And it seems, Debian had the same idea, but pulled it out for some reason -- overreaction?
It doesn't look like they pulled anything. The package msttcorefonts is still there, but it runs a script that tries to download the fonts from www.microsoft.com, which naturally fails.
Your program will flag anything as a possible Lychrel number once it gets to the point where Perl represents it in scientific notation, which will always happen in way less than 10,000,000 iterations. In fact, it will always happen in less than 70 iterations. Stick $value in the string printed if it might be a Lychrel number to see what I'm talking about.
But I'm beginning to wonder... Answers very quickly get expressed as integers like "1.40025556644157e+15"... Does a reverse() of this return 51+e7...", or does Perl have the "real" number internally? My script doesn't work for long if the former is the case.
No, Perl does not perform arbitrary precision integer arithmetic.
Try perl -e 'print scalar reverse (2**60);', for example.
Also, I don't understand why you're using $x <= $in as the test case for your loop. $in will grow much faster than $x.
Then again, how would we know that we've reached the end? They could be very spaced out. What we need is a mathematical proof.
You can't reach the end. Any number whose digits are all less than 5 is obviously palindromic, and the set of such numbers is countably infinite. Thus, the set of palindromic numbers is not smaller than the set of natural numbers.
Since, as you pointed out, the size of the set of palindromic numbers cannot exceed that the set of natural numbers, the sets are of equal size.
but, that's the point in card counting: sometimes the casino loses a few so the count might come out to 51 or 50. if you play for a while you can figure out which cards are missing, and boy, then the casinos better watch out!
Uh, no. While you could certainly make use of that if it happened, I don't think it's likely to. Card counters keep track of what cards have already been played, because they know they won't be played again until the deck is reshuffled.
Anyways, I'm currently looking at the Samsung YEPP-30sh. ..its VERY small and light, has 128 megs, relatively inexpensive, and I've heard good things about its durability. That might be one for you to consider.
I've been wearing a YEPP-30 while I work out for about two months without any problems. I tuck in my shirt and clip it on my waistband. I haven't had any problems even when my shirt is drenched with sweat. However, YMMV.
I'd like to clarify, as you don't seem to fully understand how key encryption works.
I incorrectly thought that PGP performs Sign(Encrypt(Message)) for encrypted and signed messages, and I did miss a detail of the attack that lead me to believe that it would work still on Encrypt(Sign(Message)), but I'm pretty sure I understand what's being said in this discussion.
However, if someone intercepts the message you sent, encrypts it with his/her public key, and sends it to your recipient, whose mail reader automatically decrypts this message with the recipient's private key, and says that the file is garbled and he needs help, then when the recipient replies, the whole thing will only be encrypted with the attacker's public key (because the recipient's private key decryption cancelled the encryption by the sender with the recipient's public key), and from the reply, the attacker can find and read the message by decrypting with his private key. (In the preceding passage, encryption and decryption describe the same algorithm, just performed with a different purpose.) However, as has been oft-repeated, this is a social engineering hack and depends on the stupidity of the recipient.
That really isn't how the attack described in the paper works. In PGP, only the session key is encrypted by the public key, but the encrypted session key isn't modified in this attack.
I was wrong about signing. It is indeed performed as Encrypt(Sign(Message)). Furthermore, my suggestion that D(C') would be garbled so as not to be recognizable as a signed message was stupid. OpenPGP requires the decrypted message to be a valid OpenPGP message. The paper clearly pointed out the attacker must not garble the first block of the encrypted message, which includes the header indicating what type of OpenPGP message it is. Thus, a signed message would still be marked as a signed message, and since the part after the first block would be garbled, it would be definitely cause a major warning/error.
A larger concern would be if you could send a garbage message to someone, and their vacation auto-reply would send it back to you (after decrypting it).
That's about the stupidest thing I've ever heard, and I'm now dumber for having read it.
