Thank you for your corporate culture, thank you for your unflagging sense of invincibility, thank you for targeting us.
I'm serious! It's your antics that are going to get the courts to throw out most, if not all, of your customer damaging, ethically questionable, and technically incompetent abuses of your hard-bought legislation. After all, lets not forget the bottom line of exactly what you're claiming ownership of. You're not just defending the trade secret of, say, one of those secret API's you're in so much trouble about. You're defending a trade secret that basically says Only Microsoft can allow something to join a Customer's Network.
Only you, Microsoft, could claim ownership of your customer's networks. Only you could claim the right to admit and deny code into your customer's nets. Only you could do this while desperately trying not to be split up! Only you could do this to such a degree that you'd attack hundreds of thousands of people just *itching* to prove to anyone within hearing distance why, just why Microsoft is a threat.
I mean, after all, lets not forget that Reverse Engineering law came into existence due to IBM's lock-in policy, whose playbook you've suspiciously stolen. Lets not forget that AT&T was infamous for restricting the hardware you could use on their network. Actually, you can forget. We'll remember, and for all I've been trying to believe that your organization shouldn't be split, or placed under a rather ridiculously oppressive consent decree...this ain't helping.
For all the technical respect I have for your employees--yes, at least one of the people you attacked today repsects your coders greatly--I can't imagine how powerless and abused these individuals must feel. Perhaps Microsoft should be split into coders and suits? The coders do the work and get the money, while the suits field the lawsuits that they've spawned with their arrogance.
Yeah, I can go for that.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
DivX. Empowering users with an efficient *and* high quality algorithm?
But DivX oppresses viewers!
DivX. Open source?
But DivX is the antithesis of openness!? DivX was movies you'd be able to rent forever, until the company went out of business like we all said it would.
More advanced encryption. IPSec's cool, but the FreeSWAN team can't do everything on their own. EnSKIP needs =SERIOUS= work to be usable - I don't know who's maintaining it now, but it's web site died of terminal chronitis. And the International Patches need updating, and adding to. There are more FREE encryption algorithms on heaven and earth than drempt of by the current maintainer.
I reply--
Free != Good. Bad crypto is generally agreed to be far worse than no crypto at all, and as soon as we put every algorithm under the sun in the kernel, people whine(correctly) about bloat.
I'd much rather have development on faster yet still provably secure RNG's--particularly hardware RNG's--than Yet Another Untrusted Algorithm.
Symmetric Algorithmwise, DES and 3DES are about the only game in town for customer satisfaction, though IDEA, Twofish, and CAST-128 each have their own adherents. The RC series is generally used because it's cheap and ridiculously easy--people can both code it themselves(sometimes in Javascript) *and* trust it. Rare combo.
Assymmetrically, nobody trusts much more than the old standbys--Diffie Helman and RSA. Elliptical Curve Cryptography, a field basically based on the presumption that there's no Diffie-Helman style way to simplify their equation and thus far fewer bits are necessary for identical keystrengths, is still maturing--and it's been around for years now!
Hashwise, MD5 is standard but kind of grumbled about, and SHA-1 is trusted but people generally don't like the NSA involvement. RIPEMD-160 is about the only other hash I've heard that actually has some mass behind it.
XOR is unfortunately still disturbingly common. *Sigh* poor coders writing their own algorithms *sigh*...
Anyway, I flat out say: Keep the number of algorithms in the kernel low, for the minimum reason of forcing people to STOP USING AWFUL ONES.
That being said, John Gilmore *himself* is funding IPSec work for Linux, but it's quite a chore. Given the ridiculously successful pppd and rp-pppoe projects, part of me wonders just how much of IPSec really should be done in the kernel.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
The core essence of adding something new is when a previously impossible activity becomes feasable.
It was previously impossible to listen to the music you purchased wherever you could find a net connection.
It should arguably remain impossible to listen to the music you never purchased--by your casual ad listening, by sponsorship, or by buying the CD. And that's what MP3.Com implemented.
To be honest, MP3.Com really did nothing more than cache the songs its users proved they owned. Instead of storing 100,000 copies of Britney Spears's latest single, they stored one. Instead of requiring people to send 100,000 copies of that single, which would be the literal definition of a space shift, they only sent the minimum cryptographically equivalent data necessary to prove the ownership was valid. But the end result was the MP3.Com was able to add value to a customer's existing property in a way that was efficient on networks yet far more secure than anything the music industry has made themselves.
Essentially, MP3.Com has been an extraordinarily cooperative corporate citizen to the music industry, and probably never would have gotten in trouble with this in the first place if they had paid some dues to RIAA, ASCAP, and BMI, all of which might fear losing influence of one form or another.
We don't have bribes here. We've got charter members.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Video game music grew out of a restricted environment--literally where only a few extremely simple instruments had to be chained together to create music compelling enough to encourage continued playing.
This is no small thing--if you've ever seen a scene out of a movie without music, you know how critical music is to setting an environment. And if you've ever heard any of the last boss music that Nobuo Uematsu has hacked together over the last decade, you know: Kick Ass Music Makes A Difference. And in my mind, unique melodies make the song.
Think about what you hum when you remember a tune. You ain't humming the beat, though the lyrics might stick in your head. It's the melody that grabs you. And, to be blunt, early video games didn't have the resources to have anything *but* melody. I think my favorite quote out of Nobuo lately is something along the lines of, "Sure I could spent a bunch of time looking through directories finding the perfect trumpet sample...or I could just create a new melody."
That's not to say, mind you, that orchestration is not a beautiful thing. I'm listening to the Minibosses' doing Castlevania, and I'm enjoying myself greatly. (Incidentally, the fact that they have a FAQ question on Mega Man 2 and no other game is awesome.) Considering Castlevania is probably one of the world's most remixed soundtracks(up there with Final Fantasy and Street Fighter 2), these guys have done a standup job.
Orchestration applied to a song with core melody that rocks rocks. Orchestration for the sake of orchestration alone(unfortunately, many film scores) is empty.
First of all, it's critical to emphasize that this isn't mindreading. It's a subtlely intelligent choice of a signal to detect: Whether an intended sound is heard, a desired action is queued for command, or whatnot, the common element is that all the mental systems that were tied into modifying the environment such that a given state was implemented fire on the success--they now all need to go into state change and act upon the success.
These researchers are not reading their success signal, and for god's sake folks they're not fabricating a success signal(that's what drugs are for). They're looking for *a* success signal coming out of the hyperconnected neural network.
It's really quite slick, if you ask me.
Where things get *really* interesting is if they can start differentiating between error or disappointment types. "No I didn't want that at all" vs. "Yes, I wanted that thing to do something, but not that." might be an interesting place to start.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
A little thought experiment--insert the German word that I'm thinking of; begins with a G. Don't remember it, anyway.
I'm going to assume for the moment that speech is not available. Why? Because:-) I'll write about some speech involving tech later. Presume now the patient can't talk well.
Thanks to the Perception midterm, I can tell you that the human eye is a busy little organ, saccading at rates we completely fail to perceive due to our ability to unnoticingly shift, tremor, and saccade our eye at high speeds.
The vaunted fovea that contains the vast majority of your visual acuity covers about a degree of sight. In other words, you're seeing little more than six to ten letter of the text you're looking at. Your eye is moving THAT FAST.
So in my mind, it's pretty fruitless to use eye tracking--the eye is just not a stable enough entity. Way too much signal in the noise. It's hard enough to track the poor thing *without* its design completely contrary to what you're trying to use it for--namely, to figure out what the eye is looking at.
However, as unstable as the eye generally is, the head position is actually pretty solid. A simple sensor that took samples of the image coming out of a monitor at a high enough speed to catch an exact pixel being drawn could correlate head position with gaze position. Assuming one could get this into a feedback loop(in other words, the patient could see where the computer thought he was "pointing" and could move his head to compensate for where he wanted the cursor to reside) would make for a reasonable interface to a number of applications.
Most interestingly, the Quikwriting scheme offered for the Palm Pilot, which offers an entirely continuous motion based alphabet for writing, would work quite well in such an environment. This deserves more investigation than anything else I've written on the topic thus far.
