A couple years back, I was part of a project which implemented this product with little success. Your second point is right on, if the user switches keyboards (laptop vs. PC vs. home PC), then the system doesn't recognize their pattern and they need to re-register, which is a time-consuming process. Furthermore, the authentication is highly sensitive to latency, which results in the same failure to authenticate and subsequent need to re-register your typing cadence. Another point to consider is that it is highly sensitive to minor changes, such as if the user has a bandaid on one of their fingers then they experience the same issue. To be fair, the sensitivty settings are configurable. Needless to say, the user communtiy revolted, and we pulled it.
That was a job of epic scale, I'm impressed. Bards should write songs and poems about it. Knowing that such activity is possible, and that your organization is so patient, efficient and ruthless, makes me want to buy EVE and join the GHSC. I played the beta and loved the concept and the graphics, but got bored with all the mining. Anyway, good show. You're a legend in my mind.
Most file-sharing programs aren't the most upstanding citizens of the computing world. Yes, the entertainment industry hates them for the way they're used to download movies and albums without paying -- but many of these programs also fail to treat their own users well, often installing an unadvertised, unwanted load of advertising and spyware. BitTorrent is different. This free, open-source program offers a spyware- and nuisance-free installation. And while it is certainly handy for downloading movies and other copyrighted material for free, it's also increasingly used to distribute software and entertainment legally. This makes BitTorrent (www.bittorrent.com) not only a fascinating test case for legal experts, but it also looks a lot like the logical fusion of peer-to-peer file-sharing and traditional downloading. It's too robust to stamp out with lawsuits, but too effective not to adopt for commercial use. BitTorrent works by enlisting everybody into the file-distribution process. A BitTorrent download starts when you click on a ".torrent" link on a Web page, in an e-mail or some other document. That link gets handed off to your BitTorrent program, which follows that link to a "tracker" computer. (BitTorrent doesn't have any file-search capability built in; you must find these.torrent links yourself.) The tracker, in turn, points your copy of BitTorrent to a random grouping of other BitTorrent users who have the file you want. Your copy then starts downloading, assembling all these disparate chunks into a perfect copy of the original. But once you have part of the file on your computer, BitTorrent also begins uploading that to other people who come looking for it. This uploading continues until you close the BitTorrent program. The net effect of this is a vast increase in the resources available to distribute a file -- instead of the limit being one Web site's own Internet connection, you can theoretically put the entire bandwidth of the Internet to work. The original distributor of the file needs to upload it only once, after which everybody else takes care of the work -- and as more people download it, the torrent picks up speed. This approach is overkill for a three-minute song, but for a 30-minute sitcom or a two-hour movie, it's highly effective. As a result, the Motion Picture Association of America is less than thrilled about that particular use. It has taken tracker sites to court for their role in pointing users to movie downloads. As part of one settlement, it took over one such site, LokiTorrent.com, and turned it into an online billboard warning users of the legal risks they faced. But the Washington-based lobby hasn't sued BitTorrent's developer, Bram Cohen of Bellevue, Wash., nor has it gone after individual BitTorrent users. (Full disclosure: For research purposes, I've used BitTorrent to grab two episodes of "The Simpsons" and Jon Stewart's famously combative "Crossfire" appearance.) "There are good and bad uses for this technology," said David Green, the MPAA's vice president for technology and new media. The association is instead focusing on the people who have gone out of their way to help others download movies -- "the people who are bringing together the people who want infringing material," as he put it. This represents a shift from previous practices, in which the MPAA, the Recording Industry Association of America (news - web sites) and other groups have tried to have entire products -- for example, the first Diamond Rio MP3 player or the networked ReplayTV (news - web sites) video recorder -- taken off the market. One reason for this change of heart may be that in BitTorrent, unlike many other file-sharing programs, legitimate use doesn't amount to a token minority. It's central to this program's existence. Developers of versions of the Linux (news - web sites) operating system were some of the first to jump on BitTorrent as a way to ship out vast amounts of data. A Linux distribution can easily span four CD-ROMs; instead, companies su
Even harder to justify OS/app licenses
on
The Hundred-Buck PC
·
· Score: 0, Interesting
With a cost that low, the PC itself becomes a commodity item. Heck, the whole system costs less than most kids' video cards. At that price point, it becomes impossible to justify hundreds (or thousnads) of dollars in OS and application licenses. Linux on the desktop will be driven more by this project than any other, if it is successful.
