All the NSA (or some other attacker) need to do is sit between you and the person you're trying to call. You exchange keys with the NSA, the NSA exchanges keys with the other person, and everything else they can pretty much just relay verbatim -- listening in the whole time.
The only slightly tricky part of this is that the NSA have to convincingly imitate the other person when you're exchanging keys.
For instance, let's say nVidia GPLd their driver and got it accepted into the main tree. This gives them a competitive disadvantage because ATI or other companies can now look at how their drivers work with much less effort.
It also gives them a substantial competitive advantages:
* Users can install their hardware and it will all Just Work, no messing about. * Users don't have to track a seperate source for driver updates; later kernel revisions will already have all of the latest improvements included. * More developers can inspect and correct the code where required, resulting in better quality hardware support and better reliability. * Longer term, they don't have to worry about driver support for their hardware -- because as long as there's a kernel hacker out there who cares about looking after it, it'll stay working.
These are all big incentives for me (as a consumer) to select Nvidia as a hardware vendor.
In fact, in 1999 I selected Nvidia for precisely these reasons after seeing this. And like Bruce, I feel betrayed when they didn't release the full specifications, nor release open-source drivers. And that's why I don't use them any more.
If real-time streaming wasn't required then Bittorrent has already demonstrated that it is very capable and distributing large datafiles amongst large numbers of users simultaneously.
Bandwidth capacity appears to be increasing over time; I would be surprised if this trend did not continue and reach the point that real-time streaming of video becomes practical in the medium term.
In response to #2: "Not enough server bandwidth (unless you multicast)."
I would be surprised if multicast support isn't already available on the core routing and switching hardware installed at most ISPs; if that is the case, the only cost would be in working out how to set it up, not in procuring and installing more or better hardware.
The release page is running very slowly; the official Ubuntu Bittorrent tracker (complete with copies of the.torrent digests) is here: http://torrent.ubuntu.com:6969/
Ahh, my mistake -- I thought you were assuming these constraints were probably adopted by the developers (as opposed to calculating a comfortable lower bound for disk-space cost.)
The box: the device itself looked like the innards of a fairly conventional PC -- scaled up. It was mounted on a flat board (with no case) and two PSUs, a stack of SATA disks, and some Hauppauge DVB-T cards. It was running Gentoo (clearly visible during bootup) and provided a remote-control UI over X that you could control with one of the Hauppauge IR remotes that come with the tuners.
The UI itself was well constructed; it was fast, responsive, and easy for a non-geek to drive.
I didn't get to see much of the show itself -- I was busy setting up network comms and a/v hookups for the presenters; however, the video should be online fairly soon so I'll be able to see what I missed.:)
There are around 20-30 channels, not just 5, broadcast digitally in clear in the UK (not including radio channels)
The digital TV broadcasts are already pre-encoded with MPEG2 and AC3. Each multiplex (which can contain several independent streams, typically about 6 channels each) runs at about 24Mbit/sec. Picture and sound is of much higher quality than VHS.
IIRC from the event, the box they demoed (which stored 7-days worth of three seperate multiplexes) had 2TB of storage capacity. It had about 8-10 SATA disks in it, which would be about right.
Maybe it doesn't stop a core of people who know how to apply the patches, upgrade thier firmware or browse warez sites but there are plenty of people who wouldn't have a clue.
You're missing the point. They don't need a clue -- they can just nab a copy from someone else who does.
You simply cannot just type "apt-get dist-upgrade" (or "yum upgrade" or any other variation on the theme) in the Real World, I'm afraid.
Sure you can - you just don't run it on your live server with testing it on a non-essential test box first.
I think you're being a little harsh on the Debian chaps -- they understand change management; they setup the current three sub-distro system for a reason!
"Just apt-get the fix" is a perfectly reasonable response to a bug report. You can always test the fixed version yourself before rolling it out to hundreds of desktops if you want.
You could implement a (hopefully automated) means of identifying a compromised machine. A single PC on listen-only mode with Snort -- perhaps with a few Nessus scans -- might do the trick.
Once you have monitoring capabilities, you can get to work on responses. You have a few options, depending on the available resources:
-- Put up a public notice somewhere (on a webpage, network status screen, whatever) indicating that the current network outage is a result of Joe's ineptitude. (ie use peer pressure to keep users' boxes clean.)
-- Send an email to the netadmins to have Joe's network access restricted. If the detection mechanisms are reliable, you could ask the netadmins to automate this facility.
-- Provide a facility for end-users to monitor their own recorded state. This will help those who don't know they've been compromised and/or want to make sure their network connection doesn't go away.
