I think the most striking thing that this has done is that it has now created a copy-protection scheme that anybody can use to prevent other people from editing/using/printing their images. Forget watermarks, which only have limited support in a very few select programs... as detection for this becomes ubiquitous in electronic publishing devices and software, what is to stop anybody from using it wherever and for whatever reason they like?
All it takes is someone to reduce the pattern to it's minimum allowable component to be detected and distribute the pattern for anybody to include in their images.
I really expect this is going to be massively abused.
What were to happen if the authors of BIND were to include an option which silently discards A records from the root nameservers? Verisign may control the root namservers, but they don't control the core nameserver software;)
Then ISP's and businesses could configure their nameservers to ignore root-provided A records and everything will be back to the way they were for clients that use those nameservers.
Oh please, who in the hell moderated this post 'Insightful'? It's baseless paranoid raving. The Internet is *awash* in information, far more than it is remotely possible to manage, track, log, or process. If someone doesn't know how to be perfectly anonymous on the Internet, then they just haven't thought about it.
Think about it. You say every connection is logged.. rediculous. Assuming that were even true, logged for how long? A day? A week? When your ISP has 10Gigabits of information pumping through their routers each and every day, how many logs do you think *they're* able to keep? See many truckloads of archive-grade backup tape leaving your local dial-up ISP every week? Even if someone *is* logging everything, the simple fact is that nobody can afford to keep those sort of logs around for long.
Take this incredibly simple recipe and see how well *you'd* be able to defeat it.
1.) You have some random super-dangerous bit of information.. you'd like to get it to someone (say an editor at the NY Times), but don't want to be tracked.
2.) You take yourself to a coffee shop with free wireless access, or your public library, or school, or somewhere else where a lot of people share the same internet resources and aren't tracked.
3.) From this point of internet access, write up your killer nugget of informational goodness, and ship it off to any half-decent anonymous remailer, with the instructions to delay delivery for 30 days. Most of the decent ones will let you do this. They'd let you delay it for a year or more if you wanted.
4.) 30 days later, your email is sent, the sh*t hits the fan, and everybody is looking to see who sent it. So now what?
If they're *really* omnicient, perhaps they can identify from what ISP the email entered the anonymous remailer network. If the ISP is *really really* paranoid and keeps better logs than any single ISP I've ever known of, they *might* be able to identify the customer's link the email was sent from. But guess what, odds are that the little coffee shop you posted the email from probably didn't keep very good logs on it's little Apple Airport WAP and is having a hard time remembering just who was sitting in the coffee shop at 5:43pm 30 days ago.
You're home free.
And we haven't even started to get *sophisticated* yet.
The technologies for releasing sensitive and dangerous information (i.e. in some cases, "whistleblowing") are out there. You simply have to use them.
If I were in your position, I would simply do this. Package your documentation of vulnerability, along with exploit, and everything else that you've compiled on the subject. Take this document, sign it with a private strong encryption key, and upload it to Freenet. Then, once it's out there, see that the freenet "key" falls into the right hands (i.e. university, software developer, security lists, etc). This part can be done anonymously either using anonymous remailers or just going to some internet cafe and using one of their machines. Once it's out on freenet, simply knowing the key is no proof that you are the author of the exploit, even if someone were miraculously able to track you down for posting the key.
Then, at some later date, once the heat has died down (and you've graduated), you always have the private key used to sign the initial vulnerability and you can prove rightful credit for finding it, if that is important to you.
I.E. in short, publish it anonymously, but sign it cryptographically so if at a later date you wish to prove that you were responsible, you can in a way that can't be refuted.
You know, not simply to be controversial, but I don't understand the big problem a lot of people here seem to have with this idea. People are comparing this to DivX (evil). This is *not* DivX, not even close. DivX required special hardware. DivX required that the user give over their credit card info and hook the player up to a phone line. DivX required the user to live with the fact that someone, somewhere, was recording everything they watched on their DivX player. This is not DivX.
What this is, however, is a pretty revolutionary idea for the world of video rental and I'm suprised more people aren't seeing this. This, if successful, has the full potential to completely change the way people rent movies. Suddenly, with this technology, any retail outlet has the full fredom of becoming a video-rental store, without any of the additional overhead involved of tracking discs, late returns, lost/damaged media, collection agencies, etc. Instead, any convenience store owner can go down to Costco and pick up a box of movies, rip open the top, and set the box on the counter next to the cheap lighters, beef jerky, and plastic roses. Consider that. How do you think this is going to affect rental chains like Blockbuster if every grocery store stocks the latest movie releases in the impulse-buy section of checkout lines, between the tabloids and the candy bars? It won't completely kill video rental stores, to be sure, because there still needs to be a place to non new-release movies, but it will take a chunk of their pie.
