I know people with PhDs in the field who still prefix every crypto-related sentence with something like "as far as we know..."
That's because a lot of crypto is based on simply being "hard enough" to break. RSA is thought secure because, as far as we know, factorization takes O(sqrt(n)) time. It's not been proven, but since nobody seems able to do it any faster, it's assumed to be secure enough. LFSRs are thought to be even more secure because, as far as we know, no one knows of ANY shortcuts through them. It hasn't been proven, but again, it's thought to be secure. There's only so much you can learn about crypto. After that, you have to start attacking the underlying mathematics. Don't believe me? Ask some of your PhD friends.
I'm speaking of the OSS community and the crypto geek community, but mostly their intersection, a large chunk of which is the coderpunks community.
In summary, even if the source was open, it wouldn't make a difference, because there is no-one who has both the inclination and qualification to do it for free.
A) They implemented AES, which stood up to a great deal of scrutiny, both by professionals and crypto hobbyists, before it was accepted as a standard. It's not the crypto at fault here, it's their implementation of it. Anyone with even a basic understanding of crypto protocols (such as one gleans from reading "Applied Cryptography") would have found these holes, given access to the source.
B) That year of crypto I took while working on a math degree doesn't qualify me? That was a waste of time, then.
So how can we distinguish between an application that simply uses the right buzzwords, like AES, from an application that is actually secure?
Having access to the source code is a good start, so the community can examine the methods used. It's not like WinZip has my business to lose if I could compile the source myself.
Seriously. Give it to Robert Langdon and Sophie, his cryptographer girlfriend. They'll make a bunch of bullshit guesses, and most of them will be accurate and lead them to the correct answer.
Of course, it won't point out the final resting place of the Grail. They already know where that is.
Anyway, somebody always brings up the book analogy in discussions like this, so I will repeat myself:
You ARE allowed to make a personal copy of a book for archival purposes. This doesn't mean you can make a digital copy and post it on your website; it means you can reproduce it in whatever format you like so you can have a backup in case the original deteriorates. My university had TONS of books in their stacks that were obviously bound photocopies, each with a sticker inside the front cover explaining that the original had fallen apart, and detailing the specific statutes that allowed this.
does anyone else feel like MS is simply releasing these fairly-trivial items to the "open source community" in an attempt to try and appease the geeks out there?
How would that be different than what Apple did with OSX? Darwin was released as open-source, but Aqua still remains under lock and key; even WM themes that were vaguely Aqua-ish looking got cease-and-desist letters. We got Darwin, but really, we already HAD Darwin. We called it NetBSD...
How long before someone who never used the service sues Lufthansa over exposing them to microwave radiation? "I was boiled alive all the way from Munich to LA in their aluminum tube!"
Don't believe me? Fall asleep with a laptop with an 802.11g connection next to you on your bed, and tell me you don't wake up with a headache...
Just a little bit before the company discovers they're not making any money, and closes shop.
$30 seems a bit pricey, but you've got to figure that a large chunk of it goes to the airline to install and maintain their equipment and give them exclusive rights to the captive audience, then the cost of the technology itself, and then the bloated profit margins everyone seems to expect from WiFi. What kind of content can I get that justifies $10 per half-hour?
What I'd like to see is the landline ISPs and 3G carriers get into the WiFi game and have competition drive prices and services - "Buy our (DSL|cable|mobile phone) service and get access to our nationwide WiFi network (dirt cheap|at no additional charge)."
I don't think Cygwin is an intuitive way; just the opposite. But that's probably not what you're asking.
I think Cygwin is counter-intuitive for a majority of Windows users, especially those who cut their teeth on Win95 and up, because they don't use a shell. You already knew bash and sed and awk; you're not anyone who needs to be pandered to.
If you could get Gnome and/or KDE to run transparently under Windows, you could port a lot of free software (beer and speech) to Windows. It would work as advertised, and you could get Joe Pointy-Hair to rethink his standards on software quality, start thinking about the implications of where he gets his software, and take a serious look at *nix as an alternative to Windows.
Wouldn't it be better more productive to bring Linux functionality to Windows (in an intuitive way, unlike Cygwin) to make that 97% aware of the potential their computer holds? It seems to me that telling someone "Use this system with a steep learning curve; it's a lot better and most of your Windows programs will run a lot of the time." is a lot less likely to work than admitting a lot of people will find Linux daunting, and trying to meet those people half-way
Give everyone a card with a magnetic stripe, have them register their vote, and have the machine encrypt that information with its public key onto the card, along with date and time. Encode in plaintext the number of the machine. Give each machine a different key, and have them keep track of all the votes registered on it. That way, there's no trail that can be traced back to original voters, and the voters have a method of contesting the results if they think something's fishy.
