In my experience with the technology, websites do not adequately explain what it is you're doing and why. I have what is probably an above average information security background and I found myself confused at points. It's a stupid idea only further hampered by the fact that it's not explained well, all because the banks are too cheap to give people one time password tokens. While OTP tokens don't eliminate problems, they are a lot more useful than random images displaying. In addition, in the case of SecureID, they're tied to time and would be of limited use for phishing attacks.
Awkward too, since that makes for a lot of CS majors who don't really use what they learned, and a lot of underqualified software engineers.
It's so true. I'm an engineering applied sciences major (left MechE after I decided that the MechE curriculum didn't allow me to take as many math classes as I wanted to). I had always maintained and was somewhat pedantic about the programming/computer science difference. After taking a software engineering class in EE/CompE department, I came to understand the even further intricities of development. Software engineering is a cool thing and it's a shame that so many people graduating and becoming programmers have no experience with it whatsoever.
I'm sorry if my sentence was confusing. The "in the US" part was meant to apply to the bandwidth situation. Since I'm in the US, I didn't want to speak incorrectly about the bandwidth capabilities of non-US areas, so I qualified my statement.
Wavelets aren't so complicated, they're actually rather cool. Ask her to teach you the Haar wavelet with basic lifting steps. A good set of notes on wavelets is here.
Granted, once you've done the reverse engineering once, doing the same thing again is significantly easier, but in the end, all you get is a key that will be revoked as soon as you start using it.
This is certainly true. However, if it becomes common practice for player keys to be revoked, people will stop releasing them to the public and just release volume keys. While less useful, you really only need one volume key to unlock a lot of copies of a title.
You underestimate the amount of people with skills to use an SEM and plentiful access to them. I'm within walking distance of two of them and while I couldn't use them, grad students are poor and would love to make a few bucks.
If JPEG-2000 is any sort of indication, then this is part of the problem. JPEG-2000 incorporates some very cool exploitations of the fact that there are redundancies in the location information in wavelet subbands, and can offer better compression because of it. There are two issues. 1) Is the quality/space savings enough to warrant a change? 2) Patents. It's hard to say which is the primary reason for JPEG-2000 not being adopted, but I'll go with #1 being the primary reason and #2 being part of the problem, but not as relevant because of #1. Video is still pretty big and at least in the US, it doesn't seem like there wil be any universal "order of magnitude" jumps in bandwidth anytime soon. So maybe there will be more of an impetus to use wavelet methods for video.
Yes, but to be clever, the player might do something like encrypt the player key with some other key that it stores in plaintext. But, the bottom line is that *at some point* the player key will be in memory. I did basically the same thing for a project in an information security class. Our task was to locate a key in a 1MB memory dump to decrypt a GIF which was encrypted with AES-128. Java's crypto library was able to brute force test a million keys against the first 128 bits of the image (enough to see if the first 3 bytes are ASCII GIF) in about a minute and a half on 1 GHz G4. Decrypting one frame with all the keys in a memory dump can be quick. Even if you dumped all 1GB of your memory and tried it, thats 1500 minutes using the technique mentioned above. Not super quick, but you can improve that by only searching high entropy areas of memory (this could help a lot). In any event, this is most likely simpler than reverse engineering the EXE.
Your parent's point is that if you obtain the player key for HDVision-1000 serial number ABCDE, just revoking the key for serial number ABCDE is not enough. Since you can obtain the key from one HDVision-1000, you can easily do it to any other amount of the same model, thus they keys for ALL of that model must be reversed, since the design* has been compromised.
Suffice it to say, the design of all of them is flawed from the get-go, so whatever.
What's funny is that 10 years ago there really wouldn't be a discussion, because you wouldn't find an engineer worth his weight in solder that didn't have a 48GX. At some point, a systematic sissification of generations of engineers occurred and they started using the crap that TI makes because it was slightly newer (albeit not really any more functional).
HP is the only option. Sure, no one will no what you are doing (especially if you use RPN), but that means no one can borrow it, either. Oh, and if you use RPN you'll probably be a lot quicker than most of your classmates, too.
I have an HP-48GX and it served me well through high school and four years of engineering school.
If your copy of Ubuntu won't play DVDs, that's between you and Google, my friend:
* If you were using Windows Vista, you wouldn't have this problem in the first place, and,
I think the funny part is that pretty soon most users won't be able to play their newly purchased content on Vista thanks to its paranoid content protection.
If I heat my house by burning oil or wood, then everyone around me suffers sligthly from this choice.
Actually, heating by wood is good. It's carbon neutral. If you use a catalytic wood stove such as this one, your efficiency is also pretty good (81.1% in this case).
Given that there is NO 100% true solution to the problem, things have to be done... or at least tried.
