Well, one way to prevent this would be to make sure every mail relay you can ping has authenticated SMTP. Not too pleasant for Joe DSL Guy with an Airport, but it could work if you had a mini-firewall (block port 25 when not sending to an accepted, authenticated SMTP server)...
Boy, if I were an 31337 5kr1p7 k14413 I would be working on this RIGHT NOW. Send the fake patch out in spam with a notice "Take a look at this URL! You need to upgrade your browser NOW! Accept unknown code because Microsoft told you to."
Good thing I have neither the time nor the skills nor the inclination. But I bet someone does...
This has happened with domain names too - someone claimed to be the Excite webmaster and pointed the Excite.com domain to nowhere a couple of years ago... Maybe they are in fact less secure when the customer is a Big Important Corporation with No Time to Waste!
VeriSign has revoked the certificates, and they are listed in VeriSign's current Certificate Revocation List (CRL). However, because VeriSign's code-signing certificates do not specify a CRL Distribution Point (CDP), it is not possible for any browser's CRL-checking mechanism to download the VeriSign CRL and use it. Microsoft is developing an update that rectifies this problem. The update package includes a CRL containing the two certificates, and an installable revocation handler that consults the CRL on the local machine, rather than attempting to use the CDP mechanism.
Translation: This cert is bad, but the authority issuing it can't tell you this, even though the authority claims to be responsible for doing so. Microsoft and said authority didn't think of this, and so they now have to come up with a totally kludgey patch which they promise won't break anything else.
This is so fucking confusing even to someone who is fairly technical - can you imagine Joe User's reaction to this? Makes code signing pretty much useless.
Re:We should keep it up as a monument
on
Mir Deathwatch
·
· Score: 2
Except that its orbit would decay naturally, and then it would crash in an uncontrolled manner, perhaps into a population center...
Yeah, no kidding. How many times do the pundits have to see these failures before they quit telling us that the PC is dead?
From the article:
Audrey's quick demise--the
$499 device debuted in
October--is the latest
evidence of a growing trend.
Namely, consumers don't
want simplified computing
devices for surfing the Web,
or at least they don't want
them yet.
right, but cars are all sold locally by dealers. A very large portion of the PC market is mail order, shipped from out of state. (Of course the leading mail-order PC maker is Dell, but #2 is Gateway, in California/South Dakota.)
Right. Throw in some physical thing, like a t-shirt (for a cheap subscription), an MP3 player (for an expensive subscription), or a Slashdot Cruiser (for a very, very expensive lifetime subscription) and the profits on the thing fund the subscription. Just like PBS.
Simply put, it is in the best interests of subscribers not to share [too much] proprietary info with all their friends... there will be people who rip off a small number of articles... they chalk such things up to good
publicity, and just don't sweat it.
Having been a subscriber/ripper-off of a service much like this (maybe the same one?) I agree that this can work. Letting people rip off a few articles will actually encourage subscriptions.
It's much like the tolerance of software piracy by Adobe, because they know that it's more important for Photoshop to be the standard than for them to sell every last copy. Works for me!
if there were some additional value added (e.g. throw in a ThinkGeek t-shirt of my choice and 100 licensed MP3s from Rob's favorite techno musicians). Try it, you might be surprised at how many fans fork over the cash.
How does Texas have authority over computers sold to Texans by out-of-state PC makers? Of course CPQ and DELL are Texas makers, but everyone's favorite PC maker, based in California, won't be affected as it's engaged in interstate commerce, clearly the authority of the US Congress.
Would you mind reading the following into the Congressional Record at your earliest convenience? Thanks.
#!/usr/bin/perl
# 472-byte qrpff, Keith Winstein and Marc Horowitz <sipb-iap-dvd@mit.edu>
# MPEG 2 PS VOB file -> descrambled output on stdout.
# usage: perl -I <k1>:<k2>:<k3>:<k4>:<k5 > qrpff
# where k1..k5 are the title key bytes in least to most-significant order
I thought it was hilarious (the W keys didn't make it out of the building as they were government property). Too bad certain Republicans don't have a sense of humor. Others do, though - you didn't see W himself complaining!
Face it, new forms of media that do not have the ability to protect content are not going to ever get popular these days
What are you talking about?
The most popular "new form of media" to appear recently, and become popular, has to be CD-R - which doesn't involve copy protection. On the contrary copy protection is a formula for failure - e.g. Memory Stick. (Do you know anyone who uses it? I don't!)
Slashdot Mirror
(p.s. Hey Bill!)
Try http://www.counterpane.com/crypto-gram-0103.html
Good thing I have neither the time nor the skills nor the inclination. But I bet someone does...
This has happened with domain names too - someone claimed to be the Excite webmaster and pointed the Excite.com domain to nowhere a couple of years ago... Maybe they are in fact less secure when the customer is a Big Important Corporation with No Time to Waste!