Does anyone else smell a rat ? M$ sells an OS and apps (IE) with insecure, exploitable code, and then releases a spyware tool to clean up what gets through the bad IE code. Soon, they will begin charging annual (or monthly) subscription fees for their spyware-removal tool, just like AV vendors do. Why don't they simply clean up the code instead, and prevent system compromise in the first place ?
Its nice to see a technology gorilla succeed while retaining their humanity, as in their ethics statement "don't be evil". Hopefully, more businesses will follow their lead.
Thanks, Its nice to know that I'm not alone. http://slashdot.org/comments.pl?sid=106902 &cid=912 4491
Physical Sovereignty vs. Distributed Networking
on
The Empires Strike Back
·
· Score: 1, Interesting
This is good example of why businesses such as www.havenco.com will become more important in the future. Volunteer-based sites and non-profits will need to rely on sovereign nations such as Sealand for hosting services which are outside of the jurisdiction of our "democratic" law enforcemnet authorities. Mirroring and distributed networking architectures are still physically located somewhere. Unfortunately, there will be fewer and fewer nations willing to stand up to Western law enforcement in the future. Hence, business will boom for those nations willing to provide truly secure and sovereign hosting environments, much like the Caribbean does now for banks and investment firms.
And the most interesting thing, IMHO, about Miller's Dark Knight is his take on the Caped Crusader. The Batman is a very dark, almost psychotic, vigilante with a serious death-wish. A far cry from the campy TV Batman or even the mainstream DC comics. He is no hero, just a very troubled man with lots of money and gadgets and a finely-honed athleticism, even at age 60. He is despised by everyone, save the newly-retired Comissioner Gordon (and the new Robin,who shows up later). And Gordon is just as cynical as Batman is about the state of society. If you like Batman, or Frank Miller, I'd highly recommend it for the fresh perspective on this comic icon.
The specific errors you are getting probably depend upon your architecture, but this is the first place I'd look. Our errors were obvious "cert expired" ones. The "non-routable" message is likely realted to the Verisign dumbasses using some non-routable addresses as described in other posts and if you FTFA. Here's the link from Citrix : http://support.citrix.com/forums/thread.jspa?forum ID=17&threadID=46299&tstart=0
To summarize:
Any ICA connections that use Secure Gateway or SSL Relay will be affected. The solution is to replace your outdated intermediate certificate on all Secure Gateway servers, web servers and any MetaFrame servers running the SSL Relay service.
The error you get when trying to connect might look something like this:
The connection was rejected. The SSL certificate is no longer valid. Please contact your Citrix Administrator (SSL error 70)
Or this:
The server sent an expired security certificate. The certificate "O=Verisign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA - Class 3, OU=www.verisign.com/CPS Incorb.by Ref. LIABILITY LTD.(c)97 VeriSign" is valid from Thursday, April 17, 1997 to Wednesday, January 7, 2004.
As I live in the area, I am somewhat familiar with the issues involved. The conservationists are asking that some type of mitigation for the problem (bird kills)be incorporated into the permit renewal, as the original permits are rather ancient (and many even predate the Endangered Species Act, but I could be wrong). This could be a simple as cutting back brush around the turbines in order to make the area less attractive to rodents, which many of the birds feed on. Since many of the birds killed are endangered species, it seems to make sense IMHO, but the owners/operators are reluctant to make such changes. Hence, the threatened suit.
