No, there can be collisions from multiple sources that do "pass other tests". The demonstrated vulnerability in MD5 was precisely that you can construct multiple meaningful pre-images that give the same hash value.
Sorry, I didn't make my original question clear. I agree that *this* case has nothing to do with the DMCA and that the subpoena could easily be quashed and UO is victorious. My concern is that they're establishing as their "defense" that they have no way of determining who is using their network. And I'm wondering if that destroys their safe harbor under the DMCA. Not relevant for *this* case, but for the very next copyright complaint about something from a UO IP address, could the university itself be the defendant liable for millions rather than the messenger for a student who only has thousands?
I truly hope you're right, because these thugs need to have their asses handed to them in a big way.
But I don't think U.O.'s president is going to be the savior here. President of a university is a full-time-and-then-some job. If RIAA sues them and claims their Safe Harbor is forfeit, is he going to quit and go back into private practice to take on a case on behalf of UO? Is he going to drag his $500-million-a-year university into court against the $20-billion-a-year recording industry over a law that is so stacked in their favor that the only likely way to litigate it away is to get the most conservative Supreme Court in decades to come down on the side of the little guy?
And look at the cases he did win before the Supreme Court - they all have a creepy "the State can do whatever it wants to you" flavor to them. I'm not betting on this pony to save our civil liberties.
If they can't identify "subscribers", how can they pass along DMCA complaints or terminate the accounts of repeat offenders? If they can't do those things, does that eliminate their Safe Harbor status?
If I were an RIAA shark, I'd smell blood in the water.
Chairmanship of a department is not an honor (at least in an engineering field). It's typically passed around as a hot potato (haven't been chairman yet? you're next!) because it's a huge time drain and a distraction from the research the faculty want to do. I expect his shift was just over.
It was a somewhat interesting article that I wouldn't have seen if it hadn't been posted here. If you didn't find it interesting, does that make the author or submitter a moron? Who raised you?
The school doesn't have to tell the RIAA they forwarded the letter, and they probably won't because it's just extra work with no benefit.
On the other side, the RIAA can get a subpoena whether the school forwards the letter or not. They don't need the school to "admit" it knows the student's identity - they just assume it does.
Well that's encouraging. And hopefully more universities will find themselves able to take advantage of this as it propagates from district to district.
But even so, would you really rather that the university not give you advance warning that the RIAA has you in its sights?
That's weird. The sentence you've chosen to emphasize that churned your gut is exactly the reason I find this letter makes some sort of sense. The university is receiving this advance notice that you're going to be sued, and they have a choice of whether or not to let you know about it. Keep in mind that the RIAA is going to get a subpoena for your contact information anyway, so the University can't shield you from a lawsuit by withholding the letter. If someone knocks on your door and serves a paper on you, are you going to feel better knowing that the university could have warned you about it ahead of time but chose not to?
I can see answering yes if you assume that every RIAA accusation is a lie and that every defense is going to succeed and cost less than a settlement. But guess what? Most of them aren't. I know the folks who have to handle DMCA matters where I went to school, and of the hundreds of accusations they've dealt with from the RIAA/MPAA (who are definitely thugs - don't get me wrong) less than 1% have been contested.
The information that is unavailable to your parents is protected by the Family Educational Rights and Privacy Act (FERPA), and it probably doesn't include IP address mappings. Even if they were protected by FERPA, that protection goes away in the face of a lawfully issued subpoena.
I'm unaware of a Georgia-specific law that supersedes this, but I'd be very surprised for any law to say that it trumps a court order unless it was some national security PATRIOT-type super-secret bullshit.
Upon doing some further reading, I'm not sure that generic LRW is desirable for software-based disk encryption. The IEEE storage encryption folks dropped LRW due to concerns about leaking the tweak key.
However, this quote of yours is a lie. Update yourself. LRW is very important, and has been around since Linux 2.6.20. Its well worth changing to LRW if you're using LUKS. TrueCrypt dropped CBC altogether, in favour of LRW, merely only supporting CBC for backward compatibility. This is due to known attacks on CBC which LRW (and EME) mitigates. For example the watermark attack. While EME solves even more attacks, it also generates much more I/O than CBC or LRW hence there is a performance drawback.
Agreed, and thanks for the update. As for LRW in loop-AES, only Jari can tell you.:) In the absence of expert evaluations of either system, I opted against the one whose author's response to newly discovered vulnerabilties was to bury his head in the sand. Now that it seems that he's no longer driving the code base, I'm back to square one.:(
Cheers.
