Slashdot Mirror


User: Eivind

Eivind's activity in the archive.

Stories
0
Comments
3,568
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,568

  1. Doesn't seem very secure. on Digital Display Encryption Details Leaked · · Score: 1
    This scheme doesn't seem to be very good. A quick read-trough revealed several possible angels of attack. Perhaps the most obvious one being the small size of the internal secret that the video-receiver is required to demonstrate knowledge of.

    From section 2.1 in the paper: Each authorized participant (e.g. licensed monitor device, graphics controller device, etc.) receives an array of 40, 56-bit secret device keys and a corresponding identifier from the Digital Content Protection LLC. This identifier is the Key Selection Vector (KSV) assigned to the device. So each device has an array of 40 56 bit secret keys. Any of which is usable for accessing the content until it gets revoked (more about that later).

    56 bit is not much. And given that each video-receiver will have 40 such keys, it doesn't take much imagination to think that these will quickly get cracked. All you need to do is record the initial authenthication-protocol, then you brute-force all possible keys that could give a certain response to the challenge. That's probably just one key, but migth be more, in which case you need to record another session and use that to narrow it down.

    There is a mechanism for revoking keys, allthough it's not specified. My guess would be that the video-transmitter somehow must get data from the internet (i.e. cryptographically signed to ensure integrity) listing all revoked keys. (either it migth download this by itself, integrated in it's drivers, or it migth simply refuse to work unless you've got an "revoked.keys" file less than half a year old or something.)

    The problems with this are many. For starters: what happens when all the 40 keys in a device are cracked ? Will that mean my brand new VIDLOCK-enabled monitor is now a piece of junk and I need to buy a new one ? Or will a trip to a service-center to upgrade the firmware or whatever with the keys be enough ?

    I imagine it'll be real popular with customers to have a device that essentially works for an undetermined period until someone else cracks the keys and then stops working.

    This is just one problem withthe scheme, there seem to be numerous others, I guess if they're stupid enough to try to pull this one off we'll hear about those soon enough.

  2. Alan Cox on First RFC1149 Implementation · · Score: 5
    Did indeed honour us by being present. I just hope he had as much fun as we did. This all took place saturday. On Thursday there was a lecture by Alan, and also he had the opportunity to go feed the penguins in the local aquarium.

    Pictures fro mthe last event are available here

  3. Re:Nature of the law on Free Software Law in Argentina · · Score: 1
    Well, for you to be able to read those documents it's atleast nessecary that they're in an open format, lest you be forced to buy some proprietary product to be able to read them.

    I agree to that btw: Requiring government to use only open file-formats and protocols makes a lot more sense than requiring open software.

  4. Assuming terrain is all flat. on 802.11, Horizon Drop-Off And Range · · Score: 4
    All interesting, if the terrain where you live is *perfectly* flat, with no high buildings, no trees, and certainly no hills or mountains.

    But hills and mountains migth as well *improve* the situation as getting in the way, for the simple reason that all smart access-providers will put their transmitters on one of those high spots.

    With a 25 mile range, all you need to do if there's moutains around is put the transmitter at the top of a high one, and everyone who can see that peak, and is closer than 25 miles will get access. Doesn't sound half bad to me.

    I'm a lot more skeptical to if the 25 mile range actually is realistical, even taking into account weather and such and not just some laboratory-theoretical limit.

  5. Re:Dumbing it down.... on CNET Reviews Windows XP Beta 2 · · Score: 1

    Incidentally, that's just precisely what wine does. It uses plain ascii, one line for each key, and nedsting by indenting. Simple and relatively foulproof, can easily be edited with any run-og-the-mill text-editor.

  6. Whenever someone tells you... on Linuxgruven Deorbits · · Score: 1
    .. to give them a bit of money now, and you'll get rich in the near future, be *extremely* skeptical. This looks like a standard con-man pyramid-scheme thing to me. Give us your 2.5k$, and you'll get it all back after having been employed for a year, oh yeah, and you'll earn $45k a year too. oh yeah, and scantily clad females will start flocking to your doorstep, begging you to go out with them.

    Seriously. If someone presents you with an "employment opportunity" which has the sligth drawback that you need to give them a bit of their money, whereafter youll get filthy rich in a hurry has a 99% chanse of being a scam. Just sad to see that the conmen has arrived in Linux-country too. Walk carefully friends !

  7. Re:Makes sense to me on Microsoft Clarifies Jim Allchin's Statements · · Score: 1

    But that's because there's only one white house, so it's a limited resource that has to be used wher eit's most useful to the USA. Software, on the other hand, can freely, and easily be duplicated however many times you want. Thus it's *not* a problem if 100 million americans want to use some government-funded software at the same time, you just give each his separate copy.

  8. Re:This doesn't sound all that useful on Superconducting Cables To Carry Power In Detroit · · Score: 1
    The article states that the old copper-cables where cooled by oil. Thus the argument that you're using energy to circulate the nitrogen is likely irrelevant, since circulating oil takes a lot *more* energy, especially since the old copper cables produce heat.

