I recommend any beginners book in crypto - most of what you wrote above is utter nonsense.
To be fair, so is most of what you wrote.
The point here is that you're talking about two or three different things simulataneously. The XBox, for example, doesn't have DRM. It has various protections, I grant you, but calling these DRM is a bit outside the usual scope of the term.
Getting back to the original post you made: Please tell me the private key used for signing Xbox games. I'm well aware that we (my wording here is intentional, and a giveaway) managed to circumvent it anyway, but all things are most definitely NOT hackable.
Why would you need their private key? The answer is that you need the private key in order to create a game to play on a stock, unmodified, XBox. Realistically, this capability has very little to do with the hackability of the XBox itself. You can hack the XBox up down and sideways without the private key, you just can't create a game to play on a non-hacked XBox without it.
You're free to reflash your cellphone, but will you be able to extract the DRM-protected content on your memorystick?
One way or another, yes, you will. If you can read the memorystick, then you can try attacking the encryption directly. If the memory stick doesn't actually contain the decryption key (say it's in the phone), then you can disassemble the phone, hook it up to a chip reader, and find/extract the decryption key. Don't care for that? Then rewire the phone's audio headphone output to go to a computer's line input and analog record the thing. Easily enough done.
Whatever, the point is that somehow, someway, if you can hear it, you can make a copy of it. And furthermore, if you can hear it, then it's possible to make a *perfect* copy of it, although it may not be feasible or may be quite difficult to obtain the necessary keys (not everybody is up to disassembling their hardware and using EPROM readers and such).
DRM, broadly defined, is the attempt to use technology to separate the acts of experiencing content and copying content. Since the content must be accessible to experience it, it's impossible to also make it inaccessible for copying purposes. There's no real-world difference between the two. They can make it as difficult as they like with the use of custom hardware and proprietary formats and such (although taken too far they run the risk of losing their customers), but it cannot be made impossible.
Does this mean the bad-guy-of-your-choice can now start forging digital contracts? Not yet - there is no guarantee that the collision will be meaningful (as least their earlier papers didn't show that result). For a forgery to be useful, the forger needs to make the fake message say something useful - may be change the $1 to $1 million, or change the name, or something. A collision at a random place (or a non-sensical string) is essentially useless as a forgery (there may be some interested DOS attacks, but I am talking about outright forgery which is the point of the hash functions).
The real worry here is not that this break is practical (it's not) but that it will become practical in the future. And the stuff that is using it right now will retroactively be broken and untrustworthy.
The gist of this particular break is that instead of a 2^80 attack to generate two documents with the same hash, is that it's now a 2^69 attack. Okay, yeah, bummer and all, but it is still impractical. However, analysis of the way in which this reduction is done may lead to further insights.
If somebody can generate two files with the same hash, BFD, nobody cares. But if somebody can figure out how to take an existing file and add or modify bytes to change it's hash to some given hash, then there's real cause for alarm. Because then I can, say, take your signature off some document and change some other document to have the same hash (by adding hidden comment bytes to it or whatever, depending on the document format), and thus make it look like you signed the original document. Or I can put some malicious code in place of some valid code and make the malicious code's hash look like it's the valid code's.
With CRC32, for example, this is pretty trivial to do. Modifying a file to have any CRC you want can be done by changing only 4 bytes of the file. This is why nobody uses CRC32 anymore.
So this break doesn't mean that SHA1 is useless, but it does mean that it might become useless in the future and so stopping use of it now is probably a good idea.
While the amount of gold in a game is effectively infinite (if you spend time 'farming' you can sell items and drops for as long as you want) it is assumed that the ammount of gold/items you have will at least somewhat relate to the amount of time you've spent playing.
If this is really true, then inflation is simply inevitable. The amount of cash in the game always increases because the total amount of time players spend in game always increases. Unless the number of players increases accordingly, inflation is an inevitable side effect.
The *only* long term way to offset this is to limit the amount of cash in the game. Make it dependent on the number of active players. This is probably the only stable way to do it.
There's a lot of ways to remove cash from the game. Implement taxation to remove cash on a regular basis, this way players can continue to get cash from monsters and such. Create cash sinks for upgrades to their character. Create cash sinks for things like in-game mail (gotta buy stamps to send a letter!;) ). Have your guilds charge dues, whatever will remove cash from the game at the proper rate to offset the cash being introduced into the game.
And eliminate obvious ways to build up large amounts of cash by sitting in front of the thing 20+ hours a day.
The problem here is basically one of game design. Most games that suffer from the unending inflation problem would have eventually suffered from it anyway. Methods of cheating can make the situation occur faster, as can ebay type trading of items for real-world money, but the problem exists regardless of these aspects. And if the game would designed with some real thought put into it the problem in the first place, it wouldn't happen.
There's little difference between the game economics and economics in the real world. And that simply is that when you have too much frickin' currency or other "value" lying about, then prices go through the roof.
Most MMOG games have added trading of gold and items between players, as well as sometimes making it easy for players to set up their own shops and such, but without careful monitoring of the background economics of the world, inflation is inevitable. Especially when wealth is automatically generated.
First, think of the economy as a closed system. You have so many items in the game and you have so much wealth in the game. Prices remain relatively stable, based mainly on rarity of the items and rarity of the currency. Adding *anything* to this system causes a change to the system as a whole: -Adding more players to this closed system increases demand thus increasing prices. -Adding more currency to the system increases the prices, as gold is now more common, and prices increase to take that into account. -Adding more items to the system causes prices to drop, as the rarity of each item is reduced.
In some of these games, no actual thought seems to have been given to the concept of balance.
If the amount of cash currently in the world gets too high, you have heavy inflation. To balance it off, you need to remove cash from the world.
Ideally you do this through cash sinks, such as one time upgrades, or by having methods whereby people have to repair their equipment occassionally (which is a temporary measure only, as the value from the cash is really converted into the extended life of the equipment they're using), or by some other method which encourages people to spend that cash. Or you reduce the amount of cash they get from battles. Or eliminate cash creation from battles entirely and have monsters get their cash by defeating players with cash and stealing theirs. This basically just moves cash around instead of creating it from nothingness.
