail is being sniffed to the account in question johndoe@sampleisp.com in which they have their warrant and not whatever@wherever.com which makes any information they gather obsolete. Well, after some legal mumbo jumbo obsoletes their methods and what information they gathered along with the terms of the warrant.
The DOJ and assorted federal branches have been pushing for greater liberties in pursuing 'cyber-criminals' including the extension of warrants to include all computers connected to the network through which the data could have traveled.
Even if they can't get something from your own ISP, they may soon be able to get it from another computer.
--
--
Whom does Larry Wall quote in
http://www.hacksmdi.org
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Your comment could very well have been this:
Why do you have to rank on those of us who happen to have a preference for rape? The good
thing about technology is that it is blind, that it allows those of us who don't fit into society's mold to have a fair say and a fair chance at having our opinions heard.
And what does rape have to do with terrorism or heroin? You degrade rapists and don't
seem to think anything about it. A comment like that about homosexuals, Jews, blacks, or any other
minority would have an angry mob at your door real quick.
As a member of a currently socially unacceptable group, I realize that I must fight for my rights in every way I can, and get people to realize that I'm not bad or evil, I am what I am, and everyone will just have to accept that!
For the record, I am gay. The problem with your lifestyle is that the "love" of children assumes that children are capable of understanding sexual relationships. I admit that some are and some aren't. I was sexually active when I was 12. But the psychological evidence of sexual abuse of children compels me to reject pedophilia as something abusive and evil. And no, I don't "just have to accept" your lifestyle.
I have a feeling you will try and label me a hypocrite. That won't work. You'll do much better to try and show me that whatever psychological evidence I've seen is invalid (much like the psychological evidence against homesexuality has been shown to be invalid).
I don't make the rules. I just make fun of them.
Hrm...betcha if we could find something that'd been marked with SMDI, and something unmarked, we could find that slippery little bastard. :^)
Stating on Slashdot that I like cheese since 1997.
Ok, so I have had a look at the announcement, and the first thing that sprang out at me was the qualification requirement. In order to qualify for the "relaxed" rules, you need to be a MS select or Enterprise Agreement licencee - normal mortals (and my employer flies under this flag even though we have over four hundred PCs in use) get all their licences bundled with the machines, and only replace OSs when they replace machines. However, our site *also* has a full set of custom apps, so ghost-rollout of a new installed-base of replacement machines (hardware upgrade, needed for the new generation of MS office apps) is needed, in about blocks of fifty....
--
-=DaveHowe=-
Oops - 63 69 72 75 6D 76 65 6E 74 69 6F 6E should be spelled 63 69 72 63 75 6D 76 65 6E 74 69 6F 6E.
Maybe it's because parents don't like adults fucking their kids.
Stating on Slashdot that I like cheese since 1997.
Hey if they're monitoring johndoe@sampleisp.com and sniff the whole network then jane.something@sampleisp.com should be able to hold them liable for invasion of privacy. Thats something I can't speak on since I'm not a lawyer.
Just from a legal standpoint . . . where are you guaranteed privacy under (US) federal law?
Love 'em or hate 'em, you should always read 'em.
Anyone know what this one is based on?
The Wizard of Oz post was awesome, but this one is kina weird...
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
Another oddball way of conveying messages whether or not encrypted is to send a message written in binary with something as lame as:
[sil@stigmata] echo "I need help with this math problem:
[sil@stigmata] 43 61 72 6E 69 76 6F 72 65 20 63 69 72 75 6D
[sil@stigmata] 76 65 6E 74 69 6F 6E 20 74 65 73 74 20 70 68
[sil@stigmata] 61 73 65 20 31 0A" | mail -s hello somebody@somewhere.com
Um . .. that's hex . . .
Kinda hard to take the rest of the article as an autoritative source . . .
Signal 11 is an error.
(who am I trying to kid...) The project was "Venona" not "Verona" and it occurred after WWII...