If you aren't using to steal movies (or view stolen ones) then go do it anyway.
Two things:
First, there is no such thing as stealing a movie. It's information and its properties are governed by information physics, not classical physics. You can steal the DVD from a store, but all you're doing is stealing a piece of metal and plastic that carries a representation of the data that, when decoded, gives an approximation of the movie. (Remember mpeg2 is lossy.)
Second, if you're not using LiViD (or any other computer software for that matter) in a way that costs or could potentially cost the (RI|MP)AA money, they really don't care. Remember that when they buy congress or the president they do it so they'll make more money down the line. When they sue Joe Average because he's downloading movies online, it's not because he's costing them a large enough sum that it really matters. It's because they expect that if the case gets big publicity other downloaders will be scared away from filesharing programs. If nobody stopped downloading and sharing when the ??AA sued someone, it would cease to be worth their time and they would stop doing it -- but that's another matter.
The bottom line is, as long as you're only playing DVDs that you've bought legally (not ripping or sharing them), the ??AA doesn't care. Sure, they might be upset that you're using a free operating system or free software because people exposed to that community just might gain enough knowledge about how information works to figure out that their business model is outdated and needs to be changed, but I have no idea if they're even thinking on that level. To them, their business model is the right one, and people are costing them money by obtaining copies of movies online.
I was under the impression that if you were to do this, it would simply be that the Palladium services would be unavailable. It certainly wouldn't be illegal [...] If you were to do this (install a bios that does what you tell it to rather than what MS wants it to) you would have broken palladium. Once you can get the bios to tell the Core Root of Trust whatever you want, you can convince it you're running a secure OS on secure hardware. You could get access to keys and hardware crypto services from an unmodified linux kernel. That's circumvention, which is currently illegal.
I suppose if you just replaced the bios and never used its capabilities you'd be ok, but the TCPA specs only say that the manufacturer "must control updates to the bios". I can only assume that this means previous bioses would only allow themselves to be replaced by signed code, and if you somehow got past that requirement, that would be circumvention.
This is great and all, but don't expect to be able to use it if MS's palladium system is successful. In a palladium pc, the bios serves as part of the Core Trusted Root for Measurement, meaning that installing an open-source, unsigned alternative is not an option. This is not a soft option, like installing an unsigned OS -- a palladium system will let you install any software you want, including an operating system, but it won't allow unsigned code to use its "secure" features (including access to its stored machine-specific private key used for encrypting machine-specific content, or the sign-only key pair used exclusively for validating the machine's trusted status).
On the other hand, unsigned bioses are strictly not allowed. The bios is one of many hardware weak spots in palladium that, if compromised in an "adversarial environment" (yes, that's what they call it.;) ) such as your home, would allow the user to totally subvert any security measure in place. Of course, palladium will be laughably easy to get past with direct unrestricted access to the physical device (as with EVERY Digital Restriction Mechanism), but it won't be legal to do so. Unless you perform an illegal (and risky if you're not an electronics guru) hardware mod, you won't be able to run (or rather, install) LinuxBIOS.
The only way you'll see LinuxBIOS on a palladium machine would be if
<disclaimer> Yeah, I clicked the link and read the page, but I didn't go further and investigate the features offered by LinuxBIOS. </disclaimer>
a motherboard company took the LinuxBIOS source, modified it to lock out the user and perform DRM functions, and submitted it to MS for signing. Then LinuxBIOS could be installed in a palladium machine. Of course, the mobo company would still have to release the source code to their mod under the GPL, but that's not going to do the end user any good -- it won't get them a signed AND free bios. Remember all those stories about DRM killing OSS? Well, they were exaggerated for the most part, but this is what they were talking about.
The point is, if we don't get the word out about palladium, it will be illegal to use this bios in its free state. That's the least of our worries.
Hehe.:) How about if they were more consistent with their spelling? "The Sacromento Bee" is bad enough, but they have it spelled correctly in the headline.
What's going to happen when people place their trust (and vital information) in a system that is fundamentally flawed?
They go out and buy a copy of Windows.
Very true.;) I should have said, "What's going to happen when people place their trust (and vital information in a system that is fundamentally flawed, but that they have been convinced is not."
It's very easy to understand why digital restriction mechanisms are absolutely incapable of "working" as their creators intended. I'm sure plenty of people will post on this below and it's already been discussed thoroughly on slashdot. What we really need to worry about is: *What's going to happen when accessing content as we always have been able to becomes (to a greater extent than it is now) a criminal act? *What's going to happen when people place their trust (and vital information) in a system that is fundamentally flawed?
Uncapping refers to increasing the speed between your network device and your ISP's network device because this is generally the bottleneck. At any given time, your ISP generally has extra internet backbone bandwidth to spare, and unless your computer is _REALLY_ old, it's usually just sitting around waiting for data.
With DSL, there is a direct physical line from the subscriber to the ISP. By capping the maximum speed their network device will exchange data on that line, the ISP can effectively control your net access speed.
With cable, it's different. There is a single wire (a loop actually) that runs through the neighborhood and each user taps into that line. A certain frequency block on that wire is set aside for cable, and the bandwidth provided by that frequency block is shared among all the cable modems connected to it. When you hear DSL ads bashing cable companies for delivering shared net access that slows down when too many people in your neighborhood sign on, this is what they're talking about.
Up until a bit ago, this was very valid criticism. Typically, one node could provide 30Mbps to a neighborhood, and a single cable modem could snatch up a max of 10Mbps of that for its own use. It was a lot like being plugged into a hub. When usage spiked, you were in collision city. However, cable providers have started sending out configuration files to cable modems telling them to only snag a certain amount of bandwidth. This allows them to provide tiered service on a shared medium. What the people mentioned in the article did was send their modems an alternate configuration file saying "Hey! I know I (the cable company) previously told you that you could only use 128kbps of bandwidth, but now you can take as much as you want up to 2.5Mbps!" Since the cable company victims only did this when they "wanted to transfer large amounts of data quickly," they generated usage spikes way beyond normal, especially considering how much bandwidth they allocated to themselves.
So why crack down so hard on someone whose actions didn't cause any real and lasting damage to the company? The simple answer is that broadband ISPs are in the business of charging as much as they can get away with, and trying to get you to use as little as possible. Their business models depend upon subscribers buying "high speed internet access" and not using it. Simply put, if you're really a "power user" and want to do any of the things you see on "lightning fast internet access" commercials such as downloading digital video or transferring large files, broadband ISPs don't want you on their network. You're belong to a class of customers that uses what it pays for, and not the vast majority who just chat online and check their email twice a day. The fact that they could scare others into lower usage levels by bringing in intimidating government forces was just a plus.
The only difference between this and the (RI|MP)AA sueing their fans or the BSA sending out "You have ten days to buy our software or we'll audit you and possibly take legal action," letters is that cable companies are prosecuting based on the contents misguided contracts and the (RI|MP)AA and BSA are prosecuting based on the contents of misguided US law.
Fighting spam is like fighting crime, hackers or piracy. For every measure we put in place some spammer somewhere will find a way around it.
All problems are not the same - some have solutions and some don't. Take spam and piracy for example.
There's a system out there right now for spam blocking (I forget the name or URL at the moment, but it's been mentioned before on slashdot) that maintains a whitelist of people that are allowed to contact you, and when it receives an email from a person that is not on the whitelist, it stores that email in a temporary area and emails the sender asking for a confirmation email in return. If the spam-blocker receives a confirmation email (i.e. the actual person gets the return email, hits reply, and hits send as per the directions) then the original email gets through to your inbox. Right now this is a 100% effective spam-blocker. No good email is filtered out, and no spam is let through because spammers forge their return addresses and therefore never get confirmation emails. It has the added bonus of not requiring the user to look through a "junk mail" folder. Implementing this system universally (1) server-side would solve the spam problem. The only way spammers could get through would be to provide actual "from" email addresses which open them up to lawsuits, and (as they have to check incoming messages and reply to them, meaning they have to either host the "from" account themselves or have fast access to a server that does) it would open them up to all sorts of DDoS attacks. Got a 1KB spam email that slipped through with a from address of from@spammer.dynamicdnsservice.com? Hit that ever so satisfying "Can The Spammer" button and blast spammer.dynamicdnsservice.com with 100KB of data. The more spam the spammer pushes out, the more clogged its downstream pipe gets.
(1) Ok, not this system, as a spammer could always find out who your friends are and put their email addresses in the from: header, but a system based on public key cryptography would do the job nicely. That would mean client-side software updates and a protocol change, but it's still a solvable problem.
