This is going to be a problem with any so called "secure" communication system that relies on source secret clients and unpublished protocols.
There are many ways to build such clients to "assist" external intercept, since they often have to first communicate with some central server to locate users. They could for example have a command that forces the client to always route back through the server (like they do for NAT), and use a simple data transformation rather than full encryption so casual packing snooping makes it "appear" encrypted when it is actually not.
They might also have flaws in their implimentation, particularly with key exchange, that allows an invisible man in the middle. The ZRTP stuff developed by Phil Zimmerman that we use in GNU Telephony secure calling uses extra steps to compute a sas to validate there are not fake public session keys given out by a man in the middle, for one example of how such flaws can effect otherwise "secure in appearence" systems.
Of course, even secure peer-reviewed protocols and foss clients do not gaurantee security. For example, one can tether a bunch of ZRTP softphones to an Asterisk server using PBX enrollment, but this enables and requires said server to decrypt all traffic as it passes through, as it acts as a "trusted" man-in-the-middle.
In the end, the best solution, even with ZRTP, remains using pure peer-to-peer (end-to-end) media connections, and when needed transparent proxy media exchange; the latter for dealing with NAT. In ZRTP, sas negotiation assures any such proxy used for NAT "remains" transparent.
In the case of Skype, source secret clients that can report false call information and source secret protocols are a clear recipe for disaster.
I am surprised the author missed an important reason for DRM, being able to track and form marketing "profiles" of captive "consumers" based on their listening habits. By it's very nature, DRM schemes have to validate what music one has, and collect statistics while it is being played, and all tied to user identities. Rather convenient, eh?
Of course, the closed source "legally protected" tamper-free DRM client (and associated licensing server) may do more than just keep track of what your listening to and when. Like other source-secret client applications (such as Skype), it can also snoop on registry keys, or other information, perhaps to further expand the potential for target marketing. Even homeland security can get into this act. Imagine, listen to too much pink floyd, and get on the early list for the new FEMA camps;).
So let me get this straight, geeks want to play games on tiny screens and, for most games in today's market, what would be greatly underpowered hardware?? What do they play, minesweep??!
While I don't have an alternative explanation to immediately offer, I do find that particular argument far less than compelling to explain this phenomena, at least from the geek part.
There used to be a project, many years ago, which was I believe called itself something like "Internet-C". It used gcc with a pseudo-code backend to produce portable binaries which could then be ran from a plugin or through an emulator. Since gcc was tuned for register based archectures and 68k was already an existing backend, I think the pseudo-machine code he used was based at least loosely on the 68k one.
Actually, strange you should suggest this, I was working on a small and rather generic package to tunnel data between hosts in this very way, constant rate/constant packet size tunneling, with empty data filled with random noise, and with non-packet-aligned encrypted data overlayed when there is data to actually send. I was going to call it tstunnel. Yes, it is somewhat of an extreme response to an extreme problem.
The kind of interoperability they speak of is precisely the kind that Microsoft chooses, by both word and deed, to explicitly sabotage. Whether one looks at the Novell agreements, the "licensing" of api documentation, or the OSP in the OOXML, these are not acts of encouraging such interoperability but rather of blocking it by any means possible, or of trying to meet the "appearance" of interoperability from the perspective of outside regulators when forced to, but while deliberately and explicitly destroying the spirit and any actual realization of it.
I dunno, seems plausible enough to me. I was always of fan of the idea of extracting the NT kernel and doing a GNU distribution on top of it. (Something which is theoretically possible even without Microsoft's help, though rather difficult.) Microsoft would never have been happy about it because it would further erode their lock-in.
I imagine this could be achieved using ReactOS, which is a project to create a GNU GPL licensed NT-like/binary call compatible kernel. I am not suggesting whether doing so is good or bad, but rather simply pointing out the possibility may already exist to do this without requiring the involvement of or help from Microsoft.
Best poke out my own eyes before it passes by, lest I accidentally "capture" an image of it on my retina, and thereby use my neurons to infringe on their "intellectual property"...
So they are looking for a "customer friendly" way to exit common carrier status, or is it a matter of monetizing the NSA infrastructure? In truth, while some speak of big brother by the state, I far more fear the social damage that can be caused by "little brothers" of corporations each potentially capable of monitoring people in far more detailed, even less accountable, and in far more subtle ways, all with a profit motive, than I do the latter.
