As far as I know, you can't close a window directly, you can only have the browser pop up a dialog which asks you if you want to close - say yes and it closes, say no and it does nothing. Of course an evil person could put that in a loop. doing an alert() in a while(1) in javascript is a very evil trick too. Tested that on myself - it was bad enough to qualify as a DoS attack had it been done by someone else to me...
And some independent hardware company will make unencrypted speakers to make a killing in a now untapped market.
The real risk is that they will come out with hardware that can support "legacy" (unecrypted) and encrypted content. It will play old stuff AND new stuff, so it will be seen as better. As more and more stuff is encrypted, the old stuff will be able to play less and less content. Now it is a question of how much content will only be encrypted.
There is also the issue of whether the encryption will be licensed to those that can also play unencrypted content. If not, unencrypted content will have a big barrier. That would be worse than DVD, which contrary to some people's misapprehension, CAN play non-CSS protected disks.
If almost all new content is encrypted we lose, if not, we win. The hardware industry wants to make a buck, not protect the content industry (unless, of course, that will help them profit).
The big question is, will the content industry stop making unencrypted content....
CSS and systems like it (such as this digitial music system) are bad, especially because of the DMCA. That law means anyone can override all the fair use provisions of copyright law by simply writing an access control/encryption system that makes it even one bit harder than trivial to access or copy the data. If you write code to make an activity "hard" (i.e. not completely trivial), DMCA makes that activity illegal. Any programmer can be her/his own legislature. Write the code and outlaw the activity.
While that state of affairs exists we MUST oppose any technological measures to "protect" copyrighted work, not because of the technological impediments such a system imposes, but because of the legal danger such a system imposes to the legality of making fair use of a work.
P.S. I should write an encryption and "work protection" system that XORs protected data with a 1 byte key and call it a DMCA fair use eliminator. Trivial to crack, nearly useless technologically, but it would make fair use of protected products illegal. Maybe that would show the absurdity of the DMCA...
Does the law even apply to non-commercial sites? I thought it only applied to commercial sites. Even if it purported to apply to non-commercial sites, could it? The enforcement is done by the FTC, i.e. Federal Trade Commission. do they have jurisdiction over non-commercial sites? If they do not, then does that preclude enforcement of the law over such sites?
No problem, right? The firewall keeps the traffic out, the WebRamp times out and disconnects after the programmed time, right? HA! Each incoming packet, of any kind, to any address, is counted as activity on the line, even if the next step is for the firewall to drop it on the floor
Then that is a brain-dead implementation. If you don't want the packet, it shouldn't have any effect in keeping your connection up. Should other people's technology be constrained by that? If Linux TCP/IP stacks were to cause some vendors router to consistently lock up should we ban Linux? Or should the vendor fix their stuff?
That being said, I live in a fifty year old house with fifty year old wiring and fifty year old telephone equipment on the poles in the alley.
I.E. (probably) good quality copper wiring rather than the chinsy stuff they put in today (as time goes on, people cut corners more and more), work that was done by professionals who knew what they were doing and none of those new-fangled pair gain devices (which allow one pair to the central office to connect 2 phone lines with reduced bandwidth). Old can be better.
CPU failures are so rare as to be essentially non-existent. I have never heard of a CPU burning out or being damaged any way other than being overclocked or hit with an overvoltage (power surge or static, etc). I know it must happen occasionally, but not often.
A CPU being run at rated speed, even in a hot room, even at 50 C (136.4 F) permanently failing anything inside of a decade is quite unlikely. Everything else (hard disk, etc) will have probably died of old age by then, and the system will be too slow compared to what you are trying to do by then for it to matter.
I run my system at rated speed, 24/7. Don't expect the CPU to fail ever. Power supply fan bearing is getting noisy tho - I'm going to need a new power supply at some point - preferably with a fan monitor output if I can find one...
They couldn't make money on their e-commerce sales of MySQL. See they ran their database on MySQL and due to the lack of transactions all the orders got hosed.:)
The article did talk about stealth mode banning of packets. They said that something banned would just get a "connection reset by foreign host" error. An admin interested in using a stealth ban would have a disincentive to shut off someone's access - it would blow their cover. Yes, admins often do block protocols, ports and sites without even telling anyone anything about that.