This is exactly my point, every '>', changes the hash of the block before encryption. A '>' on every line would make a significant, if not unpredictable difference. Nonetheless it could be, eventually, figured out how many '>' + ' ' are before each line. The attacker would also have to predict any line wrapping.
True. I didn't think that was what you meant because it didn't seem like it would be difficult at all to figure out how many "> " there were on each line. Presumably that would be either 0 or 1.
PGP signatures are not simply tagged onto the end of a message. They are an MD5 hash of the original message which is then encrypted with the private key of the sender (which allows the public key to be used to verify the signature). When the message is recieved, the decrypted (plaintext) of the sent message is then hashed by the recipient (i.e., my) PGP and then I compare the two hash values. Someone wishing to modify the contents of the message must have the ability to sign the message with the "sender's" key. In order to do that, they must have their private key.
If signatures were simply tagged onto the end of a file then they wouldn't matter at all.
I simply don't understand what you're talking about. Of course signatures would work fine if they were just tacked on the end, for exactly the reason you describe. Indeed, most implementations let you generate a signature for a file as a separate file.
I may indeed have been wrong, PGP may produce Encrypt(Sign(Message)) for encrypted and signed messages. However, the decryption of C' would be garbled, and would probably not be in the format of a signed message at all. It would appear to have no signature, not an invalid signature.
Which is my point, you can't trust any content, even encrypted content, unless it is signed. This is a social eneneering hack and has nothing to do with the PGP standard as far as I can tell.
Well, of course a chosen chiphertext attack may require social engineering. However, it is absurd to use a protocol subject to a chosen chipertext attack when one is available that cannot be so attacked.
Signing before encryption would be a countermeasure.
How? I thought an encrypted and signed message was just an encrypted message with a signature tacked on. The adversary could just discard the signature and perform the attack.
If someone manages to get me to send (them? anyone?) a message they already know the contents of encrypted with (my?, the person I'm sending the message to?)'s private key then they can decrypt the message and (read it?, figure out the private key?).
If someone intercepts a message C encrypted with your public key, and they can get you to decrypt a message C' that they create by modifying C, they can recover at least part of the original message that was encrypted to produce C.
1.) This seems pretty unlikely to work, unelss minor modifications don't bother the attack (like adding a > in front of each line of the previous email)
You don't understand. It doesn't matter whether your reply is ecrypted or signed or whatever. What matters is that your reply includes the decrypted C'. Presumably, your adversary will be able to notice and remove a couple of "> ".
2.) let's say john.doe@someplace.com sends me a message and it's encrypted and signed. If I accept it and it shows that john.doe@someplace.com's signature is valid (which it must or I will delete it) then how can the attacker know the contents of the email unless they have already managed to get john.doe@someplace.com's private key? If they already have his private key, then they can decrypt any message I send to him anyhow. I don't really see how they could get my private key and at this point, if I can't trust john.doe@someplace.com and I send him an email then my comprimise is an issue of trust rather than a PGP flaw.
Two points:
1) Even if the attack didn't work for encrypted and signed messages, but just for encrypted messages, that would still be a very big deal.
2) I think that a signed and encrypted message is just an encypted message with a signature tacked on, so the adversary could just discard the signature and perform the attack.
No, the point of insurance is to make money for the insurance companies.
Well, it's obviously true that that's the purpose of it for insurance companies. I was referring to the purpose of it for policy holders.
They define what insurance is, and regularly change those definitions, if you pay attention to the mailings sent to you.
Insurance companies are taking fewer risks themselves. Pretty soon, if that point hasn't been reached already, owning an insurance policy will be worth less than a savings account set aside containing the money that would have gone to an insurance company.In other words, insurance companies operating in a zero risk environment.
Of course, it has always been the case that, on average, you're better off saving the money, because otherwise insurance companies would go bankrupt. The point is that I'd rather lose a little money if my house doesn't burn down than lose a lot of money if it does. Whether a policy is worth more or less than a savings account is a subjective judgment based on one's individual risk-aversion.
