That may be true, but the DMCA isn't stopping too many Linux users from watching DVDs right now:-)
If there's a de-HDCP package designed mainly to allow users to view discs and content that they have purchased without all kinds of authentication and hassle and crap like that... well I'm all for it, and prepared to stick up for my right to use it.
HDCP, the content-protection mechanism used for HD-DVD *and* Blu-ray, has been thoroughly cryptanalysed already by multiple groups (see http://en.wikipedia.org/wiki/HDCP#Cryptanalysis or do a google search).
The "smart" part about HDCP is that it allows content manufacturers to revoke keys, so that new discs won't play on hardware whose key has been compromised. However, it seems fairly unlikely that manufacturers will actually do this, given that they'll break the hardware of thousands or millions of users every time a key actually gets revoked! Furthermore, as the cryptanalysis shows, it'll be fairly easy to create new working keys, so it's an ineffective defense anyway.
Conclusion: HDCP is leaky as a sieve. My bet is that it won't be long before there's a hassle-free open-source program that will simply remove it from content transparently, just as libdvdcss does for DVDs right now.
Through all my childhood, I loved tormenting my little sister by blasting Weird Al at her... now this song comes out on her birthday. I think it's a sign! I'm gonna hafta send her a Weird Al E-Card:-)
Sorry if my description was a bit alarmist... I think I got a bit carried away from the blog that linked to the article! Clearly, we don't know the facts of this particular case yet. Thanks to those who pointed it out...
Theory be damned, it seems like *terrorists* certainly think liquid explosives are feasible. A woman was apparently just caught at Tri-State Airport with explosives in her water bottle:
I know this letter may come as a surprise to you, but I am in desperate need and have heard that you can be trusted in these matters. I am Mrs. Susan Johnson Hawke, mother of Davis Wolfgang Hawke, who has been wrongly accused of spamming by the tyrannical United States government in concert with the scheming Internet giant, America Online.
A few months ago, sensing that the authorities were preparing to imprison him, my son Davis concealed a cache of precious metal bars on our rural Massachussetts property. He made me promise not to reveal their location to anyone except in case of greatest emergency.
Now, the health of my son Davis is in great danger. Prison authorities will not pay for his care, and demand that I do so. His h3@lth is bad and he is unable to 5.A.T.1.5.F.Y his lovers all night long with his man h00d... he desperately needs V1@grA and CailIs sofTabs. He is also gaining weight and absolutely needs some fat-burning Hoodia, now for low-price and risk-free for only $29.95.
Will you help me save my son??? I have dug up the metal bars from our land, but tragically they have been transformed from their original lustrous gold and platinum sheen, to a dull-gray color. I need to purchase a large quantity of special chemicals in order to transform the sticken ingots and restore them to their original condition, so that I may sell them and get the money I desperately need to help my son Davis Hawke.
If you can provide me with sufficient funds to purchase these chemicals, I will gladly reward you with 20% of the value of the gold and platinum bars once they have been sold. Please contact me if you are willing to do this, as it is a very urgent matter.
That doesn't make surveillance useless... it's a classic problem in information theory: precision vs. recall, or whatever you want to call it.
Precision: What fraction of the RELEVANT data is identified by your search Recall: What fraction of the search RESULTS is relevant
According to that article, NSA's precision is 40%, while their recall is 99.99%. This indicates that their surveillance strategies are actually rather good. The "problem" is that the population studied has many more innocent people than terrorists (a GOOD THING!). The ultimate issue is that NSA needs to do a good job of clearing the names of innocent people they flag, since they are flagging many innocent people DESPITE the excellent recall of their search techniques.
Let's take a less politically charged, well-documented example: HIV tests!!! A typical initial HIV test has both precision and recall of around 99%. Now, in the USA the adult HIV rate is roughly 0.6% (source). If we pick 10,000 people randomly from the US adult population, 60 are likely to have AIDS. An HIV test would typically identify 59 of these people as having HIV, however it would also identify 99 *uninfected* people as having HIV!!! This means it's extremely likely that a preliminary positive result on an HIV test is a false positive... this is naturally quite a shock to people who get false positive HIV results. However, the long-term cost of a false-positive is fairly negative, while the long-term cost a false-negative can be enormous (e.g. someone with HIV having unprotected sex because their partners think they're clean).