Of course, the disadvantage of a sensor on the user is that now the user is wearing something. This introduces moving parts. Eye tracking systems could be replaced easily by a system that doesn't try to track an eye but rather some specific element of a face over time, with quick recalibrations--the idea is to register movements when given some cue to pay attention, for a *short period of time* have a high quality system track a given point on the face in order to determine where to move a cursor(perhaps using a iterative sensitivity function whereby a user can specify "ok, I want to be pointing at something in this 256x256 block; recenter in three seconds and move slower"), and then disappear as the user takes in the new data.
But what to use for specifiers? While, again, the eye isn't something perfect, unnatural blink patterns may be. Two dark-bright regions disappearing and then reappearing twice in unison(or perhaps staying gone for a two second period, with a tone providing feedback to the user as to how long they've sent a blink signal), or possibly wink detection systems, would be far easier to design than a pupil tracker.
I can't stress how much I'd imagine having the ability to specify that the system needs to recalibrate would be. In my mind, the system should recalibrate as often as possible, detect differences from the initial state for short bursts of time, and then disappear into the background. Extended Blink Initialization is also nice for this aspect--wherever two large white objects with dark interiors open up, there's your eyes:-)
But there's another area where there's an incredible amount of control--the mouth! There's an amazing amount of non-natural(and ridiculously silly looking) things we can do with our mouths that we don't generally. Folks, I call that a signal:-) Move left side of mouth, cursor goes left. Right side, cursor goes right. Smile, up, kiss, down. Stick your tounge out to click;-)
What if speech is available, but only partially? (Does this happen? I dunno.) But I could imagine that tonal patterns--a low pitch to a high pitch, a high-low-high, etc., would be ridiculously easy to extract via FFT.
Again, whatever is done, the UI needs to feedback to the user what it thinks it saw, and needs to be able to be built such that both the user and the environment can learn when its doing something wrong.
Anyway, I've got two midterms, and I just spent way too long on this...somebody please contact me if this turned out useful. And, please, SOMEBODY look into Quikwriting as a useful scheme for quadraplegics?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Netpliance is doing wonderful things. I'm dead serious; they're one of the few companies I've seen who I've really gotten the sensation that They're Getting It.
But they're a perfect example about how a corrupted market can affect even non-corrupt entities such as Netpliance.
Consider the $300 to $400 rebates that have been applied to computer prices across the country. It's a nice way to subsidize the cost of a computer--"and all without the government stepping in". But suddenly prices are no longer as advertised; you can't even look at a computer product anymore without looking for the fine print to see what it REALLY costs.
More than any other market, technology abuses the core concept that what you buy is A) What you think you're buying and B) Costs what you think you're paying. Old Man Murray(the ridiculously brutal commentary page at www.oldmanmurray.com) recently savaged Origin Systems for, as they said, "They've broken the sacred bond of trust between gamer and gaming mega-corporation: that there is actually a game in the box you're purchasing."
You just don't get that in other industries, but a combination of clueless newbies who don't even know the primary purpose of what they're buying and intensely focused techies who don't care about anything *besides* the primary purpose of what they're buying has fostered an environment where technology companies feel free to make bolder and bolder moves against basic consumer presumptions. The FTC, afraid to put the brakes on "the engine of the New Economy", is afraid to step in, even when scams such as UCITA are propogated and computers get advertised at blatantly false prices.
Netpliance doesn't sell boxes, folks. They sell a damn cool service. For $99 down and $20 a month, you go from Zero to Net Connected. Obviously this requires hardware, which Netpliance was willing to provide at a loss. The same happens for Cable Modems and DSL, for that matter. That's what they wanted to do, that's what they're built to do, and that's what they would be doing, if the rest of the market--if the big boys at AOL/Compuserve, and Microsoft, and Prodigy, and everyone else--hadn't defined customer expectations as a computer at a couple hundred bucks as long as you got that net connection "you were going to get anyway" through them.
Once the market had been polluted by the big players, where do we get off raging against a little guy with interesting hardware who did nothing else but enter the market they created?
Yes, it's a scam. But with the ridiculous fear against doing anything about it in government, what is nothing less than bait-and-switch has become a standard for an entire market. In such an environment, who wouldn't expect Netpliance to package their service as a product? It's easier to sell, they didn't invent the scheme, and honestly it gets cheap computers into people's hands, which is a major goal for everyone.
Now, things went wrong for Netpliance, but that's because they went the extra mile and designed a genuinely interesting piece of hardware to accompany their service. To be honest, they should license the design to another company--VA? Point of Sale? Hello?--and let them deal with the hassles of the product market, while they sell their service for $99 and $20 a month. But the FTC will have to step in and enforce honesty in the market first.
Expect this to happen when high speed networking hits critical mass *or* when a downturn in the economy makes large numbers of people cancel their modem Internet service.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Legally, I don't want Prodigy liable if somebody abuses their services to harm another.
But ethically, I think Prodigy has a corporate obligation--perhaps deriving from a cybervariant of environmentalism--to:
A) Investigate when one of their members is polluting the shared pool of trust that the Internet mostly operates upon.
B) Willingly cooperate--and provide additional forensic analysis--when it is clear that somebody's been hurt and they're one of the only organizations that has the capability to find out by whom.
C) *NOT* go overboard and install loggers that make it simple to track down anybody at anytime, privacy be damned. Makes it easy to track down offenders; makes it *too* easy.
Look, we get angry when corporations act like senseless, ethicless fools because That's Not Their Mandate. Source filtering, as a means of shielding against DDoS attacks, only shields the victims--those whose networks are being used to victimize are rarely tapped to the point where they notice failures. *Legally*, I don't want a company liable because a cracker broke in and added.5% to the flow of bad data. *Ethically*, the environment of the net *needs* the kind of distributed responsibility that source filtering applies.
I'm saying this, incidentally, knowing that source port filtering removes some extremely useful tactics for speeding up net connections on asymmetric links(Link 2 forges the source port of Link 1; Link 1 picks up all return traffic but that's ok because return traffic comes in far faster). But the harm that not source filtering allows--even if it shouldn't be a legal issue if you've accidentally left it open--outweighs the gains for people like me.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
[WARNING. Rant. Don't write your final paper on this stuff. Asbestos Longjohns armed and ready.]
Whoever came up with the term, "Observe", really cursed the hell out of Quantum Physics.
Observe implies an observer. Apparently a human, rational, very much alive OBSERVER.
Ontological and Epistemological arguments aside...the universe is not formed by our perceptions. (If it was, we'd be sending shockwaves of reality back through time, as a reaction that occured at T minus five million years would be "caused" by the reaction's evidence located by some paleontologist at time T.)
Folks, this is essentially *the* most pernicious linguistic flaw in all of physics, and maybe even science as a whole. Heisenberg's law is turned from a relatively simple concept(particles can only be detected by collisions with other particles, and these collisions are probabilistic in nature) into these metaphysical 'Mind over Boson' claims that get referenced in stories like this.
The "spooky action from the distance" stuff always bugged me too--it's as if Heisenberg's rules were transmuted from "exact state cannot be known" to "exact state cannot exist", even if the exactness of the state is itself only a relative exactness outside of probabilistic boundries. Given two particles that are quantumly entangled(yet can apparently transmit no data), perhaps my limited experience has isolated me from the rather simple analysis of either one particle being the inverse of a pseudorandom non-linear function of the other's apparent randomness.
In other words, when the two entangled particles are split apart, their wave functions are not truly random but a pseudorandom temporal-spatial generator dependant on an initial state--if the two states are the same, the two particles will remain identical across time and distance. Entropy is conserved, though linearity is shunned.
The fact that identical states should not be comprehensible--because then the (human) observer might know too much--is a rather annoying fault of this anthropomorphistic tendancy.
The Universe got along just fine before we were around to observe. It's not like we created the Big Bang or anything.
Gawd. Mind Input Devices. And for my next trick, magnets that don't even bend the rays from my monitor yet somehow relieve all your pain.
Bleagh.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
This appears to be true in the direct access control sense--knowing that Netscape Engineers were weenies didn't appear to *directly* provide arbitrary access to the server.
This isn't true cryptographically.
If I deploy my code to my good friends Alice and Bob, and Alice finds in her package something that lets her access *any* of Bob's data--be it a mangled string or whatnot--there's a backdoor in the cryptography. Instead of having to brute force the key, you just buy a separate but excessively equal copy of the target's host OS and rip the key out of that.
