I know that it's an age-old rule of correcting others that one makes a mistake of the same nature in the corrective statement (I'm likely to suffer a few), but those phone jacks that you list (typically called TS for tip-sleeve when mono or TRS for tip-ring-sleeve when stereo or balanced mono) are most commonly sized in 1/4", 3.5mm, and 2.5mm. 1/2" would be awesome, but I've never seen one.
I can't believe that this is the kind of activity you advocate. Clearly the legal line on this stuff has been moving the wrong way for a long time, and laws regarding child porn are *way* off the mark.
Have you even thought about blind people? We should lock up anyone who hears, touches, smells, tastes, or sees children. Don't forget people who say child-like things or try to attract children (ice cream men, for instance). Don't even get me started on five-year-old girls who kiss five-year-old boys. They've clearly demonstrated an affinity for minors.
One loses the safe harbor protection when they demonstrate awareness or knowledge of user-directed content's infringement. What if one of the users was a representative of a copyright owner? Just because something was expensive to make doesn't mean that your knee-jerk reflex should be removal.
Profit doesn't come into play in the general case, as they're not selling the content directly: Title 17, Section 512.(c).(1).(B) "does not receive a financial benefit directly attributable to the infringing activity"
Even if the majority of your files are infringing, that's not the same as direct attribution of financial benefit.
This does demonstrate some awareness of materials that have studio copyright naturally attributed to them, but it doesn't mean that the poster didn't have copyright. Basically, there's a DMCA-specified procedure for notification, and many of these conversations discuss exactly how to go about handling those provisions.
Clips of shows like Leno and Conan could fall under fair use by users (news agencies do it), so, again, where's the beef?
This just plainly isn't that damning, and it's certainly not that evil. The original poster needs to chill out. Anyone who's ever sat in a meeting with lawyers discussing the ins and outs of the DMCA would find these statements in no way out of place. Put them in the full context of the emails, and it looks like Viacom's just out to make a money grab from deep pockets. The Viacom lawyers must be busy trying to wave shiny objects in front of executives to keep them from noticing the huge revenue loss that came from not sorting things out with Hulu...
Honestly, I don't generally mind Ticketmaster. They serve a fairly useful function, and it's my understanding that the convenience fee can often include promoter fees from which Ticketmaster takes no profit. Promoters would just rather that Ticketmaster absorb the public ill will.
That said, this falls well within the umbrella of principles leading to, say, the first sale doctrine. You should read up on Bobbs-Merrill Co. v. Straus in which the court first established the first sale doctrine. More to the point, check out Northern Pacific R. Co v United States, in which the Supreme Court held that vertical price fixing agreements are per se illegal under the Sherman act. Ticketmaster could have terms-of-service that require that I kill the next person I meet after purchasing a ticket, but that would be an illegal agreement. Contractual restrictions illegal under the Sherman act count. Ticketmaster doesn't get to violate contract law just because they use computers.
More simply, you can't contractually agree to do something illegal, including price fixing. It's why there's an "S" (suggested) in MSRP and an "A" (Advertised) in MAP.
You do not have the legal right to the success of the business model of your choosing, and designing/implementing an easily-gamed system is your fault, not the fault of those who game it. If you ran a three-card monte game with clear plastic cups and then sued me when you realized that you'd lost your shirt, tough nuts.
It's not illegal to resell tickets above face value in most states (check out stub hub for TicketMaster's very own foray into person-to-person ticket sales), and business can be conducted in alternate states with more lax restrictions on ticket resale.
Beyond that, smoking a CAPTCHA system with a bit of cleverness is not hacking or unauthorized access in any reasonable way. This is just a ridiculous attempt to criminalize scuzzy, crappy, opportunistic behavior on the part of one party (scalpers) at the expense of another scuzzy, crappy, opportunistic party (TicketMaster). This strikes me as another case of people trying to misuse the law to remedy the unexpected (only by idiots) defeat of a faulty system. If one reads the article, it seems like Wiseguys (seriously? That's your name?) made purchases on behalf of ticket brokers (ticket-broker is to scalper as escort is to hooker) with detection-avoiding measures in place to keep TicketMaster from blocking the regulars.
It's an attempt by TicketMaster to wipe the egg off of their face, a face that most of America hates with a passion. Perhaps they should find a better way (reverse auction, anyone?) to find the natural market price instead of using time-release scarcity to spur impulse-buys that inevitably result in person-to-person ticket resale later on stub hub where they get to come back for a second skim off the top...
