Your point would be valid if these records were publicly accessible. I can imagine that if someone were to be abused by a policeman the video record wouldn't be available due to an unfortunate technical problem.
First, I have nothing against users or editors of proprietary software. As an individual user you can evaluate software on different criteria (functionality, price, familiarity, ease of use, supported platforms, use of closed or open file formats/protocols, code quality, existence of irritating activation/licensing/time bomb schemes, support options, ability to study/audit/modify the code, ability to distribute modified versions,...) and make choices based on what is more important to you. Not everyone will arrive at the same conclusions and I have no problem with that.
What I was pointing out is simply that contrary to what some enthusiastic supporters of the OLPC project seem to think (particularly on this forum), it may not have that great an impact on the promotion of free software. This is important because many support the project not (only) because of its obvious goals of democratizing computers, facilitating communication, facilitating learning, encouraging development of indigenous technology, and the like, but because they believe that encouraging these countries to use free software is (one of) its most important quality/(ies).
And I am not suggesting that the OLPC project should do anything to prevent installing external software on their hardware. Choosing the free software path is a decision that only the participating governments can make, not the project. So I am not blaming it in any way.
Am I blaming the governments that may hypothetically put windows on these things ? Yes. Individuals can do what they want but a government has responsibilities. Rendering a whole country dependent on a foreign vendor is not a good idea. I am not saying free software is necessarily the answer but at the very least they should encourage development of a local IT infrastructure. India or China are exemplary in this regard. And I do think wasting money on windows licenses, forcing citizens to buy specific software to access government-produced documents, or taking the risk to loose these documents altogether if the vendor drop support for the only software reading the closed format their are written in, is not responsible. I also do think that requiring software used in schools to be free is not a bad policy if it can encourage students to get interested in software.
They may not be collaborating with Microsoft on this issue, but this is not going to prevent Microsoft from porting Windows to the XO and trying to sell it (or give it away) to the governments that will purchase the laptops.
I am sure some countries will be more than happy to get cheap laptops on one side and then install Windows on them in exchange for a large discount from Microsoft for their government's Windows/Office licenses on the other. Thailand, I am looking at you.
Some countries involved in the program are serious about free software, but I am afraid others are just looking for a bargain. Not to be pessimistic but I will wait to see what happens before considering the OLPC project as an incredible boon for free software, like some people here.
To all the posters complaining about the loss of space when they will be forced to use 4096 instead of 512 bytes to store their 20 bytes file:
The cluster size (unit of disk space allocation for files) need not be equal to the physical block size. It can be a multiple or even a fraction of the physical block size. It is fairly probable that you are already using 4K clusters (or bigger), so this will not change anything. This is for example the case if you have an NTFS filesystem bigger than 2GB.
Not all filesystems waste space in this manner. Reiserfs or EXT3 can pack several small files in a "cluster".
Zonk, your persistent use of misleading headlines to stir up the posters is unprofessional.
On the contrary, he is very professional. His job is to optimize ad impressions by attracting as many readers and posters as possible, not to engage in accurate reporting. He is therefore doing his job, and does it well.
GSM is not designed for private networks, so forget it. What you want is DECT. DECT is a standard for cordless phones. It scales from a single cordless phone connected to a fixed line to business systems that cover a whole campus and connect to a PBX, making it easy to integrate to your existing infrastructure.
You can find dual DECT/GSM phones that seamlessly switch between the two networks. Here is a example of a DECT solutions vendor, which has a full range of offers: http://www.diacom.ie/kirk.htm.
Kudos also to the Laszlo guys and the Motion Twin ActionScript Compiler and all the other projects listed at osflash.org for putting the presure on Adobemedia for the last few years.
It's not Adobemedia, it's Macrobe. Funnier that way.
[...] China's overall strategy, which for the last several years has been oriented towards developing "home grown" standards in areas where high foreign royalty payments, or product prices, would otherwise be encountered. These standards have most notably been in the area of wireless (WAPI), video (AVS), and 3G telephones (TD-SCMA), with other standards on the way. For China to give up independence with UOF would run counter to this trend, and would provide a very interesting bellwether indeed regarding China's future standards strategy.
Wrong:
\begin{lemma} The author is an idiot. \end{lemma} \begin{proof} It will not run counter to this trend, since there is not royalty payment for ODF. \end{proof}
A merger would not cost anything to China, but allow them to share development cost with others and compete on a broader market than their own.
It would seem China can only benefit from a wider adoption of open standards. At least for now. In a couple decades they may be able to impose their own on the rest of the world.
Consortium always make manufacturers pay a fee for every piece of hardware that follows their specification, DRM or not.
For exemple, for every end-user device including firewire ports, 0.25$ goes to the firewire patent holders.
ROI for technology developers and DRM are unrelated.