I totally agree, the spammers are getting desperate AND smart. It's really a very good strategy for coming up with unspammy words for each individual victim: google their email address and/or name, and take some of the words that are much more common for that individual than for the average person.
It definitely makes for some subject lines that make me check twice... But doesn't this strategy use a lot of processing power? I mean, if a spammer has to do a couple of google queries on every single victim, that eats up CPU and network bandwidth... even with a big collection of zombies this must seriously put a damper on the spammers' throughput.
I guess now that Bayesian spam filters are more widely used, spammers are reasoning that it's better to send out a small number of highly individualized spams which have a good chance of getting through, rather than a massive horde of generic spam which will get blocked.
This is kind of a fascinating development in spam in my opinion. Until now all the spammer's tactics have seemed to be brutish and lame: zombie bots, blocks of random text, random sender names, bad1y sp3ll3d w0rds, etc. But this latest tactic is kind of neat, actually:)
Hehehe... I do miss the cheesy graphics of Civ 1, 2, and 3. But basically the addictive nature of the game is still there.
By the way, the recent Freeciv clients are considerably more polished. You can just fire up the game and say you want to play against AI, and it'll automatically do all the server setup in the background, without you having to think about it. So easy that my Linux-hating girlfriend loves it =)
That's a solid point about fragmentation: any gaming protocol that worries about network processing will avoid using large packets that need to be fragmented, end of story. Basically, any gaming protocol should be designed to use as few whiz-bang network processing features as possible.
Gaming just doesn't require that much network processing. The Killer NIC may be useful for TCP/IP offload when used by massive servers whose CPUs get overwhelmed trying to saturate a 10gb/s pipe. But there are already less-hyped NICs for that kind of use. Seems like the Killer NIC is a solution in search of a problem...
Well, the UDP checksum is optional and isn't even used in most applications (although the IP header does have a checksum).
I'm don't think what you said about processing power and latency makes sense... if it doesn't take much processing effort to set up a UDP packet, then it won't take much time for the processor to do, and it won't cause much latency!!! The processing required to handle network packets is simply a NEGLIGIBLE source of latency for gaming.
Look at it this way: * With UDP/IP offload, the processor makes up its UDP packet, and sends the raw datagram to the network card, then resumes its business immediately. * WITHOUT UDP/IP offload, the processor makes up its UDP packet, then prepends the necessary headers, and sends the complete Ethernet frame to the network card, then finally resumes its business.
The extra processing time required without offload is probably around a microsecond (a couple thousand clock cycles). Hundreds of packets could be sent and received every second without noticeable slowdown of the game. And the additional latency for the individual packets will be only a microsecond or two apiece.
Basically, TCP/IP offload only makes sense if the CPU is *overwhelmingly* used to process network packets: it makes sense for a trunk router to have packet-processing ASICs, because ALL it does is punt packets around. It might make sense for a corporate file server with dual 1gb NICs to use offload. But it definitely *does not* make sense to do offload when the CPU is devoting at most 1 or 2% of its time to network processing...
Lately, I've been getting some eerily personalized spam subject lines. I recently got one entitled: "freewheel sprocket chainline", three common terms used by bicycle mechanics, assembled into an almost-meaningful phrase. I did a double take on this subject line, because there seems to be know way those three words were chosen randomly.
I also got one that was something like "filesystem linux interrupt", which also seems unlikely to be random:-P
I think maybe spammers are getting wise, and picking random words that come up a lot in Usenet groups, then using those words in spam to the members of those groups.
The entire processing required to transform a hunk of data into a UDP packet consists of prepending a 6-byte header to the thing, containing the source port, the destination port, and 16 bits of zeroes... not exactly the sort of thing that requires immense processing power. Unlike TCP, UDP doesn't synchronize anything, doesn't reorder anything, and doesn't acknowledge receipt of packets.
How much of your processing power is ever occupied by the network card when playing a game??? Or when doing anything else for that matter. I can have several hundred bittorrent connections running on my computer, with a total transfer rate of hundreds of KiB/s, all kinds of checksumming and I/O overhead, and it still makes a 1 or 2 percent blip on CPU usage... unless a network card can magically construct a LAN between two computers at a distance, it's not going to affect latency in network gaming.