When I worked at a hotel, those magnetic plastic keys cost us about $0.09 each when we bought them in packs of 5,000. Buy them in packs of 500,000 and I bet you get a better price.
How long before we read the first story of some, um, inappropriate footage captured with one of these?
Kinda depends on your definition of 'inappropriate.' Some guy clicks record and puts his keys on the nightstand before he beds Paris Hilton/Pam Anderson/Carmen Electra, etc.? Five minutes. Cops wire these puppies up with the 1" micro drives in the iPod-mini's and start an entirely new wave of invasive 'safety monitoring?' As soon as they can draw up plans and write an argument that'll claim it deters terrorism. Next week, maybe.
I agree 100%, and would like to add - it's not like you can't burn those AAC's to CD. Hell, with all the iTunes songs I keep winning from Pepsi... for some reason... I just go to my neighbor and have him burn the songs I want to CD-RW. He gets to keep the songs, I can make mp3s, and I don't even have to waste a CD.
Wow, they saved a whole megabyte in the transfer. Is their bandwidth savings worth the hoops they make their customers jump through?
They're giving you this (pretty freakin' awesome) trailer FOR FREE, and you're complaining that they might want to keep their bandwidth costs down? It's not just you downloading the trailer, y'know - multiply that 1 meg by the ten-thousand-plus downloads today alone, and how-many-tens, if not hundreds, of thousands of downloads between now and June 30.
Saving even that 1 meg per download seems to make a lot of sense to me.
To me the authors are vandals not revolutionaries, and may have ensured WMA becomes the standard.
And yet you do them the service of propagating news of their work through Slashdot, to people (like myself) who have oft wondered about the feasibility of cracking Fairplay, yet otherwise would not have known.
It makes we wonder why a crack for Apple's AAC format (used in iTunes/iPods) hasn't really been much of an issue. Granted, with iTunes, you can burn all your songs to CD, so people might just burn CDs and rip them, but surely an AAC-to-mp3 converter would be easier, no?
The idealist in me likes to think it's because Apple's put a friendly face on music distribution, giving people what they want at a reasonable price, and the realist in me knows it's not because the crypto is un-crackable.
You're pretty much right on the money. It's not like Cartoon Network gets a cut of your cable bill when you fork out that $30 to $100 a month. All that money goes to TWC or Comcast or whoever. You're simply paying for content delivery. The channels make their money from advertising. In fact, they pay some nominal fee ($0.03 per subscriber per month or something) to cable providers for the privelege of being a cable channel. That's what the fuss with DISH and Viacom is all about - Viacom doesn't think it should have to pay to have CBS delivered via the DISH network.
Man, that Arthur C. Clarke is portentious - first we run out of Greek and Roman mythology to name astronomical bodies after, and now we're discussing building a planetary defense against asteroids?
It's all there in "Rendezvous with Rama." Just remember, the Ramans do everything in threes.
If I bought an old book and the pages deteriorated, the publisher is not obligated to get me a newer copy.
True enough, but you ARE allowed to make a back-up copy of that book as a replacement in the event that the book deteriorates. Don't believe me? Check out your local college library. If it's of decent size and the library's been around a while, you'll find tons of copies of books, each with an explanatory note about the demise of the original and fair use.
In this case, using the "it's out of print it doesn't hurt anyone" argument just doesn't fly.
I actually make this same point myself in response to a previous post. You're preaching to the choir. The problem I have is Nintendo stating it's illegal to back-up your software when it's not, and then leaving you with no recourse in the event that the game no longer plays.
And most of my (and many others') NES carts still work, so if they're not *conveniently* working for you, then maybe the problem is your own mistreatment of them?
My horrible mistreatment of them, yes. Sitting in their dust jackets on the game rack I picked up at K-B on my shelf when I played it frequently; sitting in their dust jackets on the game rack I picked up at K-B in a box in a cool, dry closet now that I play it less frequently. And it's not that they don't work conveniently. I've spent upwards of an hour trying to get some of these carts to work in my deck, and on the off-chance I get anything other than a blue screen, it's filled with garbage characters. The worst mistreatment of NES carts, in my opinion, was the NES deck itself. I bet carts subjected to the top-loading decks (remember those?) fared MUCH better than front-loaded ones.