Now, take a look at piracy. There is a property of information (or data, or bits, or whatever you want to call it) that is so absolute and inviolable that I would go so far as to call it a law of the physics of information. It is: The only way to control the distribution of information is to ensure that the people and machines that have access to that information all agree to control its distribution. That's it - think about it. It means every technology-based digital restriction mechanism can be broken. (2) Yeah, you could put telescreens in all homes and watch everyone 1984 style, but that's a very poor solution. The best way to deal with "piracy" is to stop thinking along the lines of trying to control information like a physical good and find an alternative business model. No endless wasteful competition between DRM designers and hackers, and no more buying expensive DRM snake oil for businesses.
(2) Yes, even palladium can be broken. Here's an easy three-step process for breaking a palladium system:
(1) De-solder the TCPA components from the motherboard except the CTRM (yes, including the cpu if necessary), attach them to an add-in pci card along with a power connector (again, if necessary) and a pci interface chip that talks to the bus and simulates a CTRM that has "measured" a trusted system.
(1.5) Not really a "step". Design and fabricate the above chip.
(2) Write a kernel level driver for the OS of your choice that diverts calls to the trusted hardware subsystem in loaded applications to calls to the driver itself which simulates the trusted subsystem. Any time it needs a "Yes, I am a trusted system." certificate signed, the driver should call upon the pci card to perform this function. (Yes, you can install your own drivers. You just have to boot your system in untrusted mode [where applications would normally not receive services from trusted hardware])
(3) Download "protected files" and let your trusted applications happily place them (in encrypted format) on your hard disk. When you want to directly access the unencrypted data, snag the decryption key directly from the driver.
Yeah, it's complicated, and not all people have the necessary skills to pull it off, but keep in mind that: *It only has to be done once to release information from DRM jail and make it available to anyone. *Once the step 1.5 chip has been designed and the driver written (along with a userspace "data recovery" tool), they can be sold fairly easily as the equivalents of "mod chips" in game consoles.
Two last important notes:
*Yes, I've read the TCPA specs and I know this will work. If you would like to verify this for yourself (a smart move), they're freely available for download in pdf format from the TCPA web site.
*This does not mean palladium can be safely ignored - quite the opposite. When the only legal way to access certain content and services is an attempt to violate the physics of information by a single convicted but unpunished monopoly, everyone is in trouble. I'm sure you can think of other terrible consequences, but here's something to get you thinking in another direction. What will happen when everyone trusts the "Trusted Computing Platform Alliance" enough to put their personal (medical, financial, etc...) information into the system?
This is just the latest example of the challenges facing Apple in its battle to dominate digital media and other niche markets.
They have it backwards. Apple is dominating the digital media market when "[m]any--if not most--production studios use Apple's top-rated QuickTime Final Cut Pro content-creation and video-editing tools." Apple is being dominated when they add Digital Restriction Mechanisms to their software and hardware, to tempt movie moguls into providing video services for their customers.
It's important to remember that DRM does not enable digital content to be delivered online. DRM hog-ties consumers which makes them an attractive and helpless market for digital content. Big difference.
I lent a joystick (an MS Sidewinder 3D Pro) to a friend. It sat at his house for a while, during which time I sorta forgot about it, and two months later I got it back. At this point I was really itching to play some Descent II, so I brought it in, hooked it up, and launched the game. Everything loaded fine and the game recognized it without a hitch, so I started playing a game I saved before I lent him the joystick. I was able to ignore the crunching noises every time I bent the stick for a few minutes, but when I looked back at the joystick, I saw ants crawling all over the joystick, my hand, and the computer desk. Of course I promptly shut down and removed the infested device, but the horror (and odor) I experienced when I first opened it up cannot be described.
I'm sorry but this is a terrible idea. I guess it's good that they're working toward a system that doesn't try to control the net and make it "safe", but making an OK list is an awful plan. Who determines what's ok? Is a sex education web site for teens ok? What about a web site with pages outlining how intravenous drug users can avoid getting aids? Limiting the scope to "kids" take away a few of the most controversial issues, but it doesn't eliminate them all.
What we need is proper content labeling, a la RSACi. It's as simple as saying within the page in a machine-readable format what the page contains (sexuality [How explicit? Is it educational in context?], violence [How much gore?], swearing [Which words? How often?], etc...) and then giving the parent, library, or school the ability to set their computers to filter based on those characteristics.
This way, morality is separated from law giving everyone the freedom and the power to choose what they (and their children) see. Do you believe abortion is the most disgusting and immoral kind of murder? Set your filter to block "pro-choice" when your children are browsing. Do you believe right-wing antifeminist propaganda is harmful to youth? Set your filter to block "pro-life". The laws give you the ability, and you set your own limits.
Of course, a helpful, nurturing, and guiding influence from a parent is infinitely preferable to a big flashing "NO!" message on the screen and an entry in a log file, but eventually your kids will want to chat without you looking over their shoulder, and you're not exactly available every minute they want to be online.
Yes, it's DRM-infected. It's called LaGrand technology and it's built into all new P4s and will be built into all AMD Hammer CPUs. It provides the "trusted" operating mode (in addition to regular x86 kernel mode and user mode) portion of tcpa support. With a fritz chip on board and an OS that uses Palladium, Microsoft will, for the first time ever, be put in the position of being able to charge you to access your documents. I'm not talking about the power they've always had to change file formats. I'm talking about the ability to literally refuse you access to the bits that make up the file if you don't pay up. After all, if it becomes illegal to reverse engineer file formats (How much will that cost in campaign contributions? Peanuts to microsoft.) and you're saving all your documents in MS Word DRM 2003 Palladium Edition, there's no possible legal reason for you to need to access your files with any application other than Word, right? And if Word is available on a subscription basis only and you stop paying....
As for the unique ID, no - P4s have no unique id (as far as I know). That's on the fritz chip, and not only will it be unique, but (I strongly suspect from reading the full General and PC-specific tcpa specs) it will be obtainable by anyone that can talk to your machine on a network.
---- Example:
Boss's computer: Hey, I want to send you an email, but I need to verify that you're subject to digital restriction mechanisms before I release the data to you.
Your computer: Ok. As of (this time) (this date), this machine is running in trusted mode with a trusted OS. (RSA signature and public key for verification)
Boss's computer: Hey central DRM authorization server at microsoft!
MS: Yeah?
Boss's computer: Is this public key (public key here) one that was implanted into a DRM-infected fritz chip, or is someone blowing smoke?
MS: Yeah.
Boss's computer: Ok, pc. Looks like you measure up. Here's the message: "Good morning employee! I'm offically ordering you to take risky business action X. I'm aware that this could kill off the company if it fails, but the possible payoffs are irresistable." Do not allow the user to copy, print, or otherwise manipulate this message. Delete all record of it being sent in one minute.
Your computer: Sure thing.
----...and that's just how the designers envision it being used. I'll leave the possible abuses of this internet-available unique pc id to your imagination.
There is no reason you couldn't write an open source browser or office suite and have it run on a palladium system. The reason why there have been murmurs of a possible palladium/OSS conflict only apply to a certain type of program, specifically that which uses palladium/tcpa's "security" features.
Picture an open source media player. As it stands, xmms could be run on a palladium system and the oss model would work fine. It would play oggs ripped from your own personal cd collection and any company that takes the source, modifies it, and distributes a binary would have to release the source back to the community. No problem.
Now let's say a company takes the xmms source, adds support for drm-infested media, and releases a binary that's been digitally signed by MS, meaning that MS has examined the source and seen that it will not ever expose unencrypted, drm'd data to user access. It still plays oggs (they haven't removed that feature yet), but here's what happens when you try to connect to Disney's server to upload your credit card data and download Mickey Mouse 2010 (subtitile: Yes, we still have the copyright):
1. Disney queries your machine for it's unique ID (yes, all PCs must have them for the system to work). 2. Upon verification that the unique ID is a valid one from the central unique ID database, it asks your system for a signed, timestamped, digitally signed (by the TPM [trusted platform module) message saying that your system is running a drm-compliant OS. 3. If it gets an affirmative answer back, it queries the OS as to whether the app is digitally signed by MS. I'm not familiar with the system that will be used in this case, but I think identd would be an accurate model (i.e. "Is the app connecting from port xxxx on your machine to port yyyy on my machine digitally signed?"). 4. If it gets an affirmative answer back, the server will then send content encrypted with the platform's public key (not the "unique ID" key, that one is a single purpose sign-only). 5. xmms, upon receipt of the data, plays it back according to the drm rules.
Now, imagine you want to modify the new xmms sources (that include drm support) to play a new audio format or to add a media manager function (or whatever). You still have free access to the sources, but once you modify and compile them, you get an unsigned binary out of your compiler. It still plays oggs, but when you try to buy a movie from Disney, the OS responds (in step 4 above) with a negative answer.