Additionally, this promises to change the whole distribution method for existing video rental stores. Previously, when a new movie was about to be released, discs and vhs tapes would go on the market to rental outlets for an extreme price of like $80 a pop, and this is how the publishers would make a good chunk of money off of the rental market. Only after the rental outlets have had a chance to get the latest-greatest movies, would they go on the market to the general consumer at a more normal price. This technology allows publishers to do away with that step, and release new movies to rental and consumer markets simultaneously. Of course, how many people are going to go to a video rental store to rent the latest and greatest when they can get it in the checkout line of "Safeway" remains to be seen. But the argument remains that, on the distribution side for movie rentals, this technology would simplify things immensly.
Some people point out that with this technology, you could by the disc, take it home, and rip it to make a copy. Sure, but couldn't you do that already with rental discs from a video store? Nothing has changed there. There are no new copyprotection mechanisms introduced with this tech. All the same all circumventable copy protection techniques still apply. If you want to pirate, you still have just as many options as you had before. In fact, this tech gives you a new one cause, unlike with traditional rental media, shop owerns aren't going to be so paranoid about people shoplifing movies.
The one significant concern that I've heard and I completely agree with is the environmental issue. Yes, this further advances the disposable society by giving us one more thing to clog our landfills with. Is it a huge issue? I don't think so. We throw more material away when we toss out an empty full sized bag of doritos. However, there is a certain "save gas/polution cause people don't have to take it back to the store" factor.. tho I'm not sure how much I'd trust the little environmentalist's report on how significant a savings that would be.
Anyways, I could go on but this is long enough. In short, this isn't the next frontier of evil in the media universe. It might even be useful.
Written for the experienced Unix user who is unfamiliar with the mac life. Various topics might include things like:
- How the Aqua configuration dialogs interface with basic system configuration files.
- Where configuration information is stored.
- Where to find mounted volumes in the filesystem.
- Command line alternatives to GUI-level actions (specifically configuration type things, not just file manipulation)
- use of the 'defaults' command
- enabling the root account
- "Where is gcc/cc?!"
- How network interfaces are managed (including how this interracts with the 'Locations' dialog and autoconfigure functions. What process mantains this? (i'm still looking for an answer to this one))
- Modifying bootup scripts in a 'safe' way that will survive an OS update.
There are countless other possible topics. Basically everything the experienced unix hacker needs to know in order to quickly become comfortable with Mac OS X.
Slashdot Mirror
I think the most striking thing that this has done is that it has now created a copy-protection scheme that anybody can use to prevent other people from editing/using/printing their images. Forget watermarks, which only have limited support in a very few select programs... as detection for this becomes ubiquitous in electronic publishing devices and software, what is to stop anybody from using it wherever and for whatever reason they like?
All it takes is someone to reduce the pattern to it's minimum allowable component to be detected and distribute the pattern for anybody to include in their images.
I really expect this is going to be massively abused.
What were to happen if the authors of BIND were to include an option which silently discards A records from the root nameservers? Verisign may control the root namservers, but they don't control the core nameserver software ;)
Then ISP's and businesses could configure their nameservers to ignore root-provided A records and everything will be back to the way they were for clients that use those nameservers.
Oh please, who in the hell moderated this post 'Insightful'? It's baseless paranoid raving. The Internet is *awash* in information, far more than it is remotely possible to manage, track, log, or process. If someone doesn't know how to be perfectly anonymous on the Internet, then they just haven't thought about it.
Think about it. You say every connection is logged.. rediculous. Assuming that were even true, logged for how long? A day? A week? When your ISP has 10Gigabits of information pumping through their routers each and every day, how many logs do you think *they're* able to keep? See many truckloads of archive-grade backup tape leaving your local dial-up ISP every week? Even if someone *is* logging everything, the simple fact is that nobody can afford to keep those sort of logs around for long.
Take this incredibly simple recipe and see how well *you'd* be able to defeat it.
1.) You have some random super-dangerous bit of information.. you'd like to get it to someone (say an editor at the NY Times), but don't want to be tracked.
2.) You take yourself to a coffee shop with free wireless access, or your public library, or school, or somewhere else where a lot of people share the same internet resources and aren't tracked.
3.) From this point of internet access, write up your killer nugget of informational goodness, and ship it off to any half-decent anonymous remailer, with the instructions to delay delivery for 30 days. Most of the decent ones will let you do this. They'd let you delay it for a year or more if you wanted.
4.) 30 days later, your email is sent, the sh*t hits the fan, and everybody is looking to see who sent it. So now what?
If they're *really* omnicient, perhaps they can identify from what ISP the email entered the anonymous remailer network. If the ISP is *really really* paranoid and keeps better logs than any single ISP I've ever known of, they *might* be able to identify the customer's link the email was sent from. But guess what, odds are that the little coffee shop you posted the email from probably didn't keep very good logs on it's little Apple Airport WAP and is having a hard time remembering just who was sitting in the coffee shop at 5:43pm 30 days ago.