Notice how all the documents favoring and supporting the LUKS ideas were written by the same person? The only thing that made LUKS "standard" is that Jari Ruusu and Linus Torvalds were having a pissing match about the licensing status of Brian Gladman's optimized AES code, which ended with Jari pulling his code from the kernel. So LUKS (which uses the same AES code) is a standard because the author didn't have a personal confrontation with the kernel team at that time. Later, though, Clemens declared:
The Linux kernel is a design disaster. This might be a consequence of the development style. However, the result is that I have dropped any intentions to support LRW on Linux.
So you don't have LRW support on Linux.
Meanwhile, I've yet to see any expert review of either system. The closest I ever saw was David Wagner (well known crypto expert at Berkeley) saying that Clemens "does not understand cryptography very well".
I use loop-aes myself, partly because it's actually pretty easy to use, and mostly because of the extraordinary effort that Clemens put into denying the existence of the problems with his dm-crypt code. Just to be clear, the "well known" problems with loop-AES were shared by dm-crypt, and they were only well known because the loop-AES author acknowledged them loudly and fixed them while Clemens kept shouting "no no no there is no attack and you are stupid".
I doubt the solution is to make sure that all of the dozens of companies that hold your SSN must have perfect security inside and out for all eternity.
I'd rather outlaw the use of your SSN as both username and password. Why are the credit bureaus allowed to let anyone who knows those nine irrevocable digits mess with your credit report?
That's a tempting analogy, but it doesn't really fit. Civil disobedience is effective when breaking the law can show that that law is unjust. Most of the music/movie file-sharing that results in RIAA/MPAA action is of current material with real commercial value. The only principle being expressed by sharing that stuff is "Waaaa! I want free CDs! I want free movies! I don't want to drive all the way down to Blockbuster!".
A *real* protest would be to stop buying/consuming the new stuff altogether, and go out and file-share the 99% of copyright-protected material that has no significant commercial value but is still held hostage by the DMCA and the ever-increasing copyright terms that the entertainment industry keeps buying from Congress. Get sued for sharing a song written by someone who's been dead for 75 years and get the copyright-holder to explain in a public court how prohibiting that distribution is removing the dead author's incentive to produce.
DMCA covers a number of different sections of Title 17 of the US Code. Safe Harbor for ISPs is covered under section 512. The part you're thinking of is the anti-circumvention provision of section 1201.
Because BitLocker isn't really about protecting data for you, it's about protecting data *from* you. That's why the EULA prohibits you from using it inside a virtual machine.
Ok, not always practical. But honestly, whenever I can I fly Horizon Air because they have a little cart outside the airplane when you board that you put your bags on, and the same cart is outside the airplane when you get off (biggest delay I've ever seen was about 10 minutes).
You don't have to wrestle with stowing carry-ons yourself and you don't have to wait around the baggage claim for half an hour or more feeling like a rat waiting for a food pellet.
Slashdot Mirror
Wow, you're a real prince.
No, there can be collisions from multiple sources that do "pass other tests". The demonstrated vulnerability in MD5 was precisely that you can construct multiple meaningful pre-images that give the same hash value.
Sorry, I didn't make my original question clear. I agree that *this* case has nothing to do with the DMCA and that the subpoena could easily be quashed and UO is victorious. My concern is that they're establishing as their "defense" that they have no way of determining who is using their network. And I'm wondering if that destroys their safe harbor under the DMCA. Not relevant for *this* case, but for the very next copyright complaint about something from a UO IP address, could the university itself be the defendant liable for millions rather than the messenger for a student who only has thousands?
I truly hope you're right, because these thugs need to have their asses handed to them in a big way.
But I don't think U.O.'s president is going to be the savior here. President of a university is a full-time-and-then-some job. If RIAA sues them and claims their Safe Harbor is forfeit, is he going to quit and go back into private practice to take on a case on behalf of UO? Is he going to drag his $500-million-a-year university into court against the $20-billion-a-year recording industry over a law that is so stacked in their favor that the only likely way to litigate it away is to get the most conservative Supreme Court in decades to come down on the side of the little guy?
And look at the cases he did win before the Supreme Court - they all have a creepy "the State can do whatever it wants to you" flavor to them. I'm not betting on this pony to save our civil liberties.
