but in practice the cameras are set up to snap a picture of both your front license and your face. Since the state knows what you look like via your Drivers License, they can do a quick double check that the person driving the car looks like the person the car is registered to, and a ticket is on it's way to you in the mail. You could contest it, but you'll look like an ass in front of the judge when you do. Although in support of your point, I don't think Colorado at least charges points against your license for photo radar tickets. I believe it's purely a revenue enhancer.
I don't know how well it worked, but a guy I used to work with had his wife register his car, and visa versa. So if a photo radar ever snapped a picture, the driver of the car wouldn't even be the same sex as the registered owner. In theory, this should have kept either of them from getting tickets. Like I said, I don't know how well it worked. I don't think he made a habit of running red lights to try it out.
Unless of course you mean "Conservative" to mean "conservative". Yet somehow in our twisted society, the people who want to liberally consume as many resources as fast as pobssible with no thought towards saving any for the future are called "Conservative", and the people who think that maybe we should conserve natural resources and not trash the only planet we have are "Liberal". War is Peace after all. But I'm ranting again.
No, a corporation is most certainly not just a collection of individuals. It is a legal fiction whose existence is independant of any individuals who might work for it. One of the main purposes of a corporation is to divorce the individuals who work for the corporation from liability for the actions of the corporation. The flip side of this is that the rights of the corporation are also distinct from the rights of the individuals who work for the corporation.
Or perhaps you believe that the people who work for a corporation should be individually liable for the debts of the corporation? Or that employees should be held responsible for any criminal actions of the corporation (a notion that could have far-reaching consequences of Nike?)
The fact that a corporation is distinct from the people who work for it isn't some liberal propagana trick. It's the whole reason they exist in the first place! You should try addressing your own ignorance before decrying the beliefs of "the Left".
This was a bit of an expansion of what fair use is, since most of the time it referred to republishing, not personal copying.
That expansion corresponding to an expansion in copyright, which I believe originally only regulated publishing. Personal copies shouldn't have to be considered "fair use" because they shouldn't even be regulated by copyright law in the first place. Unfortunately, the original justification for copyright law is almost uselessly vague:
To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries
Who would like to know more about your buying habits? I'll tell you one person who would love to know what you buy at the grocery store. Your insurance provider. Let see... buys a lot of beer, better raise his auto insurance rates. Buys a lot of red meat and junk food. Better raise his health insurance rates. Buys cold medicine instead of going to the doctor, maybe we can lower his rates. Oops. Buying condoms. That's risky. Better raise his rates instead.
The grocery store itself probably couldn't care less about your buying habits. They aren't collecting the personal information for themselves. They are collecting it so they can sell it to other people who do care. And they are not giving you a discount. It's just offsetting other price increases. That's why I don't shop at the stores that do this. Some stores don't feel the need to overcharge people who care about their privacy, and those are the stores I shop at. In a capitalist society, your dollar is your vote. Vote wisely!
What I think would be really neat is a simple radio protocol for Bluetooth. That way, I could "share" whatever tunes I happen to be listening to on my MP3 player with the people around me. Other folks on the bus or whatever could "tune in" to see what I was listening to, or I could check out what other people are listening to. It wouldn't even have to include download capability, just a stream of whatever is going to my headphones.
Actually, your traffic never even makes it to I2 at all. The "Maxgigapop" or "Mid-Atlantic Crossroads" is a regional aggregation point for I2 members. Both your school (which is in DC) and UMD (in Maryland obviously) connect to the MAX, and the MAX has a link to I2. But in your case, the traffic never has to go all the way to I2. Which explains the crazy-low ping times. The packets basically never even leave town (which is why regional aggregation points are good.) Try a traceroute to some schools on the west coast, and you will see ping times which have some measurable delay in them (due largely to the speed of light).
No, it's not accessable at all from the outside. Thank god, I would have hated to reboot it just for a silly SNMP bug. All of our accessable gear is running newer code. Thanks for the heads up though!
Actually, I'll bet A.root doesn't have that great of an uptime. What's the chance it's gone three years without needing a hardware upgrade? With DNS being stateless, it would be pretty simple to have redundant servers so that any downtime would be invisible to the outside world. It is an interesting question though.