When disabling a user's access, it would be ideal if they could retain some limited connectivity so you can feed them a "You've been hacked" webpage -- ideally with some patch download links. Depending on your local network infrastructure, this may not be feasible, but if you can move a compromised machines to a seperate VLAN with heavy ACLs, or simply QoS non-essential network traffic into the ground that'll help when end-users try to fix their machines themselves.
Fundamentally, it's just like the JANET network here in the UK -- it is a network backbone that links educational establishments to each other and the Internet.
(I'd say that calling the US academic network "Internet2" is misleading -- it's just another network, albeit a fast one.)
From the description, I'd be concerned that releasing the Accelerator code under a non-free (as in speech) license would be incompatible with the linux kernel's GPL license as it could be argued that it is a derived work.
I've tried. You just can't get the same degree of bandwidth and precision of expression from speaking as you can get typing individual characters at a keyboard. Especially if you're trying to code something.
No form of encryption will not make it harder to copy the original disk. Constructing a bit for bit copy of a digital stream in no way requires you to be able to understand the data being copied.
Rather, this is a playback protection system.
It's to stop you from watching the media when the distributors don't want you to be able to. Such as, for example, should you try to play a movie released in the US which is only just being shown in movie theatres in Western Europe. Or Asia. Or anywhere other than Region 1.
Encryption of the media is only there to force DVD player manufacturers to obtain a key -- which will only be provided if they also sign a contract to adhere to certain terms and conditions that, in essence, states that they're not allowed to undermine the distributors' business model.
Slashdot Mirror
All the NSA (or some other attacker) need to do is sit between you and the person you're trying to call. You exchange keys with the NSA, the NSA exchanges keys with the other person, and everything else they can pretty much just relay verbatim -- listening in the whole time.
The only slightly tricky part of this is that the NSA have to convincingly imitate the other person when you're exchanging keys.
Classic Man-in-the-middle attack; see also http://en.wikipedia.org/wiki/Man_in_the_middle
http://www.mozilla.org/products/firefox/releases/1 .5.html
For instance, let's say nVidia GPLd their driver and got it accepted into the main tree. This gives them a competitive disadvantage because ATI or other companies can now look at how their drivers work with much less effort.
It also gives them a substantial competitive advantages:
* Users can install their hardware and it will all Just Work, no messing about.
* Users don't have to track a seperate source for driver updates; later kernel revisions will already have all of the latest improvements included.
* More developers can inspect and correct the code where required, resulting in better quality hardware support and better reliability.
* Longer term, they don't have to worry about driver support for their hardware -- because as long as there's a kernel hacker out there who cares about looking after it, it'll stay working.
These are all big incentives for me (as a consumer) to select Nvidia as a hardware vendor.
In fact, in 1999 I selected Nvidia for precisely these reasons after seeing this. And like Bruce, I feel betrayed when they didn't release the full specifications, nor release open-source drivers. And that's why I don't use them any more.
In response to #1: "Not enough client bandwidth."
If real-time streaming wasn't required then Bittorrent has already demonstrated that it is very capable and distributing large datafiles amongst large numbers of users simultaneously.
Bandwidth capacity appears to be increasing over time; I would be surprised if this trend did not continue and reach the point that real-time streaming of video becomes practical in the medium term.
In response to #2: "Not enough server bandwidth (unless you multicast)."
I would be surprised if multicast support isn't already available on the core routing and switching hardware installed at most ISPs; if that is the case, the only cost would be in working out how to set it up, not in procuring and installing more or better hardware.
This has been done. 192.88.99.1 is a magic address that should route towards the nearest 6to4 gateway.
See also: RFC3068
The release page is running very slowly; the official Ubuntu Bittorrent tracker (complete with copies of the .torrent digests) is here: http://torrent.ubuntu.com:6969/
*munch*
VLC should be able to play it (and just about anything else you might throw at it).
You may wish to reconsider that:
"Flamers roast Stalkers for 'timebomb' shut-down"
-- http://www.theregister.co.uk/2005/02/04/stalkers/
Friend of mine at an ISP got bitten hard by this.
1a. Insert foot in mouth?
Ahh, my mistake -- I thought you were assuming these constraints were probably adopted by the developers (as opposed to calculating a comfortable lower bound for disk-space cost.)
:)
The box: the device itself looked like the innards of a fairly conventional PC -- scaled up. It was mounted on a flat board (with no case) and two PSUs, a stack of SATA disks, and some Hauppauge DVB-T cards. It was running Gentoo (clearly visible during bootup) and provided a remote-control UI over X that you could control with one of the Hauppauge IR remotes that come with the tuners.
