Slashdot Mirror
Slashback: Imagination, Evasion, Watermarks
Frankly, this would have been just too silly. steveha writes: "Microsoft just changed their 're-imaging' payment policy. Companies buying computers that come with Windows installed can once again re-image the system hard disk without Microsoft demanding an extra license payment. Here is the official Microsoft document. Computer Reseller News had the story."
Burn baby burn. rpeppe writes: "briefly, you can download Inferno here, for free.
you might remember from a month or so back that the UK firm Vita Nuova obtained rights to Inferno, a next-generation virtual/embedded OS created by the likes of Rob Pike, Ken Thompson and Dennis Ritchie. Inferno uses many of the ideas from Plan9 but, unlike Plan 9, there are no restrictive hardware requirements - it runs as a "virtual OS" under Linux, Windows, Plan 9 and others, mapping the resources provided by the host OS into a standard form for programs running within Inferno, which will run without change on any platform running it (including on bare hardware, such as SA1100 or MIPS)
we've just made free downloads available (for any use) for Linux, Windows and Plan 9. the actual kernel is not open source, but the download includes open source for all the user-level code in the system (applications, libraries, etc), plus unix-style documentation so there's plenty to tinker with.
this is a system that is genuinely trying to address the problems that are "too deep for unix to fix" and includes all sorts of interesting takes on some of the original unix philosophy (after all, it represents 30 years of evolution from the unix original). plus it's a really nice environment in which to write genuinely (and elegantly) portable programs."
Taking the meat from the jaws of Carnivore. An unnamed correspondent writes "Found a nice article on the circumvention of Carnivore which details steps one can take to avoid big brother. Article is nicely written which has a strange reference to the NSA's Verona project of World War II."
Nothing here may be all that new or surprizing to those already interested in online privacy or cryptography in general, but if you ever need ammunition in an argument about the nice government versus slithering heroin-dealing kiddie-porn terrorists, it'd be nice to point out how accessable these methods are to all involved.
OK, who has what up their sleeves, and why? Fervent writes "Interesting twist in the SDMI boycott -- Don Marti's backing down a bit. Apparently he and Leonardo Chiariglione, executive director of the SDMI, talked and found ways to get along about secure music. The article is here."
I'll be impressed if the music industry or anyone else can come up with a high-quality music format which can't be effectively copied with a modicum of hassle. "Anything that can be read," etc. Thta's not about to stop them from trying on both technological and legal fronts. Of the two, I'll take technological any day.
The court cases seem to hinge on whether or not you have an "expectation of privacy". This can get fuzzy, as in search and seizure of an automobile and its contents.
If you send the email to another Hushmail user, it never leaves their servers. They themselves admit that the email is no longer secure if you send it to someone outside of Hushmail. Do you know how Hushmail works?
--
This can't be done if the vendors of the soundcards sign their drivers with a universal "secure music" key, and the SDMI music refuses to use anything other than a signed driver. These drivers of course will prohibit simultaneous sound in and out.
This would not sell...
Preventing simultaneous In/Out is called Half Duplex and today if your not full duplex (in and out at same time) your dead.
This feature is needed for teleconphrencing and is used by on-line games for live verbal communication...
This means the majority of Hackers, Games and busness people would reject it... thats about 100% of the markets that drives technology sales....
Plus this dosn't prevent users from using TWO soundcards (Windows prevents it Dos, Linux and everyone else allows it so just don't tell Windows about the second card)
Also mass market sound cards are 5 year old high end market cards. The new cards are allways for the high end market and eventually reach the mass market with many clones etc using same or slightly improved chip sets.
Given this most card makers are not intrested in rewriting sound card drivers.. if SDMI dosn't work on the hardware allready on the market it's allready dead....
Burocrats don't reproduce.. they just attempt to reproduce a lot... and throwing bricks at the equipment makes them only want to reproduce more on our freedoms than they do allready
Signal11 holding a press confrence.. hmmm hay it works for Bill Gates... why not....
I don't actually exist.
>The FBI really doesn't do Perry Mason-type investigations any more. They only have two tools in their kit, informants and wiretapping.
>That's why they're so worked up about Carnivore, it's their only hope.
In a sense, it should be easy to see that an incompetent FBI is a greater threat to average innocent citizens. viz. Steve Jackson Games, if nothing else.
That said, anyone actually committing crimes who relies on the methods in the linked article is a damned fool and deserves what happens to them. The FBI may not be as immensely clever as the movies would have us believe, but law enforcement relies on more than one method to close a case, and isn't averse to hiring people who do know what they're doing to go over the evidence.