Items are forms of value too. Have items get destroyed every so often. That shield won't last forever, you know. Armor wears down over time. Swords don't stay sharp forever. That sort of thing. Force players to discard items for better/newer ones, and make 'em pay for the priviledge. Wearing down items is removing value from the world as well, so make sure you have it there to balance out whatever value you're adding to the world.
Of course, in order to avoid inflation from increased demand, you need to add cash/items to the system when new players come into the game. So just randomly add some set amount of cash/items to monsters whenever there's added players.
Allowing infinite cash holdings is no good either, as a few strong players with nothing better to do can take control of your economy. Implement taxation on player owned businesses. Implement armies of tax collectors with muscle from the local king to go beat up and steal some cash from the richest players. Hell, run a revolution if you have to make it clear to the users that they need to band together to defeat the evil rich bastard up on the hill that's fucking up the game. Whatever it takes to redistribute that wealth away from the rich.
Done properly, this sort of thing will eliminate problems with off-game auctions, because wealth being redistributed in the game won't cause inflation problems.
Wrong. Check out the law . The act of circumvention is illegal (1)(a). (IIRC there was a short period when the tools were illegal, but not yet circumvention. This period has passed.)
Check it out yourself: US Code Title 17 Section 1201(c)(1): Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.
While copyright infringment is indeed illegal, and bypassing a technological measure to facilitate infringment is indeed illegal, fair use is explictly stated to be a valid defense for copyright infringement.
However, distributing tools to facilitate such infringement is not infringement itself, and therefore Fair Use is not a valid defense to that. That's the catch-22 of the DMCA. They can't get you for committing infringement for fair use purposes, but they can get you for distributing tools to help others for their own fair use purposes.
It's at least debatable whether or not knowledge of a product Apple is putting out is indeed a "trade secret" under the UTSA.
The UTSA defines trade secret as follows: "Trade secret" means information, including a formula, pattern, compilation, program device, method, technique, or process, that: (i) derives independent economic value, actual or potential, from no being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.
You can kinda shoehorn the existence of some product into there, but it doesn't really fit.
And in any case, nobody ever changed a bad law without breaking it in some fashion. It's at least arguable that the UTSA is a bad law to begin with, if it was indeed broken in this particular circumstance.
I believe copyright infringment falls under the "taking of money" portion since you are, in effect, depriving the copyright holder of legitimate sales (money).
You cannot say that my failure to give something to them (money) is the same as taking money from them and then call it stealing. If you do use that rationale for calling copyright infringement "theft", then you have to cover your bases all around.
I mean, what if I decide that the movie probably sucks and then don't go see it at all. Is that stealing? Is that theft? I'm most certainly "depriving the copyright holder of legitimate sales" by not going to see his piece of shit movie.
The fact of the matter is that you cannot define "theft" or "steal" broad enough to cover copyright infringement. Even by your own definition, copyright infringement does not deprive the owner of the use or benefit of the thing being copied. They can continue to use and benefit from their movie all they please. I may not give them any money, but that's not the same thing as taking money from them. Hell, I may not see their movie and not give them any money that way either. Me not giving them money cannot possibly be construed as "theft" using any sane definition of the word.
Copyright is a TEMPORARY grant by the government to have exclusive use on a non-tangible item. You cannot "own" some series of words in a certain order, however the government will give you the exclusive, but TEMPORARY, right to be the only person allowed to make copies of those words in that order. They do this to promote more people putting words in a certain order. Now extend this book idea to other things, like music and movies and so forth. You cannot own the movie itself, you can only have a temporary right to copy it exclusively. Copyright infringement is a violation of that temporary right by somebody else. It is not theft, it is not stealing, it's a violation of the copyright holders temporary right that is granted to them by the government.
I grant you that copyright has been extended so many times that it's damn near equivalent to actual ownership at this point, but it's still not real ownership. It's not "property", no matter how you look at it. "Intellectual property" is a bullshit term with no basis in reality.
And what it really breaks down to is that I cannot possibly steal something from you when you don't actually own it. I can infinge upon your rights and copy it without your permission, but I can't steal it from you.
That's how it works. Calling it "theft" is a misunderstanding of fact, law, property, rights, and just general reality. It's only called "theft" in order to put that emotional bias into the phrasing. It's emotional manipulation and it should be rejected instantly as an attempt by the **AA's to influence you unduly.
It may not be right to commit copyright infringement, I grant you. But it's absolutely not right for copyright to extend for 95 years after the death of the author and so forth. The public domain exists for a reason, and copyright is limited for a reason. The sort of infringment you see is a backlash against that sort of insanity, I feel. Any given person may just want "free stuff", but at the same time they want that free stuff because they're getting screwed out of what is rightfully theirs too.
maybe I'm just too stupid to figure out how a buffer overflow, or malformed packet or whatever can cause all of those OS's to execute malicious code
A buffer overflow basically works by overwriting some chunk of memory.
The gist of it is that you allocate some section of memory in the code and then copy some stuff into it. If that "stuff" happens to be bigger than the section of memory you allocate, and you're not careful about checking the sizes, then you can copy too much into the allocated memory. When this happens, you write past the end of the memory block and into other bits of memory that are being used by other things.
The way to exploit this sort of bug is to change the contents of some specific area of memory such that it will cause it to run code that you've put into some other area of memory. To do this, you have to understand how memory allocation and code execution works.
The most common way to do this is a stack overflow. Local variables are allocated in an area of memory called the stack. Also on the stack is a pointer to another area of memory called the return pointer. Basically, when a subroutine is finished executing, the return pointer tells it where to go to exit the function. By overwriting the stack, I can overwrite the return pointer, and thus cause the function to go execute code somewhere else in memory when it tries to exit. The trick then is to make it execute code that I have already put in memory when I overwrote the buffer.
