There's only one DRM'd item I've ever purchased that I didn't know in advance I had the tools to decrypt. That's my metric for what DRM I accept as a consumer.
I didn't buy a single iTunes track until PlayFair came out. After that, I've bought lots of music, so Apple's directly benefitted from PlayFair/Hymn's existance in my case. I know that I have my music as nice decrypted AAC streams. Even in the worst case of Apple watermarking the actual digital stream, I know I can always play my music in any number of open source players. That's good enough for me.
The only other DRM I've ever found acceptable is the one used by Palm Digital (aka PeanutPress) for their eBooks. The books are encrypted, but you can read them on an unlimited number of Palm, PocketPC, Symbian, Windows, or Mac devices. They use your full name and credit card number to encrypt a session key for the book. Once you enter your name/number, the decrypted session key is kept on your device (so your credit card number ISN'T store on your Palm!). There's no limit to the number of devices you can unlock the book on, and there's no call-home function to authorize the unlock process -- it's just straight crypto. The hook of course, is that if you want to distribute the book (without breaking the actual DRM), you need to include your name and card number. Probably not something you want to do on the Internet, and of course the leak can be tracked back to you with appropriate consequences. On the other hand, if you want to let a friend "borrow" your book, just beam it to his Palm, email it to him, etc. and enter your name and card number on his machine. He can't transfer the book to anyone else without re-keying the name/number, yet he can read the book for as long as he wants without having to worry about "losing" one of your precious authorizations. PeanutPress will even re-encrypt all your books using a new credit card number (once you use it to make a purchase), so you don't need to remember which card you used for which book -- you can always redownload all your books with your current card number.
If iTunes and others decided to go the route of PeanutPress, I probably wouldn't even bother to break the encryption. As long as the seller maintains control over me after the sale, then there's no way I'm going to buy something I can't break.
As far as a "rental" instead of a purchase, if I can't rent/burn/return, it's pretty unlikely I'd go for it. We'd have to be talking REAL cheap for me to consider it.
You've completely missed the intended point of signing a credit card receipt. It's not so much for record keeping or going back to later as it is for time-of-sale verification.
The clerk is supposed to take the card from the customer, swipe it, hold the card through the authorization process and signature, then compare the card to the signature on the receipt. If the signatures don't match or the clerk is uncertain, the clerk is supposed to ask the customer for additional (preferably photo) identification. If the customer cannot identify himself successfully, it's supposed to be no-sale -- refund the transaction, keep the card, and call the credit card company.
Will that stop an accomplished forger intent on using someone else's credit card? No way! Will it stop your average Joe just scribbling somebody else's name using the card he picked up on the street? More often than not, yes!
It's also possible for a credit card authorization request to result in a "keep card" response, in which case the transaction has failed and the clerk is supposed to keep the card (assuming it would not cause danger of bodily harm -- if he's got a gun, the customer is ALWAYS right!). I say "possible" as support for that is in the VisaNET/Vital spec, but I admit I've never seen nor heard of it happening.
Of course with lazy clerks or self-service terminals (in either case the customer has his card back in his wallet before the terminal's even got a dial tone), the whole process is kind of b0rked up...
[...] imagine buying a DVD and [...] not being able to [watch it] because first it needs to connect to a authentification server [...]
What? Did someone say Divx? (No, not the hack of an MPEG4 codec...)
I'm seriously hoping Steam meets the same end as the original Divx in short order. I'd really like to play HalfLife 2, but my money's staying firmly in my pocket as a direct result of the Steam BS. I only paid $10 for HalfLife 1 (a year after it came out), so I'm in no hurry. With any luck someone'll get a clue and kill off Steam before then...
[...] providers' function was limited to acting as a conduit [...] and [...] the Act does not authorize subpoenas in such circumstances
Correct me if I'm wrong, but given that interpretation it's basically impossible to use the subpoena power of the DMCA against anyone other than a web hosting company. Not that I'm complaining, but I doubt that's what was intended in the law, and I can definitely see that either being reversed higher up or ammended if necessary.
On the other hand, it basically leaves the law in a position where it can be used against "commercial" infringement (including someone else's content on your web site. not that all sites are commercial, of course), but leaves "sharing" beyond the reach of the law.
Of course content owners can still send warning letters to some ISP's and get your service canceled (cough.. Adelphia... cough).
I'd really love to see the whole law ammended out of existance, but anyways...
