Exactly. Ping = ICMP echo. There are three different "echo" services, of which the most common is ping - which uses ICMP, which doesn't have port numbers!
Perhaps before flaming you ought to actually get your facts straight in future.
Yes, you should...
And yes, it _is_ port 7. Duh...
No, normally it's ICMP, which doesn't even have port numbers. Duh...
Chirillo starts with Port 7, echo, explaining... Ping flooding, which takes advantage of a computer's responsiveness by bombarding it with pings or ICMP echo requests.
ICMP echo requests (as used by "ping") do not use port 7 - as the name implies, they are ICMP not UDP!
More importantly, while ping -f is not exactly a high-skill DoS attack, it works - and it does not "take advantage of a computer's responsiveness": it just floods your connection with junk. Even if you just ignore this traffic completely, it's too late: it floods your connection, blocking out legitimate traffic. This is exactly what happened to Steve Gibson at grc.com, as he describes here.
Re:Well they did sign an agreement
on
Launchcast Sued
·
· Score: 2
Lauch could have signed something that said that the user can't select what songs to play.
That's the RIAA's problem in a nutshell: they just can't handle the idea of paying customers having any say in what they receive! (Yes, paying; via ads, perhaps, but it isn't the RIAA paying their bandwidth bills...)
AFAICS, the RIAA just wants new technology to turn into a copy of the current system - a handful of channels, all tightly controlled by the RIAA cartel, playing and saying exactly what they want, and paying them for the privilege. They can't seem to accept the difference between "old media" and the Net: the Net is interactive. WE control what we do, and when we do it. No scheduling, no playlists, no DJs - just one huge menu, available to us all 24x7 - when we want it, how we want it. They are losing the control they've always had, and that scares them. The RIAA's sole function is to monitor and control what happens, on behalf of the labels - and they just became obsolete.
Wrong! There's a Linux version too. It's a little crude, but it's right beside the Windows version on their Download page. Not as recent a version as the Windows one, but works just as well...
which means that microsoft works with the RIAA to make sure that it doesnt work properly with all future versions of windows, and the RIAA is happy.
No, Monopolysoft won't try that until they have their own competing version to offer. Probably based around Media Player and MSN/Hotmail/Passport, and using the existing "license management" crap in there.
Don't you remember the plot to limit mp3 quality to "ween users off mp3 and onto realmedia"?
IIRC, that limitation is a licensing constraint: MS licensed the Fraunhofer codec, and you have to pay extra for higher bitrate encoding support. Of course, the limitation is implemented with all Microsoft's usual skill at enforcing licensing restrictions, i.e. you need regedit and 30 seconds of time if you type slowly;-)
That this will work, but I dont know what is going to put the MPAA in their place. What is to say that they wont just forget about zone 4?
That's the point: the MPAA are already neglecting region 4! (There were 720 R4 discs available, compared to 5 000 R1.) To combat this, they could require all DVD players sold in Australia to be multi-region capable! At which point, either the whole zoning system collapses, or the MPAA has to persuade every DVD player manufacturer to refuse to supply Australia. Of course, once all the Australian electronics shops sell multi-region players, those players will catch on elsewhere...
Next question: what are the odds of the US govt making a similar move?;-)
If you are a Linux user, remember that XMMS has some real neat options for saving streams to disk.
No need. The "play only" MP3 links on mp3.com will send you an m3u (MP3 playlist) file; this just consists of a URL for your MP3 player to download & play the MP3 from. Being non-conformist, my favorite MP3 "player" just happens to be wget - works like a charm, preserves the filename and everything!
No doubt Vivendi will "fix" this soon, though - probably by sticking everything behind some proprietary crap which makes saving to disk "impossible" (i.e. a bit more difficult than cut&paste on a URL)...
Guess what? Many cars come "bundled" with car stereos. You can't get the car for less money if you don't want the stereo. Guess what else? That stereo was probably built by the car manufacturer under a different name.
Actually, a lot of those stereos are built by the big-name brands - Sony, Blaupunkt etc - and then rebadged by the car manufacturer. That's why the manufacturers don't complain: they're the ones benefitting!
Deal with it. Getting more applications for your money instead of less is a good thing.
Yeah. Just like getting long-distance service bundled with your local phone service was a really good thing, and we all love getting Windows bundled with our PCs - oh. Wait. We don't. That's why it's illegal...