At which point insurance companies will have ceased being a beneficial aspect of society.
If, indeed, people decide that their policies are worth less than savings accounts, insurance companies will cease being beneficial to society. However, they will also go out of business, because they will have no customers. Thus, they presumably will make sure that their policies remain useful.
Programs like this pizza thing, and deals with the supermarket saver cards, just bring us closer this end.
No, they don't. In our example, although purchase tracking makes health insurance more expensive to the guy who eats pizza all the time, it makes it cheaper for the rest of us. I see no problem with making people pay for the consequences of their actions. A far more interesting issue, where your points about insurance being worth less would actually apply, is what would happen if we were able to genetically screen for cancer or something, but that's not related to purchase tracking.
I think the government should have to get a warrant to grab my credit card purchases and my grocery buying habits and who I've called and where I've surfed. To me, that's private stuff.
I think you just have to live with the fact that people you do business with can keep a record of that business. Of course, your credit card company and grocer have the right to refuse to provide information to the government, but they have no obligation to refuse.
(that really, only you should know. There's no real excuse for anyone knowing that you got gas at exactly 11:42 pm).
So if someone sells you gas, they have no excuse for knowing when they did so?!
In short, my belief is that the Bill of Rights was a statement against the government being able to harvest any data about you that is not widely publicly known (dob, place of residence, etc) unless they have probable cause (aka a search warrant).
That's absurd. Virtually any sort of police investigation involves harvesting information that isn't publicly known without a warrant. The police don't need a warrant to ask a pizza delivery guy if he saw a certain person when he delivered pizza to a certain apartment yesterday, so why should they need a warrant to get information from Lexis/Nexis that Lexis/Nexis obtained from pizza delivery companies?
The government violates the Bill of Rights in a variety of ways, but this is not one of them.
Hopefully, it can be made illegal on the groudns of invasion of privacy, but it would have to be challenged.
What are you talking about? Invasion of privacy refers to publication of embarrassing private facts of no legitimate newsworthiness. This is a service to let you find someone's address, which doesn't even remotely fit the bill.
Even if you have to pay higher health insurance premiums because your lifestyle is less healthy, so what? The point of insurance is to manage risks that are, as much as possible, outside of your control. People who choose to live in Florida have to pay more to be insured against hurricanes than people who live in Oregon. What's the big deal if people who choose to live less healthfully have to pay higher health insurance premiums?
The point is that it is irrelevant that Microsoft is selling the hardware at a loss.
Perhaps you understand what the phrase "to duplicate the functionality of the Xbox" means and I do not. To me it means to create a device that is not an Xbox but that can do the same things an Xbox can. This really does seem pointless.
I'm going to address the rest of your post anyway.
They've taken their customer's money, therefor their customers own the box, period.
I completely agree.
The manner in which they lock down how their customers can USE their own property is unconscionable, and I for applaud the GNU and Linux folks for providing a Free and legal means for the customer to reacquire control of their own property, back from the hands of those who think nothing of designing a business model that requires and presupposes invasive violations of individual privacy and liberty in order to be successful.
Just because you want a device to do something, such as run unsigned software, and it can't, does not mean that your freedom to use the device is restricted. My car won't go 200 mph, but GM didn't restrict my freedom or liberty by building it so it can't do that. If you think a game console that only runs MS-signed games isn't worth $200, don't buy it. Also, I really don't see where privacy violations come in.
That said, there's nothing wrong with modifying a device you buy so that it can do additional things, and I also applaud the folks who reverse engineered it, but don't whine because it will only do what it's advertised to do off the shelf.
2: It was created specifically for voice transfers, along with "telephone emulation" (just the way you interface with the tele). I believe that many, if not all, webphones use this IP protocol. I also think that GSM and US telephones(that use IP networks) use this protocol to transfer voice data.
Nobody uses it. GSM most certainly does not. I'd be surprised if even a single commercially available webphone uses it.
