Hey, I think I take offense to that. I use Visual Studio to develop C++ code, I run Vista on my new home box and have... well, ok, a few problems, but still, it's Vista. And I don't have a Zune. You take that back!
I've been doing that for years on my SanDisk MP3 player: downloading the.FLV videos from YouTube and converting them to SanDisk compatible videos. So now you can't do that on the Zune? No, I think the summary is misleading and people are misinterpreting it. Nowhere did they say "uncopyrighted videos will be squelched." They're saying they'll find a way to squelch copyrighted videos. That might mean some hidden content, watermark, or digital signature would be used to identify copyrighted media.
My guess is they'll troll through YouTube and BitTorrent looking for copyrighted stuff, taking a hash of it, and comparing stuff you download against the list of copyrighted hashes.
Of course, the obvious next answer will be a format-ripping program that performs some random permutations to the media, preventing any two copies from having the same signature...
A senator quoting "reliable but confidential" sources on the internet? It's most likely from his pal, the Nigerian Prince, and also that nice wife of Mbutu Seke-seke. I've gotten reliable but confidential email from them, too, but they asked me not to talk to anyone about it.
Your code probably would not have run in 1964. I'm not aware of any machines of the time that supported lower case, and many character sets back then didn't have square brackets, either. For that matter, one of the BASIC platforms I used way back when used apostrophes to mark string literals instead of quotation marks, so you'd have had to write the line as
10 PRINT '[USER''S NAME]'
Of course, if you really wanted it to print the user's actual name, you'd have had to INPUT the data into a variable (probably a single letter suffixed with a dollar sign).
Imprisoned suspects don't have the right to free communications, and especially not encrypted communications. The only privacy they're assured of (in the United States) is if it's a letter going to an attorney; but how is the warden to know for sure that huey.dewey@dewey-cheatham-and-howe.com is really the public key belonging to a licensed attorney, and not the aliased public key of Emmanuel Goldstein or Osama bin Laden?
Even if they knew this for sure, the jailer is under no obligation to provide access to PGP or even a computer, and he would likely be an idiot if he did provide PGP to the inmates.
If you're innocent, yes, by all means, shut the hell up. But if you're actually guilty, please feel free to talk all you want. Lie to the cops, tell them things that contradict other easily proven things, make stuff up, blame other people.
I have no particular interest in offering guilty people a defense for what they've done. If you've intentionally murdered someone, please go to jail and get the hell out of our society.
No kidding! When they first came out I despised the "new" pinball machines that had 7-segment displays for the counters. The mechanical reels that audibly ticked off your score were so freakin' cool, and the digital displays and tinny beepers just seemed like a horrible replacement. After a while, of course, we got used to them, but they never held the same special cache of the electro-mechanical machines of the past.
Once you play a table for a while, you learn its sweet spots, and its dead zones. Get to know a game and you stop shooting at the big target in the middle because you know it's a trap. Then, when you learn how to raise the middle post (or whatever the magic trick is) you wait until it's safe, then you can pound the heck out of that center target, ratcheting up the bonus multiplier, or unlocking multi-ball, or whatever the cool feature of the game is.
And one of the difficulties of those games is the unreliability of hardware. Sometimes the damn bumper switches just don't fire, leaving your ball rolling lifelessly toward the drain. It happens.
I was at a talk by Bjarne Stoustrup last month, and he was talking about some of the features that are being added to C++0x. We had to laugh when he said he hoped the standards committee would finish it this decade, because he'd hate for the name to have to go into hexadecimal.
...Lorenzo/When I was a kid, we had electricity, but the wires weren't full then; they didn't sag as they do nowadays. Are you aware that sag actually is the limiting factor to power carrying capacity on high tension lines? The more current they carry, the higher their temperature, the higher temperature expands the metals making the wires get longer, and they hang lower. Maintaining safe clearances between the wires and the ground determines the power capacity. And with today's greater demands on our near-capacity electric distribution infrastructure, the power companies are pushing as much current as they can through every wire available.
So Lorenzo is absolutely right: the wires are now full, and they sag lower nowadays as a result.
This is Microsoft's way of demonstrating once and for all that you don't "own" the software you purchase. I hope this doesn't catch on and become the primary distribution model.
Why do you think Microsoft has been pushing so hard for.Net and the Trusted Platform Module? By providing locked down consumer hardware that refuses to run without a valid subscription authorizing token, they can actually use that to enforce their licensing model.
They can also use it to ensure that Office is run only in.Net 3.5 (or whatever), and never in Mono.
TPM may offer some security benefits to businesses who wish to control access to their company-owned equipment, but it will never offer positive value to home consumers.
Yes, gather evidence, but DO NOT publish it. Be very careful who you tell. If you do publish it they will hunt for whoever leaked it; if they find you at the end of the trail, you will be fired and likely blackballed in your city. (That's the thing about pissing off security people; they know exactly how the system works and will skirt the labor laws to put someone in a world of hurt.) It won't matter if it made their security better, or if someone gets an award for fixing it, or if your stock doubles because of your shiny new security model, if you hurt their image they'll put you down like a dog.
