No, because Microsoft has never done anything to encourage this model. Between Program Files/ and the registry, programs invariably need to have access to the whole machine.
Read through the threads about this, and you will find the people who did this aren't geniuses.
They're smart enough to know how to go through mem dumps with a hex editor and sniff USB traffic. They should be smart enough to go through any layer of indirection that the MPAA throws at them.
Even if these specific people aren't smart enough, they're hardly the only ones trying to crack this. Just one engineering student with access to a scanning electron microscope could be enough.
The question that needs to be answered, then, is how?.
Anything that simply adds another layer of indirection will just be a bit harder to crack. You could try storing the keys in only registers, but that will make implementation on machines with limited registers difficult (like all 32-bit x86 CPUs). Even if you limit your player to 64-bit x86 CPUs, the OS could still swap out the state of the registers during normal multitasking operations.
There is no magic pixie dust solution.
No, this crack isn't a total breakage the way DeCSS was, but it shifts the cat-and-mouse game heavily out of the movie industry's favor. Their best bet (and they seem to finally be waking up to this fact) is to give up on DRM. After all, DVDs have been copyable since 1998, but this has not stopped the format from being commercially successful.
Wikipedia isn't strictly wrong, I'm just using "known-plaintext" in a looser way than perhaps I should.
You know what the old processing key is, and know some of the encrypted information for old discs. Armed with this information, you should easy to attack a new processing key. This is a "known-plaintext" attack in the sense that you know an older key and some of the data that was encrypted with that key.
As an aside, I'd like some verfication that my points in the GP post are correct. A lot of people are pointing to the above post as a great simplified explaination of the attack, but really it's just what I gleaned with a little time poking around the Doom9 thread and examining the source code posted there. I haven't even spent the time going through the publicly available AACS documentation. So I wouldn't take the above as gospel.
For a software player, the new processing key would come from a software update. No discs released with the new processing key would play until the update is applied. In theory, the MPAA could refuse to allow software players anymore, but this would likely cause a class-action suit from consumers who already have next-gen players on their PCs. If publicity is handled well enough, it could kill the new formats regardless of the actual outcome of the trial.
I would be curious to see how hardware next-gen players hold their keys for updating. The most straightforward method is some kind of firmware that can be easily updated over the Internet or in a retail service center. However, firmware would be prone to tampering. A ROM chip with some tamper-resistance would be harder to play with (though by no means impossible), but also makes updates harder.
Lots of people already have next-gen disc players for their PC. They expect those players to play next-gen movie discs, because that's what they were advertised to do. Not allowing them to update keys would likely cause a class-action suit.
Remember, the next-gen formats are still in their infant stages. Bad publicity now would likely kill them.
Lastly, the entire justification for the heavy DRM in Vista is that they can play hi-def movies. If there are no more software players, that justification will be shown as bunk (it's bunk anyway, now it will just be obvious).
Tamper resistence is useless when the attacker has a limited time to try to break the device. For instance, ATM design docs often list requirements such as "an attacker should need no less then 20 minutes with a hacksaw and a screwdriver to break open the keypad".
When the time and tools you have to spend on the project are unrestricted, no ammount of tamper-proofing can stop you. The only choices are:
Make it hard enough that people will give up
Destroy the device
Destroying the device is common in military applications (such as loading encryption equipment with thermite charges), but is likely too dangerous for consumer products.
Poking around Doom9 thread, the processing key for all current HD-DVD discs was found.
Looking over some example source code, the processing key is used with the encrypted C value to build the media key, which can then build the volume key, which can then decrypt the disc.
The MPAA can revoke the processing key, but quoting from the forum:
Some of you are missing the true meaning of this compromise. If they revoke this processing key, we just take a player compatible with a new processing key, put in one of the titles that's already cracked, and go around in memory looking for the known key. We find it, insert a new title, look in the same place and we have a new processing key.