I'd like to elaborate on point 2. Being able to extract the key is not that important. If you can extract the key, you can use it as input in your stock implementation of the decryption algorithm. But if the decryption module is so obfuscated that you cannot find the key (I gave an example on how to do just that), you can just do what keygen authors do: take the whole decryption module and reproduce it in your code, even if you don't really understand what it does. That's why, as the parent pointed out, obfuscation simply doesn't work.
Of course this will be moot when Trusted Computing will be used. Because then, the combination of your custom code and the decryption module that you stole from the player won't be signed, and thus won't be authorized to read the disk or use the display (at full resolution).
1. If you run the software in a CPU emulator, you can stop at anytime and read the registers. So the distinction between memory and registers is irrelevant.
2. Hiding the key is easy, but I don't know how useful it really is.
Here are some ideas on how I would do it:
1. Instead of calling a standard AES routine that needs the bytes of the key to be in successive memory locations, recode the routine to take bits of the key from different areas of memory.
2. Suppose (to simplify) that we combine a player key (PK) (that we want to hide) with a disc key (DK)(on the disc) to produce a media key (MK). Then we combine an encrypted sector (ES) with the media key (MK) to produce a decrypted sector (DS). Suppose (for illustration) that keys are 256 bits and blocks 4096 bits long.
I would follow these steps: write a single function f(DK, ES) = DS in a simple algebraic language. PK exists as constants in the function body. With a preprocessor, convert this function into 4096 boolean functions of 4352 inputs and output C code to compute their minimal disjunctive form. Recovering PK is equivalent to brute-forcing AES.
Our trained and expert online reputation advocates use an array of proprietary techniques developed in-house to correct and/or completely remove the selected unwanted content from the web. This is an arduous and labor-intensive task, but we take the job seriously so you can sleep better at night. We will always and only be in YOUR corner.
No tell me exactly how they are going to remove my old website from archive.org, my embarrassing posts in news groups from google groups, or porn pics done in my youth shared by millions on p2p networks ?
Short of bombing every server on the planet you cannot do anything. Once things are out, there are out, you cannot take them back.
Microsoft has access to the source code, the "experts" don't. They have simply no basis for these claims. Their conclusions are based on their ideas on how code is supposed to be written, not on knowledge of the actual structure of the code in question. Ever tried to debug old spaghetti code that was written ten years ago, never properly documented and that nobody in the organization understand anymore? Maybe it is more complicated than they think. That's why I wouldn't trust them more than Microsoft on these matter. Not that I would trust Microsoft in the first place, since they have to interest in being open and honest on these matters, but that's ok.
As an aside, I am tired of these endless criticisms of windows. It was never marketed as an über-secure or über-robust system. So stop complaining and understand that it is a relatively inexpensive and user-friendly OS, with a good feature set, an enormous library of software, good backward compatibility and only limited work being done on its security or robustness. If the good points matter more to you than the bad ones, use it and learn to live with the occasional exploit. If you want robustness and security, put your money where you mouth is and use Trusted Solaris. But don't complain if it is expensive and has no games.
Slashdot Mirror
Your point would be valid if these records were publicly accessible. I can imagine that if someone were to be abused by a policeman the video record wouldn't be available due to an unfortunate technical problem.
RTFM: that is what the export command is for.
WorldWideWeb
First, I have nothing against users or editors of proprietary software. As an individual user you can evaluate software on different criteria (functionality, price, familiarity, ease of use, supported platforms, use of closed or open file formats/protocols, code quality, existence of irritating activation/licensing/time bomb schemes, support options, ability to study/audit/modify the code, ability to distribute modified versions, ...) and make choices based on what is more important to you. Not everyone will arrive at the same conclusions and I have no problem with that.
What I was pointing out is simply that contrary to what some enthusiastic supporters of the OLPC project seem to think (particularly on this forum), it may not have that great an impact on the promotion of free software. This is important because many support the project not (only) because of its obvious goals of democratizing computers, facilitating communication, facilitating learning, encouraging development of indigenous technology, and the like, but because they believe that encouraging these countries to use free software is (one of) its most important quality/(ies).
And I am not suggesting that the OLPC project should do anything to prevent installing external software on their hardware. Choosing the free software path is a decision that only the participating governments can make, not the project. So I am not blaming it in any way.
Am I blaming the governments that may hypothetically put windows on these things ? Yes. Individuals can do what they want but a government has responsibilities. Rendering a whole country dependent on a foreign vendor is not a good idea. I am not saying free software is necessarily the answer but at the very least they should encourage development of a local IT infrastructure. India or China are exemplary in this regard. And I do think wasting money on windows licenses, forcing citizens to buy specific software to access government-produced documents, or taking the risk to loose these documents altogether if the vendor drop support for the only software reading the closed format their are written in, is not responsible. I also do think that requiring software used in schools to be free is not a bad policy if it can encourage students to get interested in software.