"No, the binary making that connection is NOT signed."
The result is that Disney will not send data to that app. I'll get the obvious question answered right now:
Q: What if you modify your OS to respond to all step 3-4 "is xyz app signed?" questions with a "yes" answer? Couldn't you break the system that way? A: No. The authentication process would fail on step #2 above because your recompiled kernel wouldn't be signed so the TPM on your motherboard would refuse to vouch for it.
What does this mean for OSS? Well, not much. Open-source, non-pd/tcpa software won't be affected at all. OSS that does "handle" secure content as one of its main functions would be affected - you wouldn't be able to fork it unless you wanted to pay MS for a digital signature on every release to you want the pd/tcpa portions to keep working. In a nutshell, only the portions of OSS that normally depend on pd/tcpa would be nonfunctional.
So why is palladium/tcpa still a big problem? Well, a couple of reasons, but first, more Q&A.
Q: What if I were to physically crack open my trusted platform module and extract its private encryption and sign-only authentication keys. A: You would have broken palladium/tcpa security.
Q: What if I were to replace my core root of trust for measurement (CRTM, aka my BIOS) with one that always reports the system is booting in a "secure state" to the TPM? A: You would have broken palladium/tcpa security.
Q: What if I find a buffer overflow or other bug in a signed application (e.g. windows media player) that allows me to execute arbitrary code as that process? A: You would have broken palladium/tcpa security.
Q: What if I find a buffer overflow or other bug in the OS or a signed driver that allows me to execute arbitrary code as the OS kernel? A: You would have broken palladium/tcpa security.
I don't mean to make it sound easy - tcpa is designed to place these activities beyond the means of the average script kiddie. However, they are all very real valid security problems that palladium/tcpa _will never be able to solve_, specifically because of the nature of cryptography, mass-produced hardware, and information itself. I guess you could say that information really does "want to be free".
(Note to grammar nazis: Yes. I'm aware I put the period outside the quotation marks. I did this because I believe it enhances the readability of printed english. Putting the terminating semicolon from a line of C code inside the quotes around a quoted string just doesn't make logical sense. However, any its/it's, there/their/they're, or other stupid mistakes that detract from my ability to communicate clearly are fair game.;) )
So why is it such a bad idea? Because people think it will work. The latest issue of PC World (November [?] 2002) features an ad from IBM touting the advantages of the latest Intel Pentium 4 processor's LaGrand Technology. If I could find it I'd post the page number, but if you look through the issue it's on the left side somewhere in the middle-ish section. It promises freedom from viruses and a more secure operating system. I think it promises completely secure e-commerce as well. The average PC World readers are going to read this and their eyes are going to pop out of their heads. "Really? No more viruses? No more trojans? Secure e-commerce? How wonderful!" When online companies start pushing "secure" online movie rentals (broadband only, some restrictions may apply, void where prohibited, etc...) the ones surviving heart failure will scramble to buy new pcs with this LaGrand Technology (or amd's equivalent). After all, who wouldn't want a virus-free secure PC that does new and exciting things?
Nevermind that the reason 99.999% of the computer-using public have to even think about viruses is because outlook is so incredibly insecure. Nevermind that the only things stopping global availability of secure online shopping are the certificate authorities' greed and US crypto export laws*. Nevermind that online movie rentals will most definitely not take off soon considering how much bandwidth is available to home users even with broadband. (Yes, you may have 2mbit cable, but what's going to happen when a large enough percentage of friday night movie watchers decide to download and cable companies are overselling their last mile _and_ backbone bandwidth at a ratio of 50 to 1?) Nevermind that LaGrande Technology is designed to be the cpu-side hardware support for tcpa/palladium which is already flawed. I'm not saying that IBM won't be able to make good on their promises of perfect security and a virus-free environment (that's a separate debate) - I'm saying that they're pushing a unique PC ID and Digital Restrictions Mechanisms into every home in trying to do it.
(* Yes, I'm aware that you can get strong ssl encryption in linux outside the US. Here I'm referring to windows, a product from a commercial entity that has at least a slight interest in pretending they obey US law.)
So that's how it's going to get into homes and businesses. What harm is it going to do once it gets there? Well, just because it's going to be hopelessly inadequate when it comes to serving its intended purpose of stopping online piracy of digital media doesn't mean that it won't restrict fair use rights. Sure, anyone can use a cracked pd/tcpa box to download a film from disney and then distribute it online, but if Joe user can't rip his legally purchased CD and send it to his car stereo because of draconian DRM code, that's a problem. And that's only the copyright/fair use side of the issue. What about security? What happens when a certain OS vendor, with complete confidence in its supremely planned but critically flawed transition element, starts getting lax on security and starts depending on pd/tcpa keep everything together? Even worse security holes than we've seen before due to inattention to important detail and (at least) internal code review.
I hope you see what I'm talking about now. The worst possible outcome is not that palladium/tcpa will progress as planned (which violates the "possible" part). It's that it will approach an uneducated public and fail miserably.
Try putting (about) equal volumes of CCl4 (carbon tetrachloride) and aqueous KI (potassium iodide) in a test tube together. The clear, non-polar CCl4 will sink to the bottom, and the clear, polar, KI solution will sit on top. Now add a few drops of Br2 (liquid elemental bromine) to the solution and shake. The top layer will turn orange and the bottom will turn pinkish purple, but stay totally separate.
This reaction happens because bromine is a stronger oxidizing agent than iodine. When the bromine is added, it replaces the iodine in solution, forcing it to become I2 (elemental iodine) which mixes with the CCl4 below and turns it pinkish purple. The extra leftover bromine turns the solution on top orange.
It may not be as exciting as blowing something up, but it illustrates an important scientific principle (relative strengths of oxidizing agents) and it still looks cool:).
war & wi-fi
on
Wartrapping?
·
· Score: 5, Informative
Historically, "wardialing" was phr33k-slang for the rapid dialling of phone numbers. Exactly what does this have to do with 802.11? Driving around and listening to packets is not the equivalent of "wardialling", nor is it in any way similar.
Actually, wardialing referred to having your computer rapidly dial phone numbers and look for modems that would allow anyone to connect. The idea was that Joe Scriptkiddie would start a wardialing program when he got up in the morning and it would dial a randomized list (because the phone company is looking for lots of numbers being dialed sequentially) of phone numbers all day. In the afternoon when he got home from Junior High, he would check to see if the program had found any "interesting" information (modems on numbers that he didn't know about before) and if so he would add them to his "to-investigate" list.
If we define warX to mean aimlessly using method X to find hosts that will talk to anyone, that fits with the definition of wardialing - aimlessly dialing numbers in the hope of finding a modem. Even though driving isn't the most important component of wardriving (one could walk, I suppose), the term wardriving seems to fit. It means aimlessly driving around with a laptop scanning for hosts that will talk to anyone.
Can we dispense with the prefixing of "War" to anything 802.11 related, PLEASE?! This is just stupid now.
As far as I know, wardriving is the only war* term related to 802.11 technologies.
Neither is saying, "Please put me on your do not call list." While they're both effective, the only way to drive annoying commercial marketing into the ground is to make it more expensive than it is profitable.
1. Phone marketing: Feign interest, then ask the telemarketer to please hold for a minute (someone's at the door, etc...). By yourself, you can cut into their profit margin a little and have the satisfaction of getting back at the people that are bothering you so much. If enough people did this, it would be DEVASTATING to the telemarketing industry. Why? When a telemarketer is on the phone with you, their machine stops dialing new numbers. This seems like a smart idea - there's no reason to call someone if the telemarketer is busy talking to someone else. Usually, those machines dial 10 numbers at the same time and the telemarketer clicks over to the one that gets a live person. That's where those hangup calls come from: out of the 10 numbers the machine dialed at once, yours was one of the two that yielded a live person, and the telemarketer decided to go with the other one. What does this tell us about the telemarketing industry? They just hate it when their telemarketers are sitting around waiting to make a sale (i.e. while the machine is dialing). If they're waiting for you to get the door, guess what? They're sitting around waiting to make a sale.
2. Junk mail: This is really easy. I have no idea why nobody has started advocating this so far. Whenever you get junk mail, open it up, find the "postage paid - business reply mail" envelope, stuff everything else into it, seal it, and put it back in the mailbox. You're charging them postage to throw away their garbage. If you want to remain completely anonymous, just tear out the parts that have your name and address and mail the rest back.