This is probably another case of "You get what you pay for", but the issues here go beyond simply using a fake ID to breach physical security. The fact that the data needed to fake the ID was culled from the attendee list on the website speaks volumes as to how much thought actually went into the security architecture for this event. I mean, really, someone should of thought of that possibility. Why didn't they verify or vet this identification in some way ? Another frightening fact is that these jokers' security processes, if you consider the RFIDs as 'security',are violating the laws of both the host country and the EU. This is the biggest issue, IMHO. "Security" also means adhering to all applicable laws and regulations, in order to limit your liability, and the liability of your employer. And what about these guys walking around snapping photos of the screener's monitors ? Whats up with that ? The bottom line is that these "security experts" at SportAccess, or wherever, are incompetent. Their security model was ill-conceived, poorly executed, needlessly intrusive and (obviously) completely ineffective.
I liked the show , and thought that the dialogue alone was head and shoulders above ANY show (not just scifi or western) previously or currently broadcast, but that isn't relevant. Isn't the topic here the interactive multimedia approach to the show's episodes ? No one has commented on that yet.
"If you had your firewall set up the right way -- and when I say firewall I include scanning e-mail and scanning file transfer -- you wouldn't have had a problem."
This is funny to me because the whole.NET thing is based upon letting the kitchen sink through any firewall just because its running over port 80, avoiding typical firewall functionality. How can we have our "firewall setup the right way" when M$'s business strategy is to circumvent properly manged firewallls ? I guess we'll all need to buy layer 7 scanners/filters to protect against the bad code.
1. Write insecure code 2. Send it over port 80 to bypass firewalling 3. Profit
I don't know if it is the same product, but you can view something similar in the Clift Hotel's lounge (in SF). Each "print" is displayed for a few minutes before changing to a diferent "print" (Klimt last time I was in there), So each "print" rotates through the various screens. They look quite nice, and this probably prevents burn-in. Drinks are expensive, though.
Slashdot Mirror
A couple years back, I was part of a project which implemented this product with little success. Your second point is right on, if the user switches keyboards (laptop vs. PC vs. home PC), then the system doesn't recognize their pattern and they need to re-register, which is a time-consuming process. Furthermore, the authentication is highly sensitive to latency, which results in the same failure to authenticate and subsequent need to re-register your typing cadence. Another point to consider is that it is highly sensitive to minor changes, such as if the user has a bandaid on one of their fingers then they experience the same issue.
To be fair, the sensitivty settings are configurable.
Needless to say, the user communtiy revolted, and we pulled it.
That was a job of epic scale, I'm impressed. Bards should write songs and poems about it. Knowing that such activity is possible, and that your organization is so patient, efficient and ruthless, makes me want to buy EVE and join the GHSC. I played the beta and loved the concept and the graphics, but got bored with all the mining. Anyway, good show. You're a legend in my mind.
Most file-sharing programs aren't the most upstanding citizens of the computing world. Yes, the entertainment industry hates them for the way they're used to download movies and albums without paying -- but many of these programs also fail to treat their own users well, often installing an unadvertised, unwanted load of advertising and spyware. .torrent links yourself.)
BitTorrent is different. This free, open-source program offers a spyware- and nuisance-free installation. And while it is certainly handy for downloading movies and other copyrighted material for free, it's also increasingly used to distribute software and entertainment legally.
This makes BitTorrent (www.bittorrent.com) not only a fascinating test case for legal experts, but it also looks a lot like the logical fusion of peer-to-peer file-sharing and traditional downloading. It's too robust to stamp out with lawsuits, but too effective not to adopt for commercial use.
BitTorrent works by enlisting everybody into the file-distribution process. A BitTorrent download starts when you click on a ".torrent" link on a Web page, in an e-mail or some other document. That link gets handed off to your BitTorrent program, which follows that link to a "tracker" computer. (BitTorrent doesn't have any file-search capability built in; you must find these
The tracker, in turn, points your copy of BitTorrent to a random grouping of other BitTorrent users who have the file you want. Your copy then starts downloading, assembling all these disparate chunks into a perfect copy of the original. But once you have part of the file on your computer, BitTorrent also begins uploading that to other people who come looking for it.