This is what happens when free-born citizens are made to exchange their very real rights to become "consumers" who mearly have privileges. You actually have these rights already. Are you suggesting, hey, maybe something like a "bill or rights", with "freedom of speech"? Why not use the rights you have or do what is nessisary to restore them rather than begging ISP's to sign your "privilege" petition in place of the rights you actually once had and which nobody is ready or willing to fight for anymore.
Well, really it is also an example of property owning people if you think about it. And yes, many corporations do become/operate as sociopathic institutions for the very reasons you sighted, very often to the detriment of their property, or more correctly, employees.
There are strong political and commercial interests who activily oppose such a vision. First, there are the telcoms and cable companies who want to be gatekeepers to people's email and maintain monopolies on other services as well. Try setting up an email server on a residential service, and getting it both to successfully send email without interference by your isp, and having your email messages "accepted" by existing services, regardless of whether you have domain keys setup on your dns, etc, and you will see some of these forces in action.
As for media servers that may feed media where you want it on demand. I imagine if the RIAA and similar gangs can secure root access to your shiny new internet connected media server, say through trussed computing, and control where you are allowed to listen to your own music, along with an automated billing service, maybe then they may promote it rather than activily oppose such a vision. I could imagine such gangs buying laws that state operating "unlicensed" media servers is "intent to infringe" or some other similar kind of nonsense.
Finally, the traditional media providers and a particular software monopoly prefer a captive internet "consumer" model, starting with asymetric speeds, cemented by restrictive use contracts and finding common interest with governmental desires for increasingly filtered services, whether for imagined security threats or for unpopular governments keeping tabs on restless populations. Home servers where people can be liberated as true publishers and equals as information producers, rather than reduced to mear consumers captive to external hosted sites for what may become an ever decreasing set of tolerated forms of expression and activities, is certainly not in their agenda.
So is it ran by Harry Broderick?
on
A Space Junkyard
·
· Score: 1
Or is it just another Jettisoned Scrap and Salvage company?:)
The seems almost like a story for the register, after all even they would love to see a vulture on the moon...
Why not take a cue from the Auto Industry, and add tail fins! This seems to speak from the same kind of impulse that gave us tail fins for cars in the 50's, which also served no functional purpose whatsoever other than to create an artificial demand to get people to buy new cars.
Clearly the "cleaned" movies in question must be legally considered "derivative works". They are held under copyright, but presumably under a license that explicitly forbids derivitive works from being created, since that is the "default" condition unless such permission is expressly granted. Hence, the outcome is actually legally correct and consistant with existing copyright law.
The GPL is an example of a license that permits derivate works to be created. This same interpretation and outcome is what gives power to the part of the GPL requiring derivative works to also be licensed under the GPL. Any different outcome for this case would have had very wide implications indeed.
What's wrong with forcing non-compliant businesses from operating?
The EU competition minister, in addition to imposing fines, also has the power to void contracts. Normally this is used in specific cases, like for example, if airbus made an illegal deal to undercut some other vendor, their contract could be voided. It would be interesting to speculate how that power could be applied on behalf of a market as a whole. The logical application would be to void the Microsoft EULA europe-wide, since it is essentially a contract of unfair barganing. This would answer the question, first, on how one could punish Microsoft by removing it's ability to operate in the market, and secondly, how to do so without disrupting current users. Given the potential powers granted to the EU competition minister, perhaps they should be thankful they are only being fined.
Simply call it what it is, fraud, from a company that knowingly engages in deceptive business practices. Nothing really special here at all, nor are they the first or only corporation to knowingly engaging in customer fraud. It is not even a story in itself relevant or specific to software, but rather related to far too many accepted corporate business practices in general.
...that brought the world Outlook and Outlook express! Oh goody, they wish to bring the world a whole new e-mail client host for viruses, trojans, and worms!
Wouldn't it be better if they instead produced a e-mail client that did not assume email could contain things to be executed, and instead simply let people read their mail? Now that would be original for them.
Of course, there are plenty of free (and also free as in freedom) e-mail clients already, including thunderbird, which includes plugins to do all those e-mail services today, without compromising the security of the machine in the process.