Another type of overflow is called a heap overflow. This is when a program allocates a chunk of memory using malloc or something like that, while it's running. It's usually a block of memory that's not of a predefined size, in other words. This is allocated in a different space called the heap. These are a bit trickier to exploit, but it can be done. Usually you overwrite the allocated memory and overwrite some function address pointer in the heap. Then when the program tries to run that function, it ends up running your code instead, since the address now points elsewhere.
Basically, it's a matter of carefully changing the input data to something the program isn't expecting to see in such a way that the flow of execution changes. If you can do that, usually you can exploit it and cause it to run arbitrary code, code you yourself put into memory using the very same exploit that you used to change the program flow.
Does the user want Anderson Accounting? Anderson Computers? Anderson Farms? Anderson Law Firm? Anderson & Samuel Law Firm? Anderson Anderson Anderson & Sons Law firm?
I prefer the Anderson Anderson Anderson Anderson Anderson Anderson Anderson Baked Beans Anderson Anderson Anderson and Anderson Law Firm.
The gist of it is that there is a heap overflow in a part of the Symantec antivirus engine that they call DEC2EXE. This is a decoder for compressed executable files. The idea is that you have to decompress it to scan the thing, this module does the decompression.
So a carefully crafted EXE file could overflow part of this code and cause arbitrary code execution.
This module isn't just in Norton Antivirus, BTW, it's in a heck of a lot of Symantec Antivirus products. So if you're running any Symantec anti-virus product, not just the home consumer stuff, you might want to head over there and get a patch.
If somebody could find me a device that would hunt down annyoing people who complain about improper pluralization among tech nerds, then I'd definitely pay for that.
"Boxen" is fine. If the plural of ox is oxen, then pluralizing box as boxen seems perfectly acceptable to me. It also helps to understand that somebody is talking about a bunch of computers as opposed to a bunch of cardboard boxes.:-)
But I swear that the next person who tells me (in person) that virii is not correct is getting a punch in the face. I mean it.
Re:I appreciate the effort but...
on
EFF's Logfinder
·
· Score: 1
Admittedly NT logfiles are slightly more organised than *nix logfiles. Most will at least be under c:\Windows\system rather than spread over/etc/var/usr/root/usr/X11 and even (I kid you not)/bin. The rather haphazard way different programs save their files about *nix systems can be a headache sometimes. It would be nice if someone would standardise the process. However, such a thing has been tried with disasterous results, i.e. the windows registry, so I guess I should be careful what I wish for!
There are standards, of a sort, it's just that there's no constraint on the program to follow those standards. I mean, any program worth its salt should be logging to/var/log/something. That's what the whole/var tree is for, to store variable data. Files that the system should be able to write to.
The filesystem hierarchy is well defined, afterall.
/bin = Essential command binaries /boot = Static files of the boot loader /dev = Device files /etc = Host-specific system configuration /home = User home directories (optional) /lib = Essential shared libraries and kernel modules /mnt = Mount point for mounting a filesystem temporarily (should usually be empty) /opt = Add-on application software packages /root = Home directory for the root user (optional) /sbin = Essential system binaries /tmp = Temporary files /usr = Secondary hierarchy, where all the major applications, documentation, everything else goes. Should be used for static files that don't change a lot. /var = Variable data that does change a lot.
Apps can do the wrong thing, but it is usually well defined as to what they *should* do.
The problem on some webforums I read from time to time got so severe for a while that I wrote a proxomitron rule to change the referrer header of whatever image I was requesting to be the site that I was requesting it from. So basically it looked like the referrer was the directory that the image was in. http://foo/bar/image.png would get a referrer of http://foo/bar/.
This worked on every site I checked. Leaving it blank/non-existant did not always work, although it did work most of the time.
I no longer use the Proxomitron, but there's equivalent ways to defeat referrer based rulesets. However with stock browsers, most people will be stopped by simply referrer based rewriting and so that is an effective means to stop the vast majority of image deep linking.
Currently, many financial institutions turn your check into an ACH transation. When I pay either of my credit card bills, the check isn't returned to me. It is used as an instrument to authorize an ACH withdrawal from my checking account.
A lot of private businesses are doing the same thing. Something I see a lot nowadays is a check scanner in stores. You write out the check, they run it through a scanner device which scans it, calls home to verify it, and then prints a big "VOID" on it. Then they hand the check back to the customer, right there and then. A small industry is setting up around this method.
Basically it scans the check, gets the numbers off of it. It gets the amount from the register or what have you, does an ACH transaction, gets back a confirmation that it went through, then voids the check. Done deal. You can always tell when this is new to a customer too, as they go "huh?" at first but quickly get used to it.
Of course, my bet is that most of those customers stop writing checks to those stores at that point when they see how much of a waste of time it is. From the stores point of view, that is quite okay too. The vast majority of fraud at a retail store is still check fraud.
And his evidence for this is, what? His own personal opinion?
While I agree with you on the fact that he's just speculating at that point, nevertheless a possibility exists for this sort of thing to happen.
Simple example: I went wardriving through town once. I found a lot of connections of course, but basically I just set the sniffer up on the laptop and drove around slowly. Later, when I got home, I checked out what I had found, and using timestamps I figured out where the different access points I had found were (I lacked a GPS then).
One of the ones I found was a drugstore. I looked at the raw trace and saw some really odd plaintext there. So I went back and left the laptop in the car while I went in and bought some stuff and took a look around.
What I found: - Their cash registers were all wirelessly linked to some system in the back. When you scanned an item, the barcode was read, transmitted to the machine in the back, which looked up the price and spat it back to the register. Credit card authorization was handled the same way. All this was plaintext, as I looked at the data and found my credit card number as well as barcodes from the items I purchased in there. Didn't understand the formatting, but it wasn't too difficult to see my name and credit card number stand out like a shining beacon. - Some kind of prescription transactions were wireless as well. While I didn't get a lot of data of this sort, there were packets containing various drug names, in plaintext, being sent over the air. I'd bet money that insurance information as well as whoever bought the prescription would have eventually gone out in the clear too.