I doubt that any of this crap comes anywhere near the bar of passing the Tinker test, and in loco parentis means "in place of the parent" only so much as to be in place in the parent's absence due to the impracticality of having all parents attend school with their children.
Seriously, though, who is surprised by this? Do we not remember school administrators with Napoleon complexes that fabricated arbitrary (and, frankly, dangerous) rules to satisfy their need for accomplishment? I watched school teachers and administrators drag kids by their arms and pick kids up by their necks. For administrators, it's all crooks and scowls. Given the triple threat of terror, shooting, and sextings, it's a perfect opportunity for a power grab in a tiny corner of society. It doesn't excuse their behavior, but the desire has been on simmer for eons.
Somewhere around here I have a picture of some runaway hippie at Kent State... She was 14! If only they'd had laptops back then!
You either learn to read your people or learn to read what they say (and how they say it). If you don't, or you can't build enough trust to get real impressions from your people, you're not a good PM (at least, not functionally).
Whether that requires being a former dev or not is a different debate. My best PM ever had never been a dev, but he learned how to code so he could be a better PM. He was eventually the Director of Engineering, quite deservedly so.
Make sure to read Orson Scott Card's How Software Companies Die (commonly known as "Programmers and Bees"). This sort of over-refinement of estimation is not only pointless (in that it presumes far greater association between the past and the future than is likely to exist), it's destructive to the goal of making good software in a reasonable time-frame (if that is still the goal).
Some element of the planning and development process has to bake down to trust and awareness. If a dev says that something will take an unreasonable amount of time, a good project manager should be able to smell the BS and, more importantly, recognize that the dev might be sand-bagging a feature he/she hates. That dev might, in turn, actually take that long to do it. If you have cultural and motivational problems, no amount of process refinement is going to help. It's just going to drive the competent developers away and leave you with a slow death-spiral of longer estimates and crappier software.
High, low, medium risk? When I hear people baking things into categories, that's fine. When I see them plan schedules from the information reduced into categories (instead of cycling back and asking devs), the bozo-bit gets flipped. Aggregability is NP-hard, and it's important to remember that you're not going to be able to bake something as complex as software down into a weekend management seminar. If I could give one piece of advice to managers and devs looking to get better estimates, I'd say: "Go with your gut. As you get better at it, and your team gets better at working together, your intuitive estimates will get an order-of-magnitude better than the estimates that would have been derived from an over-simplified system. If you try to commoditize software, you get whatever the market will bear."
Clearly the balance of incentives has been wildly off for some time now. Researchers finding possibly big-cost vulnerabilities and reporting them to vendors/middlemen have found that the responses to their discoveries have been slow. Additionally, the payouts for these researchers has been relatively low.
They've been slow because companies have very little incentive to actually fix these bugs, provided that the rate of exploitation of these bugs is sufficiently low.
The incentives for a company using commercial software are stacked heavily against disclosure (do they discover the intrusion? angry customers upon disclosure? etc.), and software vendors are rarely motivated by costs that are, probabilistically, very low. Only once companies are hit by the overwhelming stigma of wide-spread exploits, and the long tail of consumer distrust, do they take greater care in the future.
Companies these days get the sense that they can dodge 180 days of exposure for the price of a used Honda Accord, but the reality is that knowledge of the bug may not be a significant contributor to the risk of exploitation. If one honest researcher has found a vulnerability, can we be confident that no malicious researchers have? Hell, every little wanna-be hacker and future programmer among us used to have floppies and notebooks of vulnerabilities, some collected, some personally discovered. The vulnerability is the source of risk. Put the blame back on the companies that have failed to fix them. More accurately, shift the incentives. With huge shake-ups like mass disclosures, the effect on all companies could be a shift toward more attention being paid to security. To me, it seems like a net win.
Re:And this is a nearly unsolveable problem.
on
GSM Decryption Published
·
· Score: 4, Informative
When someone who understands cryptographic security says "security through obscurity isn't security at all," they typically mean that knowledge of the algorithm shouldn't provide any significant benefit to an attacker. In other words, the exchange should be computationally secure even if attackers know the mechanism of encryption/decryption. In cases of public/private key encryption, the exchange should be computationally secure even if attackers know the public key.