Part of the cost of producing solar panels is related to the energy and materials required to produce them. Some of those materials (particularly plastics) are built at least partially from oil. So rising petrol costs will increase the cost of solar panels, too. We can expect that if solar panel efficiency stays at its current rate, they will remain an uneconomical alternative (in other words, won't make back the money you paid for them over their expected lifetime).
The only solution is to increase solar panel efficiency, or place them where they can get very high efficiency with current technology (like in orbit).
If it was just spam, I'd agree. But there is also a phishing/fraud case at stake, and then multiplied by potentially thousands of people. Identity theft is potentially a life-ruining event (especially in the US, where your credit rating is used for a lot more than you probably think). Multiply that by thousands, perhaps millions of people, and you have a crime that should be on the same level as murder.
For most discussions of the US conversion to the metric system, that's an argument I'd agree with. In this specific case, it's shown that 0-100 on the Fahrenheit scale is inherently more convenient when discussing the range of human tolerances for temperature. Thus, it's worthwhile to keep the Fahrenheit scale around when talking about the day-to-day weather.
Nah, Sony is one of the primary manufacturers of the blue diodes for the entire industry. (Which is pretty typical--Sony's components are common in many electronic gadgets, even when they compete against Sony's own gadgets). But when it was obvious there was going to be a shortfall, Sony kept most of the diodes they could for themselves to build all the PS3s they could.
People are very quick to predict the doom and gloom of sony. What they all fail to recognize is that sony (and anybody else that had a clue on how the trends are moving) knew that this is going to happen. For months.
I doubt that. The problems with the Blu-Ray laser diode production seemed to have surprised a lot of consumer electronics manufacturers. There should have been a lot more Blu-Ray and HD-DVD players out there this past holiday season. Instead, there was only a handful, and those were in short supply.
Likely, Sony probably would have still sold out the PS3, but the eBay price (which is closer to the true market price based on supply and demand) probably would have been around $1000 instead of $15,000.
Re:How to buy Sealand for free in just 5 steps
on
Sealand Put Up For Sale
·
· Score: 2, Interesting
That would be considered defaulting on a loan. Countries have a credit rating just like individuals do. The reason the US government can have a multi-trillion doller debt is because it has never defaulted on a loan.
So sure, you can do that, but it's still going to foobar your credit rating.
This is actually an accepted part of pure capitalism: the government's place is to solve market failures, and stay out the way the rest of the time. This is not generally an idea stated by the current Republic party (which has been mostly taken over by the religious right, with very few real fiscal conservatives anymore).
The argument goes that the free market should work everything out on its own. But there are demonstratable cases where this hasn't happened, which is what "market failure" means. When market failure happens, it's silly to sit by and say "that's just how the market works". Government intervention is perfectly justified in such a case.
One type of market failure is externalities--the person or group that causes the damage isn't the one that pays for cleaning it up. An example is dumping toxic waste into a river. The company that did it would normally just forget about it, while downstream animals start dieing off and people are without fresh drinking water. As part of its role in resolving market failures, the government can make them clean it up.
Some of the most interesting ideas for resolving environmental-related externalities, like carbon credits, actually use market dynamics as a central idea.
Bull. There are stupid things about my culture, and there's stupid things about your's, too. I'll criticize whatever I feel is wrong about other cultures. Feel free to do the same to me; there's a fair chance that I'll agree with whatever you mention.
It may solve some problems, like having a few guys claiming to be from Microsoft showing up at VeriSign's offices and walking off with a signed SSL key for MS.
This is only one of the many major problems that SSL has, though. I don't see how this can address the problems of international domain names (where glyphs for certain characters can look the same, but aren't). I also doubt that it gives assurances about the security practices of the company (why would a cracker sniff a few credit cards at a time off the wire if they can break into a database and get hundreds of credit cards at once?).
Overall, this seems like a way to make the customer pay again for the CA's own bad practices.