    Underground cables typically need to be cooled in some fashion if they're high-capacity, otherwise the heat would keep building up and cause damage at some point. (not to mention that resistance increases with temperature in copper, so you want them cold for reducing transmission-loss.)

  9. Re:during an energy crisis? on Exotic Motorized Skateboard from Down Under · · Score: 2
    I doubt there's any system for person-transport in cities which are half as efficient with regards to energy consumption, and pollution as normal bikes.

    It's not *only* a question of how much energy you use, but also how much emissions you produce. CO2 is relevant in a global perspective, but other fumes are damaging in the close environment. CO2 is *not* what's causing bad air in many cities, infact CO2 is perfectly harmless in the conentrations we typically have. (It leads to global warming if it's from non-renewable sources, but otherwise it's harmless)

  10. Re:Patent system... on Symantec Patents Virus Updates · · Score: 1
    Actually, the amount of prior art to search trough does *not* decrease as patents expire. You see, prior art is not just prior patented techniques. It's prior used techniques in general, without regard to if they wher ever, or are currently, patented.

    That being said your idea that patent-applications are increasing is rigth on. And not jsut a bit either, particularily in software and biotech they're skyrocketing. Probably there's more software-patents approved in the last 4 years than in all of the preceeding 50 years combined.

  11. Re:you guys suck on Microsoft Ties DRM Technology To Windows · · Score: 1
    1: Actually the laws call it unauthorized copying. Which is what it is. Stealing is taking something away from someone.

    3: Good point. Will this still be possible with the content "protection" that the RIAA wants ?

  12. Re:Don?t be a blinded visionary on Open Source Banking · · Score: 3
    Well, it just so happens that "best practices" in security-related applications include the absolute requirement for openness.

    That's so because given enough eyes, all bugs are shallow. That's why the most trusted cryptographic systems are the ones whose details have been open for decades, and which still have no known weaknesses. not the proprietary encryption that some company has made, claims unbreakable and pushes as a binary-only product.

    There is no conflict between openness and security. Security trough obscurity does not work. But hi, don't take my word for it, go visit some of the more well-respected security-analysts around and see what they think. Have a look at Bruce Schneiers site for starters.

  13. Europe not that uniform on U.S. vs. Europe on Online Privacy · · Score: 1
    Perhaps part of the reason why they didn't find that many "privacy-policies" on some European web-sites is that atleast soe European countries have consumer-rpotection laws strict enough that merely following the laws makes for relatively decent privacy (though not as good as I'd like)

    Norway for instance, which I know most of, since it's where I come from have a lot of protection for consumers in general, and with respect to privacy in particular.

    • No company can store any personal identifiable information about me unless I'm having a direct business-relation with them that nessecitates it.
    • There's a national opt-out (yes, I'd prefer opt-in but this one ain't all bad) list maintained by the governement. Covering SPAM by phone, fax, email and postal mail. Failing to get your adress-lists cleaned of adresses mentioned here is punishable by prison. (you can't get the list, you send your adress-list to the register, and they return it, minus the people who've registered not to receive the advertisements)
    • If a company gets addresses from another company, they're obligated to include info in the advertisements as to what's the source of your adress. You can demand of any company that they do not sell your adress, or that they remove it from their registers alltogether.
    It's not perfect. And not all companies follow the laws as well as they should. But it's a start.
  14. Re:Good Fnarg! that article is so full of shit. on 2.2 vs 2.4 · · Score: 2

    Well, silly as you may think it is, ther e*was* indeed a problem with running Linux on a machine with a clock higher than 2Ghz, something to do with the calibration of the dealy loop or something like that I seem to recall.

  15. Re:On more time... on French Hackers Break SDMI · · Score: 1
    The reason is simple: They're supposed to be inaudible. If that's true, then it's also possible to make another copy which sounds the same, but removes these (unadible in any case) watermarks.

    Offcourse you could just have someone read a copyrigth-statement over and over mixed in with the music, and there'd be no way to really remove it, but then it's no longer a "watermark".

    Point is: if the watermarks don't noticeably degrade the music, then removing them won't noticeably degrade the music either.

  16. Re:Articles accurate but too fluffy. Smoke & Mirro on Optical Fiber Capacity Growth · · Score: 1
    http isn't really a protocol separate from tcp/ip, on the contrary it's a protocol most commonly run on top of tcp/ip.

    Having only one protocol at the bottom is only a problem if it's impossible, or undesireable to wrap the other protocols in it.

    Witness the many articles here on slashdot mentioning odd or silly tunelling-schemes like tcp/ip over dns. I'd not be the least bit surprised if transporting sonet over ip works fine, and even if it doesn't, tranporting the payload of sonet over ip shouldn't be impossible.

  17. Re:People are missing the point. on MySQL FS · · Score: 1
    Yes. Sure. Hugely hard. You need to escape on the order of three characters if I remember correctly from last time I did it. Something like:

    ascii 0 => \0
    ascii ' => \'
    ascii \ => \\

    Then you just insert the damn thing into the blob-field like any other data:
    insert into pictures values ('bill', 150,60,'actual-jpg-file-here')

    So sure. Big deal. If you think this is complicated and/or hard you should find some /even/ easier job.

