The big problem is that a human would not see that the barcode had been tampered with.
Let's say that I could modify the barcode on a genuine note with bleach and colored ink. So, I take a 5 Euro note, and modify the barcode to read 50 Euros. The cashier maybe isn't paying attention, so she lets the cash register's money scanner tell her that I gave her 50 Euros, and out pops 45 genuine Euros in change. (Well, 5 genuine and 4 forged 10 Euro notes, but that's not important right now.)
Yes, it's a problem with UPC barcodes on retail merchandise today. Cashiers operate in a heads-down mode, scanning merchandise and letting the beep of the scanner know that the merchandise was scanned. But do they see that the register says "Candy bar, $.59" even though they're holding a TV set? No. So, as a retailer, I wouldn't want to trust barcodes on money without some other backup system.
Every business model requires income, otherwise it's simply a charity by another name. And the software we're all talking about here is most emphatically not for sale.
I know I'm going to get flamed for saying this, but there really is no economic reason for the success of any Open Source venture. There is no business model that will derive financial income from a product that cannot be sold. The true "success" comes from all people benefiting from the efforts of the few authors. Those authors benefit, too, of course, but only in the same "free (beer)" sense. Why should any give-away scheme (especially one as strongly held as the GPL) be able to make money?
Sure, Cygwin, RedHat, et al, have been making a go of it selling the side-stuff (support, servers, etc.) that some people want. And the GPL very explicitly permits charging for the physical distribution of the code. I think we may see companies such as these moving into the "selling distribution" model. And that's not evil, it's just the reality that this article mentions.
But then what are people willing to pay for a distro server? I just freshened some Cygwin stuff on my box here, and they gave me a list of servers to try. It did take a couple of tries to find a site willing to serve this stuff up. I can't say as I'd want the entire customer base of Cygwin knocking at my ports looking for 20MB each, either.
So, donations seem to be about the only way to make things run until someone sets up a paid-for-distro company. And even a distro company will have to "compete" with anyone offering to serve it up for free!
The infamous "50 euro note going up in smoke" video was proved to be a faked demo, put together by Intel and a group dedicated to keep the British pound from joining the euro.
Further testing by AMD showed that overclocking a 50 euro note to 100 euros and then removing the 1 euro coin (acting as the heat sink) would simply cause the 50 euro note to fail to respond, but it was not permanently damaged.
Meanwhile, a group from Norway has announced a Linux port to the 500 euro note. Slashdot trolls have announced they can not afford to make beowulf clusters of these notes.
L33t h4x0rs may claim in court "See, most companies don't care. It's just a web page!" But if a company should choose to care, they can now make a lot of legal hassles for the skript kiddie in question.
So, be warned: depending on who you hack, you might get away with it, but you might not.
I was ready to fork out major bucks for a Handspring Visorphone, but then I got a PSC scanner Springboard for my Visor. It was only 1.3 oz, but the Visor simply became too heavy to carry comfortably in my shirt pocket. With the Visorphone module it also then becomes too big. (And I have never, ever cared for earphones.)
A friend has a Kyocera Palm/phone thing. Again, it looks really cool. But as a Palm, it's too small. And as a phone, it's really large.
And another friend has the Qualcomm PDQ phone/Palm. As a brick, it's about the right shape and size, but as a piece of consumer electronics, it shouldn't have to come with its own two-wheeled cart.
I have sadly come to the realization that any audio device is going to be unwieldly if it includes an adequate GUI. And vice versa. So, I personally have given up on the Holy Grail of the One True PDA. What I would like to see, though, is how the promise of a Bluetooth phone and a Bluetooth PDA work together. (So far, all I've seen are promises.) But I think if anything is going to make it, it'll be ultra short range communications between two separate devices, each optimized for its own interface.
But is the world a better place because of Outlook? The answer was "no" when we saw HTML in email, and it's still "no" because of HTML in email. Nothing's changed, it's gotten worse as they have continually moved to support MORE crap in the client.
"Now with preview panes!"