----
lake effect weblog
{Network engineer in Chicago--looking for work!}
I suspect the carnivore system might be smart enough to ignore the last few lines of your emails, to get around deliberate tagging. The obvious solution is to build into mozilla something that adds html comments to html e-mail, so it doesn't bother the reader on the other end (if they have an html mail reader) which have complete sentences that sound really subversive and hit the right keywords. That way the comments can be hidden throughout the message, so the scanner doesn't see them clumped and ignores them. You'd have to be careful about the sentence generator, and make sure it uses some fictional noun in each sentence, so it's obvious it's only a joke. Now, I think that's a system that would be pretty powerful for clogging them up.
WARNING: there is a trojan on your
The material was intercepted during the war and cracked and exploited after the war.
This can't be done if the vendors of the soundcards sign their drivers with a universal "secure music" key, and the SDMI music refuses to use anything other than a signed driver. These drivers of course will prohibit simultaneous sound in and out.
:) Or Bruce Schneider (www.counterpane.com).
First of all, you can write a driver that keeps the original, signed driver in a handy closet and when the request for authentication comes, just pulls it out of the closet, shows it to whoever asked, and puts it back in.
In other words, there ain't no such thing as a secure local client. Just ask people running multiplayer servers
Not to mention that two PCs side by side nicely solve the problem of prohibiting the sound card to do simultaneous in and out (which is called full-duplex and is highly useful in real life).
but sound card manufacturers could always monitor voltage drop on their boards and shut down if it increased suspiciously.
You are confused. It's the RIAA that is paranoid. Sound card manufacturers want to sell hardware and tend to dislike boondoggles which increase the cost of the card while decreasing its usefullness.
[re SoftICE solution] I hear they obfuscate the object code and include commands to crash browsers, meaning that this is not a skript kiddie task.
It only has to be cracked once...
5. Audio cable connected between INPUT and OUTPUT of soundcard.
See above about signed drivers.
See above about two PCs.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
There's a conventional copy-protection scheme, which is the first line of defense.
SDMI is supposed to allow to *cough*securely sell digital music online. How do you copy-protect a file that you just downloaded?
This watermarking is supposed to survive speaker/microphone transfer, but that remains to be seen.
It may survive the speaker/microphone transfer, but I doubt it'll survive an attack specifically directed at it. Selective attack at a watermark is going to be orders of magnitude more effective than just adding random noise.
The idea is that either you have a 100% SDMI-compliant system, or a 0% SDMI compliant system; nothing in between will work.
That requires everybody in the world to throw out all their old hardware and buy new, and not just any new hardware, but SDMI-compliant only. I think the SDMI designers have a very good crack dealer.
It's not that it's uncrackable, it's that cracked content only plays on special systems useful for little else.
No, you got it wrong. It's the uncracked content that only plays on special systems.
That's actually (yet another) big hole in this whole scheme. If I have a system that is able to crack SDMI (e.g. through soldering leads to my speakers' drivers), I can produce non-SDMI music files, say, plain-vanilla MP3. Then I can throw them out onto the net (Usenet, Freenet, etc. etc.) for people to use. Anybody will be able to play them. Only people with 100%-pure SDMI systems will be able to play SDMI files. Guess which format is going to be more popular...
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
In order to get the driver signed by Microsoft to be SDMI compliant, Creative will disable "what-u-hear" when playing SDMI audio. That's one of the requirements of gaining a digital signature that allows access to the Secure Audio Path of Microsoft Windows Media Digital Rights Management.
<O
( \
XGNOME vs. KDE: the game!
Will I retire or break 10K?
This is why many people argued against the Bill of Rights. Not because they opposed the right to a free press, but because they feared a legal culture would emerge that assumed only enumerated rights exist, and that other rights are not guaranteed. What do you think the 10th amendment is for?
Of course, that's how it works in theory. Most people will let the government do whatever it damn well pleases as long as they've got a job and their house isn't being sacked by roving gangs.
Charon does so accept cookies, and it does that just fine. Why would you say it doesn't? It doesn't do Java or some of the more complex Javascript.
I looked up AtheOS the other day. It does look interesting. Nothing revolutionary though - just seems like a slimmer Linux to me.
--
It's a
-- Danny Vermin
Sorry, yeah, I meant that AtheOS is nothing revolutionary.
--
It's a
-- Danny Vermin
(Note that this assumes buying things online actually works this way. It's extremely likely that someone will figure out a way to compromise that scheme and there is always the "Give a wino some booze after he buys it for you" approch, involving either those kiosks they've been talking about or an Internet cafe.)
-
There's a conventional copy-protection scheme, which is the first line of defense.
-
SDMI audio is watermarked so that SDMI-compliant devices, including USB speakers, won't play
it without authorization from the authentication system. This watermarking is supposed to survive speaker/microphone transfer, but that remains to be seen. (If that really works, we may see watermarked live performances.)
-
There's a handshake scheme so that all peripherals (and maybe everything on the LAN) have to do a
cryptographic SDMI handshake before any protected content will play. The idea is that either you have a 100% SDMI-compliant system, or a 0% SDMI compliant system; nothing in between will work.