As long as we are swinging around our uptimes. True, this box doesn't do a whole lot, but still... Can anybody top this?;-)>
ls-1010>sh vers Cisco Internetwork Operating System Software IOS (tm) LS1010 WA3-7 Software (LS1010-WP-M), Version 11.2(15)WA3(7), RELEASE SOFTWARE (fc1) Copyright (c) 1986-1998 by cisco Systems, Inc. Compiled Mon 14-Dec-98 16:54 by integ Image text-base: 0x600108D0, data-base: 0x60448000
ROM: System Bootstrap, Version 201(1025), SOFTWARE ROM: PNNI Software (LS1010-WP-M), Version 11.2(5)WA3(2b), RELEASE SOFTWARE
ls-1010 uptime is 3 years, 6 weeks, 5 days, 23 hours, 56 minutes System restarted by reload at 07:54:52 MNT Sat Feb 27 1999 System image file is "slot0:ls1010-wp-mz.112-15.WA3.7", booted via slot0
cisco LS1010 (R4600) processor with 32768K bytes of memory. R4600 processor, Implementation 32, Revision 2.0 Last reset from power-on 1 Ethernet/IEEE 802.3 interface(s) 13 ATM network interface(s) 125K bytes of non-volatile configuration memory.
16384K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x102
Not at all. What Microsoft is doing is a direct attack on GPL software. Explicitly, and by name. As other posts clarify, their license wouldn't even cover the GPL if it wasn't listed by name.
It would be hypocrisy if the FSF included a phrase in the GPL which prohibited Microsoft and it's employees from using GPL software. Or if the GPL included a phrase prohibiting it's use on any machine running an operating system written by Microsoft. But the GPL doesn't do any of those things.
Truly only Microsoft could be so bold as to conduct such a blantant attack as part of it's "punishment" for being a convicted monopolist. First we hear that their new uniform OEM license includes compulsory patent licenses, now we find out that as part of "publishing" their protocols they explicitly attack Samba and GPL software. It's remarkable. Hopefully the judge is paying attention and will realize that M$'s abuses are not going to go away under the proposed settlement, but in fact are going to get worse. Much worse. I am absolutely astounded that they would dare to pull such crap off when the settlement hasn't even been approved yet.
The simple reality is that piracy just isn't that big of a threat. Look at the software industry. It's had to deal with "piracy" since day one. That's just the nature of the beast. If the easy copying and dissemenation of digital copyrighted material was really the deathknell of an industry, then there wouldn't even be a software industry! Why does Microsoft have so much money if digital piracy is such a threat?
The simple fact is that most people are happy to pay for things assuming that they are of sufficient quality and properly priced. The music industry is suffering because their online offerings suck and are simply not as useful as unencumbered MP3's, nor as comprehensive as P2P networks. CD sales suck because they are simply overpriced, and everyone knows it. I only buy used CD's now, because those are the only ones that have reasonable prices on them.
If the people who run the music industry would just realize that "piracy" isn't the problem, they might recognize that they all seemed to have failed "Capitalism 101". If you try to sell crappy products (ala legit online music distribution) or overpriced products (ala new CD's), your sales will suffer. New legislation is not necessary because the extent of the problem is that the music industry is unwilling to respond to market forces. Period.
Might I ask who made the decision at your company to open up the firewall to ssh? Did it occur to them to actually try and check the computers that were being made available to it? SSH is probably the easiest deamon in the world to verify. Just telnet to the ssh port on a computer and it tells you the version! It's trivial to automate the process. So I'm not so sure I would be so quick to accuse others of negligence if you just poked a hole in your firewall without bothering to check and see what you were exposing.
I'm wondering if this idea is even still valid. Assuming it ever was. From the article you linked up:
The location signature is virtually impossible to forge at the required accuracy. This is because the GPS observations at any given time are essentially unpredictable to high precision due to subtle satellite orbit perturbations, which are unknowable in real-time, and intentional signal instabilities (dithering) imposed by the U.S.
First off, the SA dithering has been turned off. Presumably that makes GPS signals much more predictable, and could easily trash this whole scheme. I also find it hard to believe that the orbital perturbations of satellites is especially random on the scale which would be measurable. Now that SA has been turned off, most of the remaining error in GPS is due to variations in the temperature and density of the atmosphere between the satellites and the receiver. Since these would often vary between the 'host' and the 'authentication server' that would create wiggle room for a malicious host to guess the right signal. I don't know if it would be possible for them to use the encrypted military signal to correct that error without having the ability to decrypt the military signal. That's an interesting problem.