But now we are being told that the money doesn't go back to the creative talent, ie presumably it goes into the oversized pockets of company execs/shareholders.
Quite so. See also Hollywood Accounting, which caused movies like Forest Gump to officially have no net profit (and thus screwing over the writer of the orginal book, as his contract specified that he gets a percentage of the profit).
The real pirates are in movie and music stuido board rooms.
Pissing off people who are your enemies anyway isn't a big problem. Pissing off long-time friends is a huge problem. Applies to international politics as well as it does personal relationships. Just ask the ancient government of Athens, around the time Sparta attacked.
You're being friendlier to the environment by using a small 4-cycle engine that has a catalytic convertor. (I went looking for a small-engine catalytic converter and couldn't find anywhere in the US to buy one, by the by):(
In the long term, catalytic converters do more harm than good. In the short term, they do get rid of a lot of greenhouse gasses, but the engine has to run less efficiently for them to work. You'd get better gas milage out of your car if you take out the cat and run the mixture a little lean.
Very true, and it goes back further than that. The FX chip for the Super Nintendo (what Star Fox came with) was essentially a graphics accelerator. The Sega Genessis had 32-bit expander and CD drive upgrades.
However, most of the upgrades flop. Nintendo alone has a long line of extra accessories and ideas, starting with R.O.B. and going to the GC -> GBA hookup, that were used in a few games and then discarded. The FX chip is an exception because it was integrated into the cartridge. Even that was only used on a handful of games (though Star Fox was obviously very popular at the time).
If you're going to make upgrades work on consoles, you need to have an extremely awsome game that everybody wants and is willing to spend the extra cash on the upgrade. Zelda: Majora's Mask was almost such a game, since (after the awsomeness of Ocarina) everyone was itching for more Zelda.
Slashdot Mirror
No, because Microsoft has never done anything to encourage this model. Between Program Files/ and the registry, programs invariably need to have access to the whole machine.
Read through the threads about this, and you will find the people who did this aren't geniuses.
They're smart enough to know how to go through mem dumps with a hex editor and sniff USB traffic. They should be smart enough to go through any layer of indirection that the MPAA throws at them.
Even if these specific people aren't smart enough, they're hardly the only ones trying to crack this. Just one engineering student with access to a scanning electron microscope could be enough.
The question that needs to be answered, then, is how?.
Anything that simply adds another layer of indirection will just be a bit harder to crack. You could try storing the keys in only registers, but that will make implementation on machines with limited registers difficult (like all 32-bit x86 CPUs). Even if you limit your player to 64-bit x86 CPUs, the OS could still swap out the state of the registers during normal multitasking operations.
There is no magic pixie dust solution.
No, this crack isn't a total breakage the way DeCSS was, but it shifts the cat-and-mouse game heavily out of the movie industry's favor. Their best bet (and they seem to finally be waking up to this fact) is to give up on DRM. After all, DVDs have been copyable since 1998, but this has not stopped the format from being commercially successful.
Wikipedia isn't strictly wrong, I'm just using "known-plaintext" in a looser way than perhaps I should.
You know what the old processing key is, and know some of the encrypted information for old discs. Armed with this information, you should easy to attack a new processing key. This is a "known-plaintext" attack in the sense that you know an older key and some of the data that was encrypted with that key.
As an aside, I'd like some verfication that my points in the GP post are correct. A lot of people are pointing to the above post as a great simplified explaination of the attack, but really it's just what I gleaned with a little time poking around the Doom9 thread and examining the source code posted there. I haven't even spent the time going through the publicly available AACS documentation. So I wouldn't take the above as gospel.
For a software player, the new processing key would come from a software update. No discs released with the new processing key would play until the update is applied. In theory, the MPAA could refuse to allow software players anymore, but this would likely cause a class-action suit from consumers who already have next-gen players on their PCs. If publicity is handled well enough, it could kill the new formats regardless of the actual outcome of the trial.