3. Spam: Ok coders, this one is for you. Implement selective whitelisting as described here in your favorite open-source SMTP server. Yeah, server-side. Just make it a flag that can be turned on for individual email accounts so that the server will automatically start building a whitelist from confirmation emails. As long as this remains a *nix-only client-side spam-blocker it will never see widespread use. Why? Well, a server-side implementation has many benefits:
* It only has to be installed once. Every time a piece of software is installed on a computer, it's an opportunity for something to go wrong. A client-side program could install itself incorrectly, the user could become frustrated with an interface shortcoming, or it could trash some part of the user's system (possibly turning them off to spam blocking tech forever). If it's installed (carefully and by the ISP's lead tech) on a single mail server, suddenly thousands of people have the ability to block spam with no more effort than a call to the ISP to turn on the feature.
* ISPs would provide it as a competitive service to their customers. Most ISPs (in my limited experience) use open-source *nix mail servers, so implementation in existing systems would be easy. Perfect spam-filtering (that guarantees no false positives - meaning no lost important mail) would definitely influence a consumer's ISP choice now that most are competing based on cost. Considering how easy it would be to implement, it's a no-brainer for another ISP to offer the same service once the ISP across the street does.
* The principles are easy enough to explain to most people. Granted, most ISPs don't explain the details of their spam-blocking tech to new customers, but when they make a claim like, "No false positives, guaranteed!" it will be easy to explain if a customer gets curious.
Eventually, when no spam gets through, or just not enough to pay the bandwidth bills, spam will stop. What if selective whitelisting doesn't work? Well, it does, go read the web site.;) The worst case scenario would be that spammers would have to buy three times the bandwidth to send the amount of spam they do now, as well as maintain a working and valid From: address.
4. Banners: Go download privoxyright now. Combined with mozilla's popup blocking feature, I've seen maybe 3 ads in the past 3 months, and I spend hours surfing the web every day. It's absolutely amazing. Same deal with selective whitelisting as above, too. If ISPs ran privoxy, they'd be able to offer a service to their customers that, well, once addicted they couldn't live without. It's also the perfect way to implement caching and cut down on ISP backbone bandwidth costs.
Think these are good ideas? Help me spread them around. Think they suck? Tell me why so I can improve my explanation.
Lithium was more reactive than sodium? It's the other way around. The reactivity of group 1A elements increases with period. Lithium is in period 2, sodium is in period 3. Cesium is the most electropositive element (i.e. the most entertaining/life-threatening when thrown into a lake) and occupies period 6. Francium (group 1A, period 7) would be more impressive, but it's so radioactive that even if you could scrape together a chunk of it, it would have decomposed into other elements before you got a chance to get it wet.
Here's a fun site with a periodic table and details on all the elements.
These will be used solely for the purpose of web activities (surfing/mail), and word processing and *THATS IT*.
(emphasis mine)
It seems like your reason for locking these machines down is to prevent calls for technical assistance, but another possibility occurred to me. Some schools have policies saying that school computers and internet access are to be used for educational purposes only, and I thought yours might be trying to extend this to these school-manufactured computers. If this is the case, be aware (if you're not already, which you probably are) that there is no way to lock down a PC when someone else has unrestriced physical access no it (i.e. it is in their dorm room). You can't prevent someone from unplugging it, taking out the cmos battery for a few minutes, putting it back together, and installing their own linux distro (or windows 95) so they can play quake [II] with their buddies on the lan.
Other than that, just try out any of the excellent distros/configurations posted above, and make sure they have enough ram;).
You can get service packs on cd if you want to pay shipping and handling. I'm more worried about the latest "version" of windows update in which the "No information is sent to microsoft during this transaction," notice is absent. Those are just updates, though - akin to running up2date or apt-get dist-upgrade. The possibility that I was referring to above is one in which Microsoft distributes cds that, by themselves, are incapable of installing windows and must connect to the internet to download very large key components, just like gnu/linux ftp installs.
You're a moron, the only distributions that I use require only 1-3 discs for install. Mandrake 9 requires 2, Red Hat 8 requires 2, Debian requires 1 (Or none), SuSE requires 1 (Or none, but these are based on my experiences with 8.0, not 8.1), Slackware requires 1, Gentoo requires 1.
"or none": I'm not counting ftp installs when I'm talking about multi-cd distros. I have a whole spiel about them, but I won't go into that now.
"one or two": Congratulations to redhat for getting 7.3's 3 down to 2. I look forward to testing it out when I can find a download site with available bandwidth. It's about time for me to check around again.;) Yes, you can get the bulk of an install done from one CD, but inevitably there will be one package that you'll need for some essential task (say ncurses-dev for make menuconfig for the kernel) that's on another CD. There are also ISOs of sources that people don't need but download anyway because they're newbies or they aren't clearly marked (or both).
I have no idea how you got modded up...
Well, moderators are unpredictable as a rule (unless they're slashbots;)) so I wouldn't go looking for a method to their madness. However, I would guess that some moderator out there (like so many other gnu/linux users) is fed up with multi-cd bloated OS installs. Granted, slashdot isn't necessarily the best place to initiate change, but I'm just posting my opinion.
No swapping back and forth and their installer even tells you which discs are needed and how much from each disc, etc.
It's possible that I'm missing something, but I don't see how you can have a multi-cd OS install without CD swapping.
With SuSE I see no "bloat problem" to solve.
I wasn't talking about a "bloat problem" in relation to the number of cds per box, although I guess that term could be used to describe it. When I said "bloat" I was referring to the size of the default install. I haven't used suse since I helped a friend install 7.something on his secondary computer, but I have installed redhat recently. It irks me that I can install windows 98se in 200-300MB or W2K (which I'm currently using) in under 1GB but I can't seem to get a GNU/linux install under 1GB. I know, I know, I could go console only or try gentoo and do everything myself or select only the individual packages I need but, well, I'm just not willing to do that and neither is the average user. Setting aside the religious debate as to whether GNU/Linux should be made easy enough for the "average user", I think we can all agree that default "basic desktop functionality" installs are getting way too big.
Suse releases an 18MB bootable CD that will let you do an FTP install.
That's cool. Debian does the same thing (except with a floppy or two) and with gentoo it's practically mandatory.;) It's certainly a neat way of circumventing cd swapping.
On my cable modem, 8.0 took about 1.5 hours to do this.
This is what tends to worry me. If you're using (just an estimation) a 1.5Mbps downstream cable modem and you're getting half that in throughput (due to local contention for bandwidth, server capacity, whatever...) then you've downloaded about 500MB of data. It was probably compressed so it's probably taking up more than that on your hard disk (and even more if the installer kept the packages around) but downloaded 500 MB of data would take over a day of continuous connectivity on a 56k modem assuming optimal conditions.
Some people like ftp-based home installs, and they certainly make sense in a corporate environment with fast ethernet and an on-site ftp server or when broadband internet access is available and you don't mind waiting 1.5 hours. In a home setting, though, internet installs trouble me for a couple of reasons. First, they don't work (well) with modem-speed connections. Second, they depend on the company too much. I realize that suse probably isn't going to do anything evil, but imagine what the reaction would be if windows required you to connect to microsoft to install in a similar manner. Just look at the (admittedly ineffective) uproar over product activation in winxp.
Of course, users that don't want to do ftp installs can always use the 7 cds, but then we're back where we started.
I think the idea is that once the fuel cell is depleted, you empty out the waste product (water) and refill it with weak methanol solution. If it's that simple, then recharging your laptop means going down to the drug store and picking up a bottle of wood alcohol. Of course, efficiency comes into play here. You wouldn't want to have to buy a bottle every few days, but depending on the concentration you get one bottle could be diluted to give quite a few recharges.
I can't see direct-methanol fuel cells not making it to production and widespread use in all sorts of things from laptops to cars. They have all the positive qualities of regular (hydrogen) fuel cells, but they have a few more really significant advantages:
1. They're easily rechargable. Anyone can pour a weak methanol solution from a bottle into a fuel cell's reservoir, but not everyone has the equipment (or desire) to store compressed hydrogen in their home or car.
2. They're stigma-free. Mention hydrogen and the first thing many people think of is the hindenburg. While it's true that hydrogen was _not_ the cause of the disaster (entire thing was covered in flammable paint), many people think it is and will shy away from hydrogen-powered cars and appliances for that reason. As far as I know, there have been no significant disasters for which methanol has been blamed. (Disclaimer: I may be wrong.)
3. A weak methanol solution really is safe - it's not going to hurt you unless you drink it. (Methanol isn't drinkable alcohol, that's ethanol. Methanol is converted by the body into formaldehyde, the stuff you use to preserve dead things.)
Slashdot Mirror
If you aren't using to steal movies (or view stolen ones) then go do it anyway.