Remember: Cryptography is all about replacing big secrets with little secrets. If Bob's little secret gets shipped to Alice, whatever Bob was protecting with that little secret gets exposed.
If this really is just a string mangler, incidentally, it's not the first time we've seen this. Remember susageP?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
You know, it's funny. BugTraq recently posted news of a covert backdoor(obfuscated code, etc.) embedded in some minor commercial CGI out there. I considered posting it to Slashdot, but since once of the core magnifiers of a security breach is its universality(and I really didn't think that many people were using the script), I didn't think it'd get through the submission queue.
Looks like Microsoft solved *that* problem for me, eh?
They'll try to spin it, but there's really no good way to announce that there's a mission critical backdoor distributed in what appears to be an otherwise useless file. Assume the normal best case scenario: Some temp checked in the code on a lark.
So, that basically means some temp that checks in code on a lark can insert a mission critical security hole that will affect hundreds of thousands of businesses and millions of consumers.
Move up the chain. If it was a low grade employee who did it...if it was a small group of humorists angry about their easter egg being quelled...if Bill Gates himself did it and only he knew...worst case scenario, if Microsoft itself has no idea where this came from, but it got there...
Then anyone sufficiently powerful can insert a globally available backdoor.
The only defense? Microsoft was merely building in functionality allowing it to exercise its rights under UCITA to deny service to EULA violating customers(like websites that provide benchmarking statistics!).
Now, I'm no Congressman, but when a company in Washington State is backing state bills that let it shut down a company in New York State, that sure sounds to me like a rather inappropriate regulation of Interstate Commerce. Say what you will about the abuse of federal powers vs. state rights; UCITA's one scheme that would have been used to hold Microsoft's portion of the Internet Economy hostage to a humorously named but cryptographically bare passphrase that any 14 year old with half a brain could find.
If they've got a right to shut down software remotely, they've got a right to put in the backdoor that does it. That's how they were planning to get out of this disaster, which I'm sure they've known about for quite some time.
We need federal protection against those who would sell us malicious code by pushing corrupt state laws through the legislatures. UCITA was born when it failed to pass congressional muster; it failed to pass for a very good reason. In an age when the Interstate Commerce clause has been abused to no end, millions of Americans must now worry about billions of dollars of their money being stolen by anyone running a Microsoft server. The company will put on a valiant show, but while one face is talking customer protection, the other is lobbying as hard as it can to eliminate any rights customers might have against such attacks.
Microsoft is no longer invincible; fighting its legislative agenda is no death sentence. This intentionally released security hole clearly illustrates just what kinds of dangers UCITA opens up to the American consumer, for beyond even the simple analysis that Microsoft could claim this to be their legally protected implementation of a granted right...UCITA also bolsters Microsoft's right to sue whoever even looks for such a security hole, on the basis of a signed away right to reverse engineer.
You can't find the bugs. You can't demand the bugs be removed. You can't even tell anyone about the bugs. If this isn't a restriction of Interstate Commerce--among several other well cherished rights--I don't know what is.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Yeah, you might be able to hold off an entrenched competitor from having some cool little +5% sales widget.
Sure sucks when *you* become the entrenched competitor, doesn't it though?
When will you understand that *the entire Internet Business Model* can be Verboten By Patent?
It's the Tragedy of the Corrupted Commons: Instead of there being one gigantic field that everyone can graze from, imagine a field with thousands upon thousands of overlapping fences, property lines, and deeds of "sale" from an overzealous government agency with the philosophy of "Our cronies will get rich overbooking the land, then our cronies will get even richer fighting eachother over who's land is really whose, all the while we'll be able to extract more property tax out of the same land many times over!"
Gets worse. The average commons is divisible--except for a "main well", sections can be fenced off and still leave an adequate, if shrunken, commons. Internet Business is something of a field where a given patent can end up enclosing sections where "if you can't use it, you starve". It's not like every blade of grass is interchangeable--it's more like, you never know if you're working on safe harbor...or a landmine.
It really gets quite nasty once you get into submarine patents. I won't even go into the analogies that brings up.
The end result of the Corrupted Commons is a No Man's Land. It ends up just not being worth exploring what gains the land can bring, because the risk is so great.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
MRAM makes it so you don't need to tickle your memory to keep the contents alive.
It's not that hard to tickle memory. It's just that motherboards don't support doing it because operating systems have never known how to deal with it.
Tickled DRAM is essentially identical to MRAM for purposes of nonvolitility within desktops and servers.
Not having to route standby power is useful, but not essential. Tickling memory is about as simple of an operation as it gets! There's just no logic in it.
As for milliseconds refreshing power, ye gads memory operates in the nano realm. This means memory is effectively realtime already.
This is the guy who helped come up with GMR? I bow down to his technical skills. But it seems that this technology is being sold for something that it just isn't.
Really, this just doesn't have much to do with instant on technology.
It's true. As useful as it is to require no power to store a charge, neither desktops nor servers have any serious problem with power--they're both plugged into a wall! There's no reason for mature DRAM memory to not receive the trickle charge it requires to keep its contents from drifting away. Problems come when operating systems (primarily) and motherboard standards fail to build in stasis modes--for all the determinism of computers, I find it rather surprising that the entire system cannot be simultaneously frozen until a given restart interrupt is triggered. But that's the situation we face--it's not that the memory doesn't last, it's that we don't know how to deal with a house of cards we don't need to rebuild every so often.
Where I see this technology being useful is in laptops, or anything else where "power just to suspend" is a real issue. Heck, even for normal operation, memory can be a real drain on power: Witness the effect of increasing from 2 to 8 MB of RAM on a Palm V(it's significant!). So this does matter for pervasive computing, as the article suggests.
But it has almost nothing to do with "instant on". I do forsee it being implemented in systems which don't want to have to "recover state from hard drive" or "implement a trickle charge system to keep existing state", but that's not so much a break through. The reduced power load scene DOES seem interesting, but lets not forget just how mature a technlogy DRAM is. They'll have to do some pretty amazing work with the MRAM to surpass DRAM. By then, where will DRAM be? Remember, Intel has its dominance partly out of the sheer amount of resources they can put into making the horrifically complex x86 fast. 21bil is alot of money to lose to MRAM!
Thoughts?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
> I dunno what cryptosystem you're talking about > here, but this, in general, is not true... think > about Diffie-Hellman signatures - you sign with > a public key and verify with a private.
I'm a bit rusty on the math(and late for class!), but if x and y are made public, it's always trivial to find g^xy mod n. However, when g^xy mod n is made public, it's exceedingly difficult to find x and y.
Incidentally, you don't have signatures with DH--El Gamel is the PK variant system.
Yes, I KNOW I mucked up the math. But what I basically did was say, "OK, I'll keep the public key under wraps and anyone who can encode a message using it can issue a command to these n machine." Unfortunately, if you took control of one of those n machines and reversed the private EL Gamel key, you could then turn around and issue command to the other n-1 boxes.
Critical failure. Yeouch.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Grab some mountain dew and fire up the printer: Bruce Schneier's Crypto-Gram(http://www.counterpane.com) is possibly the most intensive and well written splashdown into the world of crypto that you're going to find.
I spent an entire evening a while back catching myself up with it--I have a binder sitting in my office that is devoted to nothing else. Bruce's book, Applied Cryptography, is an amazing piece of work(filled, incidentally, with enough humor to keep you up, but enough lucid explanations to leave your jaw dropped...the fact that I actually understand the incredibly complex digital cash protocols out there is a testament to Bruce's skill as a writer)...but his Crypto-Gram, besides being an excellent preview to the writing style you can expect, should you give a very fulfilling look at crypto past and present--everything from the basic tech to advanced concepts.
My personal suggestion would be to start with the oldest one and move forward until you hit the present. Trust me--get through those, and you'll understand alot of what's going on. It'll take you an evening, but you'll enjoy it.
Extremely high signal/noise ratio in those.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
> It doesn't matter if the program is 100% > genuine Bogosoft code, if Bogosoft have added > in code to upload your netscape history file to > find out what you're browsing.
> While authentication is important, much more > important is the ability to restrict programs > from doing undeseriable things. If you don't > want a program from sending your registration > information without asking, you should be able > to lock that up so it can't.