The whole point of the anti-trust legislation is that when you have a monopoly in one market (local phone service, OS sales) you aren't allowed to use that monopoly to boost market share in another market (long distance, applications) - that's illegal abuse of monopoly power, which is what AT&T were cut up for, and what MS will hopefully be cut up for...
Digital fingerprinting technology can go a long way in identifying copyrighted material on Napster's servers.
Yes, it could. Of course, that's an easy task anyway: there is no material on Napster's servers which is controlled by the RIAA! That's the whole problem: Napster never come into contact with the MP3s being traded by users: they go directly from one user to another. Napster's filtering software (on their indexing servers) doesn't have access to the content of those MP3s - only their filename, bitrate etc. You could try putting fingerprinting software in the client, but then you have trusted client security - which is pretty much no security at all, as anyone following the DeCSS story knows...
The alternative would be for someone to run a 'bot on Napster, downloading every single file from every single user to identify it and report unauthorised material to Napster and ban that account. It could be done: we're only talking about a few terabytes per day of data...
Trying every outgoing connection twice (once with, and once without) would work much better, but I don't know how many people would like that sort of behavior.
I suggested this at the time it was being discussed on lkml, but Dave Miller considered this to violate the RFCs. There are two ways in which these firewalls misbehave with ECN: either they send an RST packet ("connection refused"), in which case the kernel cannot retry the connection, or it just discards the packet (and the connection times out). In the latter case, the kernel retries anyway - but keeping ECN enabled.
I suggested retrying with ECN disabled on these retransmissions, but this was regarded as too much of a "hack". One problem is that these routers are broken - violating the RFCs - and Dave Miller is reluctant to work around this sort of problem. He wants as many hosts as possible to hit this problem, to force the owners of these routers to upgrade to RFC-compliant software instead. The trouble is, according to the IETF's survey, 8% of hosts are unreachable with ECN enabled - so enabling ECN is a big problem! (One site with ECN blocked when this topic came up on lkml is Hotmail - enable ECN, and you cut off a *LOT* of sites!)
I tend to favour "copy control" or maybe "distribution control"
Call it what it really is: CRIM - Consumer Rights Infringement Mechanism. If I buy a nice shiny new IBM HDD, I own the damn thing - every last little sector. If I want to read or write a given sector, that's my business and mine alone: nobody has the right to tell me what I may or may not do with that data.
Copyright just isn't relevant here: it shouldn't be enforced this way.
Oh dear. Another company producing another "copy prevention system"... There's only one guarantee here, people: IT WON'T WORK. Why? The Church-Turing Thesis, if I remember the name correctly: a principle that any computer can emulate any other.
More to the point, if I put enough effort in, I can set up a perfect emulation of a Windows PC here on my Linux box. (Think in terms of running the real Windows under VMWare.) I can then hack that emulation so everything sent to the "screen" really goes to disk. Whatever method you use to detect your software is running under emulation, I can work around - run a benchmark? I just tweak the emulation's system timer so you think you're running realtime.
They might be able to get somewhere by using Net access, and sending cryptographic challenges across the wire with very tight deadlines; eventually, though, the software will decrypt the content and try to display it. At that point, it hits a debugger breakpoint, and I dump the whole of the process's memory to disk. Whoops - that's your "protected" content, sitting on disk unencrypted. And now I've killed your program off - how are you going to delete it now? You can't.
Nice try, guys, but you're never going to win: what you're trying to do is impossible. I suspect these guys know that perfectly well, though, and they're just planning to make a quick buck out of their "magic bullet" software from those who don't realise the flaws.
Schneier points out something along these lines towards the end, but doesn't seem to be given as much attention as it deserved: listen to him, he's right!
and send it to random friends all over the country, none of whom use encryption.
They have no idea what's in it, but more importantly, neither does the NSA!
Actually, this is a very important way to help keep your mail secure. If I send one piece of e-mail to a friend, that one message can be "cracked" with enough effort - the NSA will run it through some dedicated hardware or whatever.
Alternatively, I send you ten messages, all about the same size. We've agreed on the algorithm already, and I have your public key. So, I send you one encrypted message, and nine chunks of/dev/random. You just decrypt all ten; nine fail, and you delete them, the other is the message. The NSA, meanwhile, have ten message to brute-force instead of one - which makes their lives ten times harder.