The SDMI designers figure that while building a 0% SDMI system is possible, few people will bother, and it will be so nonstandard it won't be very useful.
Anyway, that's the concept. It's not that it's uncrackable, it's that cracked content only plays on special systems useful for little else.Maybe you should think about this one a little harder; the NSA is smart enough to know that ignoring any part of the data they capture would make it the ideal covert channel. -- the clueless American pigdogs with their sig parser will never see this message. Attack at dawn.
Don't forget the value of steganography. It'd be exceedingly difficult to tell that one person's random-looking grep bait is generated according to the data they want to transmit while the other 99.9% of the people sending messages with X-Echelon-Bait headers are generated from /dev/random. Since a good encryption system's output will be close to random, even a very simple system using a custom dictionary could sent 6-10 bits of encrypted information with each word choice. More complex systems would be much harder to track.
angstridden wrote:
Frankly, I was quite underwhelmed with the suggestions. They all basically add up to cheap, low-tech encryption or security by obscurity methods. Some were flat-out wrong. Going through an email proxy doesn't help if they're sniffing your connection by IP address. I'm not convinced that Carnovore doesn't do this (nor am I convinced that it does. But I wouldn't base my security strategy on the weaker assumption). Likewise, forging an email address is not going to trick the system. The FBI isn't stupid.
Hear, hear. Almost nothing is known about Carnivore's technology. Just about the only thing that is known is that it is installed under a warrant, the same as a telephone wiretap. In order for this to happen, the FBI will have to have had sufficient circumstantial evidence already in order to lay out their case to a judge. They will have made the decision to dedicate scarce manpower and equipment to the investigation of a particular individual, you. If Carnivore is sniffing you, as a practical matter, they must already suspect you of a crime.
In this case security by obscurity is nonsense, as is any kind of chaff or spam. The reasonable assumption is that the design of the system includes user specificity -- that is, even if you make the assumption that this hearsay about Carnivore is correct, and it searches by keyword, that keyword is very unlikely to be "bomb", and instead is very likely to be "youremail@thisisp.com", if it's a mail sniffer; and your.logon.IP.address if it's an IP sniffer. I'm guessing from what I've read that it's more the former than the latter, but both are equally technologically possible.
Thus, if you are possibly the target of an investigation, it would be reasonably prudent to assume that all your email (or possibly IP traffic) is logged at whatever choke point. This leads, of course, to desperation measures: move all criminal communications and activity to the Big Blue Room Backchannel; or use strong encryption, or just possibly steganography on what you do send. Either is risky, since Carnivore's presence means that they are trying to build a case against you, and once that case is built, they will have no compunctions about seizing the equipment you used to send those communications. Commonly, of course, that will give them all the evidence they will ever need -- the standard level of security, as most slashdotters should know, for almost anywhere, being "hoping nobody ever looks", or password="password" or foldername="stoleninfo". The wily criminal will have used Blowfish or equivalent to completely secure files, but even Blowfish has vulnerabilities, because Windows and other computers have pesky needs to write files on different parts of the disk while they're in use.
No, if you even have an inkling of a suspicion that the FBI is pointing Carnivore at you, best to melt your hard drive before they can get to you. One day, whether because of your computer, or because everyone has talky friends, they'll get a warrant to at least see what the hell you've been doing.
Now to the greater question, the legitimate worry that privacy advocates have regarding Carnivore's overspill capability. That is, just like the White House lost months worth of e-mail archives because of a sloppy search parameter (whether that was intentional I'll leave up to the reader), Carnivore could very easily accidentally log traffic that does not belong to the target of the investigation.
Once again this information will be standard internet e-mail. E-mail contents may be obscured, but e-mail recipients and senders cannot be -- and you can tell a lot about e-mail just by who sends or receives it. Those mails to "patrick naughton" just may not go unnoticed. It would be illegal to do so, but it wouldn't be the first time a law enforcement agency developed a lead based on illegally-obtained information. In short order you'd be back in the original situation: whatever you do being logged, whatever you send, even if encrypted, being noted for its circumstantial nature.
Bypassing Carnivore is technically possible, even if they're doing packet logging. Encrypted VPN, SSL, and other techniques could allow you to connect to a remote system and do what you need to there. Again, however, the where is easily determined, and the remote system would become the focus of the investigation.
Really, I don't think that there's an easy "defense" against Carnivore. The defense is in not attracting suspicion in the first place, and if that's too late, by pathologically practicing probably-impossible levels of security both in communications and on the node systems. It's like suggesting there's a defense against the cops staking out your house. All you can do is move the allegedly criminal activity elsewhere.