This is essentially the trust assignment problem that you describe--you *do* trust a program to execute a function, but you *don't* trust it not to execute some other function. How do you isolate?
There's been some pretty effective sandboxing tools hacked together, but Microsoft and a couple thousand Slashdotters agree: Accountability dramatically reduces abuse, be it in privacy violation or in the WAVE program(but I repeat myself).
The concept--and it ain't a bad one--is Bogosoft won't last long under attack from a very pissed off FTC. Will ya look at that, it's an election year...
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
> but as much as/. likes to bash Microsoft, at > least MS can be assured to have considered > cryptographic protections.
> Sure, they rejected 'em, but still
Cheap shot. (Yeah, I'm responding to my own post. I'm that wrong.)
Microsoft actually has done quite a bit of work with their Authenticode system giving people a means of digitally verify their code, with a CA(Certificate Authority) backing up that signature. The keys are "only" 512 bit RSA, but that *will* stop the script kiddies.
I guess I was just expressing my annoyance that nothing's been done to handle login scripts--I've got to worry about every single desktop on campus going down to a single eight character password on our IT director's desktop because of it. Really, when it comes to validating executable content, MS has done quite a bit of good work in this regard that hasn't particularly been matched elsewhere(is there a way to sign ELF files in-band? What about RPMs, with a CA?)
Gotta remember, MS may have its technical flaws, but they do pull off some good stuff. It's their business department that's evil:-)
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
The question is no longer whether Verant *ought* to rummage through its user's computers looking for whatever it feels like.
The question is, what prevents anyone else from doing so?
If Verant can modify Everquest such that it ships with Back Orifice 2000, and the only thing that prevented them from doing so was the (thankfully effective!) fear of inadequate liability disclaimers, what *exactly* prevents anyone else, who *doesn't* particularly worry so much about the law, from attacking any Everquest player they please with a trojan'd update?
I betcha nothing but the network, as if "well, it came from Verant's DNS name, so it *can't* be spoofable." *sigh* I'm reminded of the Genie from Alladin..."PHENOMENAL COSMIC POWERS...itty bitty security." Oh, and toss in a little bit of obscurity to be on the safe side.
I should be fair. There's an off chance that there's some cryptographic protection against such an attack being sued by Verant. That'd be nice. I'd like that, as I do cryptography. Day in, day out, it's what I've been living, breathing, thinking, and scheming. And ya know what? I had a total compromise sitting around in my design, because I forgot the (rather simple, but marginally obscure fact) that it's rather trivial to convert a private key back into its public key equivalent. (Moral of the story, folks: Possession of a public key authenticates NOTHING.) Stupid problem, easy to fix, but then, that's my *job* right now.
I doubt I have an equivalent at Verant.
At best, Verant is employing some painfully inadequate public signature verification key to make sure that an update actually came from them. Rather likely, they're using some symmetric algorithm(RC2/RC4 most likely, as they're easily exportable) with a broken key length--not that it matters, since if they're using a symmetric key to authenticate the packages, then the same key that Verant used to sign the update shipped with every copy of Everquest--*cough* itty bitty security. Same shtick if they use a MD5-signature variant--the "key" used to authenticate the package as coming from Verant and not Joe Cracker necessarily gets shipped with each box.
Of course, who am I kidding. We'd be lucky if there's an XOR in the lot. (XOR, for the non cryptographers out there, is a thoroughly broken but easy to implement logic operation that one can run on data to make it "appear" encrypted. Appearances...can be deceiving.)
Folks, this is a *real* problem. Whenever you're doing crypto, you have to separate the world into Us vs. Them. I don't have a problem trusting Verant--they've got deep pockets, they've got skittish lawyers, and if they try anything, we'll see 'em telegraph it in the licensing agreement. (And if they do things without changing the agreement, We Know Where They Live.) So, for the moment, "Us" is Verant and Me, as an Individual Gamer. Them is every *other* gamer, malcontent, and kangaroo down under.
The question to ask yourself, is: What allows Us to determine what code is executed on the client machine, and not Them?
The next question to ask yourself is, since *you're* the one at risk with the client machine, and not Verant, how likely is it that Verant even broke a sweat regarding the answer to the previous question?
Great. Verant isn't going to hack their users, out of the goodness of their lawyers paranoia. So who will?
What about other games here, folks? Am I the only one noticing that large portions of the Windows software space are suddenly becoming net enabled for no other reason but to deliver ads(at best) and trojans(over time)?
This isn't the first time I've run a company through the ringer over automatic execution of code(both Microsoft and Novell have painfully inadequate checking on their login script functionality; more at www.doxpara.com), but as much as/. likes to bash Microsoft, at least MS can be assured to have considered cryptographic protections.
Sure, they rejected 'em, but still...you gotta know they at least considered 'em. Verant, on the other hand?
Does anyone know?
Email or reply if any of this concerns you. I've had some interesting reponses planned to this trend that I just haven't had the resources to implement. With some help, we might actually be able to...deal with this situation.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
FF, with the exception of the very early ones(which didn't even have *characters*), has *always* has deep and meaningful stories...or soaps, if you want to call them that.
FF2/4's Rosa/Cecil, Rydia's tragic loss of her mother(*you* *kill* *her* *mom*), Edward's loss of Anna at the Battle of Damcyan, Edge being forced to kill his own horribly disfigured parents, the darkly honorable Rubicant, the prodigal Golbez, the sacrificial Cid...
The rest of the series hasn't been much different, though I do agree--something did change, and it wasn't altogether perfect.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
> No one can argue that copying cds to MP3 and distributing them is legal.
Actually, arguably, it can be.
If I want to sell an album I own, in theory I should be able to convert it to mp3, send the files to whoever seeks to purchase them from me, and then destroy the original physical medium and any cached copies I might have made for myself in the mean time.
> The problem with software is to first remove > the "licensing loophole" which is "we've only > sold you permission to use it in ways we see > fit and at the same time disclaim anything we > can get away with disclaiming."
I don't know how much I mind disclaimers. Bottom line, I view software as I view movies--sure, there may be some stinkers out there, but I don't think we should be able to sue the guys who made Wild Wild West--no matter *how* awful it was.
Art has the right to suck, but don't go off trying to patent the buddy movie!
> Also surely you should add "If i want to take > it apart and tell other people what I find then > I should be allowed to do so." (Tradmarks, > patents and normal copyright protect the > company from having their product "ripped off". > Libel and slander protect them from untrue > critisism.)
Untrue criticism is not enough. Benchmarks must be suppressed, because they contradict the GoodThink of the Marketry of Truth. Windows NT is stable. Windows NT has always been stable. Windows 2000 is stable. Windows NT is unstable. You must upgrade to Windows 2000 to get stable. Windows NT is stable. Windows NT has always been stable.
Of course, there's the point--given the choice between fair, balanced case law derived by well trained judges in a democratic society vs. a quick line in a license agreement which basically says "Fuck with us and we'll rip your balls off", guess which one many unscrupulous companies will choose?
"If we can't threaten to rip customers balls off, we're doomed!" --AOL
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
The claim is that you get a license to use the product.
Reality does not match the claim, because people--
A) Are not lawyers B) Should not need to be lawyers C) Should not need to hire lawyers
Just to buy software.
Software is little more than de facto data encased within physical media. You may be limited to the number of concurrent installations you may possess, but effectively, that's the only really widely accepted limit on software.
There's usually some question regarding the GPL at this point--people seem to forget that while most "software licenses" remove rights that common law grants without a second thought--hell, it's part of that whole "private property" thing that we *almost ended the world over*--the GPL adds rights by specifying conditions where duplication may be accepted. You're always allowed to give someone else more rights, more latitude, more freedom, particularly with you're own code. But unless you make a highly formal arrangement, you ain't getting less. I can swing my arm farther and farther away from you, but I'm not allowed to pummel your nose, your chest, and eventually worse without some pretty hardcore contracts--and no, a shrink wrap doesn't count.
Slashdot Mirror
Dear Microsoft:
Thank you.
Thank you for your corporate culture, thank you for your unflagging sense of invincibility, thank you for targeting us.