The point being that security was basically non-existant for something you have a reasonable expectation of being private. I mean, when you design a wireless network to handle credit transactions, you'd think some form encryption would be pretty frickin' obvious, right? Let alone tossing somebody's prescription info out onto the airwaves.
So while he didn't state you could change the lights and has no idea if you can actually fuck with the trains, the point I think he was trying to make is that clearly security is not at the forefront of the minds of a lot of people for this sort of thing. Admittedly, my drugstore example happened a couple years back, and may have been fixed by now, but this sort of thing happens because people don't think about it being an issue. It's that part that needs to be fixed. Whether any given example can actually be compromised in a serious way is not the point.
Also, has anyone noticed an insane increase in the amount of invites? Can someone say "daymn"? How do we know they're all good?
The increase coincides with Google giving everybody 50 invites to give away. So I'd say that most of them are good. They're up to 33000 now, since I posted yesterday.
I think this is a perfectly valid question and one that is interesting to debate
I think people are largely bashing the topic because they disagree with you on this point.
"Is X art?" is one of those eternal questions, asked in every philosophy or art class arould the world, and the answer now is the same as it always has been, namely, "Who frickin' cares?"
The question itself is what your average slashdot reader would call "frickin' stupid". Unless you define the term "art" such that everybody agrees on the definition, then the term is subjective and as such whether X is art or not depends on the person answering the question. Whether X is art or not is an opinion, and thus there's really nothing to debate. So all debates on the topic, while mildly interesting, as about as useful as debating whether or not there is a god of some sort. Fun to do, perhaps, but utterly useless in the long run because you always have the same argument.
Because of this, tech nerds like those that populate/. will tend to see the question itself as stupid, because tech nerds tend to focus on the realm of reality. Will this processor work at this speed? What happens when I cross these two wires? That sort of thing. Anything that is firmly rooted in philosophy and can be actually demonstrably shown to have no bearing or use in the real world will be rejected as "stupid" pretty much outright.
You can spend all night arguing whether X is art or not, but in the end you won't have an answer, you won't have agreement, and you'll have essentially wasted your time. If you find that sort of useless argument to be fun, then by all means, enjoy. But your average tech nerd doesn't find that sort of argument fun for very long, because it's one of those arguments you can have forever. There's no definite answer. No right or wrong. Neither side is clearly correct.
Look at usenet or any forum. Endless debates on useless topics like these. However the cast of characters doing the arguing keeps changing. About 7 or 8 years is the most I've seen anybody able to argue in these sort of debates, after that you give up on it from sheer exasperation. Most people burn out even faster. Usually it's from the age of about 21 to 25 or so that are prime useless debate years, I feel.:)
They broke Hymn/JHymn cracked songs in iTunes 4.5, 4.6, 4.7.1, etc.. Okay, so Hymn was always quickly updated to fix the problem, but the point is that they have attempted to stop this sort of thing before.
Do you have a CableCard? Because that's what we're talking about here. Not just "digital cable" which involves a decoder box. CableCard replaces that.
2. So you'll be able to copy the stuff off the TiVo and onto whatever you want? Riiight...
Well, that's really up to Tivo. Their box. The CableCard idea doesn't prevent it in and of itself. Although I expect it will have some form of protection for premium stuff, laws already exist to prevent them from using copy protection technology on non-premium stuff.
3. Let's use an example: the doctrine of Fair Use states that I can make copies of $MEDIA for educational purposes. But $DISTRIBUTOR has designed $TECHNOLOGY specifically to deny me the ability to make copies of $MEDIA, without adding a mechanism to allow educational copying. So the law says I have a legal right to make copies, but the technology disallows it -- it's not uncopyable due to the nature of the medium, but rather specifically because $DISTRIBUTOR went out of their way to make it so. How, then, is $DISTRIBUTOR (and by extension, the $TECHNOLOGY they created) not violating my rights?
Because like you said, Fair Use is a doctrine, not a right. When it comes to copying this stuff, you don't have any actual rights in law. Fair Use allows you to violate copyright and get away with it. But at the same time, nothing says they have to make it easy.
Think this sucks? So do I. But changing the law to make Fair Use doctrine into an actual right is what is required to fix it.
And in any case, there's always a hole in the system that can be exploited to bypass their protections. The flaw is in the very nature of the system itself, it's not something they can work around. They can only make it difficult, not impossible.
4. Oh, you mean they're letting people skip commercials again?
When did they ever stop letting people skip commercials? I skip them all the time. I haven't seen a commercial on my TV in ages, brother.
5. You know what? I don't care whether they are likely to use it or not, I care about whether they merely have access to it and possibly could use it or not. As long as I don't take anything, you surely wouldn't mind me rummaging around your house, would you?
Rummaging through my house is a bit different than figuring out I like to watch the Simpsons. I could not give a shit who knows what TV I watch. I'm not paranoid enough to think that anybody gives a damn.
If anything, monitoring of what TV everybody watches might lead to better television. There's a hell of a lot of crap on TV, if you haven't noticed. I'm pretty sure most of it is there because the networks don't have a frickin' clue that it sucks so much. Neilsen has had his way for too damn long, IMO.
6. Yep, I must be paranoid. Because you just know that something like, oh, say, Bill Gates convincing G.W. Bush that all free software advocates are commie terrorists is absolutely impossible...
And your point is? I asked why anybody would give a shit about what TV *you* watch. Not about why Bill Gates is an asshole.
7. Are talking about now, or in the future when they stop selling on DVDs and switch from "all you can watch" channels to micropayment pay-per-view for everything, including news and sitcoms?
Why do you think that would ever happen? I mean, honestly, that marketing plan makes no sense. For one thing, having a library of everything you might want to watch at your fingertips is a huge ordeal. We're not talking about just switching to digital TV, we're talking about a fairly tremendous infrastructure upgrade here. Also, PPV movies really only works for the latest and greatest sort of thing, as I'm sure the satellite companies would be glad to point out to you.
However, I must admit that the idea of a library of all the information/movies/etc that you want is a nice one, even if it was based on a micropayment system. But that's far enough off in the future that it's not the sort of thing I'd worry about. My grandchildren might worry about it.