"Now with ActiveX!"
"Now with Javascript!"
"Now with new and improved viral worm installation and propagation macros!*"
(*OK, so they didn't actually market this last point.)
All he says is that they're working on "meeting a threat". A threat that exists solely because they chose to install unneeded, unwanted, and ultimately insecure extensions to email. They chose to do so with plenty of forewarning that adding any automatic processing to email would create a viral breeding ground where none existed before. And that they did so simply to offer a free email reader to cut market share from competing email manufacturers just adds antitrust icing to the cake.
Yeah, I'm screaming. I'm screaming because I'm still pissed off. 8 years of this crap and it's only gotten worse.
Q: But that kind of begs the question, because it wasn't completely unthinkable, like someone flying a plane into a building. At the time when all these features were being rolled out, programmers online were screaming left and right that this was inevitably going to result in these massive incidents, and, sure enough, they did.
A: If you look at the development process, and how long it takes to develop these things and get them out the door, this is not something that people started working on six months ago, and the developer community is saying this is a bad thing. This is stuff that has been in progress for years, which is why we've had to effectively retool the way we do things internally, to meet that new threat environment.
I don't know if the interviewer changed tapes in his recorder or what, but this is the single most important question he asked, and it was completely and totally unaddressed. This one question drives home the problem with Microsoft security, makes him aware that yes, we were all SCREAMING "Stop the madness" BEFORE it rolled out, and he waves his hands saying that hmm, we're meeting the new threat environment. What?
Is there any chance that anyone of importance will see or read this interview? That's the shame. I'd love it if the appropriate congresspeople and/or attorneys-general could see this nonsense made more public.
Not that I expect anyone in his position to actually answer all the questions asked, but it'd be nice if his lips moved in sync to his words, too.
Everyone knows that Emily Post says to place the HTTP servers on the left, next come the FTP servers, and the NNTP servers go on the right. And for God's sake, nobody uses gopher servers any more. Keep them in the hutch where your guests won't be offended by them.
Oh, and if you're serving video, make sure that you're doing it from an IBM or Dell server. Nothing says "tacky" like serving video from a Gateway.
The real reason they shut down was because too many people were viewing their site with Junkbuster, and it just stopped paying the bills!
It's like some kind of Steven Wright joke: "I tried surf to adcritic.com with Junkbuster turned on. Junkbuster got so confused it took me to the doubleclick page..."
What kind of steps can people use to protect themselves now, is there any kind of toggle or security setting that can be turned on in IExploiter 5.0(tm) to keep us a little bit safer?
Honestly? I seriously would recommend browsing the web only with Mozilla. I had been using IE, but I switched to mozilla full time after 0.9.1 (except for work related browsing on my company's web pages, which are written exclusively for IE browsing.) It's been buggy, it's still a little buggy, but I haven't had many real showstoppers because of it. And no one's published any attacks yet, but because it's NOT integrated into the OS, I'm somewhat less concerned about the damage it's capable of causing.
If you're stuck with IE, then might I recommend a proxy filter such as The Proxomitron? You can modify the incoming http headers to do anything you want, including altering file extensions!
I have to ask: as an adult, do you work with kids? Volunteer any time, maybe? Specifically, have you ever watched a group of kids playing tag, only to see a 200 lb 16-year-old do a full knee drop on the back of a 100 lb 10-year-old?
I was one of many supervisors. I saw it coming, but was across the field when it happened. I ran over there and two of us removed the bigger kid from the action. We asked him "what were you doing? Why did you do that?" His answer: I thought it was All Star Wrestling.
One more "dangerous" aspect of toys I heard on NPR's Morning Edition today: loudness!
Repeated exposure to sounds over 85dB can permanently damage adult hearing, and it doesn't take nearly as much exposure to harm an infant's still-developing ears. And some of the tested toys reached 105dB! Also, infants don't always have the capacity to get away from painfully loud sounds, nor do they necessarily try to move away from merely loud sounds.