I'm serious! It's your antics that are going to get the courts to throw out most, if not all, of your customer damaging, ethically questionable, and technically incompetent abuses of your hard-bought legislation. After all, lets not forget the bottom line of exactly what you're claiming ownership of. You're not just defending the trade secret of, say, one of those secret API's you're in so much trouble about. You're defending a trade secret that basically says Only Microsoft can allow something to join a Customer's Network.
Only you, Microsoft, could claim ownership of your customer's networks. Only you could claim the right to admit and deny code into your customer's nets. Only you could do this while desperately trying not to be split up! Only you could do this to such a degree that you'd attack hundreds of thousands of people just *itching* to prove to anyone within hearing distance why, just why Microsoft is a threat.
I mean, after all, lets not forget that Reverse Engineering law came into existence due to IBM's lock-in policy, whose playbook you've suspiciously stolen. Lets not forget that AT&T was infamous for restricting the hardware you could use on their network. Actually, you can forget. We'll remember, and for all I've been trying to believe that your organization shouldn't be split, or placed under a rather ridiculously oppressive consent decree...this ain't helping.
For all the technical respect I have for your employees--yes, at least one of the people you attacked today repsects your coders greatly--I can't imagine how powerless and abused these individuals must feel. Perhaps Microsoft should be split into coders and suits? The coders do the work and get the money, while the suits field the lawsuits that they've spawned with their arrogance.
Yeah, I can go for that.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
DivX. Good?
But DivX evil.
DivX. Empowering users with an efficient *and* high quality algorithm?
But DivX oppresses viewers!
DivX. Open source?
But DivX is the antithesis of openness!? DivX was movies you'd be able to rent forever, until the company went out of business like we all said it would.
DivX? DivX?! Cognitive Dissonance, can't talk now...
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
You write--
More advanced encryption. IPSec's cool, but the FreeSWAN team can't do everything on their own. EnSKIP needs =SERIOUS= work to be usable - I don't know who's maintaining it now, but it's web site died of terminal chronitis. And the International Patches need updating, and adding to. There are more FREE encryption algorithms on heaven and earth than drempt of by the current maintainer.
I reply--
Free != Good. Bad crypto is generally agreed to be far worse than no crypto at all, and as soon as we put every algorithm under the sun in the kernel, people whine(correctly) about bloat.
I'd much rather have development on faster yet still provably secure RNG's--particularly hardware RNG's--than Yet Another Untrusted Algorithm.
Symmetric Algorithmwise, DES and 3DES are about the only game in town for customer satisfaction, though IDEA, Twofish, and CAST-128 each have their own adherents. The RC series is generally used because it's cheap and ridiculously easy--people can both code it themselves(sometimes in Javascript) *and* trust it. Rare combo.
Assymmetrically, nobody trusts much more than the old standbys--Diffie Helman and RSA. Elliptical Curve Cryptography, a field basically based on the presumption that there's no Diffie-Helman style way to simplify their equation and thus far fewer bits are necessary for identical keystrengths, is still maturing--and it's been around for years now!
Hashwise, MD5 is standard but kind of grumbled about, and SHA-1 is trusted but people generally don't like the NSA involvement. RIPEMD-160 is about the only other hash I've heard that actually has some mass behind it.
XOR is unfortunately still disturbingly common. *Sigh* poor coders writing their own algorithms *sigh*...
Anyway, I flat out say: Keep the number of algorithms in the kernel low, for the minimum reason of forcing people to STOP USING AWFUL ONES.
That being said, John Gilmore *himself* is funding IPSec work for Linux, but it's quite a chore. Given the ridiculously successful pppd and rp-pppoe projects, part of me wonders just how much of IPSec really should be done in the kernel.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
The core essence of adding something new is when a previously impossible activity becomes feasable.
It was previously impossible to listen to the music you purchased wherever you could find a net connection.
It should arguably remain impossible to listen to the music you never purchased--by your casual ad listening, by sponsorship, or by buying the CD. And that's what MP3.Com implemented.
To be honest, MP3.Com really did nothing more than cache the songs its users proved they owned. Instead of storing 100,000 copies of Britney Spears's latest single, they stored one. Instead of requiring people to send 100,000 copies of that single, which would be the literal definition of a space shift, they only sent the minimum cryptographically equivalent data necessary to prove the ownership was valid. But the end result was the MP3.Com was able to add value to a customer's existing property in a way that was efficient on networks yet far more secure than anything the music industry has made themselves.
Essentially, MP3.Com has been an extraordinarily cooperative corporate citizen to the music industry, and probably never would have gotten in trouble with this in the first place if they had paid some dues to RIAA, ASCAP, and BMI, all of which might fear losing influence of one form or another.
We don't have bribes here. We've got charter members.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Video game music grew out of a restricted environment--literally where only a few extremely simple instruments had to be chained together to create music compelling enough to encourage continued playing.
This is no small thing--if you've ever seen a scene out of a movie without music, you know how critical music is to setting an environment. And if you've ever heard any of the last boss music that Nobuo Uematsu has hacked together over the last decade, you know: Kick Ass Music Makes A Difference. And in my mind, unique melodies make the song.
Think about what you hum when you remember a tune. You ain't humming the beat, though the lyrics might stick in your head. It's the melody that grabs you. And, to be blunt, early video games didn't have the resources to have anything *but* melody. I think my favorite quote out of Nobuo lately is something along the lines of, "Sure I could spent a bunch of time looking through directories finding the perfect trumpet sample...or I could just create a new melody."
That's not to say, mind you, that orchestration is not a beautiful thing. I'm listening to the Minibosses' doing Castlevania, and I'm enjoying myself greatly. (Incidentally, the fact that they have a FAQ question on Mega Man 2 and no other game is awesome.) Considering Castlevania is probably one of the world's most remixed soundtracks(up there with Final Fantasy and Street Fighter 2), these guys have done a standup job.
Orchestration applied to a song with core melody that rocks rocks. Orchestration for the sake of orchestration alone(unfortunately, many film scores) is empty.
Then there's this ridiculous remix of Fithos Lusec from Final Fantasy 8. This is just in a whole 'nother category.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
First of all, it's critical to emphasize that this isn't mindreading. It's a subtlely intelligent choice of a signal to detect: Whether an intended sound is heard, a desired action is queued for command, or whatnot, the common element is that all the mental systems that were tied into modifying the environment such that a given state was implemented fire on the success--they now all need to go into state change and act upon the success.
These researchers are not reading their success signal, and for god's sake folks they're not fabricating a success signal(that's what drugs are for). They're looking for *a* success signal coming out of the hyperconnected neural network.
It's really quite slick, if you ask me.
Where things get *really* interesting is if they can start differentiating between error or disappointment types. "No I didn't want that at all" vs. "Yes, I wanted that thing to do something, but not that." might be an interesting place to start.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
A little thought experiment--insert the German word that I'm thinking of; begins with a G. Don't remember it, anyway.
:-) I'll write about some speech involving tech later. Presume now the patient can't talk well.
:-)
:-) Move left side of mouth, cursor goes left. Right side, cursor goes right. Smile, up, kiss, down. Stick your tounge out to click ;-)
I'm going to assume for the moment that speech is not available. Why? Because
Thanks to the Perception midterm, I can tell you that the human eye is a busy little organ, saccading at rates we completely fail to perceive due to our ability to unnoticingly shift, tremor, and saccade our eye at high speeds.
The vaunted fovea that contains the vast majority of your visual acuity covers about a degree of sight. In other words, you're seeing little more than six to ten letter of the text you're looking at. Your eye is moving THAT FAST.
So in my mind, it's pretty fruitless to use eye tracking--the eye is just not a stable enough entity. Way too much signal in the noise. It's hard enough to track the poor thing *without* its design completely contrary to what you're trying to use it for--namely, to figure out what the eye is looking at.
However, as unstable as the eye generally is, the head position is actually pretty solid. A simple sensor that took samples of the image coming out of a monitor at a high enough speed to catch an exact pixel being drawn could correlate head position with gaze position. Assuming one could get this into a feedback loop(in other words, the patient could see where the computer thought he was "pointing" and could move his head to compensate for where he wanted the cursor to reside) would make for a reasonable interface to a number of applications.
Most interestingly, the Quikwriting scheme offered for the Palm Pilot, which offers an entirely continuous motion based alphabet for writing, would work quite well in such an environment. This deserves more investigation than anything else I've written on the topic thus far.