Slashdot Mirror
This is going to be a problem with any so called "secure" communication system that relies on source secret clients and unpublished protocols.
There are many ways to build such clients to "assist" external intercept, since they often have to first communicate with some central server to locate users. They could for example have a command that forces the client to always route back through the server (like they do for NAT), and use a simple data transformation rather than full encryption so casual packing snooping makes it "appear" encrypted when it is actually not.
They might also have flaws in their implimentation, particularly with key exchange, that allows an invisible man in the middle. The ZRTP stuff developed by Phil Zimmerman that we use in GNU Telephony secure calling uses extra steps to compute a sas to validate there are not fake public session keys given out by a man in the middle, for one example of how such flaws can effect otherwise "secure in appearence" systems.
Of course, even secure peer-reviewed protocols and foss clients do not gaurantee security. For example, one can tether a bunch of ZRTP softphones to an Asterisk server using PBX enrollment, but this enables and requires said server to decrypt all traffic as it passes through, as it acts as a "trusted" man-in-the-middle.
In the end, the best solution, even with ZRTP, remains using pure peer-to-peer (end-to-end) media connections, and when needed transparent proxy media exchange; the latter for dealing with NAT. In ZRTP, sas negotiation assures any such proxy used for NAT "remains" transparent.
In the case of Skype, source secret clients that can report false call information and source secret protocols are a clear recipe for disaster.
I am surprised the author missed an important reason for DRM, being able to track and form marketing "profiles" of captive "consumers" based on their listening habits. By it's very nature, DRM schemes have to validate what music one has, and collect statistics while it is being played, and all tied to user identities. Rather convenient, eh?
Of course, the closed source "legally protected" tamper-free DRM client (and associated licensing server) may do more than just keep track of what your listening to and when. Like other source-secret client applications (such as Skype), it can also snoop on registry keys, or other information, perhaps to further expand the potential for target marketing. Even homeland security can get into this act. Imagine, listen to too much pink floyd, and get on the early list for the new FEMA camps ;).
So let me get this straight, geeks want to play games on tiny screens and, for most games in today's market, what would be greatly underpowered hardware?? What do they play, minesweep??!
While I don't have an alternative explanation to immediately offer, I do find that particular argument far less than compelling to explain this phenomena, at least from the geek part.
There used to be a project, many years ago, which was I believe called itself something like "Internet-C". It used gcc with a pseudo-code backend to produce portable binaries which could then be ran from a plugin or through an emulator. Since gcc was tuned for register based archectures and 68k was already an existing backend, I think the pseudo-machine code he used was based at least loosely on the 68k one.
Actually, strange you should suggest this, I was working on a small and rather generic package to tunnel data between hosts in this very way, constant rate/constant packet size tunneling, with empty data filled with random noise, and with non-packet-aligned encrypted data overlayed when there is data to actually send. I was going to call it tstunnel. Yes, it is somewhat of an extreme response to an extreme problem.
Do I get better or worse house odds using a one armed "voter" on election day than I do playing the slots in Atlantic City?
...a USB drive that boots something like Knoppix with NTFS file system support! ;)....
People have been using that to recover data from broken and otherwise defective Microsoft Windows boxes for a long time now...
The kind of interoperability they speak of is precisely the kind that Microsoft chooses, by both word and deed, to explicitly sabotage. Whether one looks at the Novell agreements, the "licensing" of api documentation, or the OSP in the OOXML, these are not acts of encouraging such interoperability but rather of blocking it by any means possible, or of trying to meet the "appearance" of interoperability from the perspective of outside regulators when forced to, but while deliberately and explicitly destroying the spirit and any actual realization of it.
I dunno, seems plausible enough to me. I was always of fan of the idea of extracting the NT kernel and doing a GNU distribution on top of it. (Something which is theoretically possible even without Microsoft's help, though rather difficult.) Microsoft would never have been happy about it because it would further erode their lock-in.
I imagine this could be achieved using ReactOS, which is a project to create a GNU GPL licensed NT-like/binary call compatible kernel. I am not suggesting whether doing so is good or bad, but rather simply pointing out the possibility may already exist to do this without requiring the involvement of or help from Microsoft.
So now, in addition to "facecrimes", we will have scentcrimes! 1984 Pt II.