Some were asking how this could flood your system.... Well, what's the difference TCP and UDP? Or how about ping floods??? Well, it's all data being sent to you. Doesnt matter what 8 bit field is switched... It's still garbage data (if you didnt request it). It fills up your receving connection.
This is wrong. The handler sends instructions to the agent via protocol 11. The agent performs traditional DOS attacks. I'm not saying you couldn't flood someone with protocol 11 packets, but that has nothing to do with this tool.
First of all, you are not paying for those "someone else's libraries" so you realy have no claim for a right to use the code.
I never claimed such a right.
Secondly, you could always duplicate the functionality of the libraries in question by writing your own code.
Now, in the X-Bos case, you buy the machine it's YOURS, and you have absolutely NO means of duplicating the functionality of the XBox (at least no legal means.
Um, what? I wasn't aware of anyone trying to duplicate the functionality of the Xbox. Since they're being sold at a loss, that would be rather pointless.
What's actually happening is that people, who couldn't legally use code that comes with the Xbox Development Kit because that would violate both copyright law, nevertheless managed to write legal software for the Xbox by writing their own code to duplicate the functionality provided by the XDK. The situation is perfectly analogous.
What kind of world/reality are we living in, where your own software can be anything else than "legal" ??
One where your own code is linked against someone else's libraries. The FSF won't let you distribute programs linked against their libraries unless you comply with their license either.
Didn't you already get shot down making this claim? Here it's even worse. It's nothing short of delusional to believe that small companies won't be able to take business from companies charging hundreds of dollars per day more for non-monitored cars.
Slashdot Mirror
and i cant get DSL cuz i'm 200' too far from the CO?
I'll bet you could get broadband for $250 million if you wanted.
And it seems, Debian had the same idea, but pulled it out for some reason -- overreaction?
It doesn't look like they pulled anything. The package msttcorefonts is still there, but it runs a script that tries to download the fonts from www.microsoft.com, which naturally fails.
Your program will flag anything as a possible Lychrel number once it gets to the point where Perl represents it in scientific notation, which will always happen in way less than 10,000,000 iterations. In fact, it will always happen in less than 70 iterations. Stick $value in the string printed if it might be a Lychrel number to see what I'm talking about.
But I'm beginning to wonder... Answers very quickly get expressed as integers like "1.40025556644157e+15"... Does a reverse() of this return 51+e7...", or does Perl have the "real" number internally? My script doesn't work for long if the former is the case.
No, Perl does not perform arbitrary precision integer arithmetic.
Try perl -e 'print scalar reverse (2**60);', for example.
Also, I don't understand why you're using $x <= $in as the test case for your loop. $in will grow much faster than $x.
Then again, how would we know that we've reached the end? They could be very spaced out. What we need is a mathematical proof.
You can't reach the end. Any number whose digits are all less than 5 is obviously palindromic, and the set of such numbers is countably infinite. Thus, the set of palindromic numbers is not smaller than the set of natural numbers.
Since, as you pointed out, the size of the set of palindromic numbers cannot exceed that the set of natural numbers, the sets are of equal size.
but, that's the point in card counting: sometimes the casino loses a few so the count might come out to 51 or 50. if you play for a while you can figure out which cards are missing, and boy, then the casinos better watch out!
Uh, no. While you could certainly make use of that if it happened, I don't think it's likely to. Card counters keep track of what cards have already been played, because they know they won't be played again until the deck is reshuffled.
Anyways, I'm currently looking at the Samsung YEPP-30sh. . .its VERY small and light, has 128 megs, relatively inexpensive, and I've heard good things about its durability. That might be one for you to consider.
I've been wearing a YEPP-30 while I work out for about two months without any problems. I tuck in my shirt and clip it on my waistband. I haven't had any problems even when my shirt is drenched with sweat. However, YMMV.
I'd like to clarify, as you don't seem to fully understand how key encryption works.