Also, what if the person trying to kill a protocol wasn't someone with network authority. We already have Media Enforcer to rat out Napster users, what if some disgruntled musician writes a Gnutella killer?
Also, people get a lot of sympathy when they themselves are kicked off a network. If you can't run Napster people might not care. If you do and are banned from your ISP, people often see it in a different light.
Finally, each person kicked off a service is one less customer and less revenue. Can't do that too much and survive in today's ultracompetitive ISP market.
...restrictions over what ports/protocols could be used.
One can always encapsulate a banned protocol in an allowed protocol. FTP could be encapsulated in SMTP if it came to that. Inefficiently, etc, yes, but possible. I have successfully run SLIP and PPP over telnet connections before. Also one can "hide" an MP3 in what appears to be C source code. There is almost always a way around restrictions. Ever wonder why B-level security systems (mandatory access control and multi-level security) are so complex? It is hard to stop people from sending information. And then there are covert channels and all sorts of hard to detect and hard to stop methods of sending info that someone wants to suppress.
Interesting DoS attack on that system. I'd have my machine and that of a friend just send "banned" packets between each other at full speed 24/7. Enough people do that and they'll need a huge server in order to keep up with the load. Or they don't keep up and some banned packets get through.
1. That Packeteer bandwidth allocation product mentioned in the article sounds a lot like the Linux kernel traffic shaping and QoS system. 2. It could be a good thing, limiting bandwidth is much better than banning stuff. Even the most die-hard Napster fans among you must seriously consider, should Napster be getting 90% of the bandwidth?! Hell no! If it was held down to 10% of the total bandwidth all but the most unreasonable people must say that's fair.
You aren't thinking creative (or evil) enough. Not just tracking - but law enforcement initiated remote shutdown of applications, knocking people off the net in real time, shutting down their home security (once smart houses take off), transferring all their money to the gov't (again in real time) and all sorts of fun. Press a button and your life turns to hell, again in real time.
They don't like what you are saying, your site is instantly down and erased. They want your money, they got it. Scary, isn't it.
OK, I understand that when I take this particular sequence of numbers and feed it as input to a particular decoding program, out comes the latest Brittany Spears or whatever. So what? If I take it and feed it to Word, out comes a file of text. (It's gibberish. But then again, a lot of what is produced with Word is gibberish.)
If you feed it to a music decoding program, and out comes Brittany Spears, isn't that gibberish too?:-)
And after you are done firing those who don't "fall into line" you are even more short staffed then you were before. And you got a reputation for firing people over stuff like that, so now it is harder to hire people. In a tight labor market, that might not be too wise...
Also, aside from that, if someone is one the Internet doing something legitimate and the software has a false positive and disables the computer ((!) how stupid is that?!) then that worker is completely idled until the admin re-enables it, and is unable to complete the task regarding the "forbidden" (by software, not company policy) image until the admin can override that too (if that is possible without disabling the software entirely).
On the optimistic side, could the government finally realize that strong crypto is necessary? I'm not entrusting my SSN to a 40-bit connection!
Why not?
Getting your SSN through other means is much easier than breaking 40 bit crypto. Just a couple of phone calls to the many people you have given it to (often as a requirement of doing business) and someone will leak it, if the one making the calls is good at "social engineering".
The idea is that in the mean time we can make it hard for the Man to oppress us while we are working on changing the laws.
Also this is good for a lot of the gray areas. Such as things that would be found legal if you could fight it in court, but it isn't practical or convient to do so. They wouldn't work very hard to try to suppress something that isn't clearly illegal (it is hoped). Comments critical of the latest evil company of the week would be useful to put under a system like this. Not something you'd definitely go to prison for 20 years for. But something for which a company, with little use of resources, could make you spend lots of time and money fighting, well that would be a perfect use of the system.
Raise the cost of suppressing information that is ultimately legal but which someone doesn't like.
