Your liability towards your "customers" will be the same as if you were running a repair department at a computer store. You should look into what those local PC mongers are doing. The SBA may have some resources you can use.
The best solution would be to have system boot into an antimalware system before the OS itself. This software could be signed with multiple public keys embedded in the firmware to prevent it from being co-opted by a rootkit. (And yes, you'd also need security to prevent the firmware from being overwritten by a rootkit.) This software would then scan the kernel and first load components (critical device drivers, etc) of the kernel, along with its own in-OS software, for known threats and would alert the user to any changes in their signatures. It would then load the OS and exit. The OS kernel would load, along with its first load components and then load the in-OS portion of the antimalware software, which would complete the circle and should serve to protect the OS from rootkits.
Spammers are already using as many zombies as they can get hold of. This has the potential for reducing the total amount of spam by a factor of 10 or so, which would IMO be worthwhile.
You want a proposal for spam blocking? Here's a proposal, based on a "hashcash" paradigm.
When someone sends an email, they take the sender's email address, the receiving address, and 8 random alphanumeric characters (we'll call this "K"). The sender then initializes an 8-byte counter starting at 8 x 0x00. The sender then does a SHA-1 hash of the string with the counter appended on the end, and then increments the counter and repeats until the last 4 bytes of the SHA-1 are 0x00. It then saves the number of steps it took to reach this point, increments the counter again, and repeats the process until it has a list of 12 increments where the SHA-1 result is zero. It then sends this list, along with "K", in the email header. (It can also cache this for future use.)
The receiver takes "K" along with the email addresses and verifies that it gets SHA-1 hash results that are zeros with those counter increments.
The end result is, it takes a significant amount of processing power to send a (first) email, which should be acceptable to someone sending a legitimate message but will significantly slow down the performance of a spambot.
The proposed solution relies on a centralized authority producing new keys for each person periodically, which is a recipe for disaster if a billion users sign up for it.
I bet they have coders all set up to make their computers display what they need to, as props; while if the studios used X86 they'd have to hire their own coders. It's important for the computers to be able to blink "PASSWORD DENIED" in red, and then "password accepted!" followed by the super-secret information fuzzing in with neat video effects.
I'm betting that, despite this being an "optional" tool and users' voluntarily installing it, Microsoft will be sued by several companies who protest that their domains are legitimate despite appearing to be misspellings of other, more popular domains. And they have a point, too.
Well, it's one thing if Microsoft says "this is an update", as opposed to "this eliminates a security flaw". I don't think Cisco was explicitly stating that patches were for security, and I don't think Microsoft could be expected to be responsible if it issues a patch labeled as a security fix and a user doesn't apply it.
I'd have to disrecommend running a VPN between these sites simply for your convenience; it would mean that a security failure at any point on the network could jeopardize all of the machines in the network. I recommend you stick with ssh/scp for access to those machines.
Does this mean we're not going to be seeing mid-ten-digit clock rates any more? That was one thing that really annoyed me about the P4; a 2 GHz P4 was NOT more than twice as fast as a 850 MHz P3. It meant one couldn't compare CPUs with each other any more.
You'd probably be better off listening to the experts, because the bandwidth off a high-res video connection is monstrous, but...
I'm thinking it might be possible to intercept the stream of data the game is sending to DirectX or whichever 3D library you're using, and record it. This data stream should be orders of magnitude lower than the actual video data, and you ought to be able to record it without much disruption to the game performance. Once you had the data, you could then re-render the game play frame-by-frame, and then convert it to video and compress it.
Hum. You might be able to hack this into your game code; but if you can do it externally, it might be a saleable product.
After you discover that your purchased product is inferior to the pirated version, will you continue to purchase the crippled legal version? Or will that be your last purchase of HD content, and you will then become purely a consumer of pirated content, because it is a better product?
I refuse to answer, on grounds that it might tend to incarcerate me.
...and what's more, it IMNSHO can never be entirely plugged.
So long as content has to be displayed, it has to be converted to analog signals in the process. And while it may take a large amount of effort to "uncover" the hole - such as, disassembling an LCD panel and tapping into the driver circuitry - it only takes one person to redigitize the open content and distribute it, and all of a sudden it's everywhere again.
There *IS* one strategy that might work; it involves adding a system for embedding a digital watermark to the decryption mechanism, which could help content owners track stolen content back to the one who did the stealing (assuming that person or group had no way to cover their tracks). But if the content owners implemented such a strategy, there'd no longer be a reason to cover the hole!