I incorrectly thought that PGP performs Sign(Encrypt(Message)) for encrypted and signed messages, and I did miss a detail of the attack that lead me to believe that it would work still on Encrypt(Sign(Message)), but I'm pretty sure I understand what's being said in this discussion.
However, if someone intercepts the message you sent, encrypts it with his/her public key, and sends it to your recipient, whose mail reader automatically decrypts this message with the recipient's private key, and says that the file is garbled and he needs help, then when the recipient replies, the whole thing will only be encrypted with the attacker's public key (because the recipient's private key decryption cancelled the encryption by the sender with the recipient's public key), and from the reply, the attacker can find and read the message by decrypting with his private key. (In the preceding passage, encryption and decryption describe the same algorithm, just performed with a different purpose.) However, as has been oft-repeated, this is a social engineering hack and depends on the stupidity of the recipient.
That really isn't how the attack described in the paper works. In PGP, only the session key is encrypted by the public key, but the encrypted session key isn't modified in this attack.
See this post.
I was wrong about signing. It is indeed performed as Encrypt(Sign(Message)). Furthermore, my suggestion that D(C') would be garbled so as not to be recognizable as a signed message was stupid. OpenPGP requires the decrypted message to be a valid OpenPGP message. The paper clearly pointed out the attacker must not garble the first block of the encrypted message, which includes the header indicating what type of OpenPGP message it is. Thus, a signed message would still be marked as a signed message, and since the part after the first block would be garbled, it would be definitely cause a major warning/error.
A larger concern would be if you could send a garbage message to someone, and their vacation auto-reply would send it back to you (after decrypting it).
That's about the stupidest thing I've ever heard, and I'm now dumber for having read it.
This is exactly my point, every '>', changes the hash of the block before encryption. A '>' on every line would make a significant, if not unpredictable difference. Nonetheless it could be, eventually, figured out how many '>' + ' ' are before each line. The attacker would also have to predict any line wrapping.
True. I didn't think that was what you meant because it didn't seem like it would be difficult at all to figure out how many "> " there were on each line. Presumably that would be either 0 or 1.
PGP signatures are not simply tagged onto the end of a message. They are an MD5 hash of the original message which is then encrypted with the private key of the sender (which allows the public key to be used to verify the signature). When the message is recieved, the decrypted (plaintext) of the sent message is then hashed by the recipient (i.e., my) PGP and then I compare the two hash values. Someone wishing to modify the contents of the message must have the ability to sign the message with the "sender's" key. In order to do that, they must have their private key.
If signatures were simply tagged onto the end of a file then they wouldn't matter at all.
I simply don't understand what you're talking about. Of course signatures would work fine if they were just tacked on the end, for exactly the reason you describe. Indeed, most implementations let you generate a signature for a file as a separate file.
I may indeed have been wrong, PGP may produce Encrypt(Sign(Message)) for encrypted and signed messages. However, the decryption of C' would be garbled, and would probably not be in the format of a signed message at all. It would appear to have no signature, not an invalid signature.
Which is my point, you can't trust any content, even encrypted content, unless it is signed. This is a social eneneering hack and has nothing to do with the PGP standard as far as I can tell.
Well, of course a chosen chiphertext attack may require social engineering. However, it is absurd to use a protocol subject to a chosen chipertext attack when one is available that cannot be so attacked.
An encrypted and signed message is not just an encrypted message with a signature tacked on. Rather, it is Encrypt(Sign(plaintext)).
The signature is inside the encrypted blob. If the attack here was tried, the signature would become invalid, and warn the user.
That's not much better. It seems more likely that D(C') would be so garbled that it wouldn't appear to be a signed message at all.
Signing before encryption would be a countermeasure.
How? I thought an encrypted and signed message was just an encrypted message with a signature tacked on. The adversary could just discard the signature and perform the attack.