You're gonna hate me for this... but there's a GREAT open-source version of Civ that runs flawlessly on both Windows and Linux. Customizable graphics and rules, awesome networked play, and the same crack-habit addictiveness!:-)
The Sun is mostly hydrogen... LOTS and LOTS of hydrogen (about 333,000 Earth-masses of it). However, it contains other junk as well: lots of helium (as a by-product of its current hydrogen-burning life stage) and probably traces of heavier elements from past supernovae in our area of the galaxy. And when I speak of "traces" of heavy elements in the sun, it's probably much more than the weight of the earth).
Main-sequence stars such as the Sun don't care what is in their outer layers or surface, since the fusion takes place in the core. The bottom line is that whatever we dump on the Sun won't affect it.
How much actual logic is needed to allow a hard drive to communicate in ATAoE? I haven't read the spec, but from the article it seems like not very much... basically the normal ATA packet needs some kind of ATAoE header prepended, and then it gets pumped directly into an Ethernet MAC.
These days, an embedded Ethernet controller adds, say, $10 to the total cost of a device. And hard disks already have onboard intelligent controllers, so getting them to speak the ATAoE protocol shouldn't be much more than a firmware update.
So, I agree with you. It seems totally feasible to manufacture drives which speak ATAoE natively, with a little RJ-45 jack in back. Stack 'em up, patch them into a switch, and you'd be good to go...
All the open source packages in Ubuntu support amd64. The only exception I've found is the zsnes super nintendo emulator, which is written mainly in 32-bit assembly language for speed, and thus isn't easy to port to 64-bit native code.
My thoughts exactly... when I read this I thought... uh, Debian doesn't do amd64 already? Then why have I been running it on Ubuntu for months? Oh well, guess Debian isn't all that relevant on the desktop these days, though still my default choice for a server.
First of all, basically *any* NIC can have its MAC address changed in software. At least every one that I've *ever* seen. Not having that ability would be a misfeature in my opinion, as it would cause you problems when you changed the NIC in your computer, for example, or with those stupid cable modems that only allow one specific MAC to be connected to them.
Secondly, it's trivial to find a MAC that is valid for a network if you can plug into an *unsecured* port. For example, if you plug in to an ordinary unsecured switched port, you can gather MAC addresses simply by listening for broadcast packets, such as ARP packets, which are supposed to go to the entire LAN.
I've never used big iron network hardware personally, but I assume that they prevent even broadcast packets from going to a port until they authenticate the MAC address of the connected device. I still don't see that being very secure, since once you are authenticated, you can easily gather *everyone else's* MAC address, again by listening for ARP packets:-) Shutting down ARP entirely would probably break too many features of the LAN... So the way I see it, securing switch ports with MAC address keying could at best prevent a complete outsider from getting into the network, but couldn't stop an inside job.
Indeed! Software *does* matter more than hardware in a lot of cases. And it really sucks that the only way to run Apple software is to buy their crappy fancy-dancy looking overpriced hardware. What if you want AMD instead of Intel, for example? No such luck:-)
Personally, I can't stand Apple's software, but it seems a lot of people like it. It amazes me that all those chumps are willing to pay for Apple's exclusive, crappy hardware.
Yeah, I bought my PC about 3 months ago. It's a 2.2 ghz AMD 64-bit with 1 gig RAM, 19" LCD, and it came with a pretty nice printer. Including wifi card add-on, I spent $700 on the whole thing. Its specs kill the iMac... and it cost less, even including the Micro$oft tax. The funny thing is I never even booted Windows. The first time I turned it on was to install Ubuntu.
Now we have a separate Department of Defense internet now, did you know that?
Do you know why?
Because they have to have theirs delivered immediately. They can't afford getting delayed by other people.
WTF?!?! What the hell is he talking about? AFAIK, the ARPAnet/Internet was originally developed by the military to provide a communications network that could survive the failure of many nodes, such as in a nuclear attack. From what I've read, it succeeded brilliantly and has basically been humming along ever since.
Slashdot Mirror
That may be true, but the DMCA isn't stopping too many Linux users from watching DVDs right now :-)
If there's a de-HDCP package designed mainly to allow users to view discs and content that they have purchased without all kinds of authentication and hassle and crap like that... well I'm all for it, and prepared to stick up for my right to use it.