The other major weakness I see is the whole idea that the signals are unknowable in real-time. Um, no. A malicious host can use a receiver to measure all the random variations exactly as the authentication server must. I just find it remarkable that anyone who appears to be as smart as Denning could expect this to work. The simple fact is that a malicious attacker will have access to all the same information that the authentication server will use to make it's decision. A hacker can measure the "error" factor in the GPS signal in the exact same manner as the authentication server. They know the equations which the authentication server will use to validate a signal. The transformations you might have to do to the received signal to change the location it represents are going to be simple linear transformations. The math behind GPS is pretty simple really.
Not to mention this little tidbit: Further, because a signature is invalid after five milliseconds, the attacker cannot spoof the location by replaying an intercepted signature. Well, that will work great for verifying people in the same building. But you're not going to verify telecommuting users who are dialing in, or using DSL, or travelling across the country. Hopefully someday we'll have a network which let's us do things reliably in less than 5ms, but don't hold your breath. Especially since you can only expect light to go about 1000km in fiber during that 5ms.
Well put. The BeOS filetypeing is far and away the most robust of any OS I've ever worked on. I've got an audio application I've written which leverages attributes as much as I can. One of the neat tricks I can do is that I save playlists as folders. A "playlist" folder contains links to either individual songs or entire folders. It can also contain "query" files which perform searches on the file attributes. I actually create normal folders in the Tracker, and then assign them to open up with my application instead of Tracker. So if you double-click the folder, it runs my app and loads the playlist. If you want to muck with it manually, right-click and open it with Tracker. I don't know of any other OS that gives me that much flexibility.
But wait--it gets even worse. Only a chump runs a cipher in electronic codebook mode. Usually, ciphers are run in a block-chaining mode, where every subsequent block gets XORed with the prior block. So if you have a one-bit error in your process, that will affect half the bits of the block... which then create errors in half the bits of the next block... which avalanche... which propagate their error forwards, on and on and on... etcetera.
Which is why everyone in the know realizes that chaining is pure folly. After a few passes, 100% of the output is in error, and you are looking at the inverted plaintext!
how about someone with a little money and time go out and get one of these copy protected CDs. Then do an analog sample with a nice quality headphone adapter cable into a reasonably standard sound card and then do some comparisons online (although, I'm not even sure if you could put samples up as fair use anymore!). Show them the futility of this first hand.
Why bother going thru all that trouble? I just used cdparanoia on my copy of More Fast And Furious. The errors were detected and corrected. The tracks all sound just fine. Well, except for the fact it's crappy music. That's the ultimate stupidity in all this: it doesn't even work! That and I was able to return the CD for a full refund.
The problem with biometrics as passwords is that they can still be obtained via other methods such as password sniffing and they can't be changed. So by themselves, they are even worse than regular passwords.
Let's look at the "obvious" method of using say fingerprints as passwords. A print scanner on your keyboard scans your print into some sort of unique id. When you want to log in to some service, the keyboard sends your username along with your print id in lieu of a regular password. The service checks your username and print in it's database and decides whether or not to grant access. The problem with this type of setup is that every service you use has the ability to impersonate you to every other service you use. Not a good idea at all. This is the same fundamental flaw credit cards have. Every vendor you do business with has the ability to impersonate you to every other vendor who accepts your type of credit card. Hence all the fraud. But at least with credit cards you can get a new number if someone starts abusing it.
Really, the only way to do authentication that doesn't suffer from this flaw is to ue a public-key based method. It's absolute insanity to start sending your fingerprint everywhere and using it as an ID. Absolutely the dumbest way of doing authentication online I can think of. Which is not to say that biometrics don't have their place at all. It can be used in very limited means inside of closed systems and provide a reasonable increase in security. I think where this will end up is that we will each have a small portable hardware device which can do secure public-key based authentication for us. A fingerprint can be used to authenticate us to our hardware token. Since the fingerprint never has to leave the token, it isn't nearly as vulnerable to being stolen. Imagine an ATM card which has a small number pad on it. You type the amount you want to withdraw into your ATM card which scans your prints as you type the amount in. Then, you insert the card into the ATM machine and the card securely authorizes a withdrawal in the amount you entered. This authorization protocol can be public and standardized without any loss of security. Your fingerprint never leaves the card so isn't vulnerable to theft.
Note that there are companies now selling the keyboard-style scanners. In my opinion, these are nothing but snake oil. From looking thru the descriptions of the available products, all of the ones I've found appear to be transmitting a fingerprint 'hash' to an authentication database. It's not hard to imagine software hacks which can record the fingerprint info as it comes in off the USB or parallel port and later replay that information to spoof users. While some hackers might still be guessing passwords, a lot are now using software to grab passwords either off the network or off the keyboard. Fingerprint scanners do nothing to prevent this type of hack except make it impossible to change the password after it's been stolen. So not only are you still vulnerable, your options for correcting the problem after the hack are drastically reduced.