I wish I had URLs available, but only excessive Googling would find them again at the moment.
There is at least one manufacturer of PCI bus bearing cards that are capable (and indeed intended for the purpose) of receiving DirecTV's signal and using a properly and duely subscribed access card to decode the information.
Let me emphasize: They're more or less useless for signal theft, as they require a plain-old access card. Anything illegal (DMCA not withstanding) would involve modifying the access card which is well beyond the scope of this post.
The cards in question are intended for use as part of large scale DirecTV installations such as hotels or apartment buildings that provide DirecTV services to residents. The ones I looked at basically had one access card PCI card and one or more sat. interface cards. The signal is decoded and sent down to set top boxes throughout the building. I think the signal is supposed to be sent out as plain-old analog cable at that point with the boxes somehow requesting what channel they want and the controller tuning an available decoder to the desired channel. The benefits of such a system are large scale DTV rollouts without needing dozens (or hundreds) of access cards -- everything is kept in the central box.
The disadvantages are price (about $600 a piece when I looked) and the fact that they're intended to be used with specialized systems and a custom OS. Any Linux drivers for these babies would be a complete hack job...
I really wish I could find the URL for the company that makes these things again, but alas it was a couple of hard drive crashes ago that I last looked into this. Anybody else ever stumble across these things?
All of the compact florescent's I've run into take at least a minute or two to come up to full brightness. LED's should be 100% as soon as they're turned on.
Not sure that's work $80, but it's an improvement.
... there is the remote possibility that someone could reprogram the printer...
The more real worry... is that private companies...
My worry would be that 'private companies' might 'reprogram the printer.' If you can make the voting machine count one extra vote for Candidate X every twenty votes for Candidate Y, you could make it also fix the paper receipt for that fixed vote to say 'Candidate Y' in print, but have Candidate X's barcode on it. Then if those ballets are machine scanned in a recount, the counts match perfectly. Only if someone started going through the ballets with a hand scanner would anyone notice that some of the ballots had mismatched text and barcodes.
If we're assuming that someone might try to fsck with the counting routines, would it be so hard to fix the printing routines at the same time? I think *any* machine-only printing on a paper ballot (except maybe registration marks to make sure it's lined up right when its read) defeat the purpose of printing the thing in the first place. The "real" meaning of the piece of paper is still locked up in machine-land where mere mortal voters are unable to verify it.
I like a lot of what you're saying, but one thing about your verifiable ballots: Barcodes are not human readable and thus there's no way for the average person to verify his vote by looking at the paper ballot. Any paper ballot must be completely human readable. If you can print something in such a ways that it's both human readable and machine enabling (like using an easily scannable font or something), fine.
The important part is that there's nothing on the ballot that's exclusively machine readable, or you defeat the purpose of a voter verifiable paper ballot.
After too many bad keys or if you tried a blacklisted key, it would drop a registry entry somewhere. Then even if you gave it a good key, it wouldn't work. They made you email support for help, then they gave you a.reg file that cleaned out the kill-key.
But seriously... I ALWAYS have my PalmOS device with me (a Sony Clie NX70 that's had WiFi since I bought it in December 2002!). I *love* my PowerBook to death; and if I had the extra $$$$ laying around, I might even consider getting a chibi iBook for those times when 15" is just too big.
For all the utility of a full laptop, I've yet to encounter one that will fit in my pocket without requiring custom pocket sewing and a sturdy belt / tourniquet to keep my pants from heading south in a hurry.
There's certainly a lot more you can do with a full laptop, but there's a lot to be said for something that's always with you and instantly accessible. I often use the WiFi on my Clie to check mail or ssh into a server at work to check something.
The 5 GHz U-NII frequency bans is segmented into three 100 MHz bands for operation in the US. The lower band ranges from 5.15 -5.25 GHz, the middle band ranges from 5.25-5.35 GHz and the upper band ranges from 5.725-5.825 GHz.
So odds are a 5.8GHz phone would mess with the upper range of 802.11a.
On the Series 2 boxes, it's significantly more difficult to apply useful more-or-less legal hacks such as adding a network adapter, disk cache, TiVo web, and (the kicker) video extraction.
TiVo/DTV have no doubt been getting flacke about how easy it is to extract pure digital content from their equipment. Creating a 'bug' and forcing users to the more secure Series 2 boxes would be a nice feather in their cap. Not saying that's the case here, but...