Slashdot Mirror
I recommend any beginners book in crypto - most of what you wrote above is utter nonsense.
To be fair, so is most of what you wrote.
The point here is that you're talking about two or three different things simulataneously. The XBox, for example, doesn't have DRM. It has various protections, I grant you, but calling these DRM is a bit outside the usual scope of the term.
Getting back to the original post you made:
Please tell me the private key used for signing Xbox games. I'm well aware that we (my wording here is intentional, and a giveaway) managed to circumvent it anyway, but all things are most definitely NOT hackable.
Why would you need their private key? The answer is that you need the private key in order to create a game to play on a stock, unmodified, XBox. Realistically, this capability has very little to do with the hackability of the XBox itself. You can hack the XBox up down and sideways without the private key, you just can't create a game to play on a non-hacked XBox without it.
You're free to reflash your cellphone, but will you be able to extract the DRM-protected content on your memorystick?
One way or another, yes, you will. If you can read the memorystick, then you can try attacking the encryption directly. If the memory stick doesn't actually contain the decryption key (say it's in the phone), then you can disassemble the phone, hook it up to a chip reader, and find/extract the decryption key. Don't care for that? Then rewire the phone's audio headphone output to go to a computer's line input and analog record the thing. Easily enough done.
Whatever, the point is that somehow, someway, if you can hear it, you can make a copy of it. And furthermore, if you can hear it, then it's possible to make a *perfect* copy of it, although it may not be feasible or may be quite difficult to obtain the necessary keys (not everybody is up to disassembling their hardware and using EPROM readers and such).
DRM, broadly defined, is the attempt to use technology to separate the acts of experiencing content and copying content. Since the content must be accessible to experience it, it's impossible to also make it inaccessible for copying purposes. There's no real-world difference between the two. They can make it as difficult as they like with the use of custom hardware and proprietary formats and such (although taken too far they run the risk of losing their customers), but it cannot be made impossible.
you must have very little reading comprehension.
:P
No, I would say that the other guy has very little writing capability.
Does this mean the bad-guy-of-your-choice can now start forging digital contracts? Not yet - there is no guarantee that the collision will be meaningful (as least their earlier papers didn't show that result). For a forgery to be useful, the forger needs to make the fake message say something useful - may be change the $1 to $1 million, or change the name, or something. A collision at a random place (or a non-sensical string) is essentially useless as a forgery (there may be some interested DOS attacks, but I am talking about outright forgery which is the point of the hash functions).
The real worry here is not that this break is practical (it's not) but that it will become practical in the future. And the stuff that is using it right now will retroactively be broken and untrustworthy.
The gist of this particular break is that instead of a 2^80 attack to generate two documents with the same hash, is that it's now a 2^69 attack. Okay, yeah, bummer and all, but it is still impractical. However, analysis of the way in which this reduction is done may lead to further insights.
If somebody can generate two files with the same hash, BFD, nobody cares. But if somebody can figure out how to take an existing file and add or modify bytes to change it's hash to some given hash, then there's real cause for alarm. Because then I can, say, take your signature off some document and change some other document to have the same hash (by adding hidden comment bytes to it or whatever, depending on the document format), and thus make it look like you signed the original document. Or I can put some malicious code in place of some valid code and make the malicious code's hash look like it's the valid code's.
With CRC32, for example, this is pretty trivial to do. Modifying a file to have any CRC you want can be done by changing only 4 bytes of the file. This is why nobody uses CRC32 anymore.
So this break doesn't mean that SHA1 is useless, but it does mean that it might become useless in the future and so stopping use of it now is probably a good idea.
While the amount of gold in a game is effectively infinite (if you spend time 'farming' you can sell items and drops for as long as you want) it is assumed that the ammount of gold/items you have will at least somewhat relate to the amount of time you've spent playing.
;) ). Have your guilds charge dues, whatever will remove cash from the game at the proper rate to offset the cash being introduced into the game.
If this is really true, then inflation is simply inevitable. The amount of cash in the game always increases because the total amount of time players spend in game always increases. Unless the number of players increases accordingly, inflation is an inevitable side effect.
The *only* long term way to offset this is to limit the amount of cash in the game. Make it dependent on the number of active players. This is probably the only stable way to do it.
There's a lot of ways to remove cash from the game. Implement taxation to remove cash on a regular basis, this way players can continue to get cash from monsters and such. Create cash sinks for upgrades to their character. Create cash sinks for things like in-game mail (gotta buy stamps to send a letter!
And eliminate obvious ways to build up large amounts of cash by sitting in front of the thing 20+ hours a day.
The problem here is basically one of game design. Most games that suffer from the unending inflation problem would have eventually suffered from it anyway. Methods of cheating can make the situation occur faster, as can ebay type trading of items for real-world money, but the problem exists regardless of these aspects. And if the game would designed with some real thought put into it the problem in the first place, it wouldn't happen.
There's little difference between the game economics and economics in the real world. And that simply is that when you have too much frickin' currency or other "value" lying about, then prices go through the roof.
Most MMOG games have added trading of gold and items between players, as well as sometimes making it easy for players to set up their own shops and such, but without careful monitoring of the background economics of the world, inflation is inevitable. Especially when wealth is automatically generated.
First, think of the economy as a closed system. You have so many items in the game and you have so much wealth in the game. Prices remain relatively stable, based mainly on rarity of the items and rarity of the currency. Adding *anything* to this system causes a change to the system as a whole:
-Adding more players to this closed system increases demand thus increasing prices.
-Adding more currency to the system increases the prices, as gold is now more common, and prices increase to take that into account.
-Adding more items to the system causes prices to drop, as the rarity of each item is reduced.
In some of these games, no actual thought seems to have been given to the concept of balance.
If the amount of cash currently in the world gets too high, you have heavy inflation. To balance it off, you need to remove cash from the world.