It was an interesting listen. ('Course, I had to have the radio up to '8' to make out the words. Too much of The Who at age 1, I suppose...:-)
Absolutely, I agree with you that parents have a responsibility to parent. While that may seem like a "Duh!" statement to me (and you, obviously) it needs to be said, because too many people let TV (or no-one at all) raise their kids. But I'm not worried about them. I'm worried only about one kid, my son.
As an experiment, have you ever tried to escape marketing? I mean really tried? As an adult, I walk through life with advertising filters on. I ignore billboards as much as possible, I use a junkbuster proxy, and I skip commercials on my ReplayTV. I suspect most of us adults do.
Does my kid? No, he watches the commercials as intently as the programs (and sometimes moreso.) He hasn't finished growing up yet. He hasn't learned that life is too short to pay attention to advertisements yet (a lesson I'm trying very hard to impart.)
When we encounter age-inappropriate commercials while watching TV, we talk about them. We explain why mom and/or dad thinks that commercial is for something "bad" (the WWF cage match sh!t keeps running through my mind.) My son wrote a letter to the local movie theatre after they had a preview for an R movie (some movie trailer featuring large, loud explosions and mostly naked women) as a preview during Shrek. It bothered him that they were scaring the "little" kids (he was 12 at the time, and taking a civics class where they were supposed to write a letter of action to someone.) But he did something about it.
So, what is a parent to do? If that parent is truly trying to keep their kid from not being exposed to whatever, then what are the options? You and I both agree that this is both the right AND the responsibility of the parent. But now that parent can't take their child to a G or PG movie because the trailers are inappropriate (and unavoidable!)
I guess my point here is, as parents, my wife and I made the choices we could, but there is no escaping all marketing.
Oh, and I also agree with you that legislation isn't the answer. But I have to say that I think that these people have the right to let the manufacturers of these toys know how they feel. They also have the right to let Congress know how they feel. My kid at least wrote a letter. You don't have to sit on your ass. You can get a petition going and you can go out there and lobby right next to Hasbro's lobbyist, if you like. That is, if you think it's important that your kid needs to have every opportunity to watch commercials for the WWF wrestler with the "rip-your-head-off-and-crap-down-your-neck" action. You can even sit there at your computer and click off a letter to your congressman. Or you can just go back to your bookmarks and surf for free pr0n and goat sex.
I thought so.
Maybe that's why this non-story was posted to YRO.
I think this site is right on the money. Sure, it's good for a laugh for the more mature types who read slashdot (yes, that was a troll, sorry I couldn't resist!) but it's simply a group of like-minded parents who want to shield their kids from violent toys. If you're of a mind, join them. If not, LET THEM BE. It doesn't affect nor concern you.
And whether or not you think shielding kids from violence is right or wrong, it's NOT your decision. It's the parent's decision. This web site simply lets parents share their finds. If I was Jane Clueless I might not know that Shadow Cat wasn't just another K'nex toy, but I might want to know that it fires missiles.
Something else for you breeding types to consider is that kids do take notice of their parents approvals and disapprovals. If Mom & Dad consistently say "No" to violent games, Junior does pick up on that. He may rebel and go seek those violent games out on his own, but that's part of growing up too. Deep down, though, he does learn that mom considers violence wrong. What he chooses to do with that knowledge makes him his own individual.
All in all, it's just another "Move along, nothing to see here" kind of story, (other than a kind of cool shopping list.)
EverCrack is like any other online community. It's a COMMUNITY. A SOCIETY. People interact with other people, they just do it through brightly colored avatars who wave electronic magical wands rather than face to face. And yes, the gameplay is interesting, and it makes for a common framework for friendships to develop between players.
Everyone who is considered socially healthy spends some time in the company of their peers. People with hobbies tend to spend more time with like-minded people, and develop friendships there. Jeezus freaks spend their time in church. Boy Scouts spend it in camps. Pilots spend it in airport bars. And EverCrackHeads spend it in EverCrack.
It's just that the ones who dare do it on-line instead of face-to-face are now called addicts, and have to take Zyban? I don't get it.