The "obscurity" of a private key, for instance, isn't the obscurity that we're talking about. You either don't know that, or you're just out to rag on me (didn't get what you wanted for chanuquanchristmasolstice?). Whatever. My initial point, that A5/1 is naturally insecure (subject to known-plaintext attacks and hit by relatively-easily-generated rainbow tables) and this project highlights that, still stands.
I have no need to get into a credentials-off with someone on Slashdot, but I'll happily discuss the more technical aspects of cryptography with anyone interested/interesting, yourself included.
Honestly, I suspect that a few things are in play here: - A5/1 is relatively easy to implement in limited hardware. - Much of the existing infrastructure hardware has code that either sits in ASICs (this seems unlikely at this point) or bolted-into-a-box firmware that would require costly re-flashing. - Companies aren't forced by consumers to provide genuine security. - Most phone calls are *really* boring, and most of us honestly have nothing that we feel is worth hiding (I'm not saying that this sentiment is a good one in general).
I would like to think that the public will eventually get wise and call, globally, for the use of cryptographic algorithms that are more genuinely secure, even against government intrusion, but I know that this is next to impossible. Phone companies did a cost/benefit analysis on this one long ago and decided that the encryption that they were using was sufficient. With public awareness, the costs/benefits of modernization have changed (fractionally). In general, this is good news.
We allow people to fear-monger by saying that this can allow criminals to decrypt calls more easily, but, if a couple of dozen hackers at a conference can piece this together through brute-force-ish tactics, are we sure that others haven't already? That's the point that they've made, a point entirely lost in the article.
This does *next-to-nothing* to make the system less secure. It was insecure to begin with. Regulations rendering the dissemination of code-breaking and system-compromising codes and techniques illegal aren't there to protect our data security. They're there to allow companies to use inadequate security measures without public shame.
Of course, this is Slashdot. Anyone who doesn't already know that security through obscurity is ridiculous is an idiot (or a troll). Anyone who relates cryptographic security to fake-rock-key-hiding and calls that rock obscurity (inevitable in a story like this) is just a troll.
What it does do is solidify the positions of green IP holders looking to screw companies in less advanced nations by taking their cut of (or limiting production of) the "green" products that will be required to play in the newly-legally-mandated global green economy.
I know it sounds all tin-foil-hat-y, but the prospect that CO2 policy could be used to keep richer nations dominant via IP has been haunting me for some time. If US/Euro companies get their cut of the green economy mandated by their own governments without actually having to produce anything, it could artificially screw with otherwise normal factor-price equalization.
Some points: 1. There is no right to avoid the prejudice of others. Others should be free to make whatever judgments they want about me based on whatever information they have about me. If they use this to affect a matter of public access or curtail my rights, then we as a society may want to step in (avoid racism, etc). If they compel me to provide private information, I have the right to say no, and they have the right to tell me to leave.
2. Holding back factual information is next to impossible. Something happened, so now we have to go sanitize the records of what happened after someone served a sentence for it? The conviction of a party for a crime is a historical fact, and attempting to hide that fact by finger-waving at public information sources is folly.
3. The problem isn't the information. It's the discrimination and prejudice that comes afterwards. Perhaps if we were more open, we'd be less inclined to pretend that everyone is squeaky clean.
30, 100 S. Ashland Ave #208 (same as in AnyWho), agnostic, no illegal drugs, but I have been arrested before. If it's the kind of place that won't hire because of that, I'm not interested in workin' there. It's not like this information can't be had extremely easily. Pretending that we can hide public information is foolish. Pretending that we can hide history is ridiculously foolish.
It doesn't matter if they served enough time in prison. The truly important problem here is Germany's ridiculous attempt to limit the distribution of factual information with the law.
Germany has a long history of censorship. You can't disparage the president or state, sell pornographic writings, be a nazi, show a nazi symbol, insult someone if it steps over the magical line of insulting human dignity, etc. The very state of Germany's overreaching laws regarding speech insults human dignity.
Putting loopholes and narrowly-targeted restrictions in the constitution (find a translation of: Grundgesetz für die Bundesrepublik Deutschland) from the start is a sure-fire way to end up with this completely ridiculous legal result.
This, folks, is why treating ownership of information as an illegal act is inherently flawed. Exploiting/molesting children? Yeah, that's a crime. Funding that exploitation? That could be a slippery slope, but, at its core, sure, it's a crime. Possessing the products of that exploitation? If you make it a crime, you'll run into this.