Note that none of the above assumes that you are involved in actual criminal activity. I know someone who works for an attorney who is under federal indictment for a fraudulent land sale that was arranged by a client, and who involved my friend via a forged signature. I know that my friend is completely innocent, although I can't with certainty say the same about the attorney. Mostly, it looks like it was a tax investigation of the client that ballooned into a fishing expedition and found this one thing. Anyway, I wouldn't be surprised if the FBI had used Carnivore at some point in this investigation, as some documents were exchanged by e-mail. Possibly my friend's personal e-mail. Possibly, thereby, my e-mail between myself and my friend. Innocent activity, all of it, but still subject to investigation. Frustrating as hell, and arguably a form of harassment, but probably completely legal. Now, in practice, they haven't seized any computers here -- I'm just saying that this is an example where they could very easily have obtained a Carnivore warrant.
----
lake effect weblog
{Network engineer in Chicago--looking for work!}
I know this is a joke, but:
10. Write a device driver that emulates a soundcard. Dump output to disk. Optional - sending to the real soundcard. Bonus points if you use DirectSound.
This can't be done if the vendors of the soundcards sign their drivers with a universal "secure music" key, and the SDMI music refuses to use anything other than a signed driver. These drivers of course will prohibit simultaneous sound in and out.
9. Attach leads to the DAC of the soundcard, design daughterboard to resequence for raw wave output. Optional: 64MB stick of RAM and a memory overlay for copying back out to the system. Estimated cost to hire an EE to do this: $25k
An impractical idea, but sound card manufacturers could always monitor voltage drop on their boards and shut down if it increased suspiciously. Don't think anyone's seriously going to do this though, not in mass quantities.
8. SoftICE, a pack of mountain dew, and an SDMI decoder.
I hear they obfuscate the object code and include commands to crash browsers, meaning that this is not a skript kiddie task. And what if the obfuscation differs between each copy of the SDMI binary on each users machine? Eventually this becomes a big pain in the ass and not sufficiently general to pirate music.
7. 15 minutes alone with developers of SDMI and a backpack full of bricks.
Yes, I believe there is a backdoor in there somewhere. Probably would work. It's criminal, but hell, they'll be passing laws chopping of the right hands of MP3 traders pretty soon, so where's the risk differential?
6. 45 minutes alone with legislators who signed DMCA into law, backpack full of bricks (note: bricks may be damaged by contact with thick heads of legislators - Aim lower)
Unfortunatley, beaurocrats seem to spawn asexually.
5. Audio cable connected between INPUT and OUTPUT of soundcard.
See above about signed drivers.
4. Hold press conference. Compare SDMI to DivX. Drop plenty of rumors so retail outlets won't carry it without large cash advances.
Attention The World At Large! Signal11 sez...
-konstant
Yes! We are all individuals! I'm not!
-konstant
Yes! We are all individuals! I'm not!
Well, assuming I'm BandX and I record my new CD "BandX Live" and I want to release my hit single "It's Not Goatse.cx" for paid download as a SDMI-watermarked track. So, I take my CD, rip the track, slap the watermark on the track and release it.
My question is, what's to prevent one person who owns a copy of "BandX Live" from comparing a direct rip off their CD to the downloaded version and just locating the watermark that way. Once that is done, I imagine you can generate a list of altered bytes. Package that list into some form of standard format compatible with a de-SDMI program (call it "The SoDMIzer") that can take a track and the byte list and remove the watermark.
So all you need is an on-line repository of the byte-lists (or whatever, I'm sure there's a more elegant way of diff'ing the tracks) and the problem goes away.
It's an extra step, but not a big one. What's the catch?
-- "I am disrespectful to dirt. Can you not see that I am serious!"
It's a convience thing. Dedicated MP3 computer plugged into the stereo let's me easily play all the music in my collection, in any order I want, with no annoying lags for a CD changer to swap discs or for me to get up and physically replace a tape. If I want a custom mix for the car it's a helluva lot easier to sort a dozen songs on the computer in the order I want and burn them to CD. MP3/Vorbis type technologies give the user far greater control over how he/she is able to listen to music. Plus I don't even own a tape deck.
"Listen: We are here on Earth to fart around. Don't let anybody tell you any different!" - Kurt Vonnegut
The point is that in a battle between automated systems, the better programmers generally win. Outsmarting automated systems requires intelligent, creative thought. Lazy, automatic work, even if done by a human, is vulnerable to automated attack.
-- the clueless American pigdogs with their sig parser will never see this message. Attack at dawn.
This would get through once, be flagged by a human reviewer as harmless nonsense, and not show up on their monitors again. Come up with an automated .sig generator, and you will be repeatedly flagged until you cross a critical threshold, at which point automated systems will just ignore you until you exhibit some novel behavior, like encrypted .sigs or unusually long contents. Even then, a flexible and adaptable monitoring system will be able to filter you out.