Ideally you do this through cash sinks, such as one time upgrades, or by having methods whereby people have to repair their equipment occassionally (which is a temporary measure only, as the value from the cash is really converted into the extended life of the equipment they're using), or by some other method which encourages people to spend that cash. Or you reduce the amount of cash they get from battles. Or eliminate cash creation from battles entirely and have monsters get their cash by defeating players with cash and stealing theirs. This basically just moves cash around instead of creating it from nothingness.
Items are forms of value too. Have items get destroyed every so often. That shield won't last forever, you know. Armor wears down over time. Swords don't stay sharp forever. That sort of thing. Force players to discard items for better/newer ones, and make 'em pay for the priviledge. Wearing down items is removing value from the world as well, so make sure you have it there to balance out whatever value you're adding to the world.
Of course, in order to avoid inflation from increased demand, you need to add cash/items to the system when new players come into the game. So just randomly add some set amount of cash/items to monsters whenever there's added players.
Allowing infinite cash holdings is no good either, as a few strong players with nothing better to do can take control of your economy. Implement taxation on player owned businesses. Implement armies of tax collectors with muscle from the local king to go beat up and steal some cash from the richest players. Hell, run a revolution if you have to make it clear to the users that they need to band together to defeat the evil rich bastard up on the hill that's fucking up the game. Whatever it takes to redistribute that wealth away from the rich.
Done properly, this sort of thing will eliminate problems with off-game auctions, because wealth being redistributed in the game won't cause inflation problems.
Wrong. Check out the law . The act of circumvention is illegal (1)(a). (IIRC there was a short period when the tools were illegal, but not yet circumvention. This period has passed.)
Check it out yourself:
US Code Title 17 Section 1201(c)(1): Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.
While copyright infringment is indeed illegal, and bypassing a technological measure to facilitate infringment is indeed illegal, fair use is explictly stated to be a valid defense for copyright infringement.
However, distributing tools to facilitate such infringement is not infringement itself, and therefore Fair Use is not a valid defense to that. That's the catch-22 of the DMCA. They can't get you for committing infringement for fair use purposes, but they can get you for distributing tools to help others for their own fair use purposes.
Why are you replying to me? I did not use the word "protest" once in my entire post. Nor do I see the relevance of your response.
It's at least debatable whether or not knowledge of a product Apple is putting out is indeed a "trade secret" under the UTSA.
The UTSA defines trade secret as follows:
"Trade secret" means information, including a formula, pattern, compilation, program device, method, technique, or process, that: (i) derives independent economic value, actual or potential, from no being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.
You can kinda shoehorn the existence of some product into there, but it doesn't really fit.
And in any case, nobody ever changed a bad law without breaking it in some fashion. It's at least arguable that the UTSA is a bad law to begin with, if it was indeed broken in this particular circumstance.
I believe copyright infringment falls under the "taking of money" portion since you are, in effect, depriving the copyright holder of legitimate sales (money).
You cannot say that my failure to give something to them (money) is the same as taking money from them and then call it stealing. If you do use that rationale for calling copyright infringement "theft", then you have to cover your bases all around.
I mean, what if I decide that the movie probably sucks and then don't go see it at all. Is that stealing? Is that theft? I'm most certainly "depriving the copyright holder of legitimate sales" by not going to see his piece of shit movie.
The fact of the matter is that you cannot define "theft" or "steal" broad enough to cover copyright infringement. Even by your own definition, copyright infringement does not deprive the owner of the use or benefit of the thing being copied. They can continue to use and benefit from their movie all they please. I may not give them any money, but that's not the same thing as taking money from them. Hell, I may not see their movie and not give them any money that way either. Me not giving them money cannot possibly be construed as "theft" using any sane definition of the word.
Copyright is a TEMPORARY grant by the government to have exclusive use on a non-tangible item. You cannot "own" some series of words in a certain order, however the government will give you the exclusive, but TEMPORARY, right to be the only person allowed to make copies of those words in that order. They do this to promote more people putting words in a certain order. Now extend this book idea to other things, like music and movies and so forth. You cannot own the movie itself, you can only have a temporary right to copy it exclusively. Copyright infringement is a violation of that temporary right by somebody else. It is not theft, it is not stealing, it's a violation of the copyright holders temporary right that is granted to them by the government.
I grant you that copyright has been extended so many times that it's damn near equivalent to actual ownership at this point, but it's still not real ownership. It's not "property", no matter how you look at it. "Intellectual property" is a bullshit term with no basis in reality.
And what it really breaks down to is that I cannot possibly steal something from you when you don't actually own it. I can infinge upon your rights and copy it without your permission, but I can't steal it from you.
That's how it works. Calling it "theft" is a misunderstanding of fact, law, property, rights, and just general reality. It's only called "theft" in order to put that emotional bias into the phrasing. It's emotional manipulation and it should be rejected instantly as an attempt by the **AA's to influence you unduly.
It may not be right to commit copyright infringement, I grant you. But it's absolutely not right for copyright to extend for 95 years after the death of the author and so forth. The public domain exists for a reason, and copyright is limited for a reason. The sort of infringment you see is a backlash against that sort of insanity, I feel. Any given person may just want "free stuff", but at the same time they want that free stuff because they're getting screwed out of what is rightfully theirs too.
maybe I'm just too stupid to figure out how a buffer overflow, or malformed packet or whatever can cause all of those OS's to execute malicious code
A buffer overflow basically works by overwriting some chunk of memory.
The gist of it is that you allocate some section of memory in the code and then copy some stuff into it. If that "stuff" happens to be bigger than the section of memory you allocate, and you're not careful about checking the sizes, then you can copy too much into the allocated memory. When this happens, you write past the end of the memory block and into other bits of memory that are being used by other things.
The way to exploit this sort of bug is to change the contents of some specific area of memory such that it will cause it to run code that you've put into some other area of memory. To do this, you have to understand how memory allocation and code execution works.
The most common way to do this is a stack overflow. Local variables are allocated in an area of memory called the stack. Also on the stack is a pointer to another area of memory called the return pointer. Basically, when a subroutine is finished executing, the return pointer tells it where to go to exit the function. By overwriting the stack, I can overwrite the return pointer, and thus cause the function to go execute code somewhere else in memory when it tries to exit. The trick then is to make it execute code that I have already put in memory when I overwrote the buffer.