Check around, maybe your company already has a CISSP on staff you could talk to. If not, as a large company you likely have an Info Security officer or manager, or perhaps a Loss Prevention or Asset Management department. Or perhaps you have someone in the networking area responsible for security (firewall installers, Active Directory admins, etc.) Corner the person in charge, and start asking him pointed questions, like "Did you see the news about company Y, who got hacked by exploiting this same vulnerability we've got?" "Have you done a risk analysis?" "What would you do if X happened?" "Do we have an incident response plan?"
Or maybe you take credit cards, and have a PCI auditor running around. It's their job to care about security holes. Get your findings to them.
Just saying "OMG, we're using WEP!" or "look, someone keeps pulling these XSS attacks on us, I told you so!" isn't likely to be earth shatteringly bad news; trust me, it's pretty much just irritating to those who politely listen to you whine. But offering constructive organizational advice might let these people know that you're not stupid, and that you really could help them improve their security.
If you're considering a career change into the security field, a positive attitude towards fixing the systemic problems (big picture, not just the one set of things you're looking at) might get you somewhere.
Because it's much easier to sit on Slashdot and make up bullshit and lies about Microsoft because it's trendy to hate them. Oh, it's not trendy. We've always hated them.
And my point is that it is neither simple nor easy to come up with a TRUSTWORTHY electronic voting system. As a matter of fact, it is not possible. The only secure system that actually works and that human beings in the voting booths can understand is one based on simple tokens -- names and marks on paper stuffed into a box, or clay coins dropped into a jar. Electronics have no role in these systems.
Computer bits are themselves invisible, and can only be ordered about by invisible processors running invisible programs. Computers absolutely require their users to trust them. But how do you know which bits you can trust? Can the BIOS be verified? The OS? The application? The hard drives? The network cards? The video drivers? And can you verify it on this election computer, and that computer, and the one next to it? And can you verify it at the start of the election, and the end, and for each vote in between? And if you can't verify each and every bit in each and every system every single time, who can? It is not possible or even wise to place that kind of trust in a computer.
The problem is not one of technology but of trust. An election is invalid if the results are untrustworthy. And to demonstrate just how bad that is look at Kenya, one of the few reasonably peaceful countries in Africa where a thousand people just died due to fighting over suspected election fraud. It almost rises to the level of religious faith -- you have to be able to believe in the results, and in the process leading to the results. Computers take that away from the humans, and place it in the hands of a few incompetent engineers from Diebold and Sequoia, and in the hands of hackers smart enough to walk past their pathetic security.
Sure, you can use electronics to print the tokens. You can use electronics to count the tokens. You can use electronics to send the count to party headquarters. You can even use electronics to broadcast the results to the public. But as long as the votes themselves are physical, tangible, unchanging, easily understood artifacts that can be counted and recounted until all sides are satisfied that the will of the people was properly expressed, none of the electronics matter. The tokens remain as the source of truth.
We don't need electronics. They speed up the count for the talking heads on CNN, but that's absolutely not a requirement for a fair election. (Have you ever wondered why the election is held in November, but the president isn't inaugurated until January? It's to give the electors from the distant states time to arrive in the Capitol.) Sacrificing democracy just to make the 10PM news is a shitty investment, although one that too many people seem to be willing to make.
Hey, I think I take offense to that. I use Visual Studio to develop C++ code, I run Vista on my new home box and have ... well, ok, a few problems, but still, it's Vista. And I don't have a Zune. You take that back!
My guess is they'll troll through YouTube and BitTorrent looking for copyrighted stuff, taking a hash of it, and comparing stuff you download against the list of copyrighted hashes.
Of course, the obvious next answer will be a format-ripping program that performs some random permutations to the media, preventing any two copies from having the same signature...
A senator quoting "reliable but confidential" sources on the internet? It's most likely from his pal, the Nigerian Prince, and also that nice wife of Mbutu Seke-seke. I've gotten reliable but confidential email from them, too, but they asked me not to talk to anyone about it.
Agreed. Even the old Visual Basic 6.0 users refer to VB.NET as "Visual Fred", because it bears almost no resemblance to Visual Basic.
Your code probably would not have run in 1964. I'm not aware of any machines of the time that supported lower case, and many character sets back then didn't have square brackets, either. For that matter, one of the BASIC platforms I used way back when used apostrophes to mark string literals instead of quotation marks, so you'd have had to write the line as
10 PRINT '[USER''S NAME]'
Of course, if you really wanted it to print the user's actual name, you'd have had to INPUT the data into a variable (probably a single letter suffixed with a dollar sign).
Ish. I still remember this crud.
Even if they knew this for sure, the jailer is under no obligation to provide access to PGP or even a computer, and he would likely be an idiot if he did provide PGP to the inmates.
I have no particular interest in offering guilty people a defense for what they've done. If you've intentionally murdered someone, please go to jail and get the hell out of our society.
"Can't hear. Louder!"
Master-Blaster runs RIAA's Settlement Information Center.
"Still can't hear. Say louder!"
MASTER-BLASTER RUNS RIAA'S SETTLEMENT INFORMATION CENTER!!
"Embargo off."