You're home free.
And we haven't even started to get *sophisticated* yet.
No anonynimity on the internet? please.
The technologies for releasing sensitive and dangerous information (i.e. in some cases, "whistleblowing") are out there. You simply have to use them.
If I were in your position, I would simply do this. Package your documentation of vulnerability, along with exploit, and everything else that you've compiled on the subject. Take this document, sign it with a private strong encryption key, and upload it to Freenet. Then, once it's out there, see that the freenet "key" falls into the right hands (i.e. university, software developer, security lists, etc). This part can be done anonymously either using anonymous remailers or just going to some internet cafe and using one of their machines. Once it's out on freenet, simply knowing the key is no proof that you are the author of the exploit, even if someone were miraculously able to track you down for posting the key.
Then, at some later date, once the heat has died down (and you've graduated), you always have the private key used to sign the initial vulnerability and you can prove rightful credit for finding it, if that is important to you.
I.E. in short, publish it anonymously, but sign it cryptographically so if at a later date you wish to prove that you were responsible, you can in a way that can't be refuted.
These are great days for whistleblowers.
You know, not simply to be controversial, but I don't understand the big problem a lot of people here seem to have with this idea. People are comparing this to DivX (evil). This is *not* DivX, not even close. DivX required special hardware. DivX required that the user give over their credit card info and hook the player up to a phone line. DivX required the user to live with the fact that someone, somewhere, was recording everything they watched on their DivX player. This is not DivX.
What this is, however, is a pretty revolutionary idea for the world of video rental and I'm suprised more people aren't seeing this. This, if successful, has the full potential to completely change the way people rent movies. Suddenly, with this technology, any retail outlet has the full fredom of becoming a video-rental store, without any of the additional overhead involved of tracking discs, late returns, lost/damaged media, collection agencies, etc. Instead, any convenience store owner can go down to Costco and pick up a box of movies, rip open the top, and set the box on the counter next to the cheap lighters, beef jerky, and plastic roses. Consider that. How do you think this is going to affect rental chains like Blockbuster if every grocery store stocks the latest movie releases in the impulse-buy section of checkout lines, between the tabloids and the candy bars? It won't completely kill video rental stores, to be sure, because there still needs to be a place to non new-release movies, but it will take a chunk of their pie.
Additionally, this promises to change the whole distribution method for existing video rental stores. Previously, when a new movie was about to be released, discs and vhs tapes would go on the market to rental outlets for an extreme price of like $80 a pop, and this is how the publishers would make a good chunk of money off of the rental market. Only after the rental outlets have had a chance to get the latest-greatest movies, would they go on the market to the general consumer at a more normal price. This technology allows publishers to do away with that step, and release new movies to rental and consumer markets simultaneously. Of course, how many people are going to go to a video rental store to rent the latest and greatest when they can get it in the checkout line of "Safeway" remains to be seen. But the argument remains that, on the distribution side for movie rentals, this technology would simplify things immensly.
Some people point out that with this technology, you could by the disc, take it home, and rip it to make a copy. Sure, but couldn't you do that already with rental discs from a video store? Nothing has changed there. There are no new copyprotection mechanisms introduced with this tech. All the same all circumventable copy protection techniques still apply. If you want to pirate, you still have just as many options as you had before. In fact, this tech gives you a new one cause, unlike with traditional rental media, shop owerns aren't going to be so paranoid about people shoplifing movies.
The one significant concern that I've heard and I completely agree with is the environmental issue. Yes, this further advances the disposable society by giving us one more thing to clog our landfills with. Is it a huge issue? I don't think so. We throw more material away when we toss out an empty full sized bag of doritos. However, there is a certain "save gas/polution cause people don't have to take it back to the store" factor.. tho I'm not sure how much I'd trust the little environmentalist's report on how significant a savings that would be.
Anyways, I could go on but this is long enough. In short, this isn't the next frontier of evil in the media universe. It might even be useful.
I'd very much like to see...
Unix Hackers Guide to Mac OS X
Written for the experienced Unix user who is unfamiliar with the mac life. Various topics might include things like:
- How the Aqua configuration dialogs interface with basic system configuration files.
- Where configuration information is stored.
- Where to find mounted volumes in the filesystem.
- Command line alternatives to GUI-level actions (specifically configuration type things, not just file manipulation)
- use of the 'defaults' command
- enabling the root account
- "Where is gcc/cc?!"
- How network interfaces are managed (including how this interracts with the 'Locations' dialog and autoconfigure functions. What process mantains this? (i'm still looking for an answer to this one))
- Modifying bootup scripts in a 'safe' way that will survive an OS update.
There are countless other possible topics. Basically everything the experienced unix hacker needs to know in order to quickly become comfortable with Mac OS X.
-acet