HDCP, the content-protection mechanism used for HD-DVD *and* Blu-ray, has been thoroughly cryptanalysed already by multiple groups (see http://en.wikipedia.org/wiki/HDCP#Cryptanalysis or do a google search).
c ps-shiny-red-button/
And working devices to "erase" HDCP from a video stream have already been produced and sold, e.g. this one: http://www.engadget.com/2005/07/21/the-clicker-hd
The "smart" part about HDCP is that it allows content manufacturers to revoke keys, so that new discs won't play on hardware whose key has been compromised. However, it seems fairly unlikely that manufacturers will actually do this, given that they'll break the hardware of thousands or millions of users every time a key actually gets revoked! Furthermore, as the cryptanalysis shows, it'll be fairly easy to create new working keys, so it's an ineffective defense anyway.
Conclusion: HDCP is leaky as a sieve. My bet is that it won't be long before there's a hassle-free open-source program that will simply remove it from content transparently, just as libdvdcss does for DVDs right now.
Through all my childhood, I loved tormenting my little sister by blasting Weird Al at her... now this song comes out on her birthday. I think it's a sign! I'm gonna hafta send her a Weird Al E-Card :-)
Sweet!! I've always wanted to have a foe :-)
Sorry if my description was a bit alarmist... I think I got a bit carried away from the blog that linked to the article! Clearly, we don't know the facts of this particular case yet. Thanks to those who pointed it out...
Theory be damned, it seems like *terrorists* certainly think liquid explosives are feasible. A woman was apparently just caught at Tri-State Airport with explosives in her water bottle:
http://www.wsaz.com/breakingnews/3590966.html
Dear Friend,
I know this letter may come as a surprise to you, but I am in desperate need and have heard that you can be trusted in these matters. I am Mrs. Susan Johnson Hawke, mother of Davis Wolfgang Hawke, who has been wrongly accused of spamming by the tyrannical United States government in concert with the scheming Internet giant, America Online.
A few months ago, sensing that the authorities were preparing to imprison him, my son Davis concealed a cache of precious metal bars on our rural Massachussetts property. He made me promise not to reveal their location to anyone except in case of greatest emergency.
Now, the health of my son Davis is in great danger. Prison authorities will not pay for his care, and demand that I do so. His h3@lth is bad and he is unable to 5.A.T.1.5.F.Y his lovers all night long with his man h00d... he desperately needs V1@grA and CailIs sofTabs. He is also gaining weight and absolutely needs some fat-burning Hoodia, now for low-price and risk-free for only $29.95.
Will you help me save my son??? I have dug up the metal bars from our land, but tragically they have been transformed from their original lustrous gold and platinum sheen, to a dull-gray color. I need to purchase a large quantity of special chemicals in order to transform the sticken ingots and restore them to their original condition, so that I may sell them and get the money I desperately need to help my son Davis Hawke.
If you can provide me with sufficient funds to purchase these chemicals, I will gladly reward you with 20% of the value of the gold and platinum bars once they have been sold. Please contact me if you are willing to do this, as it is a very urgent matter.
Blessedly,
Mrs. Susan Johnson Hawke
That doesn't make surveillance useless... it's a classic problem in information theory: precision vs. recall, or whatever you want to call it.
... this is naturally quite a shock to people who get false positive HIV results. However, the long-term cost of a false-positive is fairly negative, while the long-term cost a false-negative can be enormous (e.g. someone with HIV having unprotected sex because their partners think they're clean).
Precision: What fraction of the RELEVANT data is identified by your search
Recall: What fraction of the search RESULTS is relevant
According to that article, NSA's precision is 40%, while their recall is 99.99%. This indicates that their surveillance strategies are actually rather good. The "problem" is that the population studied has many more innocent people than terrorists (a GOOD THING!). The ultimate issue is that NSA needs to do a good job of clearing the names of innocent people they flag, since they are flagging many innocent people DESPITE the excellent recall of their search techniques.
Let's take a less politically charged, well-documented example: HIV tests!!!