I knew for a fact that the SP was faster than the SNES, but I was unaware that it was NOT faster than the first GBAs. I was, in fact, implying that SP was faster than the GBA(1) - my bad. For that matter, I wasn't aware that Nintendo had moved to an ARM processor for the GBA (and, by extension, the SP). I'd expected them to use some variant of the Dragonball processors popular in the earlier Palms for ease of code portability. Again, I'm dumb, though in my defense I'd been told by a (less-technical-than-me) hardcore-gamer friend that they had. The lesson: Trust, but Verify. (And, I guess, keep your mouth shut unless you're damn sure you know what you're talking about.)
Anyone know offhand if the ARM chips use a similar instruction set to the 68K's, or the x86, or a choice of either, or neither? The ARM website doesn't really say.
Well, the thing is, a GBA is essentially a SNES in handheld form. (I think the SP's chip is faster, even.) There are a lot of games for the GBA that cut their teeth on other systems first, so emulation would be cutting into that market.
Frankly, I use emulation to check out old games you can't find anymore, or to play games that never made it stateside. Remember "Illusion of Gaia" for the SNES. I loved that game. I loved the first game in that series, "Soul Blazer." The third game, "Terranigma," never made it here, but it was released in the UK. So, I can either buy a copy of the game on eBay and not get to play it because of NTSC/PAL incompatibility, or I can get a ROM, which I did.
Square/Enix can come after me if they want, but they're sorely mistaken if they think I'm depriving them of any sales.
C'mon - you know how in the back of the instruction manual they tell you it's illegal to make any kind of backup of your cartridge because it's unnecessary, and then cover their bets telling you they're not infringing on your statutory rights?
Software is software is software, and you are allowed to back up your software in case the original gets damaged. Period. Most of my old NES carts are unusable because they're so old. So is it unnecessary for me to backup the cart because Nintendo is going to buy me a new cart, or because I'm allowed to download a ROM and play it on an emulator?
(Yes, carts do deteriorate - it's called bit rot. Look into it before you flame.)
Slashdot Mirror
I know people with PhDs in the field who still prefix every crypto-related sentence with something like "as far as we know..."
;)
That's because a lot of crypto is based on simply being "hard enough" to break. RSA is thought secure because, as far as we know, factorization takes O(sqrt(n)) time. It's not been proven, but since nobody seems able to do it any faster, it's assumed to be secure enough.
LFSRs are thought to be even more secure because, as far as we know, no one knows of ANY shortcuts through them. It hasn't been proven, but again, it's thought to be secure.
There's only so much you can learn about crypto. After that, you have to start attacking the underlying mathematics.
Don't believe me? Ask some of your PhD friends.
And don't call me kid, geezer.
What is this "community" of which you speak?
I'm speaking of the OSS community and the crypto geek community, but mostly their intersection, a large chunk of which is the coderpunks community.
In summary, even if the source was open, it wouldn't make a difference, because there is no-one who has both the inclination and qualification to do it for free.
A) They implemented AES, which stood up to a great deal of scrutiny, both by professionals and crypto hobbyists, before it was accepted as a standard. It's not the crypto at fault here, it's their implementation of it. Anyone with even a basic understanding of crypto protocols (such as one gleans from reading "Applied Cryptography") would have found these holes, given access to the source.
B) That year of crypto I took while working on a math degree doesn't qualify me? That was a waste of time, then.
So how can we distinguish between an application that simply uses the right buzzwords, like AES, from an application that is actually secure?
Having access to the source code is a good start, so the community can examine the methods used. It's not like WinZip has my business to lose if I could compile the source myself.
Seriously. Give it to Robert Langdon and Sophie, his cryptographer girlfriend. They'll make a bunch of bullshit guesses, and most of them will be accurate and lead them to the correct answer.
Of course, it won't point out the final resting place of the Grail. They already know where that is.
No, I'm the proverbialCOW. ;)
Anyway, somebody always brings up the book analogy in discussions like this, so I will repeat myself:
You ARE allowed to make a personal copy of a book for archival purposes. This doesn't mean you can make a digital copy and post it on your website; it means you can reproduce it in whatever format you like so you can have a backup in case the original deteriorates.
My university had TONS of books in their stacks that were obviously bound photocopies, each with a sticker inside the front cover explaining that the original had fallen apart, and detailing the specific statutes that allowed this.
Wish I'd written down which ones.
does anyone else feel like MS is simply releasing these fairly-trivial items to the "open source community" in an attempt to try and appease the geeks out there?
How would that be different than what Apple did with OSX? Darwin was released as open-source, but Aqua still remains under lock and key; even WM themes that were vaguely Aqua-ish looking got cease-and-desist letters. We got Darwin, but really, we already HAD Darwin. We called it NetBSD...