Better still, I send ten messages, all encrypted with keys of yours - nine of which are just junk. Again, this makes life much harder for those trying to crack your messages...
There's always been the principle of innocent until proven guilty. But as soon as there's anything electronic in the picture, it's suddenly the opposite; you're under suspicion for anything and have to prove your innocense, and nobody seems to complain.
That's the problem in the UK: our beloved RIP Act reverses the burden of proof - the police can demand your encryption keys, and unless you can prove you do not have the key, you get locked up. Oh, and you aren't allowed to tell anyone else about it. You think the DMCA and UCITA are bad? At least you're allowed to tell people if you're charged with violating them!
Secret Service officials have asked to see this phone recently, I think the article was on Cryptome.org or something similar. Odd that such high ranking government officials would want to see this. See way I figure, if its used in the commission of a crime, there's no trace back to the cellular, nor is there a way for them to monitor a conversation. So expect some sort of fallout between government and the inventor.
This isn't a new problem; here in the UK, "pre-pay" cellphones have been available for quite a while now. Yes, they can be abused for criminal purposes (hoax emergency service calls, plotting drug deals, whatever) - but that's not really such a big deal. If someone uses one of these 'phones for a crank call, just cut the 'phone off. That's expensive enough to deter most people. Drug deals? If you're a big enough dealer for them to use wire-taps etc, they'll still be able to identify the 'phone and monitor it - just need a radio scanner and the decryption keys from the 'phone company. No big deal, really.
1) Start napster at my current desk
2) walk into a bathroom stall
3) use the terminal on the back of the door to start playing my newly downloaded song(s)
4) answer the phone there when the RIAA calls?
Nah. They don't have sensors in the bathrooms. Or PCs, for that matter.
Some of the guys in this lab supervise students here; a friend of mine turned up to a supervision and met his supervisor at the door - the supervisor had opened up a security camera display on his desktop and kept an eye out for him.
Another cool toy they've got is remote dial-in access to the security cameras from their cellphones: being geeks, they use it to check for parking spaces in the company car park before coming in:-)
I can get to the web page but I can't view the
picture of the coffe pot.
Odd - works fine here! (I'm accessing it over the LAN, though...)
Too much traffic I suspect. Reliabilty of service or the lack of continues to be major issue with the Web (servers and Internet connectivity included).
Unlikely; that server sits on a brand new OC-48 (well, STM-16, being in Europe)...
As for Banner Ad's, I don't see any (thanks to
filtering software such as AdSubtract).
No possibility of banner ads on this site, either: one of the very few rules on our servers is "no ads"! (This is a university, remember: we get cheaper Net access, on the understanding it's for educational/personal use only.)
BT (our main phone operator) is offering unmetered local & Internet calls in the evening and at weekends for a flat rate of (I think) £4.99 a quarter (around $7.30),
Not quite. They offer unlimited evening&weekend local calls for an extra £4.99 per month (no calls over 1 hour, no calls to ISPs). Unlimited calls to an ISP are about the same price again, excluding the ISP subscription.
Alternatively, AOL and BT themselves offer 24x7 unmetered access for £14.99/month on an 0808 (freephone) number.
This will not be the case in most (all?) countries in Europe, because you pay for your phonecalls, and thus being online, per tick or second (yes, even for local calls). So, at least in Holland, it's probably: the poorer you are the less time you spend online, if at all.
This was the case - until very recently - throughout Europe. However, things are changing: the UK now has flat-rate Net access nationally, mostly thanks to CUT - the Campaign for Unmetered Telecomms - which just celebrated its 3rd birthday. Other European countries are beginning to follow suit, too.
What are they actually trying to stop here? Me ripping CDs to disk with cdparanoia? Copying CDs on those CD+CDr hifi systems? Copying to tape?
The first one has been tried - just screw with the error correction info on the CD. That way, "dumb" audio CD players are OK, but CD ROM drives do extra error correction and "correct" the signal wrongly, screwing up the rip. Nice try, but it didn't work reliably with audio CD players, and ISTR you could bypass the problem with raw reads on a CD ROM drive anyway. Oops. Can't remember who tried that one, but it didn't get very far - CDs kept being returned "It doesn't play in my CD player!" etc...
CD->CDr copying would be much the same, I imagine: properly designed, it should just be ripping straight from one drive onto the other. No chance there, then.