A typical initial HIV test has both precision and recall of around 99%. Now, in the USA the adult HIV rate is roughly 0.6% (source). If we pick 10,000 people randomly from the US adult population, 60 are likely to have AIDS. An HIV test would typically identify 59 of these people as having HIV, however it would also identify 99 *uninfected* people as having HIV!!! This means it's extremely likely that a preliminary positive result on an HIV test is a false positive
I totally agree, the spammers are getting desperate AND smart. It's really a very good strategy for coming up with unspammy words for each individual victim: google their email address and/or name, and take some of the words that are much more common for that individual than for the average person.
:)
It definitely makes for some subject lines that make me check twice... But doesn't this strategy use a lot of processing power? I mean, if a spammer has to do a couple of google queries on every single victim, that eats up CPU and network bandwidth... even with a big collection of zombies this must seriously put a damper on the spammers' throughput.
I guess now that Bayesian spam filters are more widely used, spammers are reasoning that it's better to send out a small number of highly individualized spams which have a good chance of getting through, rather than a massive horde of generic spam which will get blocked.
This is kind of a fascinating development in spam in my opinion. Until now all the spammer's tactics have seemed to be brutish and lame: zombie bots, blocks of random text, random sender names, bad1y sp3ll3d w0rds, etc. But this latest tactic is kind of neat, actually
Hehehe ... I do miss the cheesy graphics of Civ 1, 2, and 3. But basically the addictive nature of the game is still there.
By the way, the recent Freeciv clients are considerably more polished. You can just fire up the game and say you want to play against AI, and it'll automatically do all the server setup in the background, without you having to think about it. So easy that my Linux-hating girlfriend loves it =)
That's a solid point about fragmentation: any gaming protocol that worries about network processing will avoid using large packets that need to be fragmented, end of story. Basically, any gaming protocol should be designed to use as few whiz-bang network processing features as possible.
Gaming just doesn't require that much network processing. The Killer NIC may be useful for TCP/IP offload when used by massive servers whose CPUs get overwhelmed trying to saturate a 10gb/s pipe. But there are already less-hyped NICs for that kind of use. Seems like the Killer NIC is a solution in search of a problem...
Well, the UDP checksum is optional and isn't even used in most applications (although the IP header does have a checksum).
I'm don't think what you said about processing power and latency makes sense... if it doesn't take much processing effort to set up a UDP packet, then it won't take much time for the processor to do, and it won't cause much latency!!! The processing required to handle network packets is simply a NEGLIGIBLE source of latency for gaming.
Look at it this way:
* With UDP/IP offload, the processor makes up its UDP packet, and sends the raw datagram to the network card, then resumes its business immediately.
* WITHOUT UDP/IP offload, the processor makes up its UDP packet, then prepends the necessary headers, and sends the complete Ethernet frame to the network card, then finally resumes its business.
The extra processing time required without offload is probably around a microsecond (a couple thousand clock cycles). Hundreds of packets could be sent and received every second without noticeable slowdown of the game. And the additional latency for the individual packets will be only a microsecond or two apiece.
Basically, TCP/IP offload only makes sense if the CPU is *overwhelmingly* used to process network packets: it makes sense for a trunk router to have packet-processing ASICs, because ALL it does is punt packets around. It might make sense for a corporate file server with dual 1gb NICs to use offload. But it definitely *does not* make sense to do offload when the CPU is devoting at most 1 or 2% of its time to network processing...
Lately, I've been getting some eerily personalized spam subject lines. I recently got one entitled:
:-P
"freewheel sprocket chainline", three common terms used by bicycle mechanics, assembled into an almost-meaningful phrase. I did a double take on this subject line, because there seems to be know way those three words were chosen randomly.
I also got one that was something like "filesystem linux interrupt", which also seems unlikely to be random
I think maybe spammers are getting wise, and picking random words that come up a lot in Usenet groups, then using those words in spam to the members of those groups.
Has anyone else observed this???
UDP offload???? Gimme a break :-)
The entire processing required to transform a hunk of data into a UDP packet consists of prepending a 6-byte header to the thing, containing the source port, the destination port, and 16 bits of zeroes... not exactly the sort of thing that requires immense processing power. Unlike TCP, UDP doesn't synchronize anything, doesn't reorder anything, and doesn't acknowledge receipt of packets.
How much of your processing power is ever occupied by the network card when playing a game??? Or when doing anything else for that matter. I can have several hundred bittorrent connections running on my computer, with a total transfer rate of hundreds of KiB/s, all kinds of checksumming and I/O overhead, and it still makes a 1 or 2 percent blip on CPU usage... unless a network card can magically construct a LAN between two computers at a distance, it's not going to affect latency in network gaming.