Inside of a corporate environment where all hardware and software installations are tightly controlled, there might be some value. But it's not a general purpose authentication technique. Every terminal you use will gain the ability to impersonate you, and every server you log into will gain the ability to impersonate you. Which is the case now, but I don't use the same password for Slashdot that I use for my shell accounts. And I don't log into my shell accounts from computers I have no reason to trust (such as at a cyber cafe.) If everyone is using biometrics, then the services you trust least (like Slashdot say) has the information they need to impersonate you to the places you trust most (your bank, your shell accounts at work, etc.) When I say 'trust', I'm probably using the wrong word. What I mean is I don't really care very much if someone steals my Slashdot password. It's not a big deal. I do care of someone steals my work passwords, or online banking passwords. I would never use the same password both places which is exactly what biometrics force me to do.
The fact is that 802.11b channels are only 25MHz wide. And 802.11b equipment is quite capable of working with adjoining 'cells' butted right up against each other. Check out this table. The non-overlappig channels are 1,6 and 11. Total center-to-center separation? 50Mhz between channels 1 and 11 with room for a channel in between. If Sirius has a problem with 802.11b I'm going to hazard a guess it's because their receivers are crap. I'll bet that they are receiving part of the legitimate 802.11b signal.
I've actually run tests to see how well two access points work if you locate them close together (about 4 feet). You can see a writeup of all the tests I did here: Interference Tests. When I tried to run two laptops connected to two access points on channels 1 and 6, I found a little interference. Not much. Maybe a 20% drop in total thruput. Once I went to channels 1 and 7 (30MHz separation) the two access points operated with no detectable interference at all. The aggregate thruput was basically 2x the thruput of a single access point. (Note that the 209% and 212% results are because I was using laptop to ap traffic as the baseline, but the equipment I was using produced higher thruput in the ap to laptop direction)
While the interference at channels 1 and 6 technically shouldn't happen, no body in their right mind puts two access points four feet apart and tries to run them both at full bore. So the radios could be a little better. But even in this worst-case scenario, all interference disappeared at 30MHz separation. And Sirius is complaining about 55MHz separation? Almost twice the distance?
What Sirius is finding out is that the idea of transmitting from a satallite to a non-directional antenna is extremely hard. That's probably why the other sat radio company XM plans to spend ~$250,000,000 dollars building a system of terrestrial repeaters! It's hard to link to, but check out the 10-Q SEC filing on their web site if you don't belive me. I can't find it now, but another SEC filing in there goes into detail about the need for repeaters because they know their signal can't be reliably received inside a major metropolitan area.
If Sirius has burned thru $3 billion and still doesn't have a reliable system, well boo hoo. The only reliable sat-based communications I know of use directional dish antenna's. (Please don't use GPS as a comeback because it doesn't have to work in a lot of places that a car radio has to, and it carries almost no information in the signal.) Irridium tried it and failed. Sirius apparently can't get it to work, and I'm going to guess that they will soon be history. As for XM, well, I think they got it to work, but only by spending a fortune on repeaters so most of their customers probably aren't even using the satellites! I think XM is going to go down the tubes anyway since they probably need to get at least 1,000,000 paying customers this year to keep going.
So I think Sirius and XM are going to follow Irridium down the tubes. And life will go on. As every good capitalist knows, massive failures prove the resiliancy of our system. That's what's know as "The Enron Axiom".;-)
Newsweek is owned by The Washington Post Company, which has managed to stay relatively independant compared to say Time. They do own six TV stations, but don't appear to have any movie studio or record label affiliations. You can see the details at the Columbia Journalism Review
It doesn't seem to be a fluke, since this week they have an article bagging on the DMCA and specifically the Skylarov case. As a news company, perhaps they realize that the DMCA threatens their ability to easily quote material from digital sources. Who knows. It is nice to see at least some news outlets are willing to present the real story on things like the DMCA.
Slashdot Mirror
but in practice the cameras are set up to snap a picture of both your front license and your face. Since the state knows what you look like via your Drivers License, they can do a quick double check that the person driving the car looks like the person the car is registered to, and a ticket is on it's way to you in the mail. You could contest it, but you'll look like an ass in front of the judge when you do. Although in support of your point, I don't think Colorado at least charges points against your license for photo radar tickets. I believe it's purely a revenue enhancer.