It is completely unreasonable to make the possession of a particular type of information illegal if you fairly consider the implications. This type of law is both dangerous and fruitless. It's friggin' data. Even if it were put down on paper, photocopiers would make it almost infinitely reproducible. When it's electronic, it can be replicated at an absurd rate.
It's like criminalizing glass pipes because they could be used to smoke pot (whichever way you sit on smoking pot, just let this go for a sec). If you do this, you start down a road of harassing people for having wood pipes, then toy pipes, then things that look like pipes, then lumps in their pockets. If you wanted to stop the use of pot, go after the source.
We can't get to the people producing this sort of media and committing these crimes, so we try to get to the people who have it in some sort of scorched-earth approach to the problem? This can only end badly.
Criminalizing the dissemination of information is ridiculous no matter what.
BINGO! As soon as you peel back the line on this one, you open up a grey area of ridiculous criminalization. The modem itself, modified, is like a VCR, a gun, a car, or a goat. Sure, there are illegal things that you can do with all of them, and some of them are really best used for illegal purposes (hint... not the goat). Still, that shouldn't make the provision of these things illegal. It's information or a tool. It's intent agnostic.
Now, the instruction can indeed constitute participation in a crime, but telling someone to go do something is way different than telling someone how to go do something.
Example:
Hey, Joey, go kill that guy.
or
Hey, Joey, if you shoot someone in the face, they will probably die.
Or make mandatory aerodynamic figures, or mandatory hybrid powertrains, or mandatory fuel types... bzzzzzzzzzzzz...
Wrong.
Those sort of solutions are short-sighted and idiotic. Make the law favor more efficient cars. Don't make the law favor a particular implementation. $20 says that someone with a coating patent bought someone with bureaucratic oversight a nice dinner. When the law selects a particular implementation, it runs a significant risk of becoming outdated.
As someone who's other home is Chicago, I can say that sun heating in the winter makes a difference to me (lower latitude, to be fair), and cell phone reception is *already* a problem there.
Except not all cars are used in California climates, some in colder regions may not want to lose the little bit of sun heating in the winter, but *everyone* will suffer for California's laws (and I'm living in California) because automakers generally make 50-state cars.
If you want people to use less gas, just tax gas and push money back into public transit. If you want to make glazed glass a no-cost consumer choice, give people a tax credit when they register the car.
BART essentially closing down at midnight? The entirety of public transit in L.A.? Come on. If you want to get people out of their cars or into more efficient ones, balance the costs and benefits. I'm all for mandates where no obvious pressure can be applied to the market (e.g. sensible emissions regulations, NOT corporate averages which disincentivize automaker specialization, food health inspection, toxic waste in the water supply), but these attention-grabbing and, frankly, stupid measures get nothing done. Allowing CO2 to be treated as a pollutant through the normal bureaucratic channels is has proven idiotic. You want to change CO2 production, look to the Port of Los Angeles or at coal power. Cutting down on A/C use is like bailing out the Titanic with a tea cup.
Better still, find a way to reclaim CO2, because the odds of getting the whole world to stop puffing out CO2 are roughly the same of getting California to stop trying to wear out the words "nanny" and "state."
It declares soda fair game for government intervention (PDF) on the grounds that "market failures" in this area are causing "less-than-optimal production and consumption."' Where do we draw the line?"
Where do we draw the line?
How about back at banning smoking at private establishments (I don't smoke, but it's fair to let people who do make a choice on their own property), or banning foie gras (I live in Chicago, and we've since reversed this stupidity)? The moment that we started in on this over-policing is the moment that we opened up the possibility of banning or taxing because of "market failures" (i.e. The market not doing what one particular party wants). Perhaps our soda isn't keeping us all alive as long, but who's to say that the quality of life afforded by synthesized cola drinks isn't worth the trade-off? And now we'll have the conflicting pressures of federal corn subsidies that make drinks cheap and state taxes that make them expensive, creating an artificial "optimal" price and a rube-goldberg-esque funnel of funds from the federal government to state and local governments?
This feels a lot like imminent domain, with public necessity turning into public benefit turning into public convenience turning into public whim.
Anyone who wants a definition of slippery slope can look at this new cola war as an example.
Slashdot Mirror
I meant awesome in a Soviet Russia sort of way. Bulky connectors never stop making me grin.
I know that it's an age-old rule of correcting others that one makes a mistake of the same nature in the corrective statement (I'm likely to suffer a few), but those phone jacks that you list (typically called TS for tip-sleeve when mono or TRS for tip-ring-sleeve when stereo or balanced mono) are most commonly sized in 1/4", 3.5mm, and 2.5mm. 1/2" would be awesome, but I've never seen one.