The only fix is, "buy a new TV." The phosphorous in the flat panel can only take so much abuse before it gives up. It's the exact same problem as CRT burn-in. Once it's done, it's done.
Burn-in is also explicitly EXCLUDED in all of the plasma manufacturer's warranties, so even if you buy a new TV and it burns in after a week, you're screwed.
I couldn't resist... I did the math. Of the Compaq and Sun drive arrays that have their disk sizes/model numbers listed, there's 11.8 TERRABYTES of drive on auction!
In other news, of about 40 plasma TV's on auction, 33 of them are suffering from phosphor burn, and the rest are 'untestable.' Guess that settles my decision on whether to go w/ plasma or LCD....
IE is insecure. It has multiple unpatched known security issues. It's probably got lots of UNKNOWN issues too (so there's some U & D for you), but there are more than enough known problems to instill plenty of Fear.
Mortal users on MacOS X have read-only permissions to most of the juicier bits of the file system. That includes/System and/Library where drivers, kernel extensions, etc. must live.
Unless you're logged in as root (which is disabled by default) or you've manually futzed with the permissions on those directories, then any attempts to write to those directories by your "admin" user will fail.
The admin user on MacOS isn't quite like Administrator (either the user or a member of the group) on Windows. Admin on Windows simply has rights to do EVERYTHING. Admin on MacOS has the *potential* to do anything, but they're still mortal users (this is Un*x, so you're either root or you're nothing).
MacOS X installers (or any other app) that need write access must prompt the user for their password. The app provides your credentials to MacOS' Security Services, and using some sudo-like tricks, the OS authenticates that one process to have certain rights until it quits. Until you authenticate and let the OS "bless" your administrative powers, you're still a non-privileged user.
So bottom line, if your Mac is anywhere near default config (root disabled and/or read-only on/System), no installer will be able to install kernel drivers without prompting for your password.
Slashdot Mirror
There's only one DRM'd item I've ever purchased that I didn't know in advance I had the tools to decrypt. That's my metric for what DRM I accept as a consumer.
I didn't buy a single iTunes track until PlayFair came out. After that, I've bought lots of music, so Apple's directly benefitted from PlayFair/Hymn's existance in my case. I know that I have my music as nice decrypted AAC streams. Even in the worst case of Apple watermarking the actual digital stream, I know I can always play my music in any number of open source players. That's good enough for me.
The only other DRM I've ever found acceptable is the one used by Palm Digital (aka PeanutPress) for their eBooks. The books are encrypted, but you can read them on an unlimited number of Palm, PocketPC, Symbian, Windows, or Mac devices. They use your full name and credit card number to encrypt a session key for the book. Once you enter your name/number, the decrypted session key is kept on your device (so your credit card number ISN'T store on your Palm!). There's no limit to the number of devices you can unlock the book on, and there's no call-home function to authorize the unlock process -- it's just straight crypto. The hook of course, is that if you want to distribute the book (without breaking the actual DRM), you need to include your name and card number. Probably not something you want to do on the Internet, and of course the leak can be tracked back to you with appropriate consequences. On the other hand, if you want to let a friend "borrow" your book, just beam it to his Palm, email it to him, etc. and enter your name and card number on his machine. He can't transfer the book to anyone else without re-keying the name/number, yet he can read the book for as long as he wants without having to worry about "losing" one of your precious authorizations. PeanutPress will even re-encrypt all your books using a new credit card number (once you use it to make a purchase), so you don't need to remember which card you used for which book -- you can always redownload all your books with your current card number.
If iTunes and others decided to go the route of PeanutPress, I probably wouldn't even bother to break the encryption. As long as the seller maintains control over me after the sale, then there's no way I'm going to buy something I can't break.
As far as a "rental" instead of a purchase, if I can't rent/burn/return, it's pretty unlikely I'd go for it. We'd have to be talking REAL cheap for me to consider it.
You've completely missed the intended point of signing a credit card receipt. It's not so much for record keeping or going back to later as it is for time-of-sale verification.
The clerk is supposed to take the card from the customer, swipe it, hold the card through the authorization process and signature, then compare the card to the signature on the receipt. If the signatures don't match or the clerk is uncertain, the clerk is supposed to ask the customer for additional (preferably photo) identification. If the customer cannot identify himself successfully, it's supposed to be no-sale -- refund the transaction, keep the card, and call the credit card company.
Will that stop an accomplished forger intent on using someone else's credit card? No way! Will it stop your average Joe just scribbling somebody else's name using the card he picked up on the street? More often than not, yes!