I don't know how well it worked, but a guy I used to work with had his wife register his car, and visa versa. So if a photo radar ever snapped a picture, the driver of the car wouldn't even be the same sex as the registered owner. In theory, this should have kept either of them from getting tickets. Like I said, I don't know how well it worked. I don't think he made a habit of running red lights to try it out.
Unless of course you mean "Conservative" to mean "conservative". Yet somehow in our twisted society, the people who want to liberally consume as many resources as fast as pobssible with no thought towards saving any for the future are called "Conservative", and the people who think that maybe we should conserve natural resources and not trash the only planet we have are "Liberal". War is Peace after all. But I'm ranting again.
No, a corporation is most certainly not just a collection of individuals. It is a legal fiction whose existence is independant of any individuals who might work for it. One of the main purposes of a corporation is to divorce the individuals who work for the corporation from liability for the actions of the corporation. The flip side of this is that the rights of the corporation are also distinct from the rights of the individuals who work for the corporation.
Or perhaps you believe that the people who work for a corporation should be individually liable for the debts of the corporation? Or that employees should be held responsible for any criminal actions of the corporation (a notion that could have far-reaching consequences of Nike?)
The fact that a corporation is distinct from the people who work for it isn't some liberal propagana trick. It's the whole reason they exist in the first place! You should try addressing your own ignorance before decrying the beliefs of "the Left".
This was a bit of an expansion of what fair use is, since most of the time it referred to republishing, not personal copying.
That expansion corresponding to an expansion in copyright, which I believe originally only regulated publishing. Personal copies shouldn't have to be considered "fair use" because they shouldn't even be regulated by copyright law in the first place. Unfortunately, the original justification for copyright law is almost uselessly vague:
To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries
What exactly does exclusive right cover?
causing all sorts of issues, like incrased stress, depression, family problems, etc.
You obviously don't watch enough TV. If you did, you would have seen the ads for all the pretty little pills you can take to fix these problems.
Who would like to know more about your buying habits? I'll tell you one person who would love to know what you buy at the grocery store. Your insurance provider. Let see... buys a lot of beer, better raise his auto insurance rates. Buys a lot of red meat and junk food. Better raise his health insurance rates. Buys cold medicine instead of going to the doctor, maybe we can lower his rates. Oops. Buying condoms. That's risky. Better raise his rates instead.
The grocery store itself probably couldn't care less about your buying habits. They aren't collecting the personal information for themselves. They are collecting it so they can sell it to other people who do care. And they are not giving you a discount. It's just offsetting other price increases. That's why I don't shop at the stores that do this. Some stores don't feel the need to overcharge people who care about their privacy, and those are the stores I shop at. In a capitalist society, your dollar is your vote. Vote wisely!
What I think would be really neat is a simple radio protocol for Bluetooth. That way, I could "share" whatever tunes I happen to be listening to on my MP3 player with the people around me. Other folks on the bus or whatever could "tune in" to see what I was listening to, or I could check out what other people are listening to. It wouldn't even have to include download capability, just a stream of whatever is going to my headphones.
Actually, your traffic never even makes it to I2 at all. The "Maxgigapop" or "Mid-Atlantic Crossroads" is a regional aggregation point for I2 members. Both your school (which is in DC) and UMD (in Maryland obviously) connect to the MAX, and the MAX has a link to I2. But in your case, the traffic never has to go all the way to I2. Which explains the crazy-low ping times. The packets basically never even leave town (which is why regional aggregation points are good.) Try a traceroute to some schools on the west coast, and you will see ping times which have some measurable delay in them (due largely to the speed of light).
That's "Chairman Gates". And don't you forget it lest ye be sent off for re-education!!!
No, it's not accessable at all from the outside. Thank god, I would have hated to reboot it just for a silly SNMP bug. All of our accessable gear is running newer code. Thanks for the heads up though!
Actually, I'll bet A.root doesn't have that great of an uptime. What's the chance it's gone three years without needing a hardware upgrade? With DNS being stateless, it would be pretty simple to have redundant servers so that any downtime would be invisible to the outside world. It is an interesting question though.
As long as we are swinging around our uptimes. True, this box doesn't do a whole lot, but still... Can anybody top this? ;-)>
ls-1010>sh vers
Cisco Internetwork Operating System Software
IOS (tm) LS1010 WA3-7 Software (LS1010-WP-M), Version 11.2(15)WA3(7), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1998 by cisco Systems, Inc.