OK, so are they trying to stop people copying to tape by screwing with the signal? That's been tried before as well: the Beatles were among the first, adding a high-frequency tone to their LPs to interfere with the bias signal on a tape deck. That one didn't get anywhere either: again, it broke on some players, and was trivial to circumvent (low-pass or notch filter, anyone?).
So: They claim to have some magic bullet anti-piracy solution which blocks copying. No indication what sort of copying, or how it blocks it, just a press release... Why do I get the feeling it's not going to get very far?!
Now that I've been reading up on crypto I see what the real problem with DES was -- it is really slow in software, because it relies on bit (rather than byte) operations.
According to the Serpent WWW site, DES can encrypt 15 Mbit/sec on a Pentium 200; Serpent manages 45 Mbit/sec - three times faster, despite being much more secure! A great deal of effort went into optimising both Serpent and Rijndael for performance; I can't see the corresponding figure for Rijndael on their page, but I was told a few weeks ago that Serpent basically lost because it was slower than Rijndael... (Since this came from one of the guys who worked on the performance optimisations, I think he'd know!)
I'm currently doing an encryption project with Ross Anderson (one of the Serpent guys) as my supervisor. It's a public key system (RSA with 2048 bit keys). Unfortunately, I'm using DES for part of the project, which probably won't make him happy:-/
Instant quasi anonymous internet usage. The flaw is that the ISPs could, if they wanted, not accept phone calls from blocked customers... but why would they bother?
In the UK, this is already the case: the inappropriately named "Freeserve" offers pay-as-you-go Net access, funded by the call charges, with online signup. They don't actually block anonymous calls - but if you withhold Caller ID, you can't post on Usenet or send e-mail. (SMTP and WWW access are transparently proxied, too, to enforce this.)
So you could post anonymously on Slashdot, for example - but their proxy would log the posting, and they'd then be able to tie that posting back to your 'phone number.
Fortunately, in the US, there is a specific legal precedent that anonymity is guaranteed under the First Amendment - not sure if it's Supreme Court or not, though. Any attempt by law enforcement should be doomed on these grounds, if nothing else!
Having said that, the ISP is allowed to log whatever they want - you just need to find a slightly more reasonable ISP, capable of respecting some of your rights...
...get a credit card that has no consumer liability for fraudulent purchases...
Gratuitious plug: MBNA's card works like this, at least in the UK.
In the UK, all credit cards work like that. Fraudulent use isn't your problem, unless you've been 'negligent' (which is basically a getout to stop you selling your card to a crook, then claiming the money back from the CC company.)
That's probably why UK CC companies are (IME) very good at stopping fraudulent use. Last month, my father moved to Houston, and bought lots of stuff (new TV, microwave, all that stuff) from a store. To check who he was, Visa US called his UK bank, and the operator spent 10 minutes asking questions like "Complete the following 'phone number" (which turned out to be his direct dial number at the job he left six years ago!)
Probably sounds silly - except under UK law, if he had been an imposter, Visa would have been left $1000 or so out of pocket. They tend to care about that kind of thing!
Instead of giving any old company your full and 'permanent' credit card details, you go to your bank and ask them to provide you with a unique number for that individual transaction for a particular amount.
I like this idea; encoding a specific amount, though, would be a bit awkward. I don't want to have to go to my bank every time I want to buy a book online!
However, a "check-book" of these numbers would be quite usable. Maybe have a couple of categories - under $10, $10-$50, etc. That way, I can buy a $5 book from anyone I like, knowing the worst case is they charge me $10 instead. Not good, but a hell of a lot better than giving them my Visa card details!
Alternatively, you could get these numbers online: just go to www.visa.com, enter your details, and it gives you a one-time number for $4.99 or whatever. Properly implemented, this could work pretty well...
Slashdot Mirror
Exactly. Ping = ICMP echo. There are three different "echo" services, of which the most common is ping - which uses ICMP, which doesn't have port numbers!
Yes, you should...
No, normally it's ICMP, which doesn't even have port numbers. Duh...
ICMP echo requests (as used by "ping") do not use port 7 - as the name implies, they are ICMP not UDP!
More importantly, while ping -f is not exactly a high-skill DoS attack, it works - and it does not "take advantage of a computer's responsiveness": it just floods your connection with junk. Even if you just ignore this traffic completely, it's too late: it floods your connection, blocking out legitimate traffic. This is exactly what happened to Steve Gibson at grc.com, as he describes here.