It's also possible for a credit card authorization request to result in a "keep card" response, in which case the transaction has failed and the clerk is supposed to keep the card (assuming it would not cause danger of bodily harm -- if he's got a gun, the customer is ALWAYS right!). I say "possible" as support for that is in the VisaNET/Vital spec, but I admit I've never seen nor heard of it happening.
Of course with lazy clerks or self-service terminals (in either case the customer has his card back in his wallet before the terminal's even got a dial tone), the whole process is kind of b0rked up...
[...] imagine buying a DVD and [...] not being able to [watch it] because first it needs to connect to a authentification server [...]
What? Did someone say Divx? (No, not the hack of an MPEG4 codec...)
I'm seriously hoping Steam meets the same end as the original Divx in short order. I'd really like to play HalfLife 2, but my money's staying firmly in my pocket as a direct result of the Steam BS. I only paid $10 for HalfLife 1 (a year after it came out), so I'm in no hurry. With any luck someone'll get a clue and kill off Steam before then...
Nobody remembers!
How about the run on sentences? Are those Hollywood's fault too?
Correct me if I'm wrong, but given that interpretation it's basically impossible to use the subpoena power of the DMCA against anyone other than a web hosting company. Not that I'm complaining, but I doubt that's what was intended in the law, and I can definitely see that either being reversed higher up or ammended if necessary.
On the other hand, it basically leaves the law in a position where it can be used against "commercial" infringement (including someone else's content on your web site. not that all sites are commercial, of course), but leaves "sharing" beyond the reach of the law.
Of course content owners can still send warning letters to some ISP's and get your service canceled (cough
I'd really love to see the whole law ammended out of existance, but anyways...
I wish I had URLs available, but only excessive Googling would find them again at the moment.
There is at least one manufacturer of PCI bus bearing cards that are capable (and indeed intended for the purpose) of receiving DirecTV's signal and using a properly and duely subscribed access card to decode the information.
Let me emphasize: They're more or less useless for signal theft, as they require a plain-old access card. Anything illegal (DMCA not withstanding) would involve modifying the access card which is well beyond the scope of this post.
The cards in question are intended for use as part of large scale DirecTV installations such as hotels or apartment buildings that provide DirecTV services to residents. The ones I looked at basically had one access card PCI card and one or more sat. interface cards. The signal is decoded and sent down to set top boxes throughout the building. I think the signal is supposed to be sent out as plain-old analog cable at that point with the boxes somehow requesting what channel they want and the controller tuning an available decoder to the desired channel. The benefits of such a system are large scale DTV rollouts without needing dozens (or hundreds) of access cards -- everything is kept in the central box.
The disadvantages are price (about $600 a piece when I looked) and the fact that they're intended to be used with specialized systems and a custom OS. Any Linux drivers for these babies would be a complete hack job...
I really wish I could find the URL for the company that makes these things again, but alas it was a couple of hard drive crashes ago that I last looked into this. Anybody else ever stumble across these things?
All of the compact florescent's I've run into take at least a minute or two to come up to full brightness. LED's should be 100% as soon as they're turned on.
Not sure that's work $80, but it's an improvement.
The branch (or jump) if not equal operand that's present in probably every processor's assembly language.
I dunno... I'm not sure I'd consider both myself and my data being incinerated in the same nuclear blast to be a failing of my backup strategy.
Definitely a major case of "not my problem (anymore)"...
... there is the remote possibility that someone could reprogram the printer ...
... is that private companies ...
The more real worry
My worry would be that 'private companies' might 'reprogram the printer.' If you can make the voting machine count one extra vote for Candidate X every twenty votes for Candidate Y, you could make it also fix the paper receipt for that fixed vote to say 'Candidate Y' in print, but have Candidate X's barcode on it. Then if those ballets are machine scanned in a recount, the counts match perfectly. Only if someone started going through the ballets with a hand scanner would anyone notice that some of the ballots had mismatched text and barcodes.
If we're assuming that someone might try to fsck with the counting routines, would it be so hard to fix the printing routines at the same time? I think *any* machine-only printing on a paper ballot (except maybe registration marks to make sure it's lined up right when its read) defeat the purpose of printing the thing in the first place. The "real" meaning of the piece of paper is still locked up in machine-land where mere mortal voters are unable to verify it.