This uploading continues until you close the BitTorrent program.
The net effect of this is a vast increase in the resources available to distribute a file -- instead of the limit being one Web site's own Internet connection, you can theoretically put the entire bandwidth of the Internet to work. The original distributor of the file needs to upload it only once, after which everybody else takes care of the work -- and as more people download it, the torrent picks up speed.
This approach is overkill for a three-minute song, but for a 30-minute sitcom or a two-hour movie, it's highly effective.
As a result, the Motion Picture Association of America is less than thrilled about that particular use. It has taken tracker sites to court for their role in pointing users to movie downloads. As part of one settlement, it took over one such site, LokiTorrent.com, and turned it into an online billboard warning users of the legal risks they faced.
But the Washington-based lobby hasn't sued BitTorrent's developer, Bram Cohen of Bellevue, Wash., nor has it gone after individual BitTorrent users. (Full disclosure: For research purposes, I've used BitTorrent to grab two episodes of "The Simpsons" and Jon Stewart's famously combative "Crossfire" appearance.)
"There are good and bad uses for this technology," said David Green, the MPAA's vice president for technology and new media. The association is instead focusing on the people who have gone out of their way to help others download movies -- "the people who are bringing together the people who want infringing material," as he put it.
This represents a shift from previous practices, in which the MPAA, the Recording Industry Association of America (news - web sites) and other groups have tried to have entire products -- for example, the first Diamond Rio MP3 player or the networked ReplayTV (news - web sites) video recorder -- taken off the market.
One reason for this change of heart may be that in BitTorrent, unlike many other file-sharing programs, legitimate use doesn't amount to a token minority. It's central to this program's existence.
Developers of versions of the Linux (news - web sites) operating system were some of the first to jump on BitTorrent as a way to ship out vast amounts of data. A Linux distribution can easily span four CD-ROMs; instead, companies su
With a cost that low, the PC itself becomes a commodity item. Heck, the whole system costs less than most kids' video cards. At that price point, it becomes impossible to justify hundreds (or thousnads) of dollars in OS and application licenses. Linux on the desktop will be driven more by this project than any other, if it is successful.
Does anyone else smell a rat ? M$ sells an OS and apps (IE) with insecure, exploitable code, and then releases a spyware tool to clean up what gets through the bad IE code. Soon, they will begin charging annual (or monthly) subscription fees for their spyware-removal tool, just like AV vendors do.
Why don't they simply clean up the code instead, and prevent system compromise in the first place ?
Its nice to see a technology gorilla succeed while retaining their humanity, as in their ethics statement "don't be evil".
Hopefully, more businesses will follow their lead.
Thanks, Its nice to know that I'm not alone.2 &cid=912 4491
http://slashdot.org/comments.pl?sid=10690
This is good example of why businesses such as www.havenco.com will become more important in the future. Volunteer-based sites and non-profits will need to rely on sovereign nations such as Sealand for hosting services which are outside of the jurisdiction of our "democratic" law enforcemnet authorities. Mirroring and distributed networking architectures are still physically located somewhere. Unfortunately, there will be fewer and fewer nations willing to stand up to Western law enforcement in the future. Hence, business will boom for those nations willing to provide truly secure and sovereign hosting environments, much like the Caribbean does now for banks and investment firms.
welcome our new charcoal briquette overlords.
And the most interesting thing, IMHO, about Miller's Dark Knight is his take on the Caped Crusader.
The Batman is a very dark, almost psychotic, vigilante with a serious death-wish. A far cry from the campy TV Batman or even the mainstream DC comics. He is no hero, just a very troubled man with lots of money and gadgets and a finely-honed athleticism, even at age 60. He is despised by everyone, save the newly-retired Comissioner Gordon (and the new Robin,who shows up later). And Gordon is just as cynical as Batman is about the state of society.
If you like Batman, or Frank Miller, I'd highly recommend it for the fresh perspective on this comic icon.
