Slashdot Mirror
Slashback: Imagination, Evasion, Watermarks
Frankly, this would have been just too silly. steveha writes: "Microsoft just changed their 're-imaging' payment policy. Companies buying computers that come with Windows installed can once again re-image the system hard disk without Microsoft demanding an extra license payment. Here is the official Microsoft document. Computer Reseller News had the story."
Burn baby burn. rpeppe writes: "briefly, you can download Inferno here, for free.
you might remember from a month or so back that the UK firm Vita Nuova obtained rights to Inferno, a next-generation virtual/embedded OS created by the likes of Rob Pike, Ken Thompson and Dennis Ritchie. Inferno uses many of the ideas from Plan9 but, unlike Plan 9, there are no restrictive hardware requirements - it runs as a "virtual OS" under Linux, Windows, Plan 9 and others, mapping the resources provided by the host OS into a standard form for programs running within Inferno, which will run without change on any platform running it (including on bare hardware, such as SA1100 or MIPS)
we've just made free downloads available (for any use) for Linux, Windows and Plan 9. the actual kernel is not open source, but the download includes open source for all the user-level code in the system (applications, libraries, etc), plus unix-style documentation so there's plenty to tinker with.
this is a system that is genuinely trying to address the problems that are "too deep for unix to fix" and includes all sorts of interesting takes on some of the original unix philosophy (after all, it represents 30 years of evolution from the unix original). plus it's a really nice environment in which to write genuinely (and elegantly) portable programs."
Taking the meat from the jaws of Carnivore. An unnamed correspondent writes "Found a nice article on the circumvention of Carnivore which details steps one can take to avoid big brother. Article is nicely written which has a strange reference to the NSA's Verona project of World War II."
Nothing here may be all that new or surprizing to those already interested in online privacy or cryptography in general, but if you ever need ammunition in an argument about the nice government versus slithering heroin-dealing kiddie-porn terrorists, it'd be nice to point out how accessable these methods are to all involved.
OK, who has what up their sleeves, and why? Fervent writes "Interesting twist in the SDMI boycott -- Don Marti's backing down a bit. Apparently he and Leonardo Chiariglione, executive director of the SDMI, talked and found ways to get along about secure music. The article is here."
I'll be impressed if the music industry or anyone else can come up with a high-quality music format which can't be effectively copied with a modicum of hassle. "Anything that can be read," etc. Thta's not about to stop them from trying on both technological and legal fronts. Of the two, I'll take technological any day.
Warning: This post may (at the present time, or some future point) voilate the DMCA.
It's easy to record SDMI-protected music, even with 'digital' speakers that use bullet-proof encryption, and tamper-resistant enclosures.
All speakers, even 'digital' ones, at some point produce an analog signal.
All speakers of the dynamic type (read: cheap, common) have fly leads heading to the voice coil, which sit directly beneath the cone, that carry this analog signal.
Tools required:
1 beer, any size
1 printed copy of the SDMI spec
1 printed copy of the DMCA
1 drill
1 large drill bit
1 sharp knife
2 alligator clip-equipped wires, per speaker
1 suitable connector, per speaker
Optional: Variable potentiometer, and/or large-value resistor
Instructions:
Determine where the driver/cone (whichever you want to call it) is located inside the speaker enclosure. Drill through speaker grill in the approximate center of te driver. Having done this, the dustcap of the driver should be visible, and perhaps the fly leads as well.
If you can see the end of the fly leads (they look like two small bumps, encased in goop), skip this paragraph. Else, cut away the dustcap using your knife to expose the flyleads.
Now, also using the knife, scrape off the glue which entombs the fly lead ends until you find substantial bare metal.
Attach one alligator-equipped wire to each lead. Consider one lead to be positive, the other negative (it is beyond the scope of this document to describe methods for determine which is which), and connect (via the suitable connector) to the desired non-SDMI-compliant audio recording device's analog input. Optionally, use a resistor or potentiometer in series with this circuit for level control.
Push play and record at the same time, and have a beer while the song transfers.
When done transferring, use the consumed beer to piss all over the printed SDMI and DMCA papers.
Kid-proof tablet..
Use digital USB speakers, and tap/copy the signal. either in hardware or software.
While I am not at all sure that USB speakers will replace the soundcard/analog combination, they are likely to become too big a market share for RIAA to ignore, just like those annoying integrated sound chips that audiophiles deride, but that still manage to live in millions of budget and office systems.
True, it is possible to encrypt the signal to the speakers, and use decrypting speakers, but there is unlikely to be enough market clout to force speaker manufacturers/system integrators/buyers to adopt encrypted speakers to support SDMI. I think that we are too far along the USB audio roadmap for it to be easily diverted now
Recall, a format that doesn't catch on means lost time/money/opportunity for the RIAA, as well as the manufacturers and buyers.