I think that there should be a phrase leading comma to break the setup, as in:
"With that kind of reading comprehension, I..."
I'm not sure where this bit of grammatical fascism is coming from. I don't think that the intent of the sentence is very ambiguous.
I can't believe that this is the kind of activity you advocate. Clearly the legal line on this stuff has been moving the wrong way for a long time, and laws regarding child porn are *way* off the mark.
Have you even thought about blind people? We should lock up anyone who hears, touches, smells, tastes, or sees children. Don't forget people who say child-like things or try to attract children (ice cream men, for instance). Don't even get me started on five-year-old girls who kiss five-year-old boys. They've clearly demonstrated an affinity for minors.
Kidding aside, perhaps "taste" is a bit far.
Direct sale of the material would be more direct, which is to say, "direct." Anything less is indirect.
Mod parent +1000.
One loses the safe harbor protection when they demonstrate awareness or knowledge of user-directed content's infringement. What if one of the users was a representative of a copyright owner? Just because something was expensive to make doesn't mean that your knee-jerk reflex should be removal.
Profit doesn't come into play in the general case, as they're not selling the content directly:
Title 17, Section 512.(c).(1).(B)
"does not receive a financial benefit directly attributable to the infringing activity"
Even if the majority of your files are infringing, that's not the same as direct attribution of financial benefit.
This does demonstrate some awareness of materials that have studio copyright naturally attributed to them, but it doesn't mean that the poster didn't have copyright. Basically, there's a DMCA-specified procedure for notification, and many of these conversations discuss exactly how to go about handling those provisions.
Clips of shows like Leno and Conan could fall under fair use by users (news agencies do it), so, again, where's the beef?
This just plainly isn't that damning, and it's certainly not that evil. The original poster needs to chill out. Anyone who's ever sat in a meeting with lawyers discussing the ins and outs of the DMCA would find these statements in no way out of place. Put them in the full context of the emails, and it looks like Viacom's just out to make a money grab from deep pockets. The Viacom lawyers must be busy trying to wave shiny objects in front of executives to keep them from noticing the huge revenue loss that came from not sorting things out with Hulu...
Honestly, I don't generally mind Ticketmaster. They serve a fairly useful function, and it's my understanding that the convenience fee can often include promoter fees from which Ticketmaster takes no profit. Promoters would just rather that Ticketmaster absorb the public ill will.
That said, this falls well within the umbrella of principles leading to, say, the first sale doctrine. You should read up on Bobbs-Merrill Co. v. Straus in which the court first established the first sale doctrine. More to the point, check out Northern Pacific R. Co v United States, in which the Supreme Court held that vertical price fixing agreements are per se illegal under the Sherman act. Ticketmaster could have terms-of-service that require that I kill the next person I meet after purchasing a ticket, but that would be an illegal agreement. Contractual restrictions illegal under the Sherman act count. Ticketmaster doesn't get to violate contract law just because they use computers.
More simply, you can't contractually agree to do something illegal, including price fixing. It's why there's an "S" (suggested) in MSRP and an "A" (Advertised) in MAP.
You do not have the legal right to the success of the business model of your choosing, and designing/implementing an easily-gamed system is your fault, not the fault of those who game it. If you ran a three-card monte game with clear plastic cups and then sued me when you realized that you'd lost your shirt, tough nuts.
My only bias is against being stupid...
It's not illegal to resell tickets above face value in most states (check out stub hub for TicketMaster's very own foray into person-to-person ticket sales), and business can be conducted in alternate states with more lax restrictions on ticket resale.
Beyond that, smoking a CAPTCHA system with a bit of cleverness is not hacking or unauthorized access in any reasonable way. This is just a ridiculous attempt to criminalize scuzzy, crappy, opportunistic behavior on the part of one party (scalpers) at the expense of another scuzzy, crappy, opportunistic party (TicketMaster). This strikes me as another case of people trying to misuse the law to remedy the unexpected (only by idiots) defeat of a faulty system. If one reads the article, it seems like Wiseguys (seriously? That's your name?) made purchases on behalf of ticket brokers (ticket-broker is to scalper as escort is to hooker) with detection-avoiding measures in place to keep TicketMaster from blocking the regulars.