Well one could have A XOR B be something innocent and C XOR D be something innocent and A XOR C be something that the Man is trying to suppress. A and C both have provably innocent uses. Would make for some really interesting cases and precedents. Mere possession of A or C, is it illegal? Even having both, if you also had C and D? Are you possessing A, B, C, and D for A XOR B and C XOR D or so you have A XOR C? How could they prove which it is? Mathematically they could not. They'd have to use other means...
Courts can look that up to. Heck, I'm a private citizen and I trace IP address to their owners all the time to complain about spam.
Re:spying on children too... risky indeed
on
Mattel Spyware
·
· Score: 1
Kill that exe, call tech support and claim the game doesn't work. Don't mention killing the ad program. Waste their time. Mention you have software that deletes anything that accesses the Internet without your permission automatically. After you've spent a lot of time on it. Repeat this process.
Use the EULA refund provision. If they want their EULA, then they need to play by the rules. Such as when you buy a game it doesn't contain a Trojan horse and certainly not require it to run.
What did the program say if you removed that file? Give an error? Anything admitting what it did?
You could try replacing the exe with a program which runs and does nothing. If you are really clueful, make a DLL wrapper that makes any IP calls to talk to remote IPs say successful, returning all requested bytes, but not actually communicate anything.
As far as I know, you can't close a window directly, you can only have the browser pop up a dialog which asks you if you want to close - say yes and it closes, say no and it does nothing. Of course an evil person could put that in a loop. doing an alert() in a while(1) in javascript is a very evil trick too. Tested that on myself - it was bad enough to qualify as a DoS attack had it been done by someone else to me...
How about something really useful. Like training a parrot to peck out the code to DeCSS. What would the MPAA do about that? :-)
The real risk is that they will come out with hardware that can support "legacy" (unecrypted) and encrypted content. It will play old stuff AND new stuff, so it will be seen as better. As more and more stuff is encrypted, the old stuff will be able to play less and less content. Now it is a question of how much content will only be encrypted.
There is also the issue of whether the encryption will be licensed to those that can also play unencrypted content. If not, unencrypted content will have a big barrier. That would be worse than DVD, which contrary to some people's misapprehension, CAN play non-CSS protected disks.
If almost all new content is encrypted we lose, if not, we win. The hardware industry wants to make a buck, not protect the content industry (unless, of course, that will help them profit).
The big question is, will the content industry stop making unencrypted content....
While that state of affairs exists we MUST oppose any technological measures to "protect" copyrighted work, not because of the technological impediments such a system imposes, but because of the legal danger such a system imposes to the legality of making fair use of a work.
P.S. I should write an encryption and "work protection" system that XORs protected data with a 1 byte key and call it a DMCA fair use eliminator. Trivial to crack, nearly useless technologically, but it would make fair use of protected products illegal. Maybe that would show the absurdity of the DMCA...
Any lawyers care to comment?
Then that is a brain-dead implementation. If you don't want the packet, it shouldn't have any effect in keeping your connection up. Should other people's technology be constrained by that? If Linux TCP/IP stacks were to cause some vendors router to consistently lock up should we ban Linux? Or should the vendor fix their stuff?
I.E. (probably) good quality copper wiring rather than the chinsy stuff they put in today (as time goes on, people cut corners more and more), work that was done by professionals who knew what they were doing and none of those new-fangled pair gain devices (which allow one pair to the central office to connect 2 phone lines with reduced bandwidth). Old can be better.
A CPU being run at rated speed, even in a hot room, even at 50 C (136.4 F) permanently failing anything inside of a decade is quite unlikely. Everything else (hard disk, etc) will have probably died of old age by then, and the system will be too slow compared to what you are trying to do by then for it to matter.
I run my system at rated speed, 24/7. Don't expect the CPU to fail ever. Power supply fan bearing is getting noisy tho - I'm going to need a new power supply at some point - preferably with a fan monitor output if I can find one...
They couldn't make money on their e-commerce sales of MySQL. See they ran their database on MySQL and due to the lack of transactions all the orders got hosed. :)
Also, what if the person trying to kill a protocol wasn't someone with network authority. We already have Media Enforcer to rat out Napster users, what if some disgruntled musician writes a Gnutella killer?