I would be curious to see how hardware next-gen players hold their keys for updating. The most straightforward method is some kind of firmware that can be easily updated over the Internet or in a retail service center. However, firmware would be prone to tampering. A ROM chip with some tamper-resistance would be harder to play with (though by no means impossible), but also makes updates harder.
Lots of people already have next-gen disc players for their PC. They expect those players to play next-gen movie discs, because that's what they were advertised to do. Not allowing them to update keys would likely cause a class-action suit.
Remember, the next-gen formats are still in their infant stages. Bad publicity now would likely kill them.
Lastly, the entire justification for the heavy DRM in Vista is that they can play hi-def movies. If there are no more software players, that justification will be shown as bunk (it's bunk anyway, now it will just be obvious).
Tamper resistence is useless when the attacker has a limited time to try to break the device. For instance, ATM design docs often list requirements such as "an attacker should need no less then 20 minutes with a hacksaw and a screwdriver to break open the keypad".
When the time and tools you have to spend on the project are unrestricted, no ammount of tamper-proofing can stop you. The only choices are:
Destroying the device is common in military applications (such as loading encryption equipment with thermite charges), but is likely too dangerous for consumer products.
Poking around Doom9 thread, the processing key for all current HD-DVD discs was found.
Looking over some example source code, the processing key is used with the encrypted C value to build the media key, which can then build the volume key, which can then decrypt the disc.
The MPAA can revoke the processing key, but quoting from the forum:
Some of you are missing the true meaning of this compromise. If they revoke this processing key, we just take a player compatible with a new processing key, put in one of the titles that's already cracked, and go around in memory looking for the known key. We find it, insert a new title, look in the same place and we have a new processing key.
Essentially, it becomes a known-plaintext attack.
No discussion of adventure games is complete without Old Man Murray.
I miss Old Man Murray.
Key has to be decrypted somewhere. Where else do you want to put it?
Sure, a hardware player could put it in a reasonably tamper-proof ROM, but what's a software player going to do?
Part of the cost of producing solar panels is related to the energy and materials required to produce them. Some of those materials (particularly plastics) are built at least partially from oil. So rising petrol costs will increase the cost of solar panels, too. We can expect that if solar panel efficiency stays at its current rate, they will remain an uneconomical alternative (in other words, won't make back the money you paid for them over their expected lifetime).
The only solution is to increase solar panel efficiency, or place them where they can get very high efficiency with current technology (like in orbit).
If it was just spam, I'd agree. But there is also a phishing/fraud case at stake, and then multiplied by potentially thousands of people. Identity theft is potentially a life-ruining event (especially in the US, where your credit rating is used for a lot more than you probably think). Multiply that by thousands, perhaps millions of people, and you have a crime that should be on the same level as murder.
For most discussions of the US conversion to the metric system, that's an argument I'd agree with. In this specific case, it's shown that 0-100 on the Fahrenheit scale is inherently more convenient when discussing the range of human tolerances for temperature. Thus, it's worthwhile to keep the Fahrenheit scale around when talking about the day-to-day weather.
Nah, Sony is one of the primary manufacturers of the blue diodes for the entire industry. (Which is pretty typical--Sony's components are common in many electronic gadgets, even when they compete against Sony's own gadgets). But when it was obvious there was going to be a shortfall, Sony kept most of the diodes they could for themselves to build all the PS3s they could.
People are very quick to predict the doom and gloom of sony. What they all fail to recognize is that sony (and anybody else that had a clue on how the trends are moving) knew that this is going to happen. For months.
I doubt that. The problems with the Blu-Ray laser diode production seemed to have surprised a lot of consumer electronics manufacturers. There should have been a lot more Blu-Ray and HD-DVD players out there this past holiday season. Instead, there was only a handful, and those were in short supply.
Likely, Sony probably would have still sold out the PS3, but the eBay price (which is closer to the true market price based on supply and demand) probably would have been around $1000 instead of $15,000.