VeriSign has revoked the certificates, and they are listed in VeriSign's current Certificate Revocation List (CRL). However, because VeriSign's code-signing certificates do not specify a CRL Distribution Point (CDP), it is not possible for any browser's CRL-checking mechanism to download the VeriSign CRL and use it. Microsoft is developing an update that rectifies this problem. The update package includes a CRL containing the two certificates, and an installable revocation handler that consults the CRL on the local machine, rather than attempting to use the CDP mechanism.
Translation: This cert is bad, but the authority issuing it can't tell you this, even though the authority claims to be responsible for doing so. Microsoft and said authority didn't think of this, and so they now have to come up with a totally kludgey patch which they promise won't break anything else.
This is so fucking confusing even to someone who is fairly technical - can you imagine Joe User's reaction to this? Makes code signing pretty much useless.
Except that its orbit would decay naturally, and then it would crash in an uncontrolled manner, perhaps into a population center...
Platyops = flat face
From the article:
Audrey's quick demise--the $499 device debuted in October--is the latest evidence of a growing trend. Namely, consumers don't want simplified computing devices for surfing the Web, or at least they don't want them yet.
Even CNET admits it.
put up their own fake fan sites, and then sue the real ones out of existence?
they don't have annoying "Free Leonard Peltier" fliers stuck to them.
right, but cars are all sold locally by dealers. A very large portion of the PC market is mail order, shipped from out of state. (Of course the leading mail-order PC maker is Dell, but #2 is Gateway, in California/South Dakota.)
Um, AllAdvantage is toast. As is your link.
Right. Throw in some physical thing, like a t-shirt (for a cheap subscription), an MP3 player (for an expensive subscription), or a Slashdot Cruiser (for a very, very expensive lifetime subscription) and the profits on the thing fund the subscription. Just like PBS.
Having been a subscriber/ripper-off of a service much like this (maybe the same one?) I agree that this can work. Letting people rip off a few articles will actually encourage subscriptions.
It's much like the tolerance of software piracy by Adobe, because they know that it's more important for Photoshop to be the standard than for them to sell every last copy. Works for me!
if there were some additional value added (e.g. throw in a ThinkGeek t-shirt of my choice and 100 licensed MP3s from Rob's favorite techno musicians). Try it, you might be surprised at how many fans fork over the cash.
How does Texas have authority over computers sold to Texans by out-of-state PC makers? Of course CPQ and DELL are Texas makers, but everyone's favorite PC maker, based in California, won't be affected as it's engaged in interstate commerce, clearly the authority of the US Congress.
It's just another dumb idea that got press because all those tech journalists are desperate for anything new to write about.
Would you mind reading the following into the Congressional Record at your earliest convenience? Thanks.
,qb2 5,_;H=73;O=$b[4]<<9
;( F=(S=O>>14&7^O)
:0,@z)[_%8]}(16..271))[_]^((D>>=8
#!/usr/bin/perl
# 472-byte qrpff, Keith Winstein and Marc Horowitz <sipb-iap-dvd@mit.edu>
# MPEG 2 PS VOB file -> descrambled output on stdout.
# usage: perl -I <k1>:<k2>:<k3>:<k4>:<k5 > qrpff
# where k1..k5 are the title key bytes in least to most-significant order
s''$/=\2048;while(<>){G=29;R=142;if((@a=unqT ="C*",_) [20]&48){D=89;_=unqb24,qT,@
b=map{ord qB8,unqb8,qT,_^$a[--D]}@INC;s/...$/1$&/;Q=unqV
|256|$b[3];Q=Q>>8^(P=(E=255)&(Q>>1 2^Q>>4^Q/8^Q))<<17,O=O>>8^(E&
^S*8^S<<6))<<9,_=(map{U=_%16orE^=R^=11 0&(S=(unqT,"\xb\ntd\xbz\x14d")[_/16%8]);E
^=(72,@z=(64,72,G^=12*(U-2?0:S&17)),H^=_%64?12
)+=P+(~F&E))for@a[128..$#a]}print+qT,@a}';s/[D -HO- U_]/\$$&/g;s/q/pack+/g;eval
Actually he was covered favorably on 3/7, which is why I (and others) suggested an interview. So it's a totally legitimate piece.
I thought it was hilarious (the W keys didn't make it out of the building as they were government property). Too bad certain Republicans don't have a sense of humor. Others do, though - you didn't see W himself complaining!
But think of the innovations in that industry ... profitability, for one!
What are you talking about? The most popular "new form of media" to appear recently, and become popular, has to be CD-R - which doesn't involve copy protection. On the contrary copy protection is a formula for failure - e.g. Memory Stick. (Do you know anyone who uses it? I don't!)
If you want MP3 support I guess you need to go to Handspring. Which is fine by me.
MP3 sharing?
This is a bit old, but the Interface Hall of Shame has a good critique of QT4...