Somehow the mental image of toiling amongst pig manure to make money for the RIAA just seems incredibly apropos.
This case should be pretty simple to solve. Just track down whoever buys a 9-track tape reader off eBay in the next month and nail him to the wall.
No kidding! When they first came out I despised the "new" pinball machines that had 7-segment displays for the counters. The mechanical reels that audibly ticked off your score were so freakin' cool, and the digital displays and tinny beepers just seemed like a horrible replacement. After a while, of course, we got used to them, but they never held the same special cache of the electro-mechanical machines of the past.
And one of the difficulties of those games is the unreliability of hardware. Sometimes the damn bumper switches just don't fire, leaving your ball rolling lifelessly toward the drain. It happens.
I was at a talk by Bjarne Stoustrup last month, and he was talking about some of the features that are being added to C++0x. We had to laugh when he said he hoped the standards committee would finish it this decade, because he'd hate for the name to have to go into hexadecimal.
I suppose in English that equals, what, about 2.1 Ron Jeremies?
...Lorenzo/When I was a kid, we had electricity, but the wires weren't full then; they didn't sag as they do nowadays. Are you aware that sag actually is the limiting factor to power carrying capacity on high tension lines? The more current they carry, the higher their temperature, the higher temperature expands the metals making the wires get longer, and they hang lower. Maintaining safe clearances between the wires and the ground determines the power capacity. And with today's greater demands on our near-capacity electric distribution infrastructure, the power companies are pushing as much current as they can through every wire available.So Lorenzo is absolutely right: the wires are now full, and they sag lower nowadays as a result.
Why do you think Microsoft has been pushing so hard for .Net and the Trusted Platform Module? By providing locked down consumer hardware that refuses to run without a valid subscription authorizing token, they can actually use that to enforce their licensing model.
They can also use it to ensure that Office is run only in .Net 3.5 (or whatever), and never in Mono.
TPM may offer some security benefits to businesses who wish to control access to their company-owned equipment, but it will never offer positive value to home consumers.
Dear god in heaven, please let it be so!
Sure, these guys are somewhat clever, but they're not the real geniuses behind the technology.
And yes, the researchers did a great job, too. It's not easy picking unknown protocols apart!
Check around, maybe your company already has a CISSP on staff you could talk to. If not, as a large company you likely have an Info Security officer or manager, or perhaps a Loss Prevention or Asset Management department. Or perhaps you have someone in the networking area responsible for security (firewall installers, Active Directory admins, etc.) Corner the person in charge, and start asking him pointed questions, like "Did you see the news about company Y, who got hacked by exploiting this same vulnerability we've got?" "Have you done a risk analysis?" "What would you do if X happened?" "Do we have an incident response plan?"
Or maybe you take credit cards, and have a PCI auditor running around. It's their job to care about security holes. Get your findings to them.
Just saying "OMG, we're using WEP!" or "look, someone keeps pulling these XSS attacks on us, I told you so!" isn't likely to be earth shatteringly bad news; trust me, it's pretty much just irritating to those who politely listen to you whine. But offering constructive organizational advice might let these people know that you're not stupid, and that you really could help them improve their security.
If you're considering a career change into the security field, a positive attitude towards fixing the systemic problems (big picture, not just the one set of things you're looking at) might get you somewhere.
Over Soviet Russia, construction plant orbits YOU!
But what do I know? I'm no rocket scientist.
But then I suppose some math genius is going to come along and claim we should be counting bogipigips because bogogips is just a marketing term.
Computer bits are themselves invisible, and can only be ordered about by invisible processors running invisible programs. Computers absolutely require their users to trust them. But how do you know which bits you can trust? Can the BIOS be verified? The OS? The application? The hard drives? The network cards? The video drivers? And can you verify it on this election computer, and that computer, and the one next to it? And can you verify it at the start of the election, and the end, and for each vote in between? And if you can't verify each and every bit in each and every system every single time, who can? It is not possible or even wise to place that kind of trust in a computer.
The problem is not one of technology but of trust. An election is invalid if the results are untrustworthy. And to demonstrate just how bad that is look at Kenya, one of the few reasonably peaceful countries in Africa where a thousand people just died due to fighting over suspected election fraud. It almost rises to the level of religious faith -- you have to be able to believe in the results, and in the process leading to the results. Computers take that away from the humans, and place it in the hands of a few incompetent engineers from Diebold and Sequoia, and in the hands of hackers smart enough to walk past their pathetic security.
Sure, you can use electronics to print the tokens. You can use electronics to count the tokens. You can use electronics to send the count to party headquarters. You can even use electronics to broadcast the results to the public. But as long as the votes themselves are physical, tangible, unchanging, easily understood artifacts that can be counted and recounted until all sides are satisfied that the will of the people was properly expressed, none of the electronics matter. The tokens remain as the source of truth.
We don't need electronics. They speed up the count for the talking heads on CNN, but that's absolutely not a requirement for a fair election. (Have you ever wondered why the election is held in November, but the president isn't inaugurated until January? It's to give the electors from the distant states time to arrive in the Capitol.) Sacrificing democracy just to make the 10PM news is a shitty investment, although one that too many people seem to be willing to make.