Of course, the disadvantage of a sensor on the user is that now the user is wearing something. This introduces moving parts. Eye tracking systems could be replaced easily by a system that doesn't try to track an eye but rather some specific element of a face over time, with quick recalibrations--the idea is to register movements when given some cue to pay attention, for a *short period of time* have a high quality system track a given point on the face in order to determine where to move a cursor(perhaps using a iterative sensitivity function whereby a user can specify "ok, I want to be pointing at something in this 256x256 block; recenter in three seconds and move slower"), and then disappear as the user takes in the new data.
But what to use for specifiers? While, again, the eye isn't something perfect, unnatural blink patterns may be. Two dark-bright regions disappearing and then reappearing twice in unison(or perhaps staying gone for a two second period, with a tone providing feedback to the user as to how long they've sent a blink signal), or possibly wink detection systems, would be far easier to design than a pupil tracker.
I can't stress how much I'd imagine having the ability to specify that the system needs to recalibrate would be. In my mind, the system should recalibrate as often as possible, detect differences from the initial state for short bursts of time, and then disappear into the background. Extended Blink Initialization is also nice for this aspect--wherever two large white objects with dark interiors open up, there's your eyes
But there's another area where there's an incredible amount of control--the mouth! There's an amazing amount of non-natural(and ridiculously silly looking) things we can do with our mouths that we don't generally. Folks, I call that a signal
What if speech is available, but only partially? (Does this happen? I dunno.) But I could imagine that tonal patterns--a low pitch to a high pitch, a high-low-high, etc., would be ridiculously easy to extract via FFT.
Again, whatever is done, the UI needs to feedback to the user what it thinks it saw, and needs to be able to be built such that both the user and the environment can learn when its doing something wrong.
Anyway, I've got two midterms, and I just spent way too long on this...somebody please contact me if this turned out useful. And, please, SOMEBODY look into Quikwriting as a useful scheme for quadraplegics?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Netpliance is doing wonderful things. I'm dead serious; they're one of the few companies I've seen who I've really gotten the sensation that They're Getting It.
But they're a perfect example about how a corrupted market can affect even non-corrupt entities such as Netpliance.
Consider the $300 to $400 rebates that have been applied to computer prices across the country. It's a nice way to subsidize the cost of a computer--"and all without the government stepping in". But suddenly prices are no longer as advertised; you can't even look at a computer product anymore without looking for the fine print to see what it REALLY costs.
More than any other market, technology abuses the core concept that what you buy is A) What you think you're buying and B) Costs what you think you're paying. Old Man Murray(the ridiculously brutal commentary page at www.oldmanmurray.com) recently savaged Origin Systems for, as they said, "They've broken the sacred bond of trust between gamer and gaming mega-corporation: that there is actually a game in the box you're purchasing."
You just don't get that in other industries, but a combination of clueless newbies who don't even know the primary purpose of what they're buying and intensely focused techies who don't care about anything *besides* the primary purpose of what they're buying has fostered an environment where technology companies feel free to make bolder and bolder moves against basic consumer presumptions. The FTC, afraid to put the brakes on "the engine of the New Economy", is afraid to step in, even when scams such as UCITA are propogated and computers get advertised at blatantly false prices.
Netpliance doesn't sell boxes, folks. They sell a damn cool service. For $99 down and $20 a month, you go from Zero to Net Connected. Obviously this requires hardware, which Netpliance was willing to provide at a loss. The same happens for Cable Modems and DSL, for that matter. That's what they wanted to do, that's what they're built to do, and that's what they would be doing, if the rest of the market--if the big boys at AOL/Compuserve, and Microsoft, and Prodigy, and everyone else--hadn't defined customer expectations as a computer at a couple hundred bucks as long as you got that net connection "you were going to get anyway" through them.
Once the market had been polluted by the big players, where do we get off raging against a little guy with interesting hardware who did nothing else but enter the market they created?
Yes, it's a scam. But with the ridiculous fear against doing anything about it in government, what is nothing less than bait-and-switch has become a standard for an entire market. In such an environment, who wouldn't expect Netpliance to package their service as a product? It's easier to sell, they didn't invent the scheme, and honestly it gets cheap computers into people's hands, which is a major goal for everyone.
Now, things went wrong for Netpliance, but that's because they went the extra mile and designed a genuinely interesting piece of hardware to accompany their service. To be honest, they should license the design to another company--VA? Point of Sale? Hello?--and let them deal with the hassles of the product market, while they sell their service for $99 and $20 a month. But the FTC will have to step in and enforce honesty in the market first.
Expect this to happen when high speed networking hits critical mass *or* when a downturn in the economy makes large numbers of people cancel their modem Internet service.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Legally, I don't want Prodigy liable if somebody abuses their services to harm another.
.5% to the flow of bad data. *Ethically*, the environment of the net *needs* the kind of distributed responsibility that source filtering applies.
But ethically, I think Prodigy has a corporate obligation--perhaps deriving from a cybervariant of environmentalism--to:
A) Investigate when one of their members is polluting the shared pool of trust that the Internet mostly operates upon.
B) Willingly cooperate--and provide additional forensic analysis--when it is clear that somebody's been hurt and they're one of the only organizations that has the capability to find out by whom.
C) *NOT* go overboard and install loggers that make it simple to track down anybody at anytime, privacy be damned. Makes it easy to track down offenders; makes it *too* easy.
Look, we get angry when corporations act like senseless, ethicless fools because That's Not Their Mandate. Source filtering, as a means of shielding against DDoS attacks, only shields the victims--those whose networks are being used to victimize are rarely tapped to the point where they notice failures. *Legally*, I don't want a company liable because a cracker broke in and added
I'm saying this, incidentally, knowing that source port filtering removes some extremely useful tactics for speeding up net connections on asymmetric links(Link 2 forges the source port of Link 1; Link 1 picks up all return traffic but that's ok because return traffic comes in far faster). But the harm that not source filtering allows--even if it shouldn't be a legal issue if you've accidentally left it open--outweighs the gains for people like me.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
[WARNING. Rant. Don't write your final paper on this stuff. Asbestos Longjohns armed and ready.]
Whoever came up with the term, "Observe", really cursed the hell out of Quantum Physics.
Observe implies an observer. Apparently a human, rational, very much alive OBSERVER.
Ontological and Epistemological arguments aside...the universe is not formed by our perceptions. (If it was, we'd be sending shockwaves of reality back through time, as a reaction that occured at T minus five million years would be "caused" by the reaction's evidence located by some paleontologist at time T.)
Folks, this is essentially *the* most pernicious linguistic flaw in all of physics, and maybe even science as a whole. Heisenberg's law is turned from a relatively simple concept(particles can only be detected by collisions with other particles, and these collisions are probabilistic in nature) into these metaphysical 'Mind over Boson' claims that get referenced in stories like this.
The "spooky action from the distance" stuff always bugged me too--it's as if Heisenberg's rules were transmuted from "exact state cannot be known" to "exact state cannot exist", even if the exactness of the state is itself only a relative exactness outside of probabilistic boundries. Given two particles that are quantumly entangled(yet can apparently transmit no data), perhaps my limited experience has isolated me from the rather simple analysis of either one particle being the inverse of a pseudorandom non-linear function of the other's apparent randomness.
In other words, when the two entangled particles are split apart, their wave functions are not truly random but a pseudorandom temporal-spatial generator dependant on an initial state--if the two states are the same, the two particles will remain identical across time and distance. Entropy is conserved, though linearity is shunned.
The fact that identical states should not be comprehensible--because then the (human) observer might know too much--is a rather annoying fault of this anthropomorphistic tendancy.
The Universe got along just fine before we were around to observe. It's not like we created the Big Bang or anything.
Gawd. Mind Input Devices. And for my next trick, magnets that don't even bend the rays from my monitor yet somehow relieve all your pain.
Bleagh.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Couple claims that this isn't a backdoor.
This appears to be true in the direct access control sense--knowing that Netscape Engineers were weenies didn't appear to *directly* provide arbitrary access to the server.
This isn't true cryptographically.