Compiled Mon 14-Dec-98 16:54 by integ
Image text-base: 0x600108D0, data-base: 0x60448000
ROM: System Bootstrap, Version 201(1025), SOFTWARE
ROM: PNNI Software (LS1010-WP-M), Version 11.2(5)WA3(2b), RELEASE SOFTWARE
ls-1010 uptime is 3 years, 6 weeks, 5 days, 23 hours, 56 minutes
System restarted by reload at 07:54:52 MNT Sat Feb 27 1999
System image file is "slot0:ls1010-wp-mz.112-15.WA3.7", booted via slot0
cisco LS1010 (R4600) processor with 32768K bytes of memory.
R4600 processor, Implementation 32, Revision 2.0
Last reset from power-on
1 Ethernet/IEEE 802.3 interface(s)
13 ATM network interface(s)
125K bytes of non-volatile configuration memory.
16384K bytes of Flash PCMCIA card at slot 0 (Sector size 128K).
8192K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x102
ls-1010>
Could you post a summary? That must be about the fastest /.-ing I've seen. What'd that take, about 5 minutes?
And the meetings will continue until he discovers why no work is getting done!
.sig. He rarely shows up for a meeting without invoking this humorous tagline. :-P
There's a guy I work with, and that should be his
Do I smell hypocrisy?
Not at all. What Microsoft is doing is a direct attack on GPL software. Explicitly, and by name. As other posts clarify, their license wouldn't even cover the GPL if it wasn't listed by name.
It would be hypocrisy if the FSF included a phrase in the GPL which prohibited Microsoft and it's employees from using GPL software. Or if the GPL included a phrase prohibiting it's use on any machine running an operating system written by Microsoft. But the GPL doesn't do any of those things.
Truly only Microsoft could be so bold as to conduct such a blantant attack as part of it's "punishment" for being a convicted monopolist. First we hear that their new uniform OEM license includes compulsory patent licenses, now we find out that as part of "publishing" their protocols they explicitly attack Samba and GPL software. It's remarkable. Hopefully the judge is paying attention and will realize that M$'s abuses are not going to go away under the proposed settlement, but in fact are going to get worse. Much worse. I am absolutely astounded that they would dare to pull such crap off when the settlement hasn't even been approved yet.
The simple reality is that piracy just isn't that big of a threat. Look at the software industry. It's had to deal with "piracy" since day one. That's just the nature of the beast. If the easy copying and dissemenation of digital copyrighted material was really the deathknell of an industry, then there wouldn't even be a software industry! Why does Microsoft have so much money if digital piracy is such a threat?
The simple fact is that most people are happy to pay for things assuming that they are of sufficient quality and properly priced. The music industry is suffering because their online offerings suck and are simply not as useful as unencumbered MP3's, nor as comprehensive as P2P networks. CD sales suck because they are simply overpriced, and everyone knows it. I only buy used CD's now, because those are the only ones that have reasonable prices on them.
If the people who run the music industry would just realize that "piracy" isn't the problem, they might recognize that they all seemed to have failed "Capitalism 101". If you try to sell crappy products (ala legit online music distribution) or overpriced products (ala new CD's), your sales will suffer. New legislation is not necessary because the extent of the problem is that the music industry is unwilling to respond to market forces. Period.
or are you rationalizing your negligence?
Might I ask who made the decision at your company to open up the firewall to ssh? Did it occur to them to actually try and check the computers that were being made available to it? SSH is probably the easiest deamon in the world to verify. Just telnet to the ssh port on a computer and it tells you the version! It's trivial to automate the process. So I'm not so sure I would be so quick to accuse others of negligence if you just poked a hole in your firewall without bothering to check and see what you were exposing.
I'm wondering if this idea is even still valid. Assuming it ever was. From the article you linked up:
The location signature is virtually impossible to forge at the required accuracy. This is because the GPS observations at any given time are essentially unpredictable to high precision due to subtle satellite orbit perturbations, which are unknowable in real-time, and intentional signal instabilities (dithering) imposed by the U.S.
First off, the SA dithering has been turned off. Presumably that makes GPS signals much more predictable, and could easily trash this whole scheme. I also find it hard to believe that the orbital perturbations of satellites is especially random on the scale which would be measurable. Now that SA has been turned off, most of the remaining error in GPS is due to variations in the temperature and density of the atmosphere between the satellites and the receiver. Since these would often vary between the 'host' and the 'authentication server' that would create wiggle room for a malicious host to guess the right signal. I don't know if it would be possible for them to use the encrypted military signal to correct that error without having the ability to decrypt the military signal. That's an interesting problem.