That's the RIAA's problem in a nutshell: they just can't handle the idea of paying customers having any say in what they receive! (Yes, paying; via ads, perhaps, but it isn't the RIAA paying their bandwidth bills...)
AFAICS, the RIAA just wants new technology to turn into a copy of the current system - a handful of channels, all tightly controlled by the RIAA cartel, playing and saying exactly what they want, and paying them for the privilege. They can't seem to accept the difference between "old media" and the Net: the Net is interactive. WE control what we do, and when we do it. No scheduling, no playlists, no DJs - just one huge menu, available to us all 24x7 - when we want it, how we want it. They are losing the control they've always had, and that scares them. The RIAA's sole function is to monitor and control what happens, on behalf of the labels - and they just became obsolete.
No, Monopolysoft won't try that until they have their own competing version to offer. Probably based around Media Player and MSN/Hotmail/Passport, and using the existing "license management" crap in there.
IIRC, that limitation is a licensing constraint: MS licensed the Fraunhofer codec, and you have to pay extra for higher bitrate encoding support. Of course, the limitation is implemented with all Microsoft's usual skill at enforcing licensing restrictions, i.e. you need regedit and 30 seconds of time if you type slowly ;-)
That's the point: the MPAA are already neglecting region 4! (There were 720 R4 discs available, compared to 5 000 R1.) To combat this, they could require all DVD players sold in Australia to be multi-region capable! At which point, either the whole zoning system collapses, or the MPAA has to persuade every DVD player manufacturer to refuse to supply Australia. Of course, once all the Australian electronics shops sell multi-region players, those players will catch on elsewhere...
Next question: what are the odds of the US govt making a similar move? ;-)
No need. The "play only" MP3 links on mp3.com will send you an m3u (MP3 playlist) file; this just consists of a URL for your MP3 player to download & play the MP3 from. Being non-conformist, my favorite MP3 "player" just happens to be wget - works like a charm, preserves the filename and everything!
No doubt Vivendi will "fix" this soon, though - probably by sticking everything behind some proprietary crap which makes saving to disk "impossible" (i.e. a bit more difficult than cut&paste on a URL)...
Actually, a lot of those stereos are built by the big-name brands - Sony, Blaupunkt etc - and then rebadged by the car manufacturer. That's why the manufacturers don't complain: they're the ones benefitting!
Yeah. Just like getting long-distance service bundled with your local phone service was a really good thing, and we all love getting Windows bundled with our PCs - oh. Wait. We don't. That's why it's illegal...
The whole point of the anti-trust legislation is that when you have a monopoly in one market (local phone service, OS sales) you aren't allowed to use that monopoly to boost market share in another market (long distance, applications) - that's illegal abuse of monopoly power, which is what AT&T were cut up for, and what MS will hopefully be cut up for...
Yes, it could. Of course, that's an easy task anyway: there is no material on Napster's servers which is controlled by the RIAA! That's the whole problem: Napster never come into contact with the MP3s being traded by users: they go directly from one user to another. Napster's filtering software (on their indexing servers) doesn't have access to the content of those MP3s - only their filename, bitrate etc. You could try putting fingerprinting software in the client, but then you have trusted client security - which is pretty much no security at all, as anyone following the DeCSS story knows...
The alternative would be for someone to run a 'bot on Napster, downloading every single file from every single user to identify it and report unauthorised material to Napster and ban that account. It could be done: we're only talking about a few terabytes per day of data...
I suggested this at the time it was being discussed on lkml, but Dave Miller considered this to violate the RFCs. There are two ways in which these firewalls misbehave with ECN: either they send an RST packet ("connection refused"), in which case the kernel cannot retry the connection, or it just discards the packet (and the connection times out). In the latter case, the kernel retries anyway - but keeping ECN enabled.
I suggested retrying with ECN disabled on these retransmissions, but this was regarded as too much of a "hack". One problem is that these routers are broken - violating the RFCs - and Dave Miller is reluctant to work around this sort of problem. He wants as many hosts as possible to hit this problem, to force the owners of these routers to upgrade to RFC-compliant software instead. The trouble is, according to the IETF's survey, 8% of hosts are unreachable with ECN enabled - so enabling ECN is a big problem! (One site with ECN blocked when this topic came up on lkml is Hotmail - enable ECN, and you cut off a *LOT* of sites!)