It's an attempt by TicketMaster to wipe the egg off of their face, a face that most of America hates with a passion. Perhaps they should find a better way (reverse auction, anyone?) to find the natural market price instead of using time-release scarcity to spur impulse-buys that inevitably result in person-to-person ticket resale later on stub hub where they get to come back for a second skim off the top...
Oh.. right...
I doubt that any of this crap comes anywhere near the bar of passing the Tinker test, and in loco parentis means "in place of the parent" only so much as to be in place in the parent's absence due to the impracticality of having all parents attend school with their children.
Seriously, though, who is surprised by this? Do we not remember school administrators with Napoleon complexes that fabricated arbitrary (and, frankly, dangerous) rules to satisfy their need for accomplishment? I watched school teachers and administrators drag kids by their arms and pick kids up by their necks. For administrators, it's all crooks and scowls. Given the triple threat of terror, shooting, and sextings, it's a perfect opportunity for a power grab in a tiny corner of society. It doesn't excuse their behavior, but the desire has been on simmer for eons.
Somewhere around here I have a picture of some runaway hippie at Kent State... She was 14! If only they'd had laptops back then!
You either learn to read your people or learn to read what they say (and how they say it). If you don't, or you can't build enough trust to get real impressions from your people, you're not a good PM (at least, not functionally).
Whether that requires being a former dev or not is a different debate. My best PM ever had never been a dev, but he learned how to code so he could be a better PM. He was eventually the Director of Engineering, quite deservedly so.
Make sure to read Orson Scott Card's How Software Companies Die (commonly known as "Programmers and Bees"). This sort of over-refinement of estimation is not only pointless (in that it presumes far greater association between the past and the future than is likely to exist), it's destructive to the goal of making good software in a reasonable time-frame (if that is still the goal).
Some element of the planning and development process has to bake down to trust and awareness. If a dev says that something will take an unreasonable amount of time, a good project manager should be able to smell the BS and, more importantly, recognize that the dev might be sand-bagging a feature he/she hates. That dev might, in turn, actually take that long to do it. If you have cultural and motivational problems, no amount of process refinement is going to help. It's just going to drive the competent developers away and leave you with a slow death-spiral of longer estimates and crappier software.
High, low, medium risk? When I hear people baking things into categories, that's fine. When I see them plan schedules from the information reduced into categories (instead of cycling back and asking devs), the bozo-bit gets flipped. Aggregability is NP-hard, and it's important to remember that you're not going to be able to bake something as complex as software down into a weekend management seminar. If I could give one piece of advice to managers and devs looking to get better estimates, I'd say: "Go with your gut. As you get better at it, and your team gets better at working together, your intuitive estimates will get an order-of-magnitude better than the estimates that would have been derived from an over-simplified system. If you try to commoditize software, you get whatever the market will bear."
Clearly the balance of incentives has been wildly off for some time now. Researchers finding possibly big-cost vulnerabilities and reporting them to vendors/middlemen have found that the responses to their discoveries have been slow. Additionally, the payouts for these researchers has been relatively low.
They've been slow because companies have very little incentive to actually fix these bugs, provided that the rate of exploitation of these bugs is sufficiently low.
The incentives for a company using commercial software are stacked heavily against disclosure (do they discover the intrusion? angry customers upon disclosure? etc.), and software vendors are rarely motivated by costs that are, probabilistically, very low. Only once companies are hit by the overwhelming stigma of wide-spread exploits, and the long tail of consumer distrust, do they take greater care in the future.
Companies these days get the sense that they can dodge 180 days of exposure for the price of a used Honda Accord, but the reality is that knowledge of the bug may not be a significant contributor to the risk of exploitation. If one honest researcher has found a vulnerability, can we be confident that no malicious researchers have? Hell, every little wanna-be hacker and future programmer among us used to have floppies and notebooks of vulnerabilities, some collected, some personally discovered. The vulnerability is the source of risk. Put the blame back on the companies that have failed to fix them. More accurately, shift the incentives . With huge shake-ups like mass disclosures, the effect on all companies could be a shift toward more attention being paid to security. To me, it seems like a net win.
When someone who understands cryptographic security says "security through obscurity isn't security at all," they typically mean that knowledge of the algorithm shouldn't provide any significant benefit to an attacker. In other words, the exchange should be computationally secure even if attackers know the mechanism of encryption/decryption. In cases of public/private key encryption, the exchange should be computationally secure even if attackers know the public key.