The other major weakness I see is the whole idea that the signals are unknowable in real-time. Um, no. A malicious host can use a receiver to measure all the random variations exactly as the authentication server must. I just find it remarkable that anyone who appears to be as smart as Denning could expect this to work. The simple fact is that a malicious attacker will have access to all the same information that the authentication server will use to make it's decision. A hacker can measure the "error" factor in the GPS signal in the exact same manner as the authentication server. They know the equations which the authentication server will use to validate a signal. The transformations you might have to do to the received signal to change the location it represents are going to be simple linear transformations. The math behind GPS is pretty simple really.
Not to mention this little tidbit: Further, because a signature is invalid after five milliseconds, the attacker cannot spoof the location by replaying an intercepted signature. Well, that will work great for verifying people in the same building. But you're not going to verify telecommuting users who are dialing in, or using DSL, or travelling across the country. Hopefully someday we'll have a network which let's us do things reliably in less than 5ms, but don't hold your breath. Especially since you can only expect light to go about 1000km in fiber during that 5ms.
Well put. The BeOS filetypeing is far and away the most robust of any OS I've ever worked on. I've got an audio application I've written which leverages attributes as much as I can. One of the neat tricks I can do is that I save playlists as folders. A "playlist" folder contains links to either individual songs or entire folders. It can also contain "query" files which perform searches on the file attributes. I actually create normal folders in the Tracker, and then assign them to open up with my application instead of Tracker. So if you double-click the folder, it runs my app and loads the playlist. If you want to muck with it manually, right-click and open it with Tracker. I don't know of any other OS that gives me that much flexibility.
But wait--it gets even worse. Only a chump runs a cipher in electronic codebook mode. Usually, ciphers are run in a block-chaining mode, where every subsequent block gets XORed with the prior block. So if you have a one-bit error in your process, that will affect half the bits of the block... which then create errors in half the bits of the next block... which avalanche... which propagate their error forwards, on and on and on... etcetera.
Which is why everyone in the know realizes that chaining is pure folly. After a few passes, 100% of the output is in error, and you are looking at the inverted plaintext!
;-)
It ties you to an inflexible system.
I know you are but what am I?
It requires you to pay for expensive experts.
I know you are but what am I?
It makes you struggle daily with a server environment that's more complex than ever
I know you are but what am I?
how about someone with a little money and time go out and get one of these copy protected CDs. Then do an analog sample with a nice quality headphone adapter cable into a reasonably standard sound card and then do some comparisons online (although, I'm not even sure if you could put samples up as fair use anymore!). Show them the futility of this first hand.
Why bother going thru all that trouble? I just used cdparanoia on my copy of More Fast And Furious. The errors were detected and corrected. The tracks all sound just fine. Well, except for the fact it's crappy music. That's the ultimate stupidity in all this: it doesn't even work! That and I was able to return the CD for a full refund.
The problem with biometrics as passwords is that they can still be obtained via other methods such as password sniffing and they can't be changed. So by themselves, they are even worse than regular passwords.
Let's look at the "obvious" method of using say fingerprints as passwords. A print scanner on your keyboard scans your print into some sort of unique id. When you want to log in to some service, the keyboard sends your username along with your print id in lieu of a regular password. The service checks your username and print in it's database and decides whether or not to grant access. The problem with this type of setup is that every service you use has the ability to impersonate you to every other service you use. Not a good idea at all. This is the same fundamental flaw credit cards have. Every vendor you do business with has the ability to impersonate you to every other vendor who accepts your type of credit card. Hence all the fraud. But at least with credit cards you can get a new number if someone starts abusing it.
Really, the only way to do authentication that doesn't suffer from this flaw is to ue a public-key based method. It's absolute insanity to start sending your fingerprint everywhere and using it as an ID. Absolutely the dumbest way of doing authentication online I can think of. Which is not to say that biometrics don't have their place at all. It can be used in very limited means inside of closed systems and provide a reasonable increase in security. I think where this will end up is that we will each have a small portable hardware device which can do secure public-key based authentication for us. A fingerprint can be used to authenticate us to our hardware token. Since the fingerprint never has to leave the token, it isn't nearly as vulnerable to being stolen. Imagine an ATM card which has a small number pad on it. You type the amount you want to withdraw into your ATM card which scans your prints as you type the amount in. Then, you insert the card into the ATM machine and the card securely authorizes a withdrawal in the amount you entered. This authorization protocol can be public and standardized without any loss of security. Your fingerprint never leaves the card so isn't vulnerable to theft.