They're really no different than car-nuts, airplane-nuts, sports-nuts, gun-nuts or any other person who develops a passion and focuses intently on it. (At least they're interacting with other people which kind of implies that even if they are crazy, they are not completely unstable.)
I imagine that same person 50 years ago would have found himself spending all his waking hours in a bar or under the hood of his car instead of on-line. It's just a society club by another name. And you don't necessarily have to drink while you play EverCrack.
That's precisely what the direct-to-consumer satellite TV providers have done with their "smart cards". A "secure computer in a hostile environment" type solution is required.
And that's why satellite TV hackers have gone to the lengths of ion-beam analysis of the smart card chips to decode what's stored in them.
And as many people have pointed out before, information can be spread much easier than most other commodities. (Which is why they're trying to protect this stuff in the first place!) So once hacker A has disassembled the chip, and hacker B has written a chip emulator for the PC, all non-hackers C-Z have to do is download the emulator and they're ( watching free porn && stealing TV service ).
IBM has proposed addressing this with "secure" hard drives and "digital monitors". Sony and others have pushed for SDMI music players. Retailers have used this for more than 10 years with the ubiquitous Verifone PIN pads you see at retailers and gas stations everywhere.
Both the NSA and the CIA failed completely 11.sep.
I think both agencies have successfully delayed or prevented similar activities more times than we can count. Because one set of fucking psychos slipped through shouldn't lessen our appreciation for the other schemes they've stopped so far.
Not that I'm going to let them take PGP away from me, mind you...:-)
The Feds never really had a chance of keeping crypto out of the hands of anyone, but they were too stupid to realize it, too busy banning metal cutlery in airports and nonsense like that. I am English, have you ever tried to eat a proper English breakfast with plastic cutlery?!
Nonsense. The Federal government accomplished as much as they could, within the constitutional limits by which they were constrained. They have successfully delayed mass-marked crypto to this day.
Sure, a bad guy can download a crypto package. A bad-guy organization can download a dozen different cryptosystems in less time than it'll take me to write this.
But my brother-in-law with Windows ME still doesn't use it. And neither does your mom, or your car salesman, or the guy who drives the gas tanker truck for BP.
As long as 99+% of the worlds e-mail travels unencrypted, Echelon can watch it. Carnivore can watch it. And encrypted e-mail is still easily recognizable for what it is, so it stands out, making traffic analysis easier (which is also legal without a warrant under the PATRIOT act.)
The DOJ and FBI have so far succeeded masterfully at accomplishing their common goal of preventing a global encryption infrastructure. IPSec, SSL, https:, PGP, etc. are all fine and secure products and protocols, but nothing today is all-pervasive. Encryption only happens on an ad-hoc basis, which has been their goal ever since the genie got let out of the bottle. They have very successfully kept encryption from protecting us to its fullest potential.
At least some of those numbers are fakes. I believe they're the postings of people falling for the "order me some stuff" gag web page. (and I do mean "gag".)
This is certainly across the borderline of unethical and nearing the boundaries of "illegal."
Let's say that I could modify the barcode on a genuine note with bleach and colored ink. So, I take a 5 Euro note, and modify the barcode to read 50 Euros. The cashier maybe isn't paying attention, so she lets the cash register's money scanner tell her that I gave her 50 Euros, and out pops 45 genuine Euros in change. (Well, 5 genuine and 4 forged 10 Euro notes, but that's not important right now.)
Yes, it's a problem with UPC barcodes on retail merchandise today. Cashiers operate in a heads-down mode, scanning merchandise and letting the beep of the scanner know that the merchandise was scanned. But do they see that the register says "Candy bar, $.59" even though they're holding a TV set? No. So, as a retailer, I wouldn't want to trust barcodes on money without some other backup system.
John
And, I mostly trust Yahoo with that info already. More so than PayPal.