I rather doubt the NSA does very much keyword filtering for the same reason that keyword-based search engines are increasingly useless on the web. It is more likely that they use some fairly sophisticated natural language parsing engines and n-gram analysis, or something on that order.
--
Proud member of the Weirdo-American community.
Still, if you ignore it, people will use their .sigs to pass data. If you analyze them, you'll have a huge amount of chaff to search and only be able to hope that the people you're looking for screwed up on implementation. Bit of a lose-lose situation, really.
Do you have an analog amplifier or speakers? Whoops! A SMDI player can refuse to play because your Audio channel isn't "secure" from end-to-end. Makes it hard to play the music you want to if you have to buy all new equipment and a new OS...
When I hear the word 'innovation', I reach for my pistol.
You are apparently misunderstanding SDMI. SDMI is a watermarking system. Basically, they use a form of steganography to embed an identifying mark in the music to say who originally bought it. This identifying mark is supposed to survive all attempts at copying at a reasonable fidelity, even analog ones.
Need a Python, C++, Unix, Linux develop
Freedom Network. Look into it.
They're apparently coming out with a version for linux soon, and the next version for Winblows will support "Internet connection sharing", so you can still use your linux box by just point to the crappy windows gateway.
Need Free Juniper/NetScreen Support? JuniperForum
It's happened:
Source
When I hear the word 'innovation', I reach for my pistol.
Hard work and careful thought no doubt could muck up the works. The benefit of success is that you begin to receive tell-tale signs that you've pissed someone off: your ISP mysteriously loses your account -- six times in as many days; your computer seems to be suffering from some kind of high-intensity, highly-focused EMF interference; bland-looking guys in black suits move into the next apartment over, etc. ;-)
--
Proud member of the Weirdo-American community.
Warning: This post may (at the present time, or some future point) voilate the DMCA.
It's easy to record SDMI-protected music, even with 'digital' speakers that use bullet-proof encryption, and tamper-resistant enclosures.
All speakers, even 'digital' ones, at some point produce an analog signal.
All speakers of the dynamic type (read: cheap, common) have fly leads heading to the voice coil, which sit directly beneath the cone, that carry this analog signal.
Tools required:
1 beer, any size
1 printed copy of the SDMI spec
1 printed copy of the DMCA
1 drill
1 large drill bit
1 sharp knife
2 alligator clip-equipped wires, per speaker
1 suitable connector, per speaker
Optional: Variable potentiometer, and/or large-value resistor
Instructions:
Determine where the driver/cone (whichever you want to call it) is located inside the speaker enclosure. Drill through speaker grill in the approximate center of te driver. Having done this, the dustcap of the driver should be visible, and perhaps the fly leads as well.
If you can see the end of the fly leads (they look like two small bumps, encased in goop), skip this paragraph. Else, cut away the dustcap using your knife to expose the flyleads.
Now, also using the knife, scrape off the glue which entombs the fly lead ends until you find substantial bare metal.
Attach one alligator-equipped wire to each lead. Consider one lead to be positive, the other negative (it is beyond the scope of this document to describe methods for determine which is which), and connect (via the suitable connector) to the desired non-SDMI-compliant audio recording device's analog input. Optionally, use a resistor or potentiometer in series with this circuit for level control.
Push play and record at the same time, and have a beer while the song transfers.
When done transferring, use the consumed beer to piss all over the printed SDMI and DMCA papers.
Kid-proof tablet..
Well, I am no kind of Uber Hacker, but I have followed this entire digital music story very closely. Further, I live in the L.A. area where the topic is much discussed, and I know a variety of struggling musicians. I am not pretending to be an expert (I do that during the day), but I know a little about this issue.
Just to go against the tide, I don't think there is any need to fight or boycott SDMI technology development. (Although I admire the idea.) In fact, it is possible that an effective SDMI technology may actually hasten the decline of the music oligopoly.
Here are my main thoughts:
1. The market will speak. Given the choice of today's CD's versus some kind of "secure" format with its many limitations, who would buy it? I think the music suits have underestimated how tech saavy today's consumers are becoming. Sure, they may eventually pull "classic" CD's off the market, but that will only increase used sales and copying of them. (Question - how long before an attempt is made to actually outlaw the sale of classic CD's and/or players as some kind of piracy tool?)
2. Today's CD's won't go away, at least for years. As we have learned, one CD and any modern computer can generate an almost unlimited number of virtually perfect digital copies. Even if suddenly tomorrow I wake up and no more classic CD's are sold, the 15 billion or so that are out there and the millions of players will last for years and years to come. Further, once Napster and its ilk are shut down via legal challenges, people will simply become more sophisticated and private with their digital music swapping. The year or so of Napster has provided a music swapping foundation that will continue for years to come.