That would be considered defaulting on a loan. Countries have a credit rating just like individuals do. The reason the US government can have a multi-trillion doller debt is because it has never defaulted on a loan.
So sure, you can do that, but it's still going to foobar your credit rating.
This is actually an accepted part of pure capitalism: the government's place is to solve market failures, and stay out the way the rest of the time. This is not generally an idea stated by the current Republic party (which has been mostly taken over by the religious right, with very few real fiscal conservatives anymore).
The argument goes that the free market should work everything out on its own. But there are demonstratable cases where this hasn't happened, which is what "market failure" means. When market failure happens, it's silly to sit by and say "that's just how the market works". Government intervention is perfectly justified in such a case.
One type of market failure is externalities--the person or group that causes the damage isn't the one that pays for cleaning it up. An example is dumping toxic waste into a river. The company that did it would normally just forget about it, while downstream animals start dieing off and people are without fresh drinking water. As part of its role in resolving market failures, the government can make them clean it up.
Some of the most interesting ideas for resolving environmental-related externalities, like carbon credits, actually use market dynamics as a central idea.
I thought this confusion was cleared up years ago.
RIAA = Music
MPAA = Movies
Although they share many of the same member corporations, they're not the same. The evil overloads in this case would be the MPAA.
Bull. There are stupid things about my culture, and there's stupid things about your's, too. I'll criticize whatever I feel is wrong about other cultures. Feel free to do the same to me; there's a fair chance that I'll agree with whatever you mention.
Actually, they're not losing money if they don't have units to sell.
It may solve some problems, like having a few guys claiming to be from Microsoft showing up at VeriSign's offices and walking off with a signed SSL key for MS.
This is only one of the many major problems that SSL has, though. I don't see how this can address the problems of international domain names (where glyphs for certain characters can look the same, but aren't). I also doubt that it gives assurances about the security practices of the company (why would a cracker sniff a few credit cards at a time off the wire if they can break into a database and get hundreds of credit cards at once?).
Overall, this seems like a way to make the customer pay again for the CA's own bad practices.
But now we are being told that the money doesn't go back to the creative talent, ie presumably it goes into the oversized pockets of company execs/shareholders.
Quite so. See also Hollywood Accounting, which caused movies like Forest Gump to officially have no net profit (and thus screwing over the writer of the orginal book, as his contract specified that he gets a percentage of the profit).
The real pirates are in movie and music stuido board rooms.
Pissing off people who are your enemies anyway isn't a big problem. Pissing off long-time friends is a huge problem. Applies to international politics as well as it does personal relationships. Just ask the ancient government of Athens, around the time Sparta attacked.
You're being friendlier to the environment by using a small 4-cycle engine that has a catalytic convertor. (I went looking for a small-engine catalytic converter and couldn't find anywhere in the US to buy one, by the by) :(
In the long term, catalytic converters do more harm than good. In the short term, they do get rid of a lot of greenhouse gasses, but the engine has to run less efficiently for them to work. You'd get better gas milage out of your car if you take out the cat and run the mixture a little lean.
Very true, and it goes back further than that. The FX chip for the Super Nintendo (what Star Fox came with) was essentially a graphics accelerator. The Sega Genessis had 32-bit expander and CD drive upgrades.
However, most of the upgrades flop. Nintendo alone has a long line of extra accessories and ideas, starting with R.O.B. and going to the GC -> GBA hookup, that were used in a few games and then discarded. The FX chip is an exception because it was integrated into the cartridge. Even that was only used on a handful of games (though Star Fox was obviously very popular at the time).
If you're going to make upgrades work on consoles, you need to have an extremely awsome game that everybody wants and is willing to spend the extra cash on the upgrade. Zelda: Majora's Mask was almost such a game, since (after the awsomeness of Ocarina) everyone was itching for more Zelda.