John
I know I'm going to get flamed for saying this, but there really is no economic reason for the success of any Open Source venture. There is no business model that will derive financial income from a product that cannot be sold. The true "success" comes from all people benefiting from the efforts of the few authors. Those authors benefit, too, of course, but only in the same "free (beer)" sense. Why should any give-away scheme (especially one as strongly held as the GPL) be able to make money?
Sure, Cygwin, RedHat, et al, have been making a go of it selling the side-stuff (support, servers, etc.) that some people want. And the GPL very explicitly permits charging for the physical distribution of the code. I think we may see companies such as these moving into the "selling distribution" model. And that's not evil, it's just the reality that this article mentions.
But then what are people willing to pay for a distro server? I just freshened some Cygwin stuff on my box here, and they gave me a list of servers to try. It did take a couple of tries to find a site willing to serve this stuff up. I can't say as I'd want the entire customer base of Cygwin knocking at my ports looking for 20MB each, either.
So, donations seem to be about the only way to make things run until someone sets up a paid-for-distro company. And even a distro company will have to "compete" with anyone offering to serve it up for free!
John
Some of us don't feel too kindly towards PayPal. And Amazon at least has a somewhat trusted name.
Scratch this. I just read the FAQ. They want $0.15 + 15% of the donation.
Sigh. I thought it was a good idea.
DISCLAIMER: I work for a corporation who is partnered with Amazon
John
Further testing by AMD showed that overclocking a 50 euro note to 100 euros and then removing the 1 euro coin (acting as the heat sink) would simply cause the 50 euro note to fail to respond, but it was not permanently damaged.
Meanwhile, a group from Norway has announced a Linux port to the 500 euro note. Slashdot trolls have announced they can not afford to make beowulf clusters of these notes.
John
So, be warned: depending on who you hack, you might get away with it, but you might not.
John
I was ready to fork out major bucks for a Handspring Visorphone, but then I got a PSC scanner Springboard for my Visor. It was only 1.3 oz, but the Visor simply became too heavy to carry comfortably in my shirt pocket. With the Visorphone module it also then becomes too big. (And I have never, ever cared for earphones.)
A friend has a Kyocera Palm/phone thing. Again, it looks really cool. But as a Palm, it's too small. And as a phone, it's really large.
And another friend has the Qualcomm PDQ phone/Palm. As a brick, it's about the right shape and size, but as a piece of consumer electronics, it shouldn't have to come with its own two-wheeled cart.
I have sadly come to the realization that any audio device is going to be unwieldly if it includes an adequate GUI. And vice versa. So, I personally have given up on the Holy Grail of the One True PDA. What I would like to see, though, is how the promise of a Bluetooth phone and a Bluetooth PDA work together. (So far, all I've seen are promises.) But I think if anything is going to make it, it'll be ultra short range communications between two separate devices, each optimized for its own interface.
John
Be careful of what you wish for. You may get it.
John
But is the world a better place because of Outlook? The answer was "no" when we saw HTML in email, and it's still "no" because of HTML in email. Nothing's changed, it's gotten worse as they have continually moved to support MORE crap in the client.
(*OK, so they didn't actually market this last point.)
All he says is that they're working on "meeting a threat". A threat that exists solely because they chose to install unneeded, unwanted, and ultimately insecure extensions to email. They chose to do so with plenty of forewarning that adding any automatic processing to email would create a viral breeding ground where none existed before. And that they did so simply to offer a free email reader to cut market share from competing email manufacturers just adds antitrust icing to the cake.
Yeah, I'm screaming. I'm screaming because I'm still pissed off. 8 years of this crap and it's only gotten worse.
John
A: If you look at the development process, and how long it takes to develop these things and get them out the door, this is not something that people started working on six months ago, and the developer community is saying this is a bad thing. This is stuff that has been in progress for years, which is why we've had to effectively retool the way we do things internally, to meet that new threat environment.
I don't know if the interviewer changed tapes in his recorder or what, but this is the single most important question he asked, and it was completely and totally unaddressed. This one question drives home the problem with Microsoft security, makes him aware that yes, we were all SCREAMING "Stop the madness" BEFORE it rolled out, and he waves his hands saying that hmm, we're meeting the new threat environment. What?