  18. "state of the internet" ? on Internet Ad Network Commentary · · Score: 1
    Am I the only ohne to be annoyed at an article proclaiming to be about the "state of the internet" which then turns out to be simply moaning over advertisers and dot-coms having trouble making shitloads of money ?

    NEither dot-coms nor advertisers are nessecary to the Internet. I was happily using the Internet for years before they started showing up, and if they should go away, I can't say I understand why that should cause me much grief.

    I value the Internet primarily for making it easy to exchange information and for the easy and cheap direct person-to-person (who cares about business-to-business??) contact that faciliates cooperation and projects like Linux. Eivind

  19. Is it still ? on Is The U.S. No Longer The Choice For Freedom? · · Score: 1
    "Is the United States still the best choice of a place to live for safety, freedom, and quality of life? "

    What makes you believe this was ever the case in the first place ? The UN publishes a "quality of life" ranking from time to time, you migth want to read up on it. (hint: the US is not first now, and never was) Admittedly this is nessecarily subjective. But a little less cockiness from some US people would be good. Also see the recent Kuro5hin.org article on the same subject.

  20. Re:Loophole? on Censorware to be Mandatory in Schools, Libraries · · Score: 1
    You're rigth. And it's worse than that: the bill applies to schools and public libraries.

    Libraries, last time I checked, where not visited exclusively by kids. Indeed, for those who can't afford their own computer and internet-connection the library migth be the only way to gain access to certain kinds of info.

    Is it fair, or constitutionally legal to deny adults access to material protected under free speech on the grounds that same material is claimed to be "harmful to minors" ?

  21. Re:Stopping spam on Spammer Pleads Guilty · · Score: 1
    Better yet, use a logarithmic delay:

    zero delay for the first 10 mails sent in a given day, 1 sec delay for the next 10, 2 for the next 10, 4,8,16,32...

    Causes zero problems for naormal home-users, and allows you to run an open relay but yet be sure that spammers won't be able to abuse it.

  22. worth 2-3 times as much ?? on What's The Best Way To Retain Trained Employees? · · Score: 1

    Just what kind of training are you planning to receive ? Do you think that a three-week course on CLI basics will make you suddenly worth a fortune?

  23. Re:Imagine this. on HP To Pay German Antipiracy Fee For CD Burners · · Score: 1
    What are 99% of all CD-R used for ?

    I've got about 3 dozen filled CD-r's from various friends etc. 4 of them contain music, all are legal.

    At work we use CD-R's in large quantities for: distributing software to customers. Taking "snapshots" of customers web-sites, distributing patches and upgrades to software, and to creat demo-disks for various things.

    There's no doubtthat many CD-R's are used to store illegalle copied software/data, but there's also no doubt that huge bunches of them are used for perfectly legal purposes.

  24. Re:This is just silly. on Do Media Companies Have Copyright Wrong? · · Score: 1
    Agreed. If however, you do *not* believe that the artist has the rigth to control their creation, then the conclusions come out differently.

    The way I see it, controlling the creation is *not* in any way a "natural rigth" of the artist. Rather it is an artificial rigth that society choose to grant under certain circumstances, because it benefits society.

    This also explains why copyrigth are time-limited. The plus side of allowing copyrigths is that they may stimulate creativity, since you've got a bigger chanse of getting rewarded for your work. The minus side, is ofcourse that a work covered by copyrigth is less valuable to the public than one which is not.

    In the digital realm this minus side is a lot bigger than with physical objects. A book does not fall very much in price, nor become much more widely available once copyrigth expires. (because the majority of the costs are not the royalties, but the physical production distribution and selling of the book)

    Software, and music, and other forms of creative works that can be transferred as pure information, on the other hand, become *hugely* more useful and cheaper once copyrigth no longer hampers their spread. To witness this you need only compare the price of a MS-office CD with the price of a CheapBytes Linux-CD. Here the majority of the cost is in the royalties.

  25. Re:trash talk on Rambus to Attempt to Collect Royalties on Chipsets · · Score: 1
    Well, fair enough, in the case where the company in question has actually *invented* something. and that something is actually both nonobvious to a practioneer in the field, and actually new.

    However that's not how patents work for the most part in many industries. Ok, so in theory that's not a fault of patents, but a fault of the examineers and/or the system surrounding them, but that's still not an excuse.

    Also, you make the age-old claim that patents protect the little inventor from being screwed over by MegaCorp Inc. While credible on the surface that's not how it works in practice either.

    In practice MegaCorp owns thousands of patents covering a shitload of obvious things. So many that as an independent software-developer it's pretty damn hard to write a program *without* by accident using some patented technology. And the fact that many of these patents are probably invalid and would be overturned if challenged doesn't help you much -- it's a sad fact that Joe Inventor probably can't afford to go after IBM (or Rambus) and challenge a few of thier patents, even if he's rigth.