If someone manages to get me to send (them? anyone?) a message they already know the contents of encrypted with (my?, the person I'm sending the message to?)'s private key then they can decrypt the message and (read it?, figure out the private key?).
If someone intercepts a message C encrypted with your public key, and they can get you to decrypt a message C' that they create by modifying C, they can recover at least part of the original message that was encrypted to produce C.
1.) This seems pretty unlikely to work, unelss minor modifications don't bother the attack (like adding a > in front of each line of the previous email)
You don't understand. It doesn't matter whether your reply is ecrypted or signed or whatever. What matters is that your reply includes the decrypted C'. Presumably, your adversary will be able to notice and remove a couple of "> ".
2.) let's say john.doe@someplace.com sends me a message and it's encrypted and signed. If I accept it and it shows that john.doe@someplace.com's signature is valid (which it must or I will delete it) then how can the attacker know the contents of the email unless they have already managed to get john.doe@someplace.com's private key? If they already have his private key, then they can decrypt any message I send to him anyhow. I don't really see how they could get my private key and at this point, if I can't trust john.doe@someplace.com and I send him an email then my comprimise is an issue of trust rather than a PGP flaw.
Two points:
1) Even if the attack didn't work for encrypted and signed messages, but just for encrypted messages, that would still be a very big deal.
2) I think that a signed and encrypted message is just an encypted message with a signature tacked on, so the adversary could just discard the signature and perform the attack.
No, the point of insurance is to make money for the insurance companies.
Well, it's obviously true that that's the purpose of it for insurance companies. I was referring to the purpose of it for policy holders.
They define what insurance is, and regularly change those definitions, if you pay attention to the mailings sent to you.
Insurance companies are taking fewer risks themselves. Pretty soon, if that point hasn't been reached already, owning an insurance policy will be worth less than a savings account set aside containing the money that would have gone to an insurance company.In other words, insurance companies operating in a zero risk environment.
Of course, it has always been the case that, on average, you're better off saving the money, because otherwise insurance companies would go bankrupt. The point is that I'd rather lose a little money if my house doesn't burn down than lose a lot of money if it does. Whether a policy is worth more or less than a savings account is a subjective judgment based on one's individual risk-aversion.
At which point insurance companies will have ceased being a beneficial aspect of society.
If, indeed, people decide that their policies are worth less than savings accounts, insurance companies will cease being beneficial to society. However, they will also go out of business, because they will have no customers. Thus, they presumably will make sure that their policies remain useful.
Programs like this pizza thing, and deals with the supermarket saver cards, just bring us closer this end.
No, they don't. In our example, although purchase tracking makes health insurance more expensive to the guy who eats pizza all the time, it makes it cheaper for the rest of us. I see no problem with making people pay for the consequences of their actions. A far more interesting issue, where your points about insurance being worth less would actually apply, is what would happen if we were able to genetically screen for cancer or something, but that's not related to purchase tracking.
I think the government should have to get a warrant to grab my credit card purchases and my grocery buying habits and who I've called and where I've surfed. To me, that's private stuff.
I think you just have to live with the fact that people you do business with can keep a record of that business. Of course, your credit card company and grocer have the right to refuse to provide information to the government, but they have no obligation to refuse.
(that really, only you should know. There's no real excuse for anyone knowing that you got gas at exactly 11:42 pm).
So if someone sells you gas, they have no excuse for knowing when they did so?!
In short, my belief is that the Bill of Rights was a statement against the government being able to harvest any data about you that is not widely publicly known (dob, place of residence, etc) unless they have probable cause (aka a search warrant).
That's absurd. Virtually any sort of police investigation involves harvesting information that isn't publicly known without a warrant. The police don't need a warrant to ask a pizza delivery guy if he saw a certain person when he delivered pizza to a certain apartment yesterday, so why should they need a warrant to get information from Lexis/Nexis that Lexis/Nexis obtained from pizza delivery companies?
The government violates the Bill of Rights in a variety of ways, but this is not one of them.