If I deploy my code to my good friends Alice and Bob, and Alice finds in her package something that lets her access *any* of Bob's data--be it a mangled string or whatnot--there's a backdoor in the cryptography. Instead of having to brute force the key, you just buy a separate but excessively equal copy of the target's host OS and rip the key out of that.
Remember: Cryptography is all about replacing big secrets with little secrets. If Bob's little secret gets shipped to Alice, whatever Bob was protecting with that little secret gets exposed.
If this really is just a string mangler, incidentally, it's not the first time we've seen this. Remember susageP?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
You know, it's funny. BugTraq recently posted news of a covert backdoor(obfuscated code, etc.) embedded in some minor commercial CGI out there. I considered posting it to Slashdot, but since once of the core magnifiers of a security breach is its universality(and I really didn't think that many people were using the script), I didn't think it'd get through the submission queue.
Looks like Microsoft solved *that* problem for me, eh?
They'll try to spin it, but there's really no good way to announce that there's a mission critical backdoor distributed in what appears to be an otherwise useless file. Assume the normal best case scenario: Some temp checked in the code on a lark.
So, that basically means some temp that checks in code on a lark can insert a mission critical security hole that will affect hundreds of thousands of businesses and millions of consumers.
Move up the chain. If it was a low grade employee who did it...if it was a small group of humorists angry about their easter egg being quelled...if Bill Gates himself did it and only he knew...worst case scenario, if Microsoft itself has no idea where this came from, but it got there...
Then anyone sufficiently powerful can insert a globally available backdoor.
The only defense? Microsoft was merely building in functionality allowing it to exercise its rights under UCITA to deny service to EULA violating customers(like websites that provide benchmarking statistics!).
Now, I'm no Congressman, but when a company in Washington State is backing state bills that let it shut down a company in New York State, that sure sounds to me like a rather inappropriate regulation of Interstate Commerce. Say what you will about the abuse of federal powers vs. state rights; UCITA's one scheme that would have been used to hold Microsoft's portion of the Internet Economy hostage to a humorously named but cryptographically bare passphrase that any 14 year old with half a brain could find.
If they've got a right to shut down software remotely, they've got a right to put in the backdoor that does it. That's how they were planning to get out of this disaster, which I'm sure they've known about for quite some time.
We need federal protection against those who would sell us malicious code by pushing corrupt state laws through the legislatures. UCITA was born when it failed to pass congressional muster; it failed to pass for a very good reason. In an age when the Interstate Commerce clause has been abused to no end, millions of Americans must now worry about billions of dollars of their money being stolen by anyone running a Microsoft server. The company will put on a valiant show, but while one face is talking customer protection, the other is lobbying as hard as it can to eliminate any rights customers might have against such attacks.
Microsoft is no longer invincible; fighting its legislative agenda is no death sentence. This intentionally released security hole clearly illustrates just what kinds of dangers UCITA opens up to the American consumer, for beyond even the simple analysis that Microsoft could claim this to be their legally protected implementation of a granted right...UCITA also bolsters Microsoft's right to sue whoever even looks for such a security hole, on the basis of a signed away right to reverse engineer.
You can't find the bugs. You can't demand the bugs be removed. You can't even tell anyone about the bugs. If this isn't a restriction of Interstate Commerce--among several other well cherished rights--I don't know what is.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Bezos--
That's why.
Yeah, you might be able to hold off an entrenched competitor from having some cool little +5% sales widget.
Sure sucks when *you* become the entrenched competitor, doesn't it though?
When will you understand that *the entire Internet Business Model* can be Verboten By Patent?
It's the Tragedy of the Corrupted Commons: Instead of there being one gigantic field that everyone can graze from, imagine a field with thousands upon thousands of overlapping fences, property lines, and deeds of "sale" from an overzealous government agency with the philosophy of "Our cronies will get rich overbooking the land, then our cronies will get even richer fighting eachother over who's land is really whose, all the while we'll be able to extract more property tax out of the same land many times over!"
Gets worse. The average commons is divisible--except for a "main well", sections can be fenced off and still leave an adequate, if shrunken, commons. Internet Business is something of a field where a given patent can end up enclosing sections where "if you can't use it, you starve". It's not like every blade of grass is interchangeable--it's more like, you never know if you're working on safe harbor...or a landmine.
It really gets quite nasty once you get into submarine patents. I won't even go into the analogies that brings up.
The end result of the Corrupted Commons is a No Man's Land. It ends up just not being worth exploring what gains the land can bring, because the risk is so great.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
MRAM makes it so you don't need to tickle your memory to keep the contents alive.
It's not that hard to tickle memory. It's just that motherboards don't support doing it because operating systems have never known how to deal with it.
Tickled DRAM is essentially identical to MRAM for purposes of nonvolitility within desktops and servers.
--Dan
Not having to route standby power is useful, but not essential. Tickling memory is about as simple of an operation as it gets! There's just no logic in it.
As for milliseconds refreshing power, ye gads memory operates in the nano realm. This means memory is effectively realtime already.
--Dan
This is the guy who helped come up with GMR? I bow down to his technical skills. But it seems that this technology is being sold for something that it just isn't.
Really, this just doesn't have much to do with instant on technology.
It's true. As useful as it is to require no power to store a charge, neither desktops nor servers have any serious problem with power--they're both plugged into a wall! There's no reason for mature DRAM memory to not receive the trickle charge it requires to keep its contents from drifting away. Problems come when operating systems (primarily) and motherboard standards fail to build in stasis modes--for all the determinism of computers, I find it rather surprising that the entire system cannot be simultaneously frozen until a given restart interrupt is triggered. But that's the situation we face--it's not that the memory doesn't last, it's that we don't know how to deal with a house of cards we don't need to rebuild every so often.
Where I see this technology being useful is in laptops, or anything else where "power just to suspend" is a real issue. Heck, even for normal operation, memory can be a real drain on power: Witness the effect of increasing from 2 to 8 MB of RAM on a Palm V(it's significant!). So this does matter for pervasive computing, as the article suggests.
But it has almost nothing to do with "instant on". I do forsee it being implemented in systems which don't want to have to "recover state from hard drive" or "implement a trickle charge system to keep existing state", but that's not so much a break through. The reduced power load scene DOES seem interesting, but lets not forget just how mature a technlogy DRAM is. They'll have to do some pretty amazing work with the MRAM to surpass DRAM. By then, where will DRAM be? Remember, Intel has its dominance partly out of the sheer amount of resources they can put into making the horrifically complex x86 fast. 21bil is alot of money to lose to MRAM!
Thoughts?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
> I dunno what cryptosystem you're talking about
> here, but this, in general, is not true... think
> about Diffie-Hellman signatures - you sign with
> a public key and verify with a private.
I'm a bit rusty on the math(and late for class!), but if x and y are made public, it's always trivial to find g^xy mod n. However, when g^xy mod n is made public, it's exceedingly difficult to find x and y.
Incidentally, you don't have signatures with DH--El Gamel is the PK variant system.
Yes, I KNOW I mucked up the math. But what I basically did was say, "OK, I'll keep the public key under wraps and anyone who can encode a message using it can issue a command to these n machine." Unfortunately, if you took control of one of those n machines and reversed the private EL Gamel key, you could then turn around and issue command to the other n-1 boxes.
Critical failure. Yeouch.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Plasmoid--
Grab some mountain dew and fire up the printer: Bruce Schneier's Crypto-Gram(http://www.counterpane.com) is possibly the most intensive and well written splashdown into the world of crypto that you're going to find.
I spent an entire evening a while back catching myself up with it--I have a binder sitting in my office that is devoted to nothing else. Bruce's book, Applied Cryptography, is an amazing piece of work(filled, incidentally, with enough humor to keep you up, but enough lucid explanations to leave your jaw dropped...the fact that I actually understand the incredibly complex digital cash protocols out there is a testament to Bruce's skill as a writer)...but his Crypto-Gram, besides being an excellent preview to the writing style you can expect, should you give a very fulfilling look at crypto past and present--everything from the basic tech to advanced concepts.
My personal suggestion would be to start with the oldest one and move forward until you hit the present. Trust me--get through those, and you'll understand alot of what's going on. It'll take you an evening, but you'll enjoy it.
Extremely high signal/noise ratio in those.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
> It doesn't matter if the program is 100%
> genuine Bogosoft code, if Bogosoft have added
> in code to upload your netscape history file to
> find out what you're browsing.