Best poke out my own eyes before it passes by, lest I accidentally "capture" an image of it on my retina, and thereby use my neurons to infringe on their "intellectual property"...
So they are looking for a "customer friendly" way to exit common carrier status, or is it a matter of monetizing the NSA infrastructure? In truth, while some speak of big brother by the state, I far more fear the social damage that can be caused by "little brothers" of corporations each potentially capable of monitoring people in far more detailed, even less accountable, and in far more subtle ways, all with a profit motive, than I do the latter.
Yes, but in a culture built around American Idol and reality TV, people WANT to have the personal details of their lives broadcast on national TV! ;)
This is what happens when free-born citizens are made to exchange their very real rights to become "consumers" who mearly have privileges. You actually have these rights already. Are you suggesting, hey, maybe something like a "bill or rights", with "freedom of speech"? Why not use the rights you have or do what is nessisary to restore them rather than begging ISP's to sign your "privilege" petition in place of the rights you actually once had and which nobody is ready or willing to fight for anymore.
Maybe those were the copies that were supposed to be sent to the NSA...
Well, really it is also an example of property owning people if you think about it. And yes, many corporations do become/operate as sociopathic institutions for the very reasons you sighted, very often to the detriment of their property, or more correctly, employees.
There are strong political and commercial interests who activily oppose such a vision. First, there are the telcoms and cable companies who want to be gatekeepers to people's email and maintain monopolies on other services as well. Try setting up an email server on a residential service, and getting it both to successfully send email without interference by your isp, and having your email messages "accepted" by existing services, regardless of whether you have domain keys setup on your dns, etc, and you will see some of these forces in action.
As for media servers that may feed media where you want it on demand. I imagine if the RIAA and similar gangs can secure root access to your shiny new internet connected media server, say through trussed computing, and control where you are allowed to listen to your own music, along with an automated billing service, maybe then they may promote it rather than activily oppose such a vision. I could imagine such gangs buying laws that state operating "unlicensed" media servers is "intent to infringe" or some other similar kind of nonsense.
Finally, the traditional media providers and a particular software monopoly prefer a captive internet "consumer" model, starting with asymetric speeds, cemented by restrictive use contracts and finding common interest with governmental desires for increasingly filtered services, whether for imagined security threats or for unpopular governments keeping tabs on restless populations. Home servers where people can be liberated as true publishers and equals as information producers, rather than reduced to mear consumers captive to external hosted sites for what may become an ever decreasing set of tolerated forms of expression and activities, is certainly not in their agenda.
Or is it just another Jettisoned Scrap and Salvage company? :)
The seems almost like a story for the register, after all even they would love to see a vulture on the moon...
"Your making us look bad, cant you lie a little, we do all the time..."
This was a public service translation, for those who have trouble understanding Microspeak...
"They hate us for our freedoms; so we will get rid of them!" - ?Bush? :)
Why not take a cue from the Auto Industry, and add tail fins! This seems to speak from the same kind of impulse that gave us tail fins for cars in the 50's, which also served no functional purpose whatsoever other than to create an artificial demand to get people to buy new cars.
The GPL is an example of a license that permits derivate works to be created. This same interpretation and outcome is what gives power to the part of the GPL requiring derivative works to also be licensed under the GPL. Any different outcome for this case would have had very wide implications indeed.
The EU competition minister, in addition to imposing fines, also has the power to void contracts. Normally this is used in specific cases, like for example, if airbus made an illegal deal to undercut some other vendor, their contract could be voided. It would be interesting to speculate how that power could be applied on behalf of a market as a whole. The logical application would be to void the Microsoft EULA europe-wide, since it is essentially a contract of unfair barganing. This would answer the question, first, on how one could punish Microsoft by removing it's ability to operate in the market, and secondly, how to do so without disrupting current users. Given the potential powers granted to the EU competition minister, perhaps they should be thankful they are only being fined.
Wouldn't it be better if they instead produced a e-mail client that did not assume email could contain things to be executed, and instead simply let people read their mail? Now that would be original for them.
Of course, there are plenty of free (and also free as in freedom) e-mail clients already, including thunderbird, which includes plugins to do all those e-mail services today, without compromising the security of the machine in the process.