Hopefully, it can be made illegal on the groudns of invasion of privacy, but it would have to be challenged.
What are you talking about? Invasion of privacy refers to publication of embarrassing private facts of no legitimate newsworthiness. This is a service to let you find someone's address, which doesn't even remotely fit the bill.
Even if you have to pay higher health insurance premiums because your lifestyle is less healthy, so what? The point of insurance is to manage risks that are, as much as possible, outside of your control. People who choose to live in Florida have to pay more to be insured against hurricanes than people who live in Oregon. What's the big deal if people who choose to live less healthfully have to pay higher health insurance premiums?
You could probably neutralize everyone before they had a chance to wipe the machines (explosives, magnets, whatever their failsafe is).
*cough* encrypted filesystem *cough*
The point is that it is irrelevant that Microsoft is selling the hardware at a loss.
Perhaps you understand what the phrase "to duplicate the functionality of the Xbox" means and I do not. To me it means to create a device that is not an Xbox but that can do the same things an Xbox can. This really does seem pointless.
I'm going to address the rest of your post anyway.
They've taken their customer's money, therefor their customers own the box, period.
I completely agree.
The manner in which they lock down how their customers can USE their own property is unconscionable, and I for applaud the GNU and Linux folks for providing a Free and legal means for the customer to reacquire control of their own property, back from the hands of those who think nothing of designing a business model that requires and presupposes invasive violations of individual privacy and liberty in order to be successful.
Just because you want a device to do something, such as run unsigned software, and it can't, does not mean that your freedom to use the device is restricted. My car won't go 200 mph, but GM didn't restrict my freedom or liberty by building it so it can't do that. If you think a game console that only runs MS-signed games isn't worth $200, don't buy it. Also, I really don't see where privacy violations come in.
That said, there's nothing wrong with modifying a device you buy so that it can do additional things, and I also applaud the folks who reverse engineered it, but don't whine because it will only do what it's advertised to do off the shelf.
2: It was created specifically for voice transfers, along with "telephone emulation" (just the way you interface with the tele). I believe that many, if not all, webphones use this IP protocol. I also think that GSM and US telephones(that use IP networks) use this protocol to transfer voice data.
Nobody uses it. GSM most certainly does not. I'd be surprised if even a single commercially available webphone uses it.
Some were asking how this could flood your system.... Well, what's the difference TCP and UDP? Or how about ping floods??? Well, it's all data being sent to you. Doesnt matter what 8 bit field is switched... It's still garbage data (if you didnt request it). It fills up your receving connection.
This is wrong. The handler sends instructions to the agent via protocol 11. The agent performs traditional DOS attacks. I'm not saying you couldn't flood someone with protocol 11 packets, but that has nothing to do with this tool.
First of all, you are not paying for those "someone else's libraries" so you realy have no claim for a right to use the code.
I never claimed such a right.
Secondly, you could always duplicate the functionality of the libraries in question by writing your own code.
Now, in the X-Bos case, you buy the machine it's YOURS, and you have absolutely NO means of duplicating the functionality of the XBox (at least no legal means.
Um, what? I wasn't aware of anyone trying to duplicate the functionality of the Xbox. Since they're being sold at a loss, that would be rather pointless.
What's actually happening is that people, who couldn't legally use code that comes with the Xbox Development Kit because that would violate both copyright law, nevertheless managed to write legal software for the Xbox by writing their own code to duplicate the functionality provided by the XDK. The situation is perfectly analogous.
What kind of world/reality are we living in, where your own software can be anything else than "legal" ??
One where your own code is linked against someone else's libraries. The FSF won't let you distribute programs linked against their libraries unless you comply with their license either.
Except for the fact that they'll likely collude.
Didn't you already get shot down making this claim? Here it's even worse. It's nothing short of delusional to believe that small companies won't be able to take business from companies charging hundreds of dollars per day more for non-monitored cars.