But the rest of the box seems to be OK.
Every boy wants a giant Robotic Lawnmower for a pal.
I'm using Lynx.
Is it just me or does anyone else think that Cryptonomicon was derivative of Gravity's Rainbow ?
Tell George Lucas. Maybe he'll learn something.
So it is really a Cadillac commercial posing as an OS ? Or is it a Glock commercial posing as an OS? I hope it has those cool cell phones too.
I'm in charge of Microsoft's Secure Computing Initiative.
The specific errors you are getting probably depend upon your architecture, but this is the first place I'd look. Our errors were obvious "cert expired" ones. The "non-routable" message is likely realted to the Verisign dumbasses using some non-routable addresses as described in other posts and if you FTFA.m ID=17&threadID=46299&tstart=0
Here's the link from Citrix : http://support.citrix.com/forums/thread.jspa?foru
To summarize:
Any ICA connections that use Secure Gateway or SSL Relay will be affected. The solution is to replace your outdated intermediate certificate on all Secure Gateway servers, web servers and any MetaFrame servers running the SSL Relay service.
The error you get when trying to connect might look something like this:
The connection was rejected. The SSL certificate is no longer valid. Please contact your Citrix Administrator (SSL error 70)
Or this:
The server sent an expired security certificate. The certificate "O=Verisign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA - Class 3, OU=www.verisign.com/CPS Incorb.by Ref. LIABILITY LTD.(c)97 VeriSign" is valid from Thursday, April 17, 1997 to Wednesday, January 7, 2004.
Good luck
Just FYI
As I live in the area, I am somewhat familiar with the issues involved. The conservationists are asking that some type of mitigation for the problem (bird kills)be incorporated into the permit renewal, as the original permits are rather ancient (and many even predate the Endangered Species Act, but I could be wrong). This could be a simple as cutting back brush around the turbines in order to make the area less attractive to rodents, which many of the birds feed on. Since many of the birds killed are endangered species, it seems to make sense IMHO, but the owners/operators are reluctant to make such changes. Hence, the threatened suit.
This is probably another case of "You get what you pay for", but the issues here go beyond simply using a fake ID to breach physical security. The fact that the data needed to fake the ID was culled from the attendee list on the website speaks volumes as to how much thought actually went into the security architecture for this event. I mean, really, someone should of thought of that possibility. Why didn't they verify or vet this identification in some way ?
Another frightening fact is that these jokers' security processes, if you consider the RFIDs as 'security',are violating the laws of both the host country and the EU. This is the biggest issue, IMHO. "Security" also means adhering to all applicable laws and regulations, in order to limit your liability, and the liability of your employer.
And what about these guys walking around snapping photos of the screener's monitors ? Whats up with that ?
The bottom line is that these "security experts" at SportAccess, or wherever, are incompetent. Their security model was ill-conceived, poorly executed, needlessly intrusive and (obviously) completely ineffective.
I liked the show , and thought that the dialogue alone was head and shoulders above ANY show (not just scifi or western) previously or currently broadcast, but that isn't relevant.
Isn't the topic here the interactive multimedia approach to the show's episodes ? No one has commented on that yet.
heh
"If you had your firewall set up the right way -- and when I say firewall I include scanning e-mail and scanning file transfer -- you wouldn't have had a problem."
.NET thing is based upon letting the kitchen sink through any firewall just because its running over port 80, avoiding typical firewall functionality. How can we have our "firewall setup the right way" when M$'s business strategy is to circumvent properly manged firewallls ? I guess we'll all need to buy layer 7 scanners/filters to protect against the bad code.
This is funny to me because the whole
1. Write insecure code
2. Send it over port 80 to bypass firewalling
3. Profit
I don't know if it is the same product, but you can view something similar in the Clift Hotel's lounge (in SF). Each "print" is displayed for a few minutes before changing to a diferent "print" (Klimt last time I was in there), So each "print" rotates through the various screens. They look quite nice, and this probably prevents burn-in.
Drinks are expensive, though.