3. How much new music do we really need? OK, let's say all new music by the big labels is sold on secure CD's, until a time when they can try and make you pay for music every time you listen to it without even selling CD's. Hey, I can live just fine without ever hearing Ricky Martin's next album. With c. 250,000 CD's in print I personally could live the rest of my life just discovering more of what is already out there. Even being a big music fan, a week does not go by that I don't discover something new from the past. No one likes this argument because it seems anti-creative, but it will simply be a market response. If "new" digital music has all sorts of costs and restrictions on it, "classic" digital or even analog work will seem more attractive by comparision.
4. More performers will bypass the labels. As more and more people have high speed connections, music by downloading will become commonplace. More and more performers will be able to distribute their music directly to fans, instead of giving away their first child in a standard music industry contract. Sure, there may be fewer multi-millionaires overall, but so what? Just like open source, some will always create music for the love of doing it, not just to make money and groupies. In the creative world, there is often not a correlation with talent and financial reward, contrary to the constant copyright owner claims that "Artists won't create if they won't get paid" This may be true for hacks, but not for artists in the true sense of the word. I mean, do we really need another Stephen King novel?
5. Free music will flourish. No one seems to be saying this, but clearly there will be tons of free as in beer music for download. There seems to be an idea among some that anything amatuer or
DIY is junk, and sure, much of it may be to some. But to me, there is a lot of junk in any music store these days as well. Music creation software will continue to improve, and no matter how much DIY material is posted, the "buzz" of what is good will spread among friends, much like undergroud Metallica tapes did some 20 years or so ago. People will also see that you don't have to live in New York, L.A. or Nashville to be talented and have a reasonable chance of being discovered.
So in summary, whether we like it or not, the big music industry has the money to buy U.S. legislation to suit its current goals. But that's OK. If anyone wants to buy a secure copy of Britney Spears's latest CD five years from now, that will be their choice. But there will also be a lot of lower cost choices as well that will possibly give you even better (in the sense of matching your personal tastes) music.
TWR
Use digital USB speakers, and tap/copy the signal. either in hardware or software.
While I am not at all sure that USB speakers will replace the soundcard/analog combination, they are likely to become too big a market share for RIAA to ignore, just like those annoying integrated sound chips that audiophiles deride, but that still manage to live in millions of budget and office systems.
True, it is possible to encrypt the signal to the speakers, and use decrypting speakers, but there is unlikely to be enough market clout to force speaker manufacturers/system integrators/buyers to adopt encrypted speakers to support SDMI. I think that we are too far along the USB audio roadmap for it to be easily diverted now
Recall, a format that doesn't catch on means lost time/money/opportunity for the RIAA, as well as the manufacturers and buyers.
------------------
If you can go to bed, knowing you did a valuable thing today, you're very lucky. If you can't... it's not bedtime
So all some mp3 release group would have to do to steal the music is make the watermark tie to someone else.
Since the theory is to sell it online, which in this world means it has to be done quickly, do you really think they're going to require more information from you than your credit card number and billing address?
Credit Card numbers get stolen every day. People buy things with them all the time. Some of them get caught. So, the record company finds out someone is distributing a copyrighted song. They expend the effort to track the person who purchased that song down. And they track it down to a credit card that was cancelled as stolen a week after the purchase.
It's not that hard to be untraceable over the Internet, if you really want to spend the time to do it. So all they would have is a dead-end credit card number and some IP Addresses to some machine in North Korea.
That'll stop music theft. Sure.
So, music release groups of tomorrow will be doing something a little more illegal than they are now: credit card fraud, various electronic crimes...
But has that ever been enough to stop all the young kids that make up most of these scenes? The 14 year old script kitty with a credit card list he stole from a porn site?
So they manage to lock some kid up for doing something dumb and the music he released is still out there.
How ... effective.
-- Douglas Adams, So Long, And Thanks for All The Fish
Top 10 Ways to Hack SDMI
------------------------
10. Write a device driver that emulates a soundcard. Dump output to disk. Optional - sending to the real soundcard. Bonus points if you use DirectSound.
9. Attach leads to the DAC of the soundcard, design daughterboard to resequence for raw wave output. Optional: 64MB stick of RAM and a memory overlay for copying back out to the system. Estimated cost to hire an EE to do this: $25k
8. SoftICE, a pack of mountain dew, and an SDMI decoder.
7. 15 minutes alone with developers of SDMI and a backpack full of bricks.
6. 45 minutes alone with legislators who signed DMCA into law, backpack full of bricks (note: bricks may be damaged by contact with thick heads of legislators - Aim lower)
5. Audio cable connected between INPUT and OUTPUT of soundcard.
4. Hold press conference. Compare SDMI to DivX. Drop plenty of rumors so retail outlets won't carry it without large cash advances.
3. Hold shareholder conference. Compare SDMI to DivX. Using the rumors created in #4, draw on their fears that SDMI will collapse into a dense black hole, taking their profits with them.