> While authentication is important, much more
> important is the ability to restrict programs
> from doing undeseriable things. If you don't
> want a program from sending your registration
> information without asking, you should be able
> to lock that up so it can't.
This is essentially the trust assignment problem that you describe--you *do* trust a program to execute a function, but you *don't* trust it not to execute some other function. How do you isolate?
There's been some pretty effective sandboxing tools hacked together, but Microsoft and a couple thousand Slashdotters agree: Accountability dramatically reduces abuse, be it in privacy violation or in the WAVE program(but I repeat myself).
The concept--and it ain't a bad one--is Bogosoft won't last long under attack from a very pissed off FTC. Will ya look at that, it's an election year...
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
> but as much as /. likes to bash Microsoft, at
:-)
> least MS can be assured to have considered
> cryptographic protections.
> Sure, they rejected 'em, but still
Cheap shot. (Yeah, I'm responding to my own post. I'm that wrong.)
Microsoft actually has done quite a bit of work with their Authenticode system giving people a means of digitally verify their code, with a CA(Certificate Authority) backing up that signature. The keys are "only" 512 bit RSA, but that *will* stop the script kiddies.
I guess I was just expressing my annoyance that nothing's been done to handle login scripts--I've got to worry about every single desktop on campus going down to a single eight character password on our IT director's desktop because of it. Really, when it comes to validating executable content, MS has done quite a bit of good work in this regard that hasn't particularly been matched elsewhere(is there a way to sign ELF files in-band? What about RPMs, with a CA?)
Gotta remember, MS may have its technical flaws, but they do pull off some good stuff. It's their business department that's evil
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
The question is no longer whether Verant *ought* to rummage through its user's computers looking for whatever it feels like.
/. likes to bash Microsoft, at least MS can be assured to have considered cryptographic protections.
The question is, what prevents anyone else from doing so?
If Verant can modify Everquest such that it ships with Back Orifice 2000, and the only thing that prevented them from doing so was the (thankfully effective!) fear of inadequate liability disclaimers, what *exactly* prevents anyone else, who *doesn't* particularly worry so much about the law, from attacking any Everquest player they please with a trojan'd update?
I betcha nothing but the network, as if "well, it came from Verant's DNS name, so it *can't* be spoofable." *sigh* I'm reminded of the Genie from Alladin..."PHENOMENAL COSMIC POWERS...itty bitty security." Oh, and toss in a little bit of obscurity to be on the safe side.
I should be fair. There's an off chance that there's some cryptographic protection against such an attack being sued by Verant. That'd be nice. I'd like that, as I do cryptography. Day in, day out, it's what I've been living, breathing, thinking, and scheming. And ya know what? I had a total compromise sitting around in my design, because I forgot the (rather simple, but marginally obscure fact) that it's rather trivial to convert a private key back into its public key equivalent. (Moral of the story, folks: Possession of a public key authenticates NOTHING.) Stupid problem, easy to fix, but then, that's my *job* right now.
I doubt I have an equivalent at Verant.
At best, Verant is employing some painfully inadequate public signature verification key to make sure that an update actually came from them. Rather likely, they're using some symmetric algorithm(RC2/RC4 most likely, as they're easily exportable) with a broken key length--not that it matters, since if they're using a symmetric key to authenticate the packages, then the same key that Verant used to sign the update shipped with every copy of Everquest--*cough* itty bitty security. Same shtick if they use a MD5-signature variant--the "key" used to authenticate the package as coming from Verant and not Joe Cracker necessarily gets shipped with each box.
Of course, who am I kidding. We'd be lucky if there's an XOR in the lot. (XOR, for the non cryptographers out there, is a thoroughly broken but easy to implement logic operation that one can run on data to make it "appear" encrypted. Appearances...can be deceiving.)
Folks, this is a *real* problem. Whenever you're doing crypto, you have to separate the world into Us vs. Them. I don't have a problem trusting Verant--they've got deep pockets, they've got skittish lawyers, and if they try anything, we'll see 'em telegraph it in the licensing agreement. (And if they do things without changing the agreement, We Know Where They Live.) So, for the moment, "Us" is Verant and Me, as an Individual Gamer. Them is every *other* gamer, malcontent, and kangaroo down under.
The question to ask yourself, is: What allows Us to determine what code is executed on the client machine, and not Them?
The next question to ask yourself is, since *you're* the one at risk with the client machine, and not Verant, how likely is it that Verant even broke a sweat regarding the answer to the previous question?
Great. Verant isn't going to hack their users, out of the goodness of their lawyers paranoia. So who will?
What about other games here, folks? Am I the only one noticing that large portions of the Windows software space are suddenly becoming net enabled for no other reason but to deliver ads(at best) and trojans(over time)?
This isn't the first time I've run a company through the ringer over automatic execution of code(both Microsoft and Novell have painfully inadequate checking on their login script functionality; more at www.doxpara.com), but as much as
Sure, they rejected 'em, but still...you gotta know they at least considered 'em. Verant, on the other hand?
Does anyone know?
Email or reply if any of this concerns you. I've had some interesting reponses planned to this trend that I just haven't had the resources to implement. With some help, we might actually be able to...deal with this situation.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
FF, with the exception of the very early ones(which didn't even have
*characters*), has *always* has deep and meaningful stories...or soaps, if
you want to call them that.
FF2/4's Rosa/Cecil, Rydia's tragic loss of her mother(*you* *kill* *her*
*mom*), Edward's loss of Anna at the Battle of Damcyan, Edge being forced
to kill his own horribly disfigured parents, the darkly honorable
Rubicant, the prodigal Golbez, the sacrificial Cid...
The rest of the series hasn't been much different, though I do
agree--something did change, and it wasn't altogether perfect.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
> No one can argue that copying cds to MP3 and distributing them is legal.
Actually, arguably, it can be.
If I want to sell an album I own, in theory I should be able to convert it to mp3, send the files to whoever seeks to purchase them from me, and then destroy the original physical medium and any cached copies I might have made for myself in the mean time.
--Dan
> The problem with software is to first remove
> the "licensing loophole" which is "we've only
> sold you permission to use it in ways we see
> fit and at the same time disclaim anything we
> can get away with disclaiming."
I don't know how much I mind disclaimers. Bottom line, I view software as I view movies--sure, there may be some stinkers out there, but I don't think we should be able to sue the guys who made Wild Wild West--no matter *how* awful it was.
Art has the right to suck, but don't go off trying to patent the buddy movie!
> Also surely you should add "If i want to take
> it apart and tell other people what I find then
> I should be allowed to do so." (Tradmarks,
> patents and normal copyright protect the
> company from having their product "ripped off".
> Libel and slander protect them from untrue
> critisism.)
Untrue criticism is not enough. Benchmarks must be suppressed, because they contradict the GoodThink of the Marketry of Truth. Windows NT is stable. Windows NT has always been stable. Windows 2000 is stable. Windows NT is unstable. You must upgrade to Windows 2000 to get stable. Windows NT is stable. Windows NT has always been stable.
Of course, there's the point--given the choice between fair, balanced case law derived by well trained judges in a democratic society vs. a quick line in a license agreement which basically says "Fuck with us and we'll rip your balls off", guess which one many unscrupulous companies will choose?
"If we can't threaten to rip customers balls off, we're doomed!"
--AOL
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
No.
The claim is that you get a license to use the product.
Reality does not match the claim, because people--
A) Are not lawyers
B) Should not need to be lawyers
C) Should not need to hire lawyers
Just to buy software.
Software is little more than de facto data encased within physical media. You may be limited to the number of concurrent installations you may possess, but effectively, that's the only really widely accepted limit on software.
There's usually some question regarding the GPL at this point--people seem to forget that while most "software licenses" remove rights that common law grants without a second thought--hell, it's part of that whole "private property" thing that we *almost ended the world over*--the GPL adds rights by specifying conditions where duplication may be accepted. You're always allowed to give someone else more rights, more latitude, more freedom, particularly with you're own code. But unless you make a highly formal arrangement, you ain't getting less. I can swing my arm farther and farther away from you, but I'm not allowed to pummel your nose, your chest, and eventually worse without some pretty hardcore contracts--and no, a shrink wrap doesn't count.
--Dan