And another thing:
How long before someone who never used the service sues Lufthansa over exposing them to microwave radiation?
"I was boiled alive all the way from Munich to LA in their aluminum tube!"
Don't believe me? Fall asleep with a laptop with an 802.11g connection next to you on your bed, and tell me you don't wake up with a headache...
Just a little bit before the company discovers they're not making any money, and closes shop.
$30 seems a bit pricey, but you've got to figure that a large chunk of it goes to the airline to install and maintain their equipment and give them exclusive rights to the captive audience, then the cost of the technology itself, and then the bloated profit margins everyone seems to expect from WiFi. What kind of content can I get that justifies $10 per half-hour?
What I'd like to see is the landline ISPs and 3G carriers get into the WiFi game and have competition drive prices and services - "Buy our (DSL|cable|mobile phone) service and get access to our nationwide WiFi network (dirt cheap|at no additional charge)."
I don't think Cygwin is an intuitive way; just the opposite. But that's probably not what you're asking.
I think Cygwin is counter-intuitive for a majority of Windows users, especially those who cut their teeth on Win95 and up, because they don't use a shell. You already knew bash and sed and awk; you're not anyone who needs to be pandered to.
If you could get Gnome and/or KDE to run transparently under Windows, you could port a lot of free software (beer and speech) to Windows. It would work as advertised, and you could get Joe Pointy-Hair to rethink his standards on software quality, start thinking about the implications of where he gets his software, and take a serious look at *nix as an alternative to Windows.
Wouldn't it be better more productive to bring Linux functionality to Windows (in an intuitive way, unlike Cygwin) to make that 97% aware of the potential their computer holds?
It seems to me that telling someone "Use this system with a steep learning curve; it's a lot better and most of your Windows programs will run a lot of the time." is a lot less likely to work than admitting a lot of people will find Linux daunting, and trying to meet those people half-way
Give everyone a card with a magnetic stripe, have them register their vote, and have the machine encrypt that information with its public key onto the card, along with date and time. Encode in plaintext the number of the machine. Give each machine a different key, and have them keep track of all the votes registered on it. That way, there's no trail that can be traced back to original voters, and the voters have a method of contesting the results if they think something's fishy.
When I worked at a hotel, those magnetic plastic keys cost us about $0.09 each when we bought them in packs of 5,000. Buy them in packs of 500,000 and I bet you get a better price.
[128 megs] Isn't nearly enough for the sex video!
Whoa, slow down there, pr0n star! Some of us have jobs, and lots of stress. 128 megs might easily store two or three...
How long before we read the first story of some, um, inappropriate footage captured with one of these?
Kinda depends on your definition of 'inappropriate.' Some guy clicks record and puts his keys on the nightstand before he beds Paris Hilton/Pam Anderson/Carmen Electra, etc.? Five minutes.
Cops wire these puppies up with the 1" micro drives in the iPod-mini's and start an entirely new wave of invasive 'safety monitoring?' As soon as they can draw up plans and write an argument that'll claim it deters terrorism. Next week, maybe.
I agree 100%, and would like to add - it's not like you can't burn those AAC's to CD. Hell, with all the iTunes songs I keep winning from Pepsi ... for some reason ... I just go to my neighbor and have him burn the songs I want to CD-RW. He gets to keep the songs, I can make mp3s, and I don't even have to waste a CD.
Wow, they saved a whole megabyte in the transfer. Is their bandwidth savings worth the hoops they make their customers jump through?
They're giving you this (pretty freakin' awesome) trailer FOR FREE, and you're complaining that they might want to keep their bandwidth costs down? It's not just you downloading the trailer, y'know - multiply that 1 meg by the ten-thousand-plus downloads today alone, and how-many-tens, if not hundreds, of thousands of downloads between now and June 30.
Saving even that 1 meg per download seems to make a lot of sense to me.
To me the authors are vandals not revolutionaries, and may have ensured WMA becomes the standard.
And yet you do them the service of propagating news of their work through Slashdot, to people (like myself) who have oft wondered about the feasibility of cracking Fairplay, yet otherwise would not have known.
Good job.
Right, so if we find life on Mars, we need to breed giant radioactive monkeys here on Earth and send them there to do our bidding.
"Unstoppable Monkey Force" has a nice ring to it...
It makes we wonder why a crack for Apple's AAC format (used in iTunes/iPods) hasn't really been much of an issue.
Granted, with iTunes, you can burn all your songs to CD, so people might just burn CDs and rip them, but surely an AAC-to-mp3 converter would be easier, no?