2. Use genetic algorithms (GA) to predict prime numbers without using brute force. Optional - for speed, do it using an analog computer. Send result to spook@nsa.gov, move to antarctica, dig hole in ground, call up UUNet, ask for net feed under an alias.
1. Go to local high school, offer the kid with thick glasses in the computer lab $20 to crack SDMI. Return after lunch to pick up detailed documentation of program, and the program itself which was ported to 8 platforms and has bilingual support. Thank kid.
| Permission is granted to distribute this document |
| in any medium, provided this notice is attached. |
| Copyleft, 2000 Signal 11 |
--
Frankly, I was quite underwhelmed with the suggestions. They all basically add up to cheap, low-tech encryption or security by obscurity methods.
Some were flat-out wrong. Going through an email proxy doesn't help if they're sniffing your connection by IP address. I'm not convinced that Carnovore doesn't do this (nor am I convinced that it does. But I wouldn't base my security strategy on the weaker assumption). Likewise, forging an email address is not going to trick the system. The FBI isn't stupid.
Obviously, strong encryption is the best solution. Although there is a precedent for having passwords *not* protected as free speech under the 5th amendment, it does give you your best shot at keeping communications secure.
Steganography's also probably a reasonable choice. Get a good digital camera, and send out a lot of pictures to your friends. Some may have messages. Most don't.
Chaffing models might be good, but might not.
Also, techniques like the old "saturate Echelon" approach, where you *always* tag on keywords like semtex, Nidal, West Bank, UN, ammo, NSA, NRO, ZOG, etc. to your messages. If everyone did it, and varied the list, it'd clog their system eventually...
-
bukra fil mish mish
-
Monitor the Web, or Track your site!
Eloi, Eloi, lema sabachtani?
www.fogbound.net
Second, Microsoft isn't completely evil, thanks to good hardware such as the Explorer mouse, which holds the place of honor on my desk; the good gaming hardware at good prices (the original M$ Gamepad, the first FF Joystick that worked w/ many games); and the timely support that they give to new hardware, thanks to their marketing efforts. Thanks to the >75% margin of Windows 9x on desktops, most hardware manufacturers include a windows driver, while few put linux drivers inside the box.
While Linux may be technically superior, Windows is still the only operating system that can give rise to a good game of Half-Life: Counterstrike. (Lest you count the dedicated server for linux)
Tell me what makes you so afraid
Of all those people you say you hate
I read the blurb on Inferno with a great amount of joy. ,Styx® , Dis® and Limbo® are the registered trade marks of Vita Nuova Holdings Limited". YOU may only use these trademark as permitted by and in strict compliance at all times with VITA NUOVA's third party trade mark usage guidelines which are posted at www.vitanuova.com/trademark.htm.
A freely downloadable OS that seemed to be focussing on the lacks of all the OSs it ran upon. A nice little tool if ever I saw one, and one that I'd greatly love to try.
Then I read the licence.
You may not: 2.6 use the "Inferno®", "Styx®", "Dis®" and "Limbo®" trade marks without the following trade mark notice - "Inferno®
2.7 use the "Inferno®", "Styx®", "Dis®" and "Limbo®" trade marks other than in relation to the LICENSED SOFTWARE and/or ADAPTATIONS of the LICENSED SOFTWARE.
Well, for starters, the trademark.htm URL doesn't exist, so there is no guideline for use of these 'trademarks'.
What is a classicist to do then? "I'm sorry, you can't have your lecture on Greek mythology, as all the names are currently trademarked..".
Looking at some of the names that go alongside this project, I'm much more inclined to believe they've just got the company lawyers to stamp out a quick default boilerplate, but, in the current times of acquisitions of companies by larger, predatory ones, this boilerplate could be a huge pain in the butt if someone decided to try and enforce it as stands.
Hey, I'll just go out and trademark the word 'Binary'... That'll really put the cat amongst the pigeons.
Well, that's about it for the rant.. Not yet checked the software, 'cos I don't agree to it's licence (I don't agree not to use all those trademarks, unless using them in context to the inferno OS)..
Wake up guys, and be sensible with your trademarking!!!
Malk
This means that if Joe MCSE decides to re-image some OEM boxes, and re-images them in a manner both different from the OEM boxes and the rest of the network boxes, either Joe's company is in license violation, or someone needs to cough up the moola.
This is one case where it's difficult to enforce a license. You have an X seat license for X users. You hire more workers and buy OEM boxes w/Win2K.
You want to give them a newer better configuration with the original software? Too bad. This looks as though the license change is publicised as a customer relations thing, but is actually an enforcibility thing. Show the license, show the number of new OEM boxes, you're fine, as long as they all have the same installation. I work in an academic situation where we reimage all the time. This license appears to remove one major financial pain, and exchanges it for a finicking pain.