Note that there are companies now selling the keyboard-style scanners. In my opinion, these are nothing but snake oil. From looking thru the descriptions of the available products, all of the ones I've found appear to be transmitting a fingerprint 'hash' to an authentication database. It's not hard to imagine software hacks which can record the fingerprint info as it comes in off the USB or parallel port and later replay that information to spoof users. While some hackers might still be guessing passwords, a lot are now using software to grab passwords either off the network or off the keyboard. Fingerprint scanners do nothing to prevent this type of hack except make it impossible to change the password after it's been stolen. So not only are you still vulnerable, your options for correcting the problem after the hack are drastically reduced.
Inside of a corporate environment where all hardware and software installations are tightly controlled, there might be some value. But it's not a general purpose authentication technique. Every terminal you use will gain the ability to impersonate you, and every server you log into will gain the ability to impersonate you. Which is the case now, but I don't use the same password for Slashdot that I use for my shell accounts. And I don't log into my shell accounts from computers I have no reason to trust (such as at a cyber cafe.) If everyone is using biometrics, then the services you trust least (like Slashdot say) has the information they need to impersonate you to the places you trust most (your bank, your shell accounts at work, etc.) When I say 'trust', I'm probably using the wrong word. What I mean is I don't really care very much if someone steals my Slashdot password. It's not a big deal. I do care of someone steals my work passwords, or online banking passwords. I would never use the same password both places which is exactly what biometrics force me to do.
The fact is that 802.11b channels are only 25MHz wide. And 802.11b equipment is quite capable of working with adjoining 'cells' butted right up against each other. Check out this table. The non-overlappig channels are 1,6 and 11. Total center-to-center separation? 50Mhz between channels 1 and 11 with room for a channel in between. If Sirius has a problem with 802.11b I'm going to hazard a guess it's because their receivers are crap. I'll bet that they are receiving part of the legitimate 802.11b signal.
;-)
I've actually run tests to see how well two access points work if you locate them close together (about 4 feet). You can see a writeup of all the tests I did here: Interference Tests. When I tried to run two laptops connected to two access points on channels 1 and 6, I found a little interference. Not much. Maybe a 20% drop in total thruput. Once I went to channels 1 and 7 (30MHz separation) the two access points operated with no detectable interference at all. The aggregate thruput was basically 2x the thruput of a single access point. (Note that the 209% and 212% results are because I was using laptop to ap traffic as the baseline, but the equipment I was using produced higher thruput in the ap to laptop direction)
While the interference at channels 1 and 6 technically shouldn't happen, no body in their right mind puts two access points four feet apart and tries to run them both at full bore. So the radios could be a little better. But even in this worst-case scenario, all interference disappeared at 30MHz separation. And Sirius is complaining about 55MHz separation? Almost twice the distance?
What Sirius is finding out is that the idea of transmitting from a satallite to a non-directional antenna is extremely hard. That's probably why the other sat radio company XM plans to spend ~$250,000,000 dollars building a system of terrestrial repeaters! It's hard to link to, but check out the 10-Q SEC filing on their web site if you don't belive me. I can't find it now, but another SEC filing in there goes into detail about the need for repeaters because they know their signal can't be reliably received inside a major metropolitan area.
If Sirius has burned thru $3 billion and still doesn't have a reliable system, well boo hoo. The only reliable sat-based communications I know of use directional dish antenna's. (Please don't use GPS as a comeback because it doesn't have to work in a lot of places that a car radio has to, and it carries almost no information in the signal.) Irridium tried it and failed. Sirius apparently can't get it to work, and I'm going to guess that they will soon be history. As for XM, well, I think they got it to work, but only by spending a fortune on repeaters so most of their customers probably aren't even using the satellites! I think XM is going to go down the tubes anyway since they probably need to get at least 1,000,000 paying customers this year to keep going.
So I think Sirius and XM are going to follow Irridium down the tubes. And life will go on. As every good capitalist knows, massive failures prove the resiliancy of our system. That's what's know as "The Enron Axiom".
Newsweek is owned by The Washington Post Company, which has managed to stay relatively independant compared to say Time. They do own six TV stations, but don't appear to have any movie studio or record label affiliations. You can see the details at the Columbia Journalism Review
It doesn't seem to be a fluke, since this week they have an article bagging on the DMCA and specifically the Skylarov case. As a news company, perhaps they realize that the DMCA threatens their ability to easily quote material from digital sources. Who knows. It is nice to see at least some news outlets are willing to present the real story on things like the DMCA.