Another type of overflow is called a heap overflow. This is when a program allocates a chunk of memory using malloc or something like that, while it's running. It's usually a block of memory that's not of a predefined size, in other words. This is allocated in a different space called the heap. These are a bit trickier to exploit, but it can be done. Usually you overwrite the allocated memory and overwrite some function address pointer in the heap. Then when the program tries to run that function, it ends up running your code instead, since the address now points elsewhere.
Basically, it's a matter of carefully changing the input data to something the program isn't expecting to see in such a way that the flow of execution changes. If you can do that, usually you can exploit it and cause it to run arbitrary code, code you yourself put into memory using the very same exploit that you used to change the program flow.
Does the user want Anderson Accounting? Anderson Computers? Anderson Farms? Anderson Law Firm? Anderson & Samuel Law Firm? Anderson Anderson Anderson & Sons Law firm?
I prefer the Anderson Anderson Anderson Anderson Anderson Anderson Anderson Baked Beans Anderson Anderson Anderson and Anderson Law Firm.
http://www.symantec.com/avcenter/security/Content/ 2005.02.08.html
The gist of it is that there is a heap overflow in a part of the Symantec antivirus engine that they call DEC2EXE. This is a decoder for compressed executable files. The idea is that you have to decompress it to scan the thing, this module does the decompression.
So a carefully crafted EXE file could overflow part of this code and cause arbitrary code execution.
This module isn't just in Norton Antivirus, BTW, it's in a heck of a lot of Symantec Antivirus products. So if you're running any Symantec anti-virus product, not just the home consumer stuff, you might want to head over there and get a patch.
HEY GUYS could you go down to the store and pick me up some BOXEN OF LUCKY CHARMS?
That would be "Charmii".
Why don't you get attain some self respect and start learning about the world you live in, instead of being so passive?
Why don't you get a sense of humor instead of being such an idiot?
If somebody could find me a device that would hunt down annyoing people who complain about improper pluralization among tech nerds, then I'd definitely pay for that.
:-)
"Boxen" is fine. If the plural of ox is oxen, then pluralizing box as boxen seems perfectly acceptable to me. It also helps to understand that somebody is talking about a bunch of computers as opposed to a bunch of cardboard boxes.
But I swear that the next person who tells me (in person) that virii is not correct is getting a punch in the face. I mean it.
There are standards, of a sort, it's just that there's no constraint on the program to follow those standards. I mean, any program worth its salt should be logging to
The filesystem hierarchy is well defined, afterall.Apps can do the wrong thing, but it is usually well defined as to what they *should* do.
The problem on some webforums I read from time to time got so severe for a while that I wrote a proxomitron rule to change the referrer header of whatever image I was requesting to be the site that I was requesting it from. So basically it looked like the referrer was the directory that the image was in. http://foo/bar/image.png would get a referrer of http://foo/bar/.
This worked on every site I checked. Leaving it blank/non-existant did not always work, although it did work most of the time.
I no longer use the Proxomitron, but there's equivalent ways to defeat referrer based rulesets. However with stock browsers, most people will be stopped by simply referrer based rewriting and so that is an effective means to stop the vast majority of image deep linking.
Currently, many financial institutions turn your check into an ACH transation. When I pay either of my credit card bills, the check isn't returned to me. It is used as an instrument to authorize an ACH withdrawal from my checking account.
A lot of private businesses are doing the same thing. Something I see a lot nowadays is a check scanner in stores. You write out the check, they run it through a scanner device which scans it, calls home to verify it, and then prints a big "VOID" on it. Then they hand the check back to the customer, right there and then. A small industry is setting up around this method.
Basically it scans the check, gets the numbers off of it. It gets the amount from the register or what have you, does an ACH transaction, gets back a confirmation that it went through, then voids the check. Done deal. You can always tell when this is new to a customer too, as they go "huh?" at first but quickly get used to it.
Of course, my bet is that most of those customers stop writing checks to those stores at that point when they see how much of a waste of time it is. From the stores point of view, that is quite okay too. The vast majority of fraud at a retail store is still check fraud.
And his evidence for this is, what? His own personal opinion?
While I agree with you on the fact that he's just speculating at that point, nevertheless a possibility exists for this sort of thing to happen.
Simple example: I went wardriving through town once. I found a lot of connections of course, but basically I just set the sniffer up on the laptop and drove around slowly. Later, when I got home, I checked out what I had found, and using timestamps I figured out where the different access points I had found were (I lacked a GPS then).
One of the ones I found was a drugstore. I looked at the raw trace and saw some really odd plaintext there. So I went back and left the laptop in the car while I went in and bought some stuff and took a look around.
What I found:
- Their cash registers were all wirelessly linked to some system in the back. When you scanned an item, the barcode was read, transmitted to the machine in the back, which looked up the price and spat it back to the register. Credit card authorization was handled the same way. All this was plaintext, as I looked at the data and found my credit card number as well as barcodes from the items I purchased in there. Didn't understand the formatting, but it wasn't too difficult to see my name and credit card number stand out like a shining beacon.
- Some kind of prescription transactions were wireless as well. While I didn't get a lot of data of this sort, there were packets containing various drug names, in plaintext, being sent over the air. I'd bet money that insurance information as well as whoever bought the prescription would have eventually gone out in the clear too.
The point being that security was basically non-existant for something you have a reasonable expectation of being private. I mean, when you design a wireless network to handle credit transactions, you'd think some form encryption would be pretty frickin' obvious, right? Let alone tossing somebody's prescription info out onto the airwaves.
So while he didn't state you could change the lights and has no idea if you can actually fuck with the trains, the point I think he was trying to make is that clearly security is not at the forefront of the minds of a lot of people for this sort of thing. Admittedly, my drugstore example happened a couple years back, and may have been fixed by now, but this sort of thing happens because people don't think about it being an issue. It's that part that needs to be fixed. Whether any given example can actually be compromised in a serious way is not the point.