Oh I agree. My problem with this is that it's a demonstrably stupid measure of prevention.
but expecting marketers to "follow ettiquette" ain't gonna happen.
I'm not. I'm expecting legitimate administrators not to impliment this because its a deliberate obfuscation of services they publically advertise, and as such is not appropriate.
1) It's bad netiquette, and a lot of people don't like that, including myself and I'm sure many other administrators. 2) It's an artificial "defense" that is easily circumvented because the rule is obvious. It's security through obscurity with the added suck that there is no obscurity. 3) It's solving a symptom and not any of the actual problems (e.g. hosts being compromised to send spam).
I'm very jealous. I work with a fair amount of Indians. They all have different backgrounds, but only one or two of them (out of 6 or so) is from south India. A few weeks ago, one of them suggested we get south Indian food for lunch. So, we went to a street near our office with lots of Indian restaurants. It turned out the guy who actually wanted south Indian food wasn't able to come. Since it was me, another white guy, and three Indians, they felt bad dragging us to a south Indian place that we might not enjoy and suggested we just go to a regular Indian place that we knew we'd like. We convinced them to get south Indian. I fell in love with Dosa and Idli. I was a bit taken back when the crepe was about 18" long, but it and the potatoes inside were delicious! I need to go again.
Think about it. High, fructose, corn, syrup. High, fructose, corn, syrup. Are you getting it? Lemme try one more time. High, fructose, corn, syrup. It come from corn! Last I checked, corn is a plant.
Since NO cable companies are transit free, they pay per meg usage to their transit providers.
I'm not quite sure where this idea comes from. I have never ever ever seen data circuits billed per bit transferred. I work with things from OC-3, to OC-12, to random flavors of DWDM and have never seen it.
It depends where you are. In the New York area, it's very, very expensive. Unfortunately, that's where a lot of us need it. Then again, the organizations that need it are the ones with enough money to get it at pretty much any cost.;-)
Why do we still teach CS and engineering majors tons of higher math?
I'll quote from a professor I had in the past and one whom I incredibly respect, as he understands moreso than any professor I've had before or after what it truly means to teach:
Here's a question which students may ask at times during semester: "Why do I need to learn this stuff since a computer can do it?" Certainly a computer can tell you that 25.46 multiplied by 38.04 is 968.4984, but if I type PLUS instead of TIMES, I'll read 63.50. I should have enough "feeling" to look at the answer and know that something is fouled up, somewhere. Similarly, if I ask a computer to find an antiderivative of (x2+2)/(x2+1), the answer will be x+arctan(x) (yes, yes, "+C"). But if I omit one or another pair of parentheses (or both) I get these answers: 2x-2/x,(x3/3)+2arctan(x), (x3/3)-(2/x)+x. This is rather a simple indefinite integral, and things get much more complicated with more complicated questions. Students should know the "shape" of the answer (so 25.46 multiplied by 38.04 is hundreds, not 63.50!). And that, to me, is an important aim of the course.
As much as it means there is more for the student to learn, I think it's important.
Those who want to have a generalist "thinker" engineering career can take a masters or Ph.D. in engineering.
In some respects this is somewhat upside down. The deeper you get into your studies, the more specialized you become. I've read that mathematics, for example, has become so specialized, that just having a PhD anymore is not enough to process the newest research. For example, a combinatorialist is going to look at Andrew Wiles' proof of Fermat's Last Theorem much as I would--in confusion.
The engineers are not thinkers compared with physicists and mathematicians.
You're not hanging out with the right engineers then. Don't mistake practical thinking for not being "thinking." Engineers have it somewhat hard. Whereas mathematicians and physicists can publish and survive in their academic ivory towers by researching things that, for the forseeable future, only have theoretical implications, engineers have to generate unique research that is at least somewhat applicable to the practical world. This is a tall order.
Well, it is generally believed that prime numbers are infinite...
Not sure if you meant twin primes there. It is provable that there are infinitely many primes. Assume that there exists a finite number of primes... p_1, p_2,... p_n where p_n >... > p_2 > p_1. Let N = (p_1*p_2*...*p_n)+1. By construction, p_1...p_n do not divide N. Thus, N is either prime itself or divisible by a prime larger than p_n, contradicting the assumption that there are a finite number of primes.
There should be some sort of licensing requirements, like driver's licenses
Yes, because drivers' licenses solve the problem of bad drivers. Please wake up and realize that in most of things we license (e.g. driving, vehicle registration, firearms, building permits), the licenses are only a tool for the government to collect money and serve no useful purpose.