------------------
If you can go to bed, knowing you did a valuable thing today, you're very lucky. If you can't... it's not bedtime
-- Douglas Adams, So Long, And Thanks for All The Fish
Top 10 Ways to Hack SDMI
------------------------
10. Write a device driver that emulates a soundcard. Dump output to disk. Optional - sending to the real soundcard. Bonus points if you use DirectSound.
9. Attach leads to the DAC of the soundcard, design daughterboard to resequence for raw wave output. Optional: 64MB stick of RAM and a memory overlay for copying back out to the system. Estimated cost to hire an EE to do this: $25k
8. SoftICE, a pack of mountain dew, and an SDMI decoder.
7. 15 minutes alone with developers of SDMI and a backpack full of bricks.
6. 45 minutes alone with legislators who signed DMCA into law, backpack full of bricks (note: bricks may be damaged by contact with thick heads of legislators - Aim lower)
5. Audio cable connected between INPUT and OUTPUT of soundcard.
4. Hold press conference. Compare SDMI to DivX. Drop plenty of rumors so retail outlets won't carry it without large cash advances.
3. Hold shareholder conference. Compare SDMI to DivX. Using the rumors created in #4, draw on their fears that SDMI will collapse into a dense black hole, taking their profits with them.
2. Use genetic algorithms (GA) to predict prime numbers without using brute force. Optional - for speed, do it using an analog computer. Send result to spook@nsa.gov, move to antarctica, dig hole in ground, call up UUNet, ask for net feed under an alias.
1. Go to local high school, offer the kid with thick glasses in the computer lab $20 to crack SDMI. Return after lunch to pick up detailed documentation of program, and the program itself which was ported to 8 platforms and has bilingual support. Thank kid.
| Permission is granted to distribute this document |
| in any medium, provided this notice is attached. |
| Copyleft, 2000 Signal 11 |
--
Frankly, I was quite underwhelmed with the suggestions. They all basically add up to cheap, low-tech encryption or security by obscurity methods.
Some were flat-out wrong. Going through an email proxy doesn't help if they're sniffing your connection by IP address. I'm not convinced that Carnovore doesn't do this (nor am I convinced that it does. But I wouldn't base my security strategy on the weaker assumption). Likewise, forging an email address is not going to trick the system. The FBI isn't stupid.
Obviously, strong encryption is the best solution. Although there is a precedent for having passwords *not* protected as free speech under the 5th amendment, it does give you your best shot at keeping communications secure.
Steganography's also probably a reasonable choice. Get a good digital camera, and send out a lot of pictures to your friends. Some may have messages. Most don't.
Chaffing models might be good, but might not.
Also, techniques like the old "saturate Echelon" approach, where you *always* tag on keywords like semtex, Nidal, West Bank, UN, ammo, NSA, NRO, ZOG, etc. to your messages. If everyone did it, and varied the list, it'd clog their system eventually...
-
bukra fil mish mish
-
Monitor the Web, or Track your site!
Eloi, Eloi, lema sabachtani?
www.fogbound.net
This means that if Joe MCSE decides to re-image some OEM boxes, and re-images them in a manner both different from the OEM boxes and the rest of the network boxes, either Joe's company is in license violation, or someone needs to cough up the moola.
This is one case where it's difficult to enforce a license. You have an X seat license for X users. You hire more workers and buy OEM boxes w/Win2K.
You want to give them a newer better configuration with the original software? Too bad. This looks as though the license change is publicised as a customer relations thing, but is actually an enforcibility thing. Show the license, show the number of new OEM boxes, you're fine, as long as they all have the same installation. I work in an academic situation where we reimage all the time. This license appears to remove one major financial pain, and exchanges it for a finicking pain.
No, a company does things like this (users complain, they fix the problem) when they have real competition. When a company doesn't have competition it won't do anything (except maybe laugh) when you complain about something they are doing.
1997:
User: Hey Microsoft, I don't agree with your license on this issue...
Microsoft: HaHaHaHa <CLICK>
1999:
User: Hey Microsoft, I don't agree with your license on this issue...
Microsoft: We are not a monopoly, we have lots of competition... here's one of our competitors now, Bob, He makes an OS that <CRACK> Virus Detected! Now running suspected executable for you. <BSOD>
Soon (hopefully):
User: Hey Microsoft, I don't agree with your license on this issue...
Microsoft: We are soory for the inconveince how may we solve this problem? Please don't use one of our competitors...
User: <CLICK> <Calls new number> Hello, I'd like to buy the new BobOS 2.1, but I don't agree with this part of the license...
Bobsoft: <CLICK>
And the cycle continues.
That was fun.
Devil Ducky
Devil Ducky
MY peers would get out of jury duty.
My guess is Scott Pakin's automatic complaint-letter generator.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."