Maybe the voices will be more believable than in Simspsons: Hit and Run.
Umm, Simpsons: Hit and Run did use the original voice cast. All the people speaking in the game are the actual actors.
Only complaint I had about Hit and Run was that it was too short and the levels are too small.
Also, has anyone noticed an insane increase in the amount of invites? Can someone say "daymn"? How do we know they're all good?
The increase coincides with Google giving everybody 50 invites to give away. So I'd say that most of them are good. They're up to 33000 now, since I posted yesterday.
I think this is a perfectly valid question and one that is interesting to debate
/. will tend to see the question itself as stupid, because tech nerds tend to focus on the realm of reality. Will this processor work at this speed? What happens when I cross these two wires? That sort of thing. Anything that is firmly rooted in philosophy and can be actually demonstrably shown to have no bearing or use in the real world will be rejected as "stupid" pretty much outright.
:)
I think people are largely bashing the topic because they disagree with you on this point.
"Is X art?" is one of those eternal questions, asked in every philosophy or art class arould the world, and the answer now is the same as it always has been, namely, "Who frickin' cares?"
The question itself is what your average slashdot reader would call "frickin' stupid". Unless you define the term "art" such that everybody agrees on the definition, then the term is subjective and as such whether X is art or not depends on the person answering the question. Whether X is art or not is an opinion, and thus there's really nothing to debate. So all debates on the topic, while mildly interesting, as about as useful as debating whether or not there is a god of some sort. Fun to do, perhaps, but utterly useless in the long run because you always have the same argument.
Because of this, tech nerds like those that populate
You can spend all night arguing whether X is art or not, but in the end you won't have an answer, you won't have agreement, and you'll have essentially wasted your time. If you find that sort of useless argument to be fun, then by all means, enjoy. But your average tech nerd doesn't find that sort of argument fun for very long, because it's one of those arguments you can have forever. There's no definite answer. No right or wrong. Neither side is clearly correct.
Look at usenet or any forum. Endless debates on useless topics like these. However the cast of characters doing the arguing keeps changing. About 7 or 8 years is the most I've seen anybody able to argue in these sort of debates, after that you give up on it from sheer exasperation. Most people burn out even faster. Usually it's from the age of about 21 to 25 or so that are prime useless debate years, I feel.
The gmail-o-matic has something like 24000 invites ready to hand out right now. So giving them more is probably not really necessary at the moment. :)
They broke Hymn/JHymn cracked songs in iTunes 4.5, 4.6, 4.7.1, etc.. Okay, so Hymn was always quickly updated to fix the problem, but the point is that they have attempted to stop this sort of thing before.
1. My cable bill disagrees with you
Do you have a CableCard? Because that's what we're talking about here. Not just "digital cable" which involves a decoder box. CableCard replaces that.
2. So you'll be able to copy the stuff off the TiVo and onto whatever you want? Riiight...
Well, that's really up to Tivo. Their box. The CableCard idea doesn't prevent it in and of itself. Although I expect it will have some form of protection for premium stuff, laws already exist to prevent them from using copy protection technology on non-premium stuff.
3. Let's use an example: the doctrine of Fair Use states that I can make copies of $MEDIA for educational purposes. But $DISTRIBUTOR has designed $TECHNOLOGY specifically to deny me the ability to make copies of $MEDIA, without adding a mechanism to allow educational copying. So the law says I have a legal right to make copies, but the technology disallows it -- it's not uncopyable due to the nature of the medium, but rather specifically because $DISTRIBUTOR went out of their way to make it so. How, then, is $DISTRIBUTOR (and by extension, the $TECHNOLOGY they created) not violating my rights?
Because like you said, Fair Use is a doctrine, not a right. When it comes to copying this stuff, you don't have any actual rights in law. Fair Use allows you to violate copyright and get away with it. But at the same time, nothing says they have to make it easy.
Think this sucks? So do I. But changing the law to make Fair Use doctrine into an actual right is what is required to fix it.
And in any case, there's always a hole in the system that can be exploited to bypass their protections. The flaw is in the very nature of the system itself, it's not something they can work around. They can only make it difficult, not impossible.
4. Oh, you mean they're letting people skip commercials again?
When did they ever stop letting people skip commercials? I skip them all the time. I haven't seen a commercial on my TV in ages, brother.
5. You know what? I don't care whether they are likely to use it or not, I care about whether they merely have access to it and possibly could use it or not. As long as I don't take anything, you surely wouldn't mind me rummaging around your house, would you?
Rummaging through my house is a bit different than figuring out I like to watch the Simpsons. I could not give a shit who knows what TV I watch. I'm not paranoid enough to think that anybody gives a damn.
If anything, monitoring of what TV everybody watches might lead to better television. There's a hell of a lot of crap on TV, if you haven't noticed. I'm pretty sure most of it is there because the networks don't have a frickin' clue that it sucks so much. Neilsen has had his way for too damn long, IMO.
6. Yep, I must be paranoid. Because you just know that something like, oh, say, Bill Gates convincing G.W. Bush that all free software advocates are commie terrorists is absolutely impossible...
And your point is? I asked why anybody would give a shit about what TV *you* watch. Not about why Bill Gates is an asshole.
7. Are talking about now, or in the future when they stop selling on DVDs and switch from "all you can watch" channels to micropayment pay-per-view for everything, including news and sitcoms?
Why do you think that would ever happen? I mean, honestly, that marketing plan makes no sense. For one thing, having a library of everything you might want to watch at your fingertips is a huge ordeal. We're not talking about just switching to digital TV, we're talking about a fairly tremendous infrastructure upgrade here. Also, PPV movies really only works for the latest and greatest sort of thing, as I'm sure the satellite companies would be glad to point out to you.
However, I must admit that the idea of a library of all the information/movies/etc that you want is a nice one, even if it was based on a micropayment system. But that's far enough off in the future that it's not the sort of thing I'd worry about. My grandchildren might worry about it.