Slashdot Mirror
In my experience with the technology, websites do not adequately explain what it is you're doing and why. I have what is probably an above average information security background and I found myself confused at points. It's a stupid idea only further hampered by the fact that it's not explained well, all because the banks are too cheap to give people one time password tokens. While OTP tokens don't eliminate problems, they are a lot more useful than random images displaying. In addition, in the case of SecureID, they're tied to time and would be of limited use for phishing attacks.
Awkward too, since that makes for a lot of CS majors who don't really use what they learned, and a lot of underqualified software engineers.
It's so true. I'm an engineering applied sciences major (left MechE after I decided that the MechE curriculum didn't allow me to take as many math classes as I wanted to). I had always maintained and was somewhat pedantic about the programming/computer science difference. After taking a software engineering class in EE/CompE department, I came to understand the even further intricities of development. Software engineering is a cool thing and it's a shame that so many people graduating and becoming programmers have no experience with it whatsoever.
I'm sorry if my sentence was confusing. The "in the US" part was meant to apply to the bandwidth situation. Since I'm in the US, I didn't want to speak incorrectly about the bandwidth capabilities of non-US areas, so I qualified my statement.
Wavelets aren't so complicated, they're actually rather cool. Ask her to teach you the Haar wavelet with basic lifting steps. A good set of notes on wavelets is here.
Granted, once you've done the reverse engineering once, doing the same thing again is significantly easier, but in the end, all you get is a key that will be revoked as soon as you start using it.
This is certainly true. However, if it becomes common practice for player keys to be revoked, people will stop releasing them to the public and just release volume keys. While less useful, you really only need one volume key to unlock a lot of copies of a title.
You underestimate the amount of people with skills to use an SEM and plentiful access to them. I'm within walking distance of two of them and while I couldn't use them, grad students are poor and would love to make a few bucks.
If JPEG-2000 is any sort of indication, then this is part of the problem. JPEG-2000 incorporates some very cool exploitations of the fact that there are redundancies in the location information in wavelet subbands, and can offer better compression because of it. There are two issues. 1) Is the quality/space savings enough to warrant a change? 2) Patents. It's hard to say which is the primary reason for JPEG-2000 not being adopted, but I'll go with #1 being the primary reason and #2 being part of the problem, but not as relevant because of #1. Video is still pretty big and at least in the US, it doesn't seem like there wil be any universal "order of magnitude" jumps in bandwidth anytime soon. So maybe there will be more of an impetus to use wavelet methods for video.
Yes, but to be clever, the player might do something like encrypt the player key with some other key that it stores in plaintext. But, the bottom line is that *at some point* the player key will be in memory. I did basically the same thing for a project in an information security class. Our task was to locate a key in a 1MB memory dump to decrypt a GIF which was encrypted with AES-128. Java's crypto library was able to brute force test a million keys against the first 128 bits of the image (enough to see if the first 3 bytes are ASCII GIF) in about a minute and a half on 1 GHz G4. Decrypting one frame with all the keys in a memory dump can be quick. Even if you dumped all 1GB of your memory and tried it, thats 1500 minutes using the technique mentioned above. Not super quick, but you can improve that by only searching high entropy areas of memory (this could help a lot). In any event, this is most likely simpler than reverse engineering the EXE.
Your parent's point is that if you obtain the player key for HDVision-1000 serial number ABCDE, just revoking the key for serial number ABCDE is not enough. Since you can obtain the key from one HDVision-1000, you can easily do it to any other amount of the same model, thus they keys for ALL of that model must be reversed, since the design* has been compromised.
Suffice it to say, the design of all of them is flawed from the get-go, so whatever.
Unlock all the phones in your family. T-Mobile and Cingular are both GSM so all their phones will work with the new service. Problem solved.
What's funny is that 10 years ago there really wouldn't be a discussion, because you wouldn't find an engineer worth his weight in solder that didn't have a 48GX. At some point, a systematic sissification of generations of engineers occurred and they started using the crap that TI makes because it was slightly newer (albeit not really any more functional).
HP is the only option. Sure, no one will no what you are doing (especially if you use RPN), but that means no one can borrow it, either. Oh, and if you use RPN you'll probably be a lot quicker than most of your classmates, too.
I have an HP-48GX and it served me well through high school and four years of engineering school.
If your copy of Ubuntu won't play DVDs, that's between you and Google, my friend:
* If you were using Windows Vista, you wouldn't have this problem in the first place, and,
I think the funny part is that pretty soon most users won't be able to play their newly purchased content on Vista thanks to its paranoid content protection.
If I heat my house by burning oil or wood, then everyone around me suffers sligthly from this choice.
Actually, heating by wood is good. It's carbon neutral. If you use a catalytic wood stove such as this one, your efficiency is also pretty good (81.1% in this case).
Given that there is NO 100% true solution to the problem, things have to be done... or at least tried.