Is there any chance that anyone of importance will see or read this interview? That's the shame. I'd love it if the appropriate congresspeople and/or attorneys-general could see this nonsense made more public.
Not that I expect anyone in his position to actually answer all the questions asked, but it'd be nice if his lips moved in sync to his words, too.
John
Oh, and if you're serving video, make sure that you're doing it from an IBM or Dell server. Nothing says "tacky" like serving video from a Gateway.
John
John
It's like some kind of Steven Wright joke: "I tried surf to adcritic.com with Junkbuster turned on. Junkbuster got so confused it took me to the doubleclick page..."
John
I dunno, JonKatz stories seem to ramble on forever...
John
(It didn't start out big enough to take seven days!)
John
Honestly? I seriously would recommend browsing the web only with Mozilla. I had been using IE, but I switched to mozilla full time after 0.9.1 (except for work related browsing on my company's web pages, which are written exclusively for IE browsing.) It's been buggy, it's still a little buggy, but I haven't had many real showstoppers because of it. And no one's published any attacks yet, but because it's NOT integrated into the OS, I'm somewhat less concerned about the damage it's capable of causing.
If you're stuck with IE, then might I recommend a proxy filter such as The Proxomitron? You can modify the incoming http headers to do anything you want, including altering file extensions!
John
I was one of many supervisors. I saw it coming, but was across the field when it happened. I ran over there and two of us removed the bigger kid from the action. We asked him "what were you doing? Why did you do that?" His answer: I thought it was All Star Wrestling.
So, no, I don't blame videogames. I blame TV! :-)
John
Repeated exposure to sounds over 85dB can permanently damage adult hearing, and it doesn't take nearly as much exposure to harm an infant's still-developing ears. And some of the tested toys reached 105dB! Also, infants don't always have the capacity to get away from painfully loud sounds, nor do they necessarily try to move away from merely loud sounds.
It was an interesting listen. ('Course, I had to have the radio up to '8' to make out the words. Too much of The Who at age 1, I suppose... :-)
John
As an experiment, have you ever tried to escape marketing? I mean really tried? As an adult, I walk through life with advertising filters on. I ignore billboards as much as possible, I use a junkbuster proxy, and I skip commercials on my ReplayTV. I suspect most of us adults do.
Does my kid? No, he watches the commercials as intently as the programs (and sometimes moreso.) He hasn't finished growing up yet. He hasn't learned that life is too short to pay attention to advertisements yet (a lesson I'm trying very hard to impart.)
When we encounter age-inappropriate commercials while watching TV, we talk about them. We explain why mom and/or dad thinks that commercial is for something "bad" (the WWF cage match sh!t keeps running through my mind.) My son wrote a letter to the local movie theatre after they had a preview for an R movie (some movie trailer featuring large, loud explosions and mostly naked women) as a preview during Shrek. It bothered him that they were scaring the "little" kids (he was 12 at the time, and taking a civics class where they were supposed to write a letter of action to someone.) But he did something about it.
So, what is a parent to do? If that parent is truly trying to keep their kid from not being exposed to whatever, then what are the options? You and I both agree that this is both the right AND the responsibility of the parent. But now that parent can't take their child to a G or PG movie because the trailers are inappropriate (and unavoidable!)
I guess my point here is, as parents, my wife and I made the choices we could, but there is no escaping all marketing.
Oh, and I also agree with you that legislation isn't the answer. But I have to say that I think that these people have the right to let the manufacturers of these toys know how they feel. They also have the right to let Congress know how they feel. My kid at least wrote a letter. You don't have to sit on your ass. You can get a petition going and you can go out there and lobby right next to Hasbro's lobbyist, if you like. That is, if you think it's important that your kid needs to have every opportunity to watch commercials for the WWF wrestler with the "rip-your-head-off-and-crap-down-your-neck" action. You can even sit there at your computer and click off a letter to your congressman. Or you can just go back to your bookmarks and surf for free pr0n and goat sex.