Two things:
First, there is no such thing as stealing a movie. It's information and its properties are governed by information physics, not classical physics. You can steal the DVD from a store, but all you're doing is stealing a piece of metal and plastic that carries a representation of the data that, when decoded, gives an approximation of the movie. (Remember mpeg2 is lossy.)
Second, if you're not using LiViD (or any other computer software for that matter) in a way that costs or could potentially cost the (RI|MP)AA money, they really don't care. Remember that when they buy congress or the president they do it so they'll make more money down the line. When they sue Joe Average because he's downloading movies online, it's not because he's costing them a large enough sum that it really matters. It's because they expect that if the case gets big publicity other downloaders will be scared away from filesharing programs. If nobody stopped downloading and sharing when the ??AA sued someone, it would cease to be worth their time and they would stop doing it -- but that's another matter.
The bottom line is, as long as you're only playing DVDs that you've bought legally (not ripping or sharing them), the ??AA doesn't care. Sure, they might be upset that you're using a free operating system or free software because people exposed to that community just might gain enough knowledge about how information works to figure out that their business model is outdated and needs to be changed, but I have no idea if they're even thinking on that level. To them, their business model is the right one, and people are costing them money by obtaining copies of movies online.
I was under the impression that if you were to do this, it would simply be that the Palladium services would be unavailable. It certainly wouldn't be illegal [...] If you were to do this (install a bios that does what you tell it to rather than what MS wants it to) you would have broken palladium. Once you can get the bios to tell the Core Root of Trust whatever you want, you can convince it you're running a secure OS on secure hardware. You could get access to keys and hardware crypto services from an unmodified linux kernel. That's circumvention, which is currently illegal.
I suppose if you just replaced the bios and never used its capabilities you'd be ok, but the TCPA specs only say that the manufacturer "must control updates to the bios". I can only assume that this means previous bioses would only allow themselves to be replaced by signed code, and if you somehow got past that requirement, that would be circumvention.
This is great and all, but don't expect to be able to use it if MS's palladium system is successful. In a palladium pc, the bios serves as part of the Core Trusted Root for Measurement, meaning that installing an open-source, unsigned alternative is not an option. This is not a soft option, like installing an unsigned OS -- a palladium system will let you install any software you want, including an operating system, but it won't allow unsigned code to use its "secure" features (including access to its stored machine-specific private key used for encrypting machine-specific content, or the sign-only key pair used exclusively for validating the machine's trusted status).
;) ) such as your home, would allow the user to totally subvert any security measure in place. Of course, palladium will be laughably easy to get past with direct unrestricted access to the physical device (as with EVERY Digital Restriction Mechanism), but it won't be legal to do so. Unless you perform an illegal (and risky if you're not an electronics guru) hardware mod, you won't be able to run (or rather, install) LinuxBIOS.
On the other hand, unsigned bioses are strictly not allowed. The bios is one of many hardware weak spots in palladium that, if compromised in an "adversarial environment" (yes, that's what they call it.
The only way you'll see LinuxBIOS on a palladium machine would be if
<disclaimer>
Yeah, I clicked the link and read the page, but I didn't go further and investigate the features offered by LinuxBIOS.
</disclaimer>
a motherboard company took the LinuxBIOS source, modified it to lock out the user and perform DRM functions, and submitted it to MS for signing. Then LinuxBIOS could be installed in a palladium machine. Of course, the mobo company would still have to release the source code to their mod under the GPL, but that's not going to do the end user any good -- it won't get them a signed AND free bios. Remember all those stories about DRM killing OSS? Well, they were exaggerated for the most part, but this is what they were talking about.
The point is, if we don't get the word out about palladium, it will be illegal to use this bios in its free state. That's the least of our worries.
Hehe. :) How about if they were more consistent with their spelling? "The Sacromento Bee" is bad enough, but they have it spelled correctly in the headline.
What's going to happen when people place their trust (and vital information) in a system that is fundamentally flawed?
;) I should have said, "What's going to happen when people place their trust (and vital information in a system that is fundamentally flawed, but that they have been convinced is not."
They go out and buy a copy of Windows.
Very true.
It's very easy to understand why digital restriction mechanisms are absolutely incapable of "working" as their creators intended. I'm sure plenty of people will post on this below and it's already been discussed thoroughly on slashdot. What we really need to worry about is:
*What's going to happen when accessing content as we always have been able to becomes (to a greater extent than it is now) a criminal act?
*What's going to happen when people place their trust (and vital information) in a system that is fundamentally flawed?
Uncapping refers to increasing the speed between your network device and your ISP's network device because this is generally the bottleneck. At any given time, your ISP generally has extra internet backbone bandwidth to spare, and unless your computer is _REALLY_ old, it's usually just sitting around waiting for data.
With DSL, there is a direct physical line from the subscriber to the ISP. By capping the maximum speed their network device will exchange data on that line, the ISP can effectively control your net access speed.
With cable, it's different. There is a single wire (a loop actually) that runs through the neighborhood and each user taps into that line. A certain frequency block on that wire is set aside for cable, and the bandwidth provided by that frequency block is shared among all the cable modems connected to it. When you hear DSL ads bashing cable companies for delivering shared net access that slows down when too many people in your neighborhood sign on, this is what they're talking about.
Up until a bit ago, this was very valid criticism. Typically, one node could provide 30Mbps to a neighborhood, and a single cable modem could snatch up a max of 10Mbps of that for its own use. It was a lot like being plugged into a hub. When usage spiked, you were in collision city. However, cable providers have started sending out configuration files to cable modems telling them to only snag a certain amount of bandwidth. This allows them to provide tiered service on a shared medium. What the people mentioned in the article did was send their modems an alternate configuration file saying "Hey! I know I (the cable company) previously told you that you could only use 128kbps of bandwidth, but now you can take as much as you want up to 2.5Mbps!" Since the cable company victims only did this when they "wanted to transfer large amounts of data quickly," they generated usage spikes way beyond normal, especially considering how much bandwidth they allocated to themselves.
So why crack down so hard on someone whose actions didn't cause any real and lasting damage to the company? The simple answer is that broadband ISPs are in the business of charging as much as they can get away with, and trying to get you to use as little as possible. Their business models depend upon subscribers buying "high speed internet access" and not using it. Simply put, if you're really a "power user" and want to do any of the things you see on "lightning fast internet access" commercials such as downloading digital video or transferring large files, broadband ISPs don't want you on their network. You're belong to a class of customers that uses what it pays for, and not the vast majority who just chat online and check their email twice a day. The fact that they could scare others into lower usage levels by bringing in intimidating government forces was just a plus.
The only difference between this and the (RI|MP)AA sueing their fans or the BSA sending out "You have ten days to buy our software or we'll audit you and possibly take legal action," letters is that cable companies are prosecuting based on the contents misguided contracts and the (RI|MP)AA and BSA are prosecuting based on the contents of misguided US law.
Fighting spam is like fighting crime, hackers or piracy. For every measure we put in place some spammer somewhere will find a way around it.
All problems are not the same - some have solutions and some don't. Take spam and piracy for example.
There's a system out there right now for spam blocking (I forget the name or URL at the moment, but it's been mentioned before on slashdot) that maintains a whitelist of people that are allowed to contact you, and when it receives an email from a person that is not on the whitelist, it stores that email in a temporary area and emails the sender asking for a confirmation email in return. If the spam-blocker receives a confirmation email (i.e. the actual person gets the return email, hits reply, and hits send as per the directions) then the original email gets through to your inbox. Right now this is a 100% effective spam-blocker. No good email is filtered out, and no spam is let through because spammers forge their return addresses and therefore never get confirmation emails. It has the added bonus of not requiring the user to look through a "junk mail" folder. Implementing this system universally (1) server-side would solve the spam problem. The only way spammers could get through would be to provide actual "from" email addresses which open them up to lawsuits, and (as they have to check incoming messages and reply to them, meaning they have to either host the "from" account themselves or have fast access to a server that does) it would open them up to all sorts of DDoS attacks. Got a 1KB spam email that slipped through with a from address of from@spammer.dynamicdnsservice.com? Hit that ever so satisfying "Can The Spammer" button and blast spammer.dynamicdnsservice.com with 100KB of data. The more spam the spammer pushes out, the more clogged its downstream pipe gets.
(1) Ok, not this system, as a spammer could always find out who your friends are and put their email addresses in the from: header, but a system based on public key cryptography would do the job nicely. That would mean client-side software updates and a protocol change, but it's still a solvable problem.