No, a company does things like this (users complain, they fix the problem) when they have real competition. When a company doesn't have competition it won't do anything (except maybe laugh) when you complain about something they are doing.
1997:
User: Hey Microsoft, I don't agree with your license on this issue...
Microsoft: HaHaHaHa <CLICK>
1999:
User: Hey Microsoft, I don't agree with your license on this issue...
Microsoft: We are not a monopoly, we have lots of competition... here's one of our competitors now, Bob, He makes an OS that <CRACK> Virus Detected! Now running suspected executable for you. <BSOD>
Soon (hopefully):
User: Hey Microsoft, I don't agree with your license on this issue...
Microsoft: We are soory for the inconveince how may we solve this problem? Please don't use one of our competitors...
User: <CLICK> <Calls new number> Hello, I'd like to buy the new BobOS 2.1, but I don't agree with this part of the license...
Bobsoft: <CLICK>
And the cycle continues.
That was fun.
Devil Ducky
Devil Ducky
MY peers would get out of jury duty.
First, in response to a lot of people's complaints about my wording of the article, read here and here. I also submitted that Slashback article several days ago, so it hasn't aged well.
To the response I am simply a "troll" (which I don't agree with in the slightest) read here. This is another article I recently submitted and got accepted.
Remember, deep breaths.
- I don't care if they globalize against free speech. All my best free thoughts are done in my head.
So the test begins. With a proxied Netscape browser we find proxy.foo.com and slightly obscure our information and change our hostname to whatever@wherever.com. In theorum mail is being sniffed to the account in question johndoe@sampleisp.com in which they have their warrant and not whatever@wherever.com which makes any information they gather obsolete. Well, after some legal mumbo jumbo obsoletes their methods and what information they gathered along with the terms of the warrant.
The DOJ and assorted federal branches have been pushing for greater liberties in pursuing 'cyber-criminals' including the extension of warrants to include all computers connected to the network through which the data could have traveled.
Even if they can't get something from your own ISP, they may soon be able to get it from another computer.
--
--
Whom does Larry Wall quote in
My guess is Scott Pakin's automatic complaint-letter generator.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
http://www.hacksmdi.org
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Your comment could very well have been this:
Why do you have to rank on those of us who happen to have a preference for rape? The good
thing about technology is that it is blind, that it allows those of us who don't fit into society's mold to have a fair say and a fair chance at having our opinions heard.
And what does rape have to do with terrorism or heroin? You degrade rapists and don't
seem to think anything about it. A comment like that about homosexuals, Jews, blacks, or any other
minority would have an angry mob at your door real quick.
As a member of a currently socially unacceptable group, I realize that I must fight for my rights in every way I can, and get people to realize that I'm not bad or evil, I am what I am, and everyone will just have to accept that!
For the record, I am gay. The problem with your lifestyle is that the "love" of children assumes that children are capable of understanding sexual relationships. I admit that some are and some aren't. I was sexually active when I was 12. But the psychological evidence of sexual abuse of children compels me to reject pedophilia as something abusive and evil. And no, I don't "just have to accept" your lifestyle.
I have a feeling you will try and label me a hypocrite. That won't work. You'll do much better to try and show me that whatever psychological evidence I've seen is invalid (much like the psychological evidence against homesexuality has been shown to be invalid).
I don't make the rules. I just make fun of them.
Ok, so I have had a look at the announcement, and the first thing that sprang out at me was the qualification requirement. In order to qualify for the "relaxed" rules, you need to be a MS select or Enterprise Agreement licencee - normal mortals (and my employer flies under this flag even though we have over four hundred PCs in use) get all their licences bundled with the machines, and only replace OSs when they replace machines. However, our site *also* has a full set of custom apps, so ghost-rollout of a new installed-base of replacement machines (hardware upgrade, needed for the new generation of MS office apps) is needed, in about blocks of fifty....
--
-=DaveHowe=-
Hey if they're monitoring johndoe@sampleisp.com and sniff the whole network then jane.something@sampleisp.com should be able to hold them liable for invasion of privacy. Thats something I can't speak on since I'm not a lawyer.
Just from a legal standpoint . . . where are you guaranteed privacy under (US) federal law?
Another oddball way of conveying messages whether or not encrypted is to send a message written in binary with something as lame as:
[sil@stigmata] echo "I need help with this math problem:
[sil@stigmata] 43 61 72 6E 69 76 6F 72 65 20 63 69 72 75 6D
[sil@stigmata] 76 65 6E 74 69 6F 6E 20 74 65 73 74 20 70 68
[sil@stigmata] 61 73 65 20 31 0A" | mail -s hello somebody@somewhere.com
Um . .. that's hex . . .
Kinda hard to take the rest of the article as an autoritative source . . .
Signal 11 is an error.