I am sure some countries will be more than happy to get cheap laptops on one side and then install Windows on them in exchange for a large discount from Microsoft for their government's Windows/Office licenses on the other. Thailand, I am looking at you.
Some countries involved in the program are serious about free software, but I am afraid others are just looking for a bargain. Not to be pessimistic but I will wait to see what happens before considering the OLPC project as an incredible boon for free software, like some people here.
s/EXT3/EXT4/
On the contrary, he is very professional. His job is to optimize ad impressions by attracting as many readers and posters as possible, not to engage in accurate reporting. He is therefore doing his job, and does it well.
With this.
GSM is not designed for private networks, so forget it. What you want is DECT. DECT is a standard for cordless phones. It scales from a single cordless phone connected to a fixed line to business systems that cover a whole campus and connect to a PBX, making it easy to integrate to your existing infrastructure.
You can find dual DECT/GSM phones that seamlessly switch between the two networks. Here is a example of a DECT solutions vendor, which has a full range of offers: http://www.diacom.ie/kirk.htm.
Put a stash of porn at one end of your network and a slashdotter at the other. That should max out the link.
It's not Adobemedia, it's Macrobe. Funnier that way.
Wrong:
A merger would not cost anything to China, but allow them to share development cost with others and compete on a broader market than their own.
It would seem China can only benefit from a wider adoption of open standards. At least for now. In a couple decades they may be able to impose their own on the rest of the world.
No, more like El Che.
Don't put your alarm clock next to your bed, but at the other end of the room. But of course, useless gadgets are cool.
Consortium always make manufacturers pay a fee for every piece of hardware that follows their specification, DRM or not.
For exemple, for every end-user device including firewire ports, 0.25$ goes to the firewire patent holders.
ROI for technology developers and DRM are unrelated.
I'd like to elaborate on point 2. Being able to extract the key is not that important. If you can extract the key, you can use it as input in your stock implementation of the decryption algorithm. But if the decryption module is so obfuscated that you cannot find the key (I gave an example on how to do just that), you can just do what keygen authors do: take the whole decryption module and reproduce it in your code, even if you don't really understand what it does. That's why, as the parent pointed out, obfuscation simply doesn't work.
Of course this will be moot when Trusted Computing will be used. Because then, the combination of your custom code and the decryption module that you stole from the player won't be signed, and thus won't be authorized to read the disk or use the display (at full resolution).
2. Hiding the key is easy, but I don't know how useful it really is.
Here are some ideas on how I would do it:
1. Instead of calling a standard AES routine that needs the bytes of the key to be in successive memory locations, recode the routine to take bits of the key from different areas of memory.
2. Suppose (to simplify) that we combine a player key (PK) (that we want to hide) with a disc key (DK)(on the disc) to produce a media key (MK). Then we combine an encrypted sector (ES) with the media key (MK) to produce a decrypted sector (DS). Suppose (for illustration) that keys are 256 bits and blocks 4096 bits long.
I would follow these steps: write a single function f(DK, ES) = DS in a simple algebraic language. PK exists as constants in the function body. With a preprocessor, convert this function into 4096 boolean functions of 4352 inputs and output C code to compute their minimal disjunctive form. Recovering PK is equivalent to brute-forcing AES.
Please correct me if I am wrong.
No tell me exactly how they are going to remove my old website from archive.org, my embarrassing posts in news groups from google groups, or porn pics done in my youth shared by millions on p2p networks ?
Short of bombing every server on the planet you cannot do anything. Once things are out, there are out, you cannot take them back.
Just install a picocell in the plane. Then, the phones will pick this network and not the ones below, and you can simply charge a roaming fee.
Microsoft has access to the source code, the "experts" don't. They have simply no basis for these claims. Their conclusions are based on their ideas on how code is supposed to be written, not on knowledge of the actual structure of the code in question. Ever tried to debug old spaghetti code that was written ten years ago, never properly documented and that nobody in the organization understand anymore? Maybe it is more complicated than they think. That's why I wouldn't trust them more than Microsoft on these matter. Not that I would trust Microsoft in the first place, since they have to interest in being open and honest on these matters, but that's ok.
As an aside, I am tired of these endless criticisms of windows. It was never marketed as an über-secure or über-robust system. So stop complaining and understand that it is a relatively inexpensive and user-friendly OS, with a good feature set, an enormous library of software, good backward compatibility and only limited work being done on its security or robustness. If the good points matter more to you than the bad ones, use it and learn to live with the occasional exploit. If you want robustness and security, put your money where you mouth is and use Trusted Solaris. But don't complain if it is expensive and has no games.