Now, take a look at piracy. There is a property of information (or data, or bits, or whatever you want to call it) that is so absolute and inviolable that I would go so far as to call it a law of the physics of information. It is: The only way to control the distribution of information is to ensure that the people and machines that have access to that information all agree to control its distribution. That's it - think about it. It means every technology-based digital restriction mechanism can be broken. (2) Yeah, you could put telescreens in all homes and watch everyone 1984 style, but that's a very poor solution. The best way to deal with "piracy" is to stop thinking along the lines of trying to control information like a physical good and find an alternative business model. No endless wasteful competition between DRM designers and hackers, and no more buying expensive DRM snake oil for businesses.
(2) Yes, even palladium can be broken. Here's an easy three-step process for breaking a palladium system:
(1) De-solder the TCPA components from the motherboard except the CTRM (yes, including the cpu if necessary), attach them to an add-in pci card along with a power connector (again, if necessary) and a pci interface chip that talks to the bus and simulates a CTRM that has "measured" a trusted system.
(1.5) Not really a "step". Design and fabricate the above chip.
(2) Write a kernel level driver for the OS of your choice that diverts calls to the trusted hardware subsystem in loaded applications to calls to the driver itself which simulates the trusted subsystem. Any time it needs a "Yes, I am a trusted system." certificate signed, the driver should call upon the pci card to perform this function. (Yes, you can install your own drivers. You just have to boot your system in untrusted mode [where applications would normally not receive services from trusted hardware])
(3) Download "protected files" and let your trusted applications happily place them (in encrypted format) on your hard disk. When you want to directly access the unencrypted data, snag the decryption key directly from the driver.
Yeah, it's complicated, and not all people have the necessary skills to pull it off, but keep in mind that:
*It only has to be done once to release information from DRM jail and make it available to anyone.
*Once the step 1.5 chip has been designed and the driver written (along with a userspace "data recovery" tool), they can be sold fairly easily as the equivalents of "mod chips" in game consoles.
Two last important notes:
*Yes, I've read the TCPA specs and I know this will work. If you would like to verify this for yourself (a smart move), they're freely available for download in pdf format from the TCPA web site.
*This does not mean palladium can be safely ignored - quite the opposite. When the only legal way to access certain content and services is an attempt to violate the physics of information by a single convicted but unpunished monopoly, everyone is in trouble. I'm sure you can think of other terrible consequences, but here's something to get you thinking in another direction. What will happen when everyone trusts the "Trusted Computing Platform Alliance" enough to put their personal (medical, financial, etc...) information into the system?
This is just the latest example of the challenges facing Apple in its battle to dominate digital media and other niche markets.
They have it backwards. Apple is dominating the digital media market when "[m]any--if not most--production studios use Apple's top-rated QuickTime Final Cut Pro content-creation and video-editing tools." Apple is being dominated when they add Digital Restriction Mechanisms to their software and hardware, to tempt movie moguls into providing video services for their customers.
It's important to remember that DRM does not enable digital content to be delivered online. DRM hog-ties consumers which makes them an attractive and helpless market for digital content. Big difference.
I lent a joystick (an MS Sidewinder 3D Pro) to a friend. It sat at his house for a while, during which time I sorta forgot about it, and two months later I got it back. At this point I was really itching to play some Descent II, so I brought it in, hooked it up, and launched the game. Everything loaded fine and the game recognized it without a hitch, so I started playing a game I saved before I lent him the joystick. I was able to ignore the crunching noises every time I bent the stick for a few minutes, but when I looked back at the joystick, I saw ants crawling all over the joystick, my hand, and the computer desk. Of course I promptly shut down and removed the infested device, but the horror (and odor) I experienced when I first opened it up cannot be described.
Are you listening, Evan?
I'm sorry but this is a terrible idea. I guess it's good that they're working toward a system that doesn't try to control the net and make it "safe", but making an OK list is an awful plan. Who determines what's ok? Is a sex education web site for teens ok? What about a web site with pages outlining how intravenous drug users can avoid getting aids? Limiting the scope to "kids" take away a few of the most controversial issues, but it doesn't eliminate them all.
What we need is proper content labeling, a la RSACi. It's as simple as saying within the page in a machine-readable format what the page contains (sexuality [How explicit? Is it educational in context?], violence [How much gore?], swearing [Which words? How often?], etc...) and then giving the parent, library, or school the ability to set their computers to filter based on those characteristics.
This way, morality is separated from law giving everyone the freedom and the power to choose what they (and their children) see. Do you believe abortion is the most disgusting and immoral kind of murder? Set your filter to block "pro-choice" when your children are browsing. Do you believe right-wing antifeminist propaganda is harmful to youth? Set your filter to block "pro-life". The laws give you the ability, and you set your own limits.
Of course, a helpful, nurturing, and guiding influence from a parent is infinitely preferable to a big flashing "NO!" message on the screen and an entry in a log file, but eventually your kids will want to chat without you looking over their shoulder, and you're not exactly available every minute they want to be online.
Sounds good, no?
Yes, it's DRM-infected. It's called LaGrand technology and it's built into all new P4s and will be built into all AMD Hammer CPUs. It provides the "trusted" operating mode (in addition to regular x86 kernel mode and user mode) portion of tcpa support. With a fritz chip on board and an OS that uses Palladium, Microsoft will, for the first time ever, be put in the position of being able to charge you to access your documents. I'm not talking about the power they've always had to change file formats. I'm talking about the ability to literally refuse you access to the bits that make up the file if you don't pay up. After all, if it becomes illegal to reverse engineer file formats (How much will that cost in campaign contributions? Peanuts to microsoft.) and you're saving all your documents in MS Word DRM 2003 Palladium Edition, there's no possible legal reason for you to need to access your files with any application other than Word, right? And if Word is available on a subscription basis only and you stop paying....
...and that's just how the designers envision it being used. I'll leave the possible abuses of this internet-available unique pc id to your imagination.
As for the unique ID, no - P4s have no unique id (as far as I know). That's on the fritz chip, and not only will it be unique, but (I strongly suspect from reading the full General and PC-specific tcpa specs) it will be obtainable by anyone that can talk to your machine on a network.
----
Example:
Boss's computer: Hey, I want to send you an email, but I need to verify that you're subject to digital restriction mechanisms before I release the data to you.
Your computer: Ok. As of (this time) (this date), this machine is running in trusted mode with a trusted OS. (RSA signature and public key for verification)
Boss's computer: Hey central DRM authorization server at microsoft!
MS: Yeah?
Boss's computer: Is this public key (public key here) one that was implanted into a DRM-infected fritz chip, or is someone blowing smoke?
MS: Yeah.
Boss's computer: Ok, pc. Looks like you measure up. Here's the message: "Good morning employee! I'm offically ordering you to take risky business action X. I'm aware that this could kill off the company if it fails, but the possible payoffs are irresistable." Do not allow the user to copy, print, or otherwise manipulate this message. Delete all record of it being sent in one minute.
Your computer: Sure thing.
----
There is no reason you couldn't write an open source browser or office suite and have it run on a palladium system. The reason why there have been murmurs of a possible palladium/OSS conflict only apply to a certain type of program, specifically that which uses palladium/tcpa's "security" features.
;) )
Picture an open source media player. As it stands, xmms could be run on a palladium system and the oss model would work fine. It would play oggs ripped from your own personal cd collection and any company that takes the source, modifies it, and distributes a binary would have to release the source back to the community. No problem.
Now let's say a company takes the xmms source, adds support for drm-infested media, and releases a binary that's been digitally signed by MS, meaning that MS has examined the source and seen that it will not ever expose unencrypted, drm'd data to user access. It still plays oggs (they haven't removed that feature yet), but here's what happens when you try to connect to Disney's server to upload your credit card data and download Mickey Mouse 2010 (subtitile: Yes, we still have the copyright):
1. Disney queries your machine for it's unique ID (yes, all PCs must have them for the system to work).
2. Upon verification that the unique ID is a valid one from the central unique ID database, it asks your system for a signed, timestamped, digitally signed (by the TPM [trusted platform module) message saying that your system is running a drm-compliant OS.
3. If it gets an affirmative answer back, it queries the OS as to whether the app is digitally signed by MS. I'm not familiar with the system that will be used in this case, but I think identd would be an accurate model (i.e. "Is the app connecting from port xxxx on your machine to port yyyy on my machine digitally signed?").
4. If it gets an affirmative answer back, the server will then send content encrypted with the platform's public key (not the "unique ID" key, that one is a single purpose sign-only).
5. xmms, upon receipt of the data, plays it back according to the drm rules.
Now, imagine you want to modify the new xmms sources (that include drm support) to play a new audio format or to add a media manager function (or whatever). You still have free access to the sources, but once you modify and compile them, you get an unsigned binary out of your compiler. It still plays oggs, but when you try to buy a movie from Disney, the OS responds (in step 4 above) with a negative answer.