The "obscurity" of a private key, for instance, isn't the obscurity that we're talking about. You either don't know that, or you're just out to rag on me (didn't get what you wanted for chanuquanchristmasolstice?). Whatever. My initial point, that A5/1 is naturally insecure (subject to known-plaintext attacks and hit by relatively-easily-generated rainbow tables) and this project highlights that, still stands.
I have no need to get into a credentials-off with someone on Slashdot, but I'll happily discuss the more technical aspects of cryptography with anyone interested/interesting, yourself included.
Honestly, I suspect that a few things are in play here:
- A5/1 is relatively easy to implement in limited hardware.
- Much of the existing infrastructure hardware has code that either sits in ASICs (this seems unlikely at this point) or bolted-into-a-box firmware that would require costly re-flashing.
- Companies aren't forced by consumers to provide genuine security.
- Most phone calls are *really* boring, and most of us honestly have nothing that we feel is worth hiding (I'm not saying that this sentiment is a good one in general).
I would like to think that the public will eventually get wise and call, globally, for the use of cryptographic algorithms that are more genuinely secure, even against government intrusion, but I know that this is next to impossible. Phone companies did a cost/benefit analysis on this one long ago and decided that the encryption that they were using was sufficient. With public awareness, the costs/benefits of modernization have changed (fractionally). In general, this is good news.
Is this encryption only secure until I tell people that this is ROT-13?
That's it. We should just ROT-13 GSM traffic.
And that, kids, is the point. This should be "+1, Troll rating was idiotic."
We allow people to fear-monger by saying that this can allow criminals to decrypt calls more easily, but, if a couple of dozen hackers at a conference can piece this together through brute-force-ish tactics, are we sure that others haven't already? That's the point that they've made, a point entirely lost in the article.
This does *next-to-nothing* to make the system less secure. It was insecure to begin with. Regulations rendering the dissemination of code-breaking and system-compromising codes and techniques illegal aren't there to protect our data security. They're there to allow companies to use inadequate security measures without public shame.
Of course, this is Slashdot. Anyone who doesn't already know that security through obscurity is ridiculous is an idiot (or a troll). Anyone who relates cryptographic security to fake-rock-key-hiding and calls that rock obscurity (inevitable in a story like this) is just a troll.
What it does do is solidify the positions of green IP holders looking to screw companies in less advanced nations by taking their cut of (or limiting production of) the "green" products that will be required to play in the newly-legally-mandated global green economy.
I know it sounds all tin-foil-hat-y, but the prospect that CO2 policy could be used to keep richer nations dominant via IP has been haunting me for some time. If US/Euro companies get their cut of the green economy mandated by their own governments without actually having to produce anything, it could artificially screw with otherwise normal factor-price equalization.
Yes.
Wait...
Crap!
Some points:
1. There is no right to avoid the prejudice of others. Others should be free to make whatever judgments they want about me based on whatever information they have about me. If they use this to affect a matter of public access or curtail my rights, then we as a society may want to step in (avoid racism, etc). If they compel me to provide private information, I have the right to say no, and they have the right to tell me to leave.
2. Holding back factual information is next to impossible. Something happened, so now we have to go sanitize the records of what happened after someone served a sentence for it? The conviction of a party for a crime is a historical fact, and attempting to hide that fact by finger-waving at public information sources is folly.
3. The problem isn't the information. It's the discrimination and prejudice that comes afterwards. Perhaps if we were more open, we'd be less inclined to pretend that everyone is squeaky clean.
30, 100 S. Ashland Ave #208 (same as in AnyWho), agnostic, no illegal drugs, but I have been arrested before. If it's the kind of place that won't hire because of that, I'm not interested in workin' there. It's not like this information can't be had extremely easily. Pretending that we can hide public information is foolish. Pretending that we can hide history is ridiculously foolish.
It doesn't matter if they served enough time in prison. The truly important problem here is Germany's ridiculous attempt to limit the distribution of factual information with the law.
Germany has a long history of censorship. You can't disparage the president or state, sell pornographic writings, be a nazi, show a nazi symbol, insult someone if it steps over the magical line of insulting human dignity, etc. The very state of Germany's overreaching laws regarding speech insults human dignity.
Putting loopholes and narrowly-targeted restrictions in the constitution (find a translation of: Grundgesetz für die Bundesrepublik Deutschland) from the start is a sure-fire way to end up with this completely ridiculous legal result.
You're use of the word "genious" is brillant.