I thought so.
Maybe that's why this non-story was posted to YRO.
John
And whether or not you think shielding kids from violence is right or wrong, it's NOT your decision. It's the parent's decision. This web site simply lets parents share their finds. If I was Jane Clueless I might not know that Shadow Cat wasn't just another K'nex toy, but I might want to know that it fires missiles.
Something else for you breeding types to consider is that kids do take notice of their parents approvals and disapprovals. If Mom & Dad consistently say "No" to violent games, Junior does pick up on that. He may rebel and go seek those violent games out on his own, but that's part of growing up too. Deep down, though, he does learn that mom considers violence wrong. What he chooses to do with that knowledge makes him his own individual.
All in all, it's just another "Move along, nothing to see here" kind of story, (other than a kind of cool shopping list.)
John
Everyone who is considered socially healthy spends some time in the company of their peers. People with hobbies tend to spend more time with like-minded people, and develop friendships there. Jeezus freaks spend their time in church. Boy Scouts spend it in camps. Pilots spend it in airport bars. And EverCrackHeads spend it in EverCrack.
It's just that the ones who dare do it on-line instead of face-to-face are now called addicts, and have to take Zyban? I don't get it.
They're really no different than car-nuts, airplane-nuts, sports-nuts, gun-nuts or any other person who develops a passion and focuses intently on it. (At least they're interacting with other people which kind of implies that even if they are crazy, they are not completely unstable.)
I imagine that same person 50 years ago would have found himself spending all his waking hours in a bar or under the hood of his car instead of on-line. It's just a society club by another name. And you don't necessarily have to drink while you play EverCrack.
John
And that's why satellite TV hackers have gone to the lengths of ion-beam analysis of the smart card chips to decode what's stored in them.
And as many people have pointed out before, information can be spread much easier than most other commodities. (Which is why they're trying to protect this stuff in the first place!) So once hacker A has disassembled the chip, and hacker B has written a chip emulator for the PC, all non-hackers C-Z have to do is download the emulator and they're ( watching free porn && stealing TV service ).
IBM has proposed addressing this with "secure" hard drives and "digital monitors". Sony and others have pushed for SDMI music players. Retailers have used this for more than 10 years with the ubiquitous Verifone PIN pads you see at retailers and gas stations everywhere.
John
I think both agencies have successfully delayed or prevented similar activities more times than we can count. Because one set of fucking psychos slipped through shouldn't lessen our appreciation for the other schemes they've stopped so far.
Not that I'm going to let them take PGP away from me, mind you... :-)
John
The Feds never really had a chance of keeping crypto out of the hands of anyone, but they were too stupid to realize it, too busy banning metal cutlery in airports and nonsense like that. I am English, have you ever tried to eat a proper English breakfast with plastic cutlery?!
Nonsense. The Federal government accomplished as much as they could, within the constitutional limits by which they were constrained. They have successfully delayed mass-marked crypto to this day.
Sure, a bad guy can download a crypto package. A bad-guy organization can download a dozen different cryptosystems in less time than it'll take me to write this.
But my brother-in-law with Windows ME still doesn't use it. And neither does your mom, or your car salesman, or the guy who drives the gas tanker truck for BP.
As long as 99+% of the worlds e-mail travels unencrypted, Echelon can watch it. Carnivore can watch it. And encrypted e-mail is still easily recognizable for what it is, so it stands out, making traffic analysis easier (which is also legal without a warrant under the PATRIOT act.)
The DOJ and FBI have so far succeeded masterfully at accomplishing their common goal of preventing a global encryption infrastructure. IPSec, SSL, https:, PGP, etc. are all fine and secure products and protocols, but nothing today is all-pervasive. Encryption only happens on an ad-hoc basis, which has been their goal ever since the genie got let out of the bottle. They have very successfully kept encryption from protecting us to its fullest potential.
John
This is certainly across the borderline of unethical and nearing the boundaries of "illegal."
John