Call it what it really is: CRIM - Consumer Rights Infringement Mechanism. If I buy a nice shiny new IBM HDD, I own the damn thing - every last little sector. If I want to read or write a given sector, that's my business and mine alone: nobody has the right to tell me what I may or may not do with that data.
Copyright just isn't relevant here: it shouldn't be enforced this way.
More to the point, if I put enough effort in, I can set up a perfect emulation of a Windows PC here on my Linux box. (Think in terms of running the real Windows under VMWare.) I can then hack that emulation so everything sent to the "screen" really goes to disk. Whatever method you use to detect your software is running under emulation, I can work around - run a benchmark? I just tweak the emulation's system timer so you think you're running realtime.
They might be able to get somewhere by using Net access, and sending cryptographic challenges across the wire with very tight deadlines; eventually, though, the software will decrypt the content and try to display it. At that point, it hits a debugger breakpoint, and I dump the whole of the process's memory to disk. Whoops - that's your "protected" content, sitting on disk unencrypted. And now I've killed your program off - how are you going to delete it now? You can't.
Nice try, guys, but you're never going to win: what you're trying to do is impossible. I suspect these guys know that perfectly well, though, and they're just planning to make a quick buck out of their "magic bullet" software from those who don't realise the flaws.
Schneier points out something along these lines towards the end, but doesn't seem to be given as much attention as it deserved: listen to him, he's right!
They have no idea what's in it, but more importantly, neither does the NSA!
Actually, this is a very important way to help keep your mail secure. If I send one piece of e-mail to a friend, that one message can be "cracked" with enough effort - the NSA will run it through some dedicated hardware or whatever.
Alternatively, I send you ten messages, all about the same size. We've agreed on the algorithm already, and I have your public key. So, I send you one encrypted message, and nine chunks of /dev/random. You just decrypt all ten; nine fail, and you delete them, the other is the message. The NSA, meanwhile, have ten message to brute-force instead of one - which makes their lives ten times harder.
Better still, I send ten messages, all encrypted with keys of yours - nine of which are just junk. Again, this makes life much harder for those trying to crack your messages...
That's the problem in the UK: our beloved RIP Act reverses the burden of proof - the police can demand your encryption keys, and unless you can prove you do not have the key, you get locked up. Oh, and you aren't allowed to tell anyone else about it. You think the DMCA and UCITA are bad? At least you're allowed to tell people if you're charged with violating them!
This isn't a new problem; here in the UK, "pre-pay" cellphones have been available for quite a while now. Yes, they can be abused for criminal purposes (hoax emergency service calls, plotting drug deals, whatever) - but that's not really such a big deal. If someone uses one of these 'phones for a crank call, just cut the 'phone off. That's expensive enough to deter most people. Drug deals? If you're a big enough dealer for them to use wire-taps etc, they'll still be able to identify the 'phone and monitor it - just need a radio scanner and the decryption keys from the 'phone company. No big deal, really.
Nah. They don't have sensors in the bathrooms. Or PCs, for that matter.
Some of the guys in this lab supervise students here; a friend of mine turned up to a supervision and met his supervisor at the door - the supervisor had opened up a security camera display on his desktop and kept an eye out for him.
Another cool toy they've got is remote dial-in access to the security cameras from their cellphones: being geeks, they use it to check for parking spaces in the company car park before coming in :-)
Sounds like a serious geek paradise, this place!
Odd - works fine here! (I'm accessing it over the LAN, though...)
Too much traffic I suspect. Reliabilty of service or the lack of continues to be major issue with the Web (servers and Internet connectivity included).
Unlikely; that server sits on a brand new OC-48 (well, STM-16, being in Europe)...
As for Banner Ad's, I don't see any (thanks to filtering software such as AdSubtract).
No possibility of banner ads on this site, either: one of the very few rules on our servers is "no ads"! (This is a university, remember: we get cheaper Net access, on the understanding it's for educational/personal use only.)
Not quite. They offer unlimited evening&weekend local calls for an extra £4.99 per month (no calls over 1 hour, no calls to ISPs). Unlimited calls to an ISP are about the same price again, excluding the ISP subscription.