I like a lot of what you're saying, but one thing about your verifiable ballots: Barcodes are not human readable and thus there's no way for the average person to verify his vote by looking at the paper ballot. Any paper ballot must be completely human readable. If you can print something in such a ways that it's both human readable and machine enabling (like using an easily scannable font or something), fine.
The important part is that there's nothing on the ballot that's exclusively machine readable, or you defeat the purpose of a voter verifiable paper ballot.
GetRight (used to) do exactly that.
.reg file that cleaned out the kill-key.
After too many bad keys or if you tried a blacklisted key, it would drop a registry entry somewhere. Then even if you gave it a good key, it wouldn't work. They made you email support for help, then they gave you a
Annoying, effective, and non-destructive.
Is that a 12" iBook in your pocket or........
But seriously... I ALWAYS have my PalmOS device with me (a Sony Clie NX70 that's had WiFi since I bought it in December 2002!). I *love* my PowerBook to death; and if I had the extra $$$$ laying around, I might even consider getting a chibi iBook for those times when 15" is just too big.
For all the utility of a full laptop, I've yet to encounter one that will fit in my pocket without requiring custom pocket sewing and a sturdy belt / tourniquet to keep my pants from heading south in a hurry.
There's certainly a lot more you can do with a full laptop, but there's a lot to be said for something that's always with you and instantly accessible. I often use the WiFi on my Clie to check mail or ssh into a server at work to check something.
Well... As long as you can only do it with Natalie and Halle there, I guess the world of crypto has nothing to worry about.
Done... It's called HideIt http://www.expocenter.com/hideit/.
Note that if you search Google, you don't want what's presently at the top. Different product.
So odds are a 5.8GHz phone would mess with the upper range of 802.11a.
> Annie are you OK? Are you OK? Are you OK, Annie?
Am I the only sick fsck here who saw the (almost) Michael Jackson lyric? Maybe I was just abused in my childhood or something...
(Like listening to 80's music isn't abuse enough!)
On the Series 2 boxes, it's significantly more difficult to apply useful more-or-less legal hacks such as adding a network adapter, disk cache, TiVo web, and (the kicker) video extraction.
TiVo/DTV have no doubt been getting flacke about how easy it is to extract pure digital content from their equipment. Creating a 'bug' and forcing users to the more secure Series 2 boxes would be a nice feather in their cap. Not saying that's the case here, but...
The only fix is, "buy a new TV." The phosphorous in the flat panel can only take so much abuse before it gives up. It's the exact same problem as CRT burn-in. Once it's done, it's done.
Burn-in is also explicitly EXCLUDED in all of the plasma manufacturer's warranties, so even if you buy a new TV and it burns in after a week, you're screwed.
I couldn't resist... I did the math. Of the Compaq and Sun drive arrays that have their disk sizes/model numbers listed, there's 11.8 TERRABYTES of drive on auction!
In other news, of about 40 plasma TV's on auction, 33 of them are suffering from phosphor burn, and the rest are 'untestable.' Guess that settles my decision on whether to go w/ plasma or LCD....
> There are no Windows in the basement.
What? An all Linux house? Then you've probably got nothing to worry about! =)
Where's the Uncertainty and Doubt?
IE is insecure. It has multiple unpatched known security issues. It's probably got lots of UNKNOWN issues too (so there's some U & D for you), but there are more than enough known problems to instill plenty of Fear.
Naaaa.... Balmer's the Steve who has a bit of a dancing problem!
Mortal users on MacOS X have read-only permissions to most of the juicier bits of the file system. That includes /System and /Library where drivers, kernel extensions, etc. must live.
/System), no installer will be able to install kernel drivers without prompting for your password.
Unless you're logged in as root (which is disabled by default) or you've manually futzed with the permissions on those directories, then any attempts to write to those directories by your "admin" user will fail.
The admin user on MacOS isn't quite like Administrator (either the user or a member of the group) on Windows. Admin on Windows simply has rights to do EVERYTHING. Admin on MacOS has the *potential* to do anything, but they're still mortal users (this is Un*x, so you're either root or you're nothing).
MacOS X installers (or any other app) that need write access must prompt the user for their password. The app provides your credentials to MacOS' Security Services, and using some sudo-like tricks, the OS authenticates that one process to have certain rights until it quits. Until you authenticate and let the OS "bless" your administrative powers, you're still a non-privileged user.
So bottom line, if your Mac is anywhere near default config (root disabled and/or read-only on