Oh I agree. My problem with this is that it's a demonstrably stupid measure of prevention.
but expecting marketers to "follow ettiquette" ain't gonna happen.
I'm not. I'm expecting legitimate administrators not to impliment this because its a deliberate obfuscation of services they publically advertise, and as such is not appropriate.
This is not a long term solution.
1) It's bad netiquette, and a lot of people don't like that, including myself and I'm sure many other administrators.
2) It's an artificial "defense" that is easily circumvented because the rule is obvious. It's security through obscurity with the added suck that there is no obscurity.
3) It's solving a symptom and not any of the actual problems (e.g. hosts being compromised to send spam).
Thanks, but I'll pass.
I'm very jealous. I work with a fair amount of Indians. They all have different backgrounds, but only one or two of them (out of 6 or so) is from south India. A few weeks ago, one of them suggested we get south Indian food for lunch. So, we went to a street near our office with lots of Indian restaurants. It turned out the guy who actually wanted south Indian food wasn't able to come. Since it was me, another white guy, and three Indians, they felt bad dragging us to a south Indian place that we might not enjoy and suggested we just go to a regular Indian place that we knew we'd like. We convinced them to get south Indian. I fell in love with Dosa and Idli. I was a bit taken back when the crepe was about 18" long, but it and the potatoes inside were delicious! I need to go again.
high-fructose corn syrup
Think about it. High, fructose, corn, syrup. High, fructose, corn, syrup. Are you getting it? Lemme try one more time. High, fructose, corn, syrup. It come from corn! Last I checked, corn is a plant.
Though it might be possible that I misread your statement and when you said "per meg" you meant "per meg/s." :-) In that case, it makes sense.
Since NO cable companies are transit free, they pay per meg usage to their transit providers.
I'm not quite sure where this idea comes from. I have never ever ever seen data circuits billed per bit transferred. I work with things from OC-3, to OC-12, to random flavors of DWDM and have never seen it.
It depends where you are. In the New York area, it's very, very expensive. Unfortunately, that's where a lot of us need it. Then again, the organizations that need it are the ones with enough money to get it at pretty much any cost. ;-)
Why do we still teach CS and engineering majors tons of higher math?
I'll quote from a professor I had in the past and one whom I incredibly respect, as he understands moreso than any professor I've had before or after what it truly means to teach:
Here's a question which students may ask at times during semester: "Why do I need to learn this stuff since a computer can do it?" Certainly a computer can tell you that 25.46 multiplied by 38.04 is 968.4984, but if I type PLUS instead of TIMES, I'll read 63.50. I should have enough "feeling" to look at the answer and know that something is fouled up, somewhere. Similarly, if I ask a computer to find an antiderivative of (x2+2)/(x2+1), the answer will be x+arctan(x) (yes, yes, "+C"). But if I omit one or another pair of parentheses (or both) I get these answers: 2x-2/x,(x3/3)+2arctan(x), (x3/3)-(2/x)+x. This is rather a simple indefinite integral, and things get much more complicated with more complicated questions. Students should know the "shape" of the answer (so 25.46 multiplied by 38.04 is hundreds, not 63.50!). And that, to me, is an important aim of the course.
As much as it means there is more for the student to learn, I think it's important.
Those who want to have a generalist "thinker" engineering career can take a masters or Ph.D. in engineering.
In some respects this is somewhat upside down. The deeper you get into your studies, the more specialized you become. I've read that mathematics, for example, has become so specialized, that just having a PhD anymore is not enough to process the newest research. For example, a combinatorialist is going to look at Andrew Wiles' proof of Fermat's Last Theorem much as I would--in confusion.
The engineers are not thinkers compared with physicists and mathematicians.
You're not hanging out with the right engineers then. Don't mistake practical thinking for not being "thinking." Engineers have it somewhat hard. Whereas mathematicians and physicists can publish and survive in their academic ivory towers by researching things that, for the forseeable future, only have theoretical implications, engineers have to generate unique research that is at least somewhat applicable to the practical world. This is a tall order.
Well, it is generally believed that prime numbers are infinite...
... p_n where p_n > ... > p_2 > p_1. Let N = (p_1*p_2*...*p_n)+1. By construction, p_1...p_n do not divide N. Thus, N is either prime itself or divisible by a prime larger than p_n, contradicting the assumption that there are a finite number of primes.
Not sure if you meant twin primes there. It is provable that there are infinitely many primes. Assume that there exists a finite number of primes... p_1, p_2,
There should be some sort of licensing requirements, like driver's licenses
Yes, because drivers' licenses solve the problem of bad drivers. Please wake up and realize that in most of things we license (e.g. driving, vehicle registration, firearms, building permits), the licenses are only a tool for the government to collect money and serve no useful purpose.