If they can't identify "subscribers", how can they pass along DMCA complaints or terminate the accounts of repeat offenders? If they can't do those things, does that eliminate their Safe Harbor status?
If I were an RIAA shark, I'd smell blood in the water.
Hmmm. Do you also think of Italy as being known for Jerry Lewis and bullfighting?
Knuth's at Stanford.
Doohan wasn't Scottish either. He wasn't even Canadian, for Pete's sake. Oh wait, yes he was.
Chairmanship of a department is not an honor (at least in an engineering field). It's typically passed around as a hot potato (haven't been chairman yet? you're next!) because it's a huge time drain and a distraction from the research the faculty want to do. I expect his shift was just over.
Moronic? Boy, you're a tough customer.
It was a somewhat interesting article that I wouldn't have seen if it hadn't been posted here. If you didn't find it interesting, does that make the author or submitter a moron? Who raised you?
On the other side, the RIAA can get a subpoena whether the school forwards the letter or not. They don't need the school to "admit" it knows the student's identity - they just assume it does.
But even so, would you really rather that the university not give you advance warning that the RIAA has you in its sights?
I can see answering yes if you assume that every RIAA accusation is a lie and that every defense is going to succeed and cost less than a settlement. But guess what? Most of them aren't. I know the folks who have to handle DMCA matters where I went to school, and of the hundreds of accusations they've dealt with from the RIAA/MPAA (who are definitely thugs - don't get me wrong) less than 1% have been contested.
I'm unaware of a Georgia-specific law that supersedes this, but I'd be very surprised for any law to say that it trumps a court order unless it was some national security PATRIOT-type super-secret bullshit.
Upon doing some further reading, I'm not sure that generic LRW is desirable for software-based disk encryption. The IEEE storage encryption folks dropped LRW due to concerns about leaking the tweak key.
So you don't have LRW support on Linux.
Meanwhile, I've yet to see any expert review of either system. The closest I ever saw was David Wagner (well known crypto expert at Berkeley) saying that Clemens "does not understand cryptography very well".
I use loop-aes myself, partly because it's actually pretty easy to use, and mostly because of the extraordinary effort that Clemens put into denying the existence of the problems with his dm-crypt code. Just to be clear, the "well known" problems with loop-AES were shared by dm-crypt, and they were only well known because the loop-AES author acknowledged them loudly and fixed them while Clemens kept shouting "no no no there is no attack and you are stupid".
Why? What'll happen?
I doubt the solution is to make sure that all of the dozens of companies that hold your SSN must have perfect security inside and out for all eternity.
I'd rather outlaw the use of your SSN as both username and password. Why are the credit bureaus allowed to let anyone who knows those nine irrevocable digits mess with your credit report?
Nope. Ellipsis is from Greek elleipsis. Elide is from Latin laedere.
That's a tempting analogy, but it doesn't really fit. Civil disobedience is effective when breaking the law can show that that law is unjust. Most of the music/movie file-sharing that results in RIAA/MPAA action is of current material with real commercial value. The only principle being expressed by sharing that stuff is "Waaaa! I want free CDs! I want free movies! I don't want to drive all the way down to Blockbuster!".
A *real* protest would be to stop buying/consuming the new stuff altogether, and go out and file-share the 99% of copyright-protected material that has no significant commercial value but is still held hostage by the DMCA and the ever-increasing copyright terms that the entertainment industry keeps buying from Congress. Get sued for sharing a song written by someone who's been dead for 75 years and get the copyright-holder to explain in a public court how prohibiting that distribution is removing the dead author's incentive to produce.
DMCA covers a number of different sections of Title 17 of the US Code. Safe Harbor for ISPs is covered under section 512. The part you're thinking of is the anti-circumvention provision of section 1201.
Because BitLocker isn't really about protecting data for you, it's about protecting data *from* you. That's why the EULA prohibits you from using it inside a virtual machine.
*And* you don't need to be root to get dvd+rw-tools to work properly. Such a pleasure.
Couldn't help noticing the similarity between this title and item number 2 on Marcus Ranum's list of the Six Dumbest Ideas in Computer Security. :)
Ok, not always practical. But honestly, whenever I can I fly Horizon Air because they have a little cart outside the airplane when you board that you put your bags on, and the same cart is outside the airplane when you get off (biggest delay I've ever seen was about 10 minutes).
You don't have to wrestle with stowing carry-ons yourself and you don't have to wait around the baggage claim for half an hour or more feeling like a rat waiting for a food pellet.