Also, people get a lot of sympathy when they themselves are kicked off a network. If you can't run Napster people might not care. If you do and are banned from your ISP, people often see it in a different light.
Finally, each person kicked off a service is one less customer and less revenue. Can't do that too much and survive in today's ultracompetitive ISP market.
Sounds like they mean a TCP RST. That works on everything. Except say, a hacked Linux kernel. (Hint Hint. :)
One can always encapsulate a banned protocol in an allowed protocol. FTP could be encapsulated in SMTP if it came to that. Inefficiently, etc, yes, but possible. I have successfully run SLIP and PPP over telnet connections before. Also one can "hide" an MP3 in what appears to be C source code. There is almost always a way around restrictions. Ever wonder why B-level security systems (mandatory access control and multi-level security) are so complex? It is hard to stop people from sending information. And then there are covert channels and all sorts of hard to detect and hard to stop methods of sending info that someone wants to suppress.
Interesting DoS attack on that system. I'd have my machine and that of a friend just send "banned" packets between each other at full speed 24/7. Enough people do that and they'll need a huge server in order to keep up with the load. Or they don't keep up and some banned packets get through.
1. That Packeteer bandwidth allocation product mentioned in the article sounds a lot like the Linux kernel traffic shaping and QoS system. 2. It could be a good thing, limiting bandwidth is much better than banning stuff. Even the most die-hard Napster fans among you must seriously consider, should Napster be getting 90% of the bandwidth?! Hell no! If it was held down to 10% of the total bandwidth all but the most unreasonable people must say that's fair.
If they can bill for it, they know you used it. There goes your privacy. If they can bill for it they can disable it. There goes your security.
They don't like what you are saying, your site is instantly down and erased. They want your money, they got it. Scary, isn't it.
Possible? Yes.
Get even!
Bad data is worse than no data. Keep that in mind fellow hackers. :) Let them spy on wrong data. Be creative.
If you feed it to a music decoding program, and out comes Brittany Spears, isn't that gibberish too? :-)
Also, aside from that, if someone is one the Internet doing something legitimate and the software has a false positive and disables the computer ((!) how stupid is that?!) then that worker is completely idled until the admin re-enables it, and is unable to complete the task regarding the "forbidden" (by software, not company policy) image until the admin can override that too (if that is possible without disabling the software entirely).
Why not?
Getting your SSN through other means is much easier than breaking 40 bit crypto. Just a couple of phone calls to the many people you have given it to (often as a requirement of doing business) and someone will leak it, if the one making the calls is good at "social engineering".
Also this is good for a lot of the gray areas. Such as things that would be found legal if you could fight it in court, but it isn't practical or convient to do so. They wouldn't work very hard to try to suppress something that isn't clearly illegal (it is hoped). Comments critical of the latest evil company of the week would be useful to put under a system like this. Not something you'd definitely go to prison for 20 years for. But something for which a company, with little use of resources, could make you spend lots of time and money fighting, well that would be a perfect use of the system.
Raise the cost of suppressing information that is ultimately legal but which someone doesn't like.
Well one could have A XOR B be something innocent and C XOR D be something innocent and A XOR C be something that the Man is trying to suppress. A and C both have provably innocent uses. Would make for some really interesting cases and precedents. Mere possession of A or C, is it illegal? Even having both, if you also had C and D? Are you possessing A, B, C, and D for A XOR B and C XOR D or so you have A XOR C? How could they prove which it is? Mathematically they could not. They'd have to use other means...
No, white noise is MUCH more pleasant to listen to!
Courts can look that up to. Heck, I'm a private citizen and I trace IP address to their owners all the time to complain about spam.
Use the EULA refund provision. If they want their EULA, then they need to play by the rules. Such as when you buy a game it doesn't contain a Trojan horse and certainly not require it to run.
What did the program say if you removed that file? Give an error? Anything admitting what it did?
You could try replacing the exe with a program which runs and does nothing. If you are really clueful, make a DLL wrapper that makes any IP calls to talk to remote IPs say successful, returning all requested bytes, but not actually communicate anything.