"No, the binary making that connection is NOT signed."
The result is that Disney will not send data to that app. I'll get the obvious question answered right now:
Q: What if you modify your OS to respond to all step 3-4 "is xyz app signed?" questions with a "yes" answer? Couldn't you break the system that way?
A: No. The authentication process would fail on step #2 above because your recompiled kernel wouldn't be signed so the TPM on your motherboard would refuse to vouch for it.
What does this mean for OSS? Well, not much. Open-source, non-pd/tcpa software won't be affected at all. OSS that does "handle" secure content as one of its main functions would be affected - you wouldn't be able to fork it unless you wanted to pay MS for a digital signature on every release to you want the pd/tcpa portions to keep working. In a nutshell, only the portions of OSS that normally depend on pd/tcpa would be nonfunctional.
So why is palladium/tcpa still a big problem? Well, a couple of reasons, but first, more Q&A.
Q: What if I were to physically crack open my trusted platform module and extract its private encryption and sign-only authentication keys.
A: You would have broken palladium/tcpa security.
Q: What if I were to replace my core root of trust for measurement (CRTM, aka my BIOS) with one that always reports the system is booting in a "secure state" to the TPM?
A: You would have broken palladium/tcpa security.
Q: What if I find a buffer overflow or other bug in a signed application (e.g. windows media player) that allows me to execute arbitrary code as that process?
A: You would have broken palladium/tcpa security.
Q: What if I find a buffer overflow or other bug in the OS or a signed driver that allows me to execute arbitrary code as the OS kernel?
A: You would have broken palladium/tcpa security.
I don't mean to make it sound easy - tcpa is designed to place these activities beyond the means of the average script kiddie. However, they are all very real valid security problems that palladium/tcpa _will never be able to solve_, specifically because of the nature of cryptography, mass-produced hardware, and information itself. I guess you could say that information really does "want to be free".
(Note to grammar nazis: Yes. I'm aware I put the period outside the quotation marks. I did this because I believe it enhances the readability of printed english. Putting the terminating semicolon from a line of C code inside the quotes around a quoted string just doesn't make logical sense. However, any its/it's, there/their/they're, or other stupid mistakes that detract from my ability to communicate clearly are fair game.
So why is it such a bad idea? Because people think it will work. The latest issue of PC World (November [?] 2002) features an ad from IBM touting the advantages of the latest Intel Pentium 4 processor's LaGrand Technology. If I could find it I'd post the page number, but if you look through the issue it's on the left side somewhere in the middle-ish section. It promises freedom from viruses and a more secure operating system. I think it promises completely secure e-commerce as well. The average PC World readers are going to read this and their eyes are going to pop out of their heads. "Really? No more viruses? No more trojans? Secure e-commerce? How wonderful!" When online companies start pushing "secure" online movie rentals (broadband only, some restrictions may apply, void where prohibited, etc...) the ones surviving heart failure will scramble to buy new pcs with this LaGrand Technology (or amd's equivalent). After all, who wouldn't want a virus-free secure PC that does new and exciting things?
Nevermind that the reason 99.999% of the computer-using public have to even think about viruses is because outlook is so incredibly insecure. Nevermind that the only things stopping global availability of secure online shopping are the certificate authorities' greed and US crypto export laws*. Nevermind that online movie rentals will most definitely not take off soon considering how much bandwidth is available to home users even with broadband. (Yes, you may have 2mbit cable, but what's going to happen when a large enough percentage of friday night movie watchers decide to download and cable companies are overselling their last mile _and_ backbone bandwidth at a ratio of 50 to 1?) Nevermind that LaGrande Technology is designed to be the cpu-side hardware support for tcpa/palladium which is already flawed. I'm not saying that IBM won't be able to make good on their promises of perfect security and a virus-free environment (that's a separate debate) - I'm saying that they're pushing a unique PC ID and Digital Restrictions Mechanisms into every home in trying to do it.
(* Yes, I'm aware that you can get strong ssl encryption in linux outside the US. Here I'm referring to windows, a product from a commercial entity that has at least a slight interest in pretending they obey US law.)
So that's how it's going to get into homes and businesses. What harm is it going to do once it gets there? Well, just because it's going to be hopelessly inadequate when it comes to serving its intended purpose of stopping online piracy of digital media doesn't mean that it won't restrict fair use rights. Sure, anyone can use a cracked pd/tcpa box to download a film from disney and then distribute it online, but if Joe user can't rip his legally purchased CD and send it to his car stereo because of draconian DRM code, that's a problem. And that's only the copyright/fair use side of the issue. What about security? What happens when a certain OS vendor, with complete confidence in its supremely planned but critically flawed transition element, starts getting lax on security and starts depending on pd/tcpa keep everything together? Even worse security holes than we've seen before due to inattention to important detail and (at least) internal code review.
I hope you see what I'm talking about now. The worst possible outcome is not that palladium/tcpa will progress as planned (which violates the "possible" part). It's that it will approach an uneducated public and fail miserably.
Are you a paying member of the eff yet?
Here's a colorful one:
:).
Try putting (about) equal volumes of CCl4 (carbon tetrachloride) and aqueous KI (potassium iodide) in a test tube together. The clear, non-polar CCl4 will sink to the bottom, and the clear, polar, KI solution will sit on top. Now add a few drops of Br2 (liquid elemental bromine) to the solution and shake. The top layer will turn orange and the bottom will turn pinkish purple, but stay totally separate.
This reaction happens because bromine is a stronger oxidizing agent than iodine. When the bromine is added, it replaces the iodine in solution, forcing it to become I2 (elemental iodine) which mixes with the CCl4 below and turns it pinkish purple. The extra leftover bromine turns the solution on top orange.
It may not be as exciting as blowing something up, but it illustrates an important scientific principle (relative strengths of oxidizing agents) and it still looks cool
Historically, "wardialing" was phr33k-slang for the rapid dialling of phone numbers. Exactly what does this have to do with 802.11? Driving around and listening to packets is not the equivalent of "wardialling", nor is it in any way similar.
Actually, wardialing referred to having your computer rapidly dial phone numbers and look for modems that would allow anyone to connect. The idea was that Joe Scriptkiddie would start a wardialing program when he got up in the morning and it would dial a randomized list (because the phone company is looking for lots of numbers being dialed sequentially) of phone numbers all day. In the afternoon when he got home from Junior High, he would check to see if the program had found any "interesting" information (modems on numbers that he didn't know about before) and if so he would add them to his "to-investigate" list.
If we define warX to mean aimlessly using method X to find hosts that will talk to anyone, that fits with the definition of wardialing - aimlessly dialing numbers in the hope of finding a modem. Even though driving isn't the most important component of wardriving (one could walk, I suppose), the term wardriving seems to fit. It means aimlessly driving around with a laptop scanning for hosts that will talk to anyone.
Can we dispense with the prefixing of "War" to anything 802.11 related, PLEASE?! This is just stupid now.
As far as I know, wardriving is the only war* term related to 802.11 technologies.
Neither is saying, "Please put me on your do not call list." While they're both effective, the only way to drive annoying commercial marketing into the ground is to make it more expensive than it is profitable.
;) The worst case scenario would be that spammers would have to buy three times the bandwidth to send the amount of spam they do now, as well as maintain a working and valid From: address.
1. Phone marketing: Feign interest, then ask the telemarketer to please hold for a minute (someone's at the door, etc...). By yourself, you can cut into their profit margin a little and have the satisfaction of getting back at the people that are bothering you so much. If enough people did this, it would be DEVASTATING to the telemarketing industry. Why? When a telemarketer is on the phone with you, their machine stops dialing new numbers. This seems like a smart idea - there's no reason to call someone if the telemarketer is busy talking to someone else. Usually, those machines dial 10 numbers at the same time and the telemarketer clicks over to the one that gets a live person. That's where those hangup calls come from: out of the 10 numbers the machine dialed at once, yours was one of the two that yielded a live person, and the telemarketer decided to go with the other one. What does this tell us about the telemarketing industry? They just hate it when their telemarketers are sitting around waiting to make a sale (i.e. while the machine is dialing). If they're waiting for you to get the door, guess what? They're sitting around waiting to make a sale.
2. Junk mail: This is really easy. I have no idea why nobody has started advocating this so far. Whenever you get junk mail, open it up, find the "postage paid - business reply mail" envelope, stuff everything else into it, seal it, and put it back in the mailbox. You're charging them postage to throw away their garbage. If you want to remain completely anonymous, just tear out the parts that have your name and address and mail the rest back.