You're gonna hate me for this... but there's a GREAT open-source version of Civ that runs flawlessly on both Windows and Linux. Customizable graphics and rules, awesome networked play, and the same crack-habit addictiveness! :-)
http://www.freeciv.org/
... such as at Cornell University, which cools all its campus buildings from lovely Cayuga Lake :)
t ml
http://www.utilities.cornell.edu/utl_lschistory.h
The Sun is mostly hydrogen... LOTS and LOTS of hydrogen (about 333,000 Earth-masses of it). However, it contains other junk as well: lots of helium (as a by-product of its current hydrogen-burning life stage) and probably traces of heavier elements from past supernovae in our area of the galaxy. And when I speak of "traces" of heavy elements in the sun, it's probably much more than the weight of the earth).
Main-sequence stars such as the Sun don't care what is in their outer layers or surface, since the fusion takes place in the core. The bottom line is that whatever we dump on the Sun won't affect it.
Hah, mine is even weaker! It's an integrated video card. And I *still* can play games and watch movies. Wowza!
How much actual logic is needed to allow a hard drive to communicate in ATAoE? I haven't read the spec, but from the article it seems like not very much... basically the normal ATA packet needs some kind of ATAoE header prepended, and then it gets pumped directly into an Ethernet MAC.
These days, an embedded Ethernet controller adds, say, $10 to the total cost of a device. And hard disks already have onboard intelligent controllers, so getting them to speak the ATAoE protocol shouldn't be much more than a firmware update.
So, I agree with you. It seems totally feasible to manufacture drives which speak ATAoE natively, with a little RJ-45 jack in back. Stack 'em up, patch them into a switch, and you'd be good to go...
All the open source packages in Ubuntu support amd64. The only exception I've found is the zsnes super nintendo emulator, which is written mainly in 32-bit assembly language for speed, and thus isn't easy to port to 64-bit native code.
My thoughts exactly... when I read this I thought... uh, Debian doesn't do amd64 already? Then why have I been running it on Ubuntu for months? Oh well, guess Debian isn't all that relevant on the desktop these days, though still my default choice for a server.
First of all, basically *any* NIC can have its MAC address changed in software. At least every one that I've *ever* seen. Not having that ability would be a misfeature in my opinion, as it would cause you problems when you changed the NIC in your computer, for example, or with those stupid cable modems that only allow one specific MAC to be connected to them.
:-) Shutting down ARP entirely would probably break too many features of the LAN... So the way I see it, securing switch ports with MAC address keying could at best prevent a complete outsider from getting into the network, but couldn't stop an inside job.
Secondly, it's trivial to find a MAC that is valid for a network if you can plug into an *unsecured* port. For example, if you plug in to an ordinary unsecured switched port, you can gather MAC addresses simply by listening for broadcast packets, such as ARP packets, which are supposed to go to the entire LAN.
I've never used big iron network hardware personally, but I assume that they prevent even broadcast packets from going to a port until they authenticate the MAC address of the connected device. I still don't see that being very secure, since once you are authenticated, you can easily gather *everyone else's* MAC address, again by listening for ARP packets
Indeed! Software *does* matter more than hardware in a lot of cases. And it really sucks that the only way to run Apple software is to buy their crappy fancy-dancy looking overpriced hardware. What if you want AMD instead of Intel, for example? No such luck :-)
Personally, I can't stand Apple's software, but it seems a lot of people like it. It amazes me that all those chumps are willing to pay for Apple's exclusive, crappy hardware.
Yeah, I bought my PC about 3 months ago. It's a 2.2 ghz AMD 64-bit with 1 gig RAM, 19" LCD, and it came with a pretty nice printer. Including wifi card add-on, I spent $700 on the whole thing. Its specs kill the iMac... and it cost less, even including the Micro$oft tax. The funny thing is I never even booted Windows. The first time I turned it on was to install Ubuntu.
WTF?!?! What the hell is he talking about?
AFAIK, the ARPAnet/Internet was originally developed by the military to provide a communications network that could survive the failure of many nodes, such as in a nuclear attack. From what I've read, it succeeded brilliantly and has basically been humming along ever since.