The idealist in me likes to think it's because Apple's put a friendly face on music distribution, giving people what they want at a reasonable price, and the realist in me knows it's not because the crypto is un-crackable.
Any ideas?
You're pretty much right on the money. It's not like Cartoon Network gets a cut of your cable bill when you fork out that $30 to $100 a month. All that money goes to TWC or Comcast or whoever. You're simply paying for content delivery.
The channels make their money from advertising. In fact, they pay some nominal fee ($0.03 per subscriber per month or something) to cable providers for the privelege of being a cable channel. That's what the fuss with DISH and Viacom is all about - Viacom doesn't think it should have to pay to have CBS delivered via the DISH network.
Man, that Arthur C. Clarke is portentious - first we run out of Greek and Roman mythology to name astronomical bodies after, and now we're discussing building a planetary defense against asteroids?
It's all there in "Rendezvous with Rama." Just remember, the Ramans do everything in threes.
Hmmmm...Top Raman...
If I bought an old book and the pages deteriorated, the publisher is not obligated to get me a newer copy.
True enough, but you ARE allowed to make a back-up copy of that book as a replacement in the event that the book deteriorates. Don't believe me? Check out your local college library. If it's of decent size and the library's been around a while, you'll find tons of copies of books, each with an explanatory note about the demise of the original and fair use.
In this case, using the "it's out of print it doesn't hurt anyone" argument just doesn't fly.
I actually make this same point myself in response to a previous post. You're preaching to the choir. The problem I have is Nintendo stating it's illegal to back-up your software when it's not, and then leaving you with no recourse in the event that the game no longer plays.
And most of my (and many others') NES carts still work, so if they're not *conveniently* working for you, then maybe the problem is your own mistreatment of them?
My horrible mistreatment of them, yes. Sitting in their dust jackets on the game rack I picked up at K-B on my shelf when I played it frequently; sitting in their dust jackets on the game rack I picked up at K-B in a box in a cool, dry closet now that I play it less frequently. And it's not that they don't work conveniently. I've spent upwards of an hour trying to get some of these carts to work in my deck, and on the off-chance I get anything other than a blue screen, it's filled with garbage characters.
The worst mistreatment of NES carts, in my opinion, was the NES deck itself. I bet carts subjected to the top-loading decks (remember those?) fared MUCH better than front-loaded ones.
I knew for a fact that the SP was faster than the SNES, but I was unaware that it was NOT faster than the first GBAs. I was, in fact, implying that SP was faster than the GBA(1) - my bad.
For that matter, I wasn't aware that Nintendo had moved to an ARM processor for the GBA (and, by extension, the SP). I'd expected them to use some variant of the Dragonball processors popular in the earlier Palms for ease of code portability. Again, I'm dumb, though in my defense I'd been told by a (less-technical-than-me) hardcore-gamer friend that they had.
The lesson: Trust, but Verify. (And, I guess, keep your mouth shut unless you're damn sure you know what you're talking about.)
Anyone know offhand if the ARM chips use a similar instruction set to the 68K's, or the x86, or a choice of either, or neither? The ARM website doesn't really say.
Well, the thing is, a GBA is essentially a SNES in handheld form. (I think the SP's chip is faster, even.) There are a lot of games for the GBA that cut their teeth on other systems first, so emulation would be cutting into that market.
Frankly, I use emulation to check out old games you can't find anymore, or to play games that never made it stateside. Remember "Illusion of Gaia" for the SNES. I loved that game. I loved the first game in that series, "Soul Blazer." The third game, "Terranigma," never made it here, but it was released in the UK. So, I can either buy a copy of the game on eBay and not get to play it because of NTSC/PAL incompatibility, or I can get a ROM, which I did.
Square/Enix can come after me if they want, but they're sorely mistaken if they think I'm depriving them of any sales.
C'mon - you know how in the back of the instruction manual they tell you it's illegal to make any kind of backup of your cartridge because it's unnecessary, and then cover their bets telling you they're not infringing on your statutory rights?
Software is software is software, and you are allowed to back up your software in case the original gets damaged. Period. Most of my old NES carts are unusable because they're so old. So is it unnecessary for me to backup the cart because Nintendo is going to buy me a new cart, or because I'm allowed to download a ROM and play it on an emulator?
(Yes, carts do deteriorate - it's called bit rot. Look into it before you flame.)
Funny, then, that I was just reading this article on a placebo switch that inexplicably worked!
http://catb.org/~esr/jargon/html/magic-story.html