3. Spam: Ok coders, this one is for you. Implement selective whitelisting as described here in your favorite open-source SMTP server. Yeah, server-side. Just make it a flag that can be turned on for individual email accounts so that the server will automatically start building a whitelist from confirmation emails. As long as this remains a *nix-only client-side spam-blocker it will never see widespread use. Why? Well, a server-side implementation has many benefits:
* It only has to be installed once. Every time a piece of software is installed on a computer, it's an opportunity for something to go wrong. A client-side program could install itself incorrectly, the user could become frustrated with an interface shortcoming, or it could trash some part of the user's system (possibly turning them off to spam blocking tech forever). If it's installed (carefully and by the ISP's lead tech) on a single mail server, suddenly thousands of people have the ability to block spam with no more effort than a call to the ISP to turn on the feature.
* ISPs would provide it as a competitive service to their customers. Most ISPs (in my limited experience) use open-source *nix mail servers, so implementation in existing systems would be easy. Perfect spam-filtering (that guarantees no false positives - meaning no lost important mail) would definitely influence a consumer's ISP choice now that most are competing based on cost. Considering how easy it would be to implement, it's a no-brainer for another ISP to offer the same service once the ISP across the street does.
* The principles are easy enough to explain to most people. Granted, most ISPs don't explain the details of their spam-blocking tech to new customers, but when they make a claim like, "No false positives, guaranteed!" it will be easy to explain if a customer gets curious.
Eventually, when no spam gets through, or just not enough to pay the bandwidth bills, spam will stop. What if selective whitelisting doesn't work? Well, it does, go read the web site.
4. Banners: Go download privoxy right now. Combined with mozilla's popup blocking feature, I've seen maybe 3 ads in the past 3 months, and I spend hours surfing the web every day. It's absolutely amazing. Same deal with selective whitelisting as above, too. If ISPs ran privoxy, they'd be able to offer a service to their customers that, well, once addicted they couldn't live without. It's also the perfect way to implement caching and cut down on ISP backbone bandwidth costs.
Think these are good ideas? Help me spread them around. Think they suck? Tell me why so I can improve my explanation.
Lithium was more reactive than sodium? It's the other way around. The reactivity of group 1A elements increases with period. Lithium is in period 2, sodium is in period 3. Cesium is the most electropositive element (i.e. the most entertaining/life-threatening when thrown into a lake) and occupies period 6. Francium (group 1A, period 7) would be more impressive, but it's so radioactive that even if you could scrape together a chunk of it, it would have decomposed into other elements before you got a chance to get it wet.
Here's a fun site with a periodic table and details on all the elements.
These will be used solely for the purpose of web activities (surfing/mail), and word processing and *THATS IT*.
;).
(emphasis mine)
It seems like your reason for locking these machines down is to prevent calls for technical assistance, but another possibility occurred to me. Some schools have policies saying that school computers and internet access are to be used for educational purposes only, and I thought yours might be trying to extend this to these school-manufactured computers. If this is the case, be aware (if you're not already, which you probably are) that there is no way to lock down a PC when someone else has unrestriced physical access no it (i.e. it is in their dorm room). You can't prevent someone from unplugging it, taking out the cmos battery for a few minutes, putting it back together, and installing their own linux distro (or windows 95) so they can play quake [II] with their buddies on the lan.
Other than that, just try out any of the excellent distros/configurations posted above, and make sure they have enough ram
You can get service packs on cd if you want to pay shipping and handling. I'm more worried about the latest "version" of windows update in which the "No information is sent to microsoft during this transaction," notice is absent. Those are just updates, though - akin to running up2date or apt-get dist-upgrade. The possibility that I was referring to above is one in which Microsoft distributes cds that, by themselves, are incapable of installing windows and must connect to the internet to download very large key components, just like gnu/linux ftp installs.
You're a moron, the only distributions that I use require only 1-3 discs for install. Mandrake 9 requires 2, Red Hat 8 requires 2, Debian requires 1 (Or none), SuSE requires 1 (Or none, but these are based on my experiences with 8.0, not 8.1), Slackware requires 1, Gentoo requires 1.
;) Yes, you can get the bulk of an install done from one CD, but inevitably there will be one package that you'll need for some essential task (say ncurses-dev for make menuconfig for the kernel) that's on another CD. There are also ISOs of sources that people don't need but download anyway because they're newbies or they aren't clearly marked (or both).
;)) so I wouldn't go looking for a method to their madness. However, I would guess that some moderator out there (like so many other gnu/linux users) is fed up with multi-cd bloated OS installs. Granted, slashdot isn't necessarily the best place to initiate change, but I'm just posting my opinion.
"or none":
I'm not counting ftp installs when I'm talking about multi-cd distros. I have a whole spiel about them, but I won't go into that now.
"one or two":
Congratulations to redhat for getting 7.3's 3 down to 2. I look forward to testing it out when I can find a download site with available bandwidth. It's about time for me to check around again.
I have no idea how you got modded up...
Well, moderators are unpredictable as a rule (unless they're slashbots
No swapping back and forth and their installer even tells you which discs are needed and how much from each disc, etc.
It's possible that I'm missing something, but I don't see how you can have a multi-cd OS install without CD swapping.
With SuSE I see no "bloat problem" to solve.
I wasn't talking about a "bloat problem" in relation to the number of cds per box, although I guess that term could be used to describe it. When I said "bloat" I was referring to the size of the default install. I haven't used suse since I helped a friend install 7.something on his secondary computer, but I have installed redhat recently. It irks me that I can install windows 98se in 200-300MB or W2K (which I'm currently using) in under 1GB but I can't seem to get a GNU/linux install under 1GB. I know, I know, I could go console only or try gentoo and do everything myself or select only the individual packages I need but, well, I'm just not willing to do that and neither is the average user. Setting aside the religious debate as to whether GNU/Linux should be made easy enough for the "average user", I think we can all agree that default "basic desktop functionality" installs are getting way too big.
Suse releases an 18MB bootable CD that will let you do an FTP install.
;) It's certainly a neat way of circumventing cd swapping.
That's cool. Debian does the same thing (except with a floppy or two) and with gentoo it's practically mandatory.
On my cable modem, 8.0 took about 1.5 hours to do this.
This is what tends to worry me. If you're using (just an estimation) a 1.5Mbps downstream cable modem and you're getting half that in throughput (due to local contention for bandwidth, server capacity, whatever...) then you've downloaded about 500MB of data. It was probably compressed so it's probably taking up more than that on your hard disk (and even more if the installer kept the packages around) but downloaded 500 MB of data would take over a day of continuous connectivity on a 56k modem assuming optimal conditions.
Some people like ftp-based home installs, and they certainly make sense in a corporate environment with fast ethernet and an on-site ftp server or when broadband internet access is available and you don't mind waiting 1.5 hours. In a home setting, though, internet installs trouble me for a couple of reasons. First, they don't work (well) with modem-speed connections. Second, they depend on the company too much. I realize that suse probably isn't going to do anything evil, but imagine what the reaction would be if windows required you to connect to microsoft to install in a similar manner. Just look at the (admittedly ineffective) uproar over product activation in winxp.
Of course, users that don't want to do ftp installs can always use the 7 cds, but then we're back where we started.
This was more of a general rant against multi-cd distros, but thanks for the info. :)
I think the idea is that once the fuel cell is depleted, you empty out the waste product (water) and refill it with weak methanol solution. If it's that simple, then recharging your laptop means going down to the drug store and picking up a bottle of wood alcohol. Of course, efficiency comes into play here. You wouldn't want to have to buy a bottle every few days, but depending on the concentration you get one bottle could be diluted to give quite a few recharges.
I can't see direct-methanol fuel cells not making it to production and widespread use in all sorts of things from laptops to cars. They have all the positive qualities of regular (hydrogen) fuel cells, but they have a few more really significant advantages:
1. They're easily rechargable. Anyone can pour a weak methanol solution from a bottle into a fuel cell's reservoir, but not everyone has the equipment (or desire) to store compressed hydrogen in their home or car.
2. They're stigma-free. Mention hydrogen and the first thing many people think of is the hindenburg. While it's true that hydrogen was _not_ the cause of the disaster (entire thing was covered in flammable paint), many people think it is and will shy away from hydrogen-powered cars and appliances for that reason. As far as I know, there have been no significant disasters for which methanol has been blamed. (Disclaimer: I may be wrong.)
3. A weak methanol solution really is safe - it's not going to hurt you unless you drink it. (Methanol isn't drinkable alcohol, that's ethanol. Methanol is converted by the body into formaldehyde, the stuff you use to preserve dead things.)