Alternatively, AOL and BT themselves offer 24x7 unmetered access for £14.99/month on an 0808 (freephone) number.
This was the case - until very recently - throughout Europe. However, things are changing: the UK now has flat-rate Net access nationally, mostly thanks to CUT - the Campaign for Unmetered Telecomms - which just celebrated its 3rd birthday. Other European countries are beginning to follow suit, too.
The first one has been tried - just screw with the error correction info on the CD. That way, "dumb" audio CD players are OK, but CD ROM drives do extra error correction and "correct" the signal wrongly, screwing up the rip. Nice try, but it didn't work reliably with audio CD players, and ISTR you could bypass the problem with raw reads on a CD ROM drive anyway. Oops. Can't remember who tried that one, but it didn't get very far - CDs kept being returned "It doesn't play in my CD player!" etc...
CD->CDr copying would be much the same, I imagine: properly designed, it should just be ripping straight from one drive onto the other. No chance there, then.
OK, so are they trying to stop people copying to tape by screwing with the signal? That's been tried before as well: the Beatles were among the first, adding a high-frequency tone to their LPs to interfere with the bias signal on a tape deck. That one didn't get anywhere either: again, it broke on some players, and was trivial to circumvent (low-pass or notch filter, anyone?).
So: They claim to have some magic bullet anti-piracy solution which blocks copying. No indication what sort of copying, or how it blocks it, just a press release... Why do I get the feeling it's not going to get very far?!
SOMEBODY SET UP US THE BUG!
According to the Serpent WWW site, DES can encrypt 15 Mbit/sec on a Pentium 200; Serpent manages 45 Mbit/sec - three times faster, despite being much more secure! A great deal of effort went into optimising both Serpent and Rijndael for performance; I can't see the corresponding figure for Rijndael on their page, but I was told a few weeks ago that Serpent basically lost because it was slower than Rijndael... (Since this came from one of the guys who worked on the performance optimisations, I think he'd know!)
I'm currently doing an encryption project with Ross Anderson (one of the Serpent guys) as my supervisor. It's a public key system (RSA with 2048 bit keys). Unfortunately, I'm using DES for part of the project, which probably won't make him happy :-/
Personally, I'm glad those kids work in a 3D world. Just imagine 2D working conditions - human bonsaikittens! :-)
In the UK, this is already the case: the inappropriately named "Freeserve" offers pay-as-you-go Net access, funded by the call charges, with online signup. They don't actually block anonymous calls - but if you withhold Caller ID, you can't post on Usenet or send e-mail. (SMTP and WWW access are transparently proxied, too, to enforce this.) So you could post anonymously on Slashdot, for example - but their proxy would log the posting, and they'd then be able to tie that posting back to your 'phone number.
Fortunately, in the US, there is a specific legal precedent that anonymity is guaranteed under the First Amendment - not sure if it's Supreme Court or not, though. Any attempt by law enforcement should be doomed on these grounds, if nothing else!
Having said that, the ISP is allowed to log whatever they want - you just need to find a slightly more reasonable ISP, capable of respecting some of your rights...
Gratuitious plug: MBNA's card works like this, at least in the UK.
In the UK, all credit cards work like that. Fraudulent use isn't your problem, unless you've been 'negligent' (which is basically a getout to stop you selling your card to a crook, then claiming the money back from the CC company.)
That's probably why UK CC companies are (IME) very good at stopping fraudulent use. Last month, my father moved to Houston, and bought lots of stuff (new TV, microwave, all that stuff) from a store. To check who he was, Visa US called his UK bank, and the operator spent 10 minutes asking questions like "Complete the following 'phone number" (which turned out to be his direct dial number at the job he left six years ago!)
Probably sounds silly - except under UK law, if he had been an imposter, Visa would have been left $1000 or so out of pocket. They tend to care about that kind of thing!
I like this idea; encoding a specific amount, though, would be a bit awkward. I don't want to have to go to my bank every time I want to buy a book online!
However, a "check-book" of these numbers would be quite usable. Maybe have a couple of categories - under $10, $10-$50, etc. That way, I can buy a $5 book from anyone I like, knowing the worst case is they charge me $10 instead. Not good, but a hell of a lot better than giving them my Visa card details!
Alternatively, you could get these numbers online: just go to www.visa.com, enter your details, and it gives you a one-time number for $4.99 or whatever. Properly implemented, this could work pretty well...