The UI itself was well constructed; it was fast, responsive, and easy for a non-geek to drive.
I didn't get to see much of the show itself -- I was busy setting up network comms and a/v hookups for the presenters; however, the video should be online fairly soon so I'll be able to see what I missed.
IIRC from the event, the box they demoed (which stored 7-days worth of three seperate multiplexes) had 2TB of storage capacity. It had about 8-10 SATA disks in it, which would be about right.
Yup:
Photo of Pandora innards
Event Photos
Event Recordings (Audio currently available; video of sessions available once editing and processing (and mirroring!) is complete.)
Cheers,
dwm
Correction -- there were three DVB-T cards, not just one. Thus they could record up to three multiplexes simultaneously.
4 /in/photostream/ (Photo is a bit dark, but you can clearly see the three red LEDs on each of the tuner cards.)
See http://www.flickr.com/photos/90983090@N00/2814720
Cheers,
dwm
Because they want as many people as possible to be able to play them. Ogg Theora support isn't as widespread as MPEG2.
Maybe it doesn't stop a core of people who know how to apply the patches, upgrade thier firmware or browse warez sites but there are plenty of people who wouldn't have a clue.
You're missing the point. They don't need a clue -- they can just nab a copy from someone else who does.
See Microsoft's Darknet paper.
In short, we need to encourage kids to think for themselves.
I would be far more interested in taking advantage of all the CPU cycles that run all over at Businesses.
Condor.
You simply cannot just type "apt-get dist-upgrade" (or "yum upgrade" or any other variation on the theme) in the Real World, I'm afraid.
Sure you can - you just don't run it on your live server with testing it on a non-essential test box first.
I think you're being a little harsh on the Debian chaps -- they understand change management; they setup the current three sub-distro system for a reason!
"Just apt-get the fix" is a perfectly reasonable response to a bug report. You can always test the fixed version yourself before rolling it out to hundreds of desktops if you want.
You could implement a (hopefully automated) means of identifying a compromised machine. A single PC on listen-only mode with Snort -- perhaps with a few Nessus scans -- might do the trick.
Once you have monitoring capabilities, you can get to work on responses. You have a few options, depending on the available resources:
-- Put up a public notice somewhere (on a webpage, network status screen, whatever) indicating that the current network outage is a result of Joe's ineptitude. (ie use peer pressure to keep users' boxes clean.)
-- Send an email to the netadmins to have Joe's network access restricted. If the detection mechanisms are reliable, you could ask the netadmins to automate this facility.
-- Provide a facility for end-users to monitor their own recorded state. This will help those who don't know they've been compromised and/or want to make sure their network connection doesn't go away.
When disabling a user's access, it would be ideal if they could retain some limited connectivity so you can feed them a "You've been hacked" webpage -- ideally with some patch download links. Depending on your local network infrastructure, this may not be feasible, but if you can move a compromised machines to a seperate VLAN with heavy ACLs, or simply QoS non-essential network traffic into the ground that'll help when end-users try to fix their machines themselves.
Fundamentally, it's just like the JANET network here in the UK -- it is a network backbone that links educational establishments to each other and the Internet.
(I'd say that calling the US academic network "Internet2" is misleading -- it's just another network, albeit a fast one.)
Notacon is not notcon.
From the description, I'd be concerned that releasing the Accelerator code under a non-free (as in speech) license would be incompatible with the linux kernel's GPL license as it could be argued that it is a derived work.
See also http://kerneltrap.org/node/1735.
In practice, it may be enough of a gray area that it won't be a problem -- although it may scare off any company wishing to invest in it.
Personally, I'm just getting sick and tired with the maintainability and reliability issues that binary modules usually incur..
You couldn't say them?
I've tried. You just can't get the same degree of bandwidth and precision of expression from speaking as you can get typing individual characters at a keyboard. Especially if you're trying to code something.
This was never about copy protection.
No form of encryption will not make it harder to copy the original disk. Constructing a bit for bit copy of a digital stream in no way requires you to be able to understand the data being copied.
Rather, this is a playback protection system.
It's to stop you from watching the media when the distributors don't want you to be able to. Such as, for example, should you try to play a movie released in the US which is only just being shown in movie theatres in Western Europe. Or Asia. Or anywhere other than Region 1.
Encryption of the media is only there to force DVD player manufacturers to obtain a key -- which will only be provided if they also sign a contract to adhere to certain terms and conditions that, in essence, states that they're not allowed to undermine the distributors' business model.
Depends on whether you're transferring Perl code or not.