This, folks, is why treating ownership of information as an illegal act is inherently flawed. Exploiting/molesting children? Yeah, that's a crime. Funding that exploitation? That could be a slippery slope, but, at its core, sure, it's a crime. Possessing the products of that exploitation? If you make it a crime, you'll run into this.
It is completely unreasonable to make the possession of a particular type of information illegal if you fairly consider the implications. This type of law is both dangerous and fruitless. It's friggin' data. Even if it were put down on paper, photocopiers would make it almost infinitely reproducible. When it's electronic, it can be replicated at an absurd rate.
It's like criminalizing glass pipes because they could be used to smoke pot (whichever way you sit on smoking pot, just let this go for a sec). If you do this, you start down a road of harassing people for having wood pipes, then toy pipes, then things that look like pipes, then lumps in their pockets. If you wanted to stop the use of pot, go after the source.
We can't get to the people producing this sort of media and committing these crimes, so we try to get to the people who have it in some sort of scorched-earth approach to the problem? This can only end badly.
Criminalizing the dissemination of information is ridiculous no matter what.
BINGO! As soon as you peel back the line on this one, you open up a grey area of ridiculous criminalization. The modem itself, modified, is like a VCR, a gun, a car, or a goat. Sure, there are illegal things that you can do with all of them, and some of them are really best used for illegal purposes (hint... not the goat). Still, that shouldn't make the provision of these things illegal. It's information or a tool. It's intent agnostic.
Now, the instruction can indeed constitute participation in a crime, but telling someone to go do something is way different than telling someone how to go do something.
Example:
Hey, Joey, go kill that guy.
or
Hey, Joey, if you shoot someone in the face, they will probably die.
Or make mandatory aerodynamic figures, or mandatory hybrid powertrains, or mandatory fuel types... bzzzzzzzzzzzz...
Wrong.
Those sort of solutions are short-sighted and idiotic. Make the law favor more efficient cars. Don't make the law favor a particular implementation. $20 says that someone with a coating patent bought someone with bureaucratic oversight a nice dinner. When the law selects a particular implementation, it runs a significant risk of becoming outdated.
As someone who's other home is Chicago, I can say that sun heating in the winter makes a difference to me (lower latitude, to be fair), and cell phone reception is *already* a problem there.
Except not all cars are used in California climates, some in colder regions may not want to lose the little bit of sun heating in the winter, but *everyone* will suffer for California's laws (and I'm living in California) because automakers generally make 50-state cars.
If you want people to use less gas, just tax gas and push money back into public transit. If you want to make glazed glass a no-cost consumer choice, give people a tax credit when they register the car.
BART essentially closing down at midnight? The entirety of public transit in L.A.? Come on. If you want to get people out of their cars or into more efficient ones, balance the costs and benefits. I'm all for mandates where no obvious pressure can be applied to the market (e.g. sensible emissions regulations, NOT corporate averages which disincentivize automaker specialization, food health inspection, toxic waste in the water supply), but these attention-grabbing and, frankly, stupid measures get nothing done. Allowing CO2 to be treated as a pollutant through the normal bureaucratic channels is has proven idiotic. You want to change CO2 production, look to the Port of Los Angeles or at coal power. Cutting down on A/C use is like bailing out the Titanic with a tea cup.
Better still, find a way to reclaim CO2, because the odds of getting the whole world to stop puffing out CO2 are roughly the same of getting California to stop trying to wear out the words "nanny" and "state."
It declares soda fair game for government intervention (PDF) on the grounds that "market failures" in this area are causing "less-than-optimal production and consumption."' Where do we draw the line?"
Where do we draw the line?
How about back at banning smoking at private establishments (I don't smoke, but it's fair to let people who do make a choice on their own property), or banning foie gras (I live in Chicago, and we've since reversed this stupidity)? The moment that we started in on this over-policing is the moment that we opened up the possibility of banning or taxing because of "market failures" (i.e. The market not doing what one particular party wants). Perhaps our soda isn't keeping us all alive as long, but who's to say that the quality of life afforded by synthesized cola drinks isn't worth the trade-off? And now we'll have the conflicting pressures of federal corn subsidies that make drinks cheap and state taxes that make them expensive, creating an artificial "optimal" price and a rube-goldberg-esque funnel of funds from the federal government to state and local governments?
This feels a lot like imminent domain, with public necessity turning into public benefit turning into public convenience turning into public whim.
Anyone who wants a definition of slippery slope can look at this new cola war as an example.