All I can say is, if I do purchase a HD-disc and then discover it won't play at full resolution on my hardware, I'll simply download a free-market copy. I'm sure they'll still be available.
Get an extra landline to your house. Have Asterisk or some other PBX software answer the phone for you, announce who incoming callers have reached, flip off telemarketers, etc. Use a particular extension for your cell phone, and when someone dials the extension, have the PBX forward the call. If your cell phone rings and the caller ID doesn't show it was forwarded, ignore it.
Is this flaw in encoding or decoding? IOW, will the new version of GPG be able to sniff out modified signatures, or are all signatures made by old versions modifiable w/ no recourse?
The shuttle was designed in 1960, and was nearly fatally handicapped by the US military placing huge cargo requirements on the platform. A new, simpler design, using technology even twenty years more modern would result in an enormously more efficient launch system. NASA can't do it; they're too stuffed with pork to be able to efficiently utilize the money they're given.
16+ *BILLION* dollars?? And they're complaining they aren't getting enough money? I'm sorry, but I think that's more than plenty for what they need to do. If they'd just get rid of those expensive shuttles and invest in new launch hardware based on modern technology, they'd have plenty of money; but that would mean they'd need to lay off entrenched administrators.
Slashdot Mirror
Check out the site in Google Earth; lots of references there.
Doesn't seem to work for me; it winds up popping up inside Mozilla.
Your liability towards your "customers" will be the same as if you were running a repair department at a computer store. You should look into what those local PC mongers are doing. The SBA may have some resources you can use.
The best solution would be to have system boot into an antimalware system before the OS itself. This software could be signed with multiple public keys embedded in the firmware to prevent it from being co-opted by a rootkit. (And yes, you'd also need security to prevent the firmware from being overwritten by a rootkit.) This software would then scan the kernel and first load components (critical device drivers, etc) of the kernel, along with its own in-OS software, for known threats and would alert the user to any changes in their signatures. It would then load the OS and exit. The OS kernel would load, along with its first load components and then load the in-OS portion of the antimalware software, which would complete the circle and should serve to protect the OS from rootkits.
Spammers are already using as many zombies as they can get hold of. This has the potential for reducing the total amount of spam by a factor of 10 or so, which would IMO be worthwhile.
You want a proposal for spam blocking? Here's a proposal, based on a "hashcash" paradigm.
When someone sends an email, they take the sender's email address, the receiving address, and 8 random alphanumeric characters (we'll call this "K"). The sender then initializes an 8-byte counter starting at 8 x 0x00. The sender then does a SHA-1 hash of the string with the counter appended on the end, and then increments the counter and repeats until the last 4 bytes of the SHA-1 are 0x00. It then saves the number of steps it took to reach this point, increments the counter again, and repeats the process until it has a list of 12 increments where the SHA-1 result is zero. It then sends this list, along with "K", in the email header. (It can also cache this for future use.)
The receiver takes "K" along with the email addresses and verifies that it gets SHA-1 hash results that are zeros with those counter increments.
The end result is, it takes a significant amount of processing power to send a (first) email, which should be acceptable to someone sending a legitimate message but will significantly slow down the performance of a spambot.
Er... Sorry, didn't notice there already was one. Use http://static.thepiratebay.org/hashtorrent/3474917 .torrent/Code_Monkey.mp3.3474917.TPB.torrent .
http://bittornado.com/torrents/Code%20Monkey.mp3.t orrent
The proposed solution relies on a centralized authority producing new keys for each person periodically, which is a recipe for disaster if a billion users sign up for it.
I bet they have coders all set up to make their computers display what they need to, as props; while if the studios used X86 they'd have to hire their own coders. It's important for the computers to be able to blink "PASSWORD DENIED" in red, and then "password accepted!" followed by the super-secret information fuzzing in with neat video effects.
No matter what crypto method used, I was warning against leaving a network between a large number of distant computers open.
I'm betting that, despite this being an "optional" tool and users' voluntarily installing it, Microsoft will be sued by several companies who protest that their domains are legitimate despite appearing to be misspellings of other, more popular domains. And they have a point, too.
Well, it's one thing if Microsoft says "this is an update", as opposed to "this eliminates a security flaw". I don't think Cisco was explicitly stating that patches were for security, and I don't think Microsoft could be expected to be responsible if it issues a patch labeled as a security fix and a user doesn't apply it.
I'd have to disrecommend running a VPN between these sites simply for your convenience; it would mean that a security failure at any point on the network could jeopardize all of the machines in the network. I recommend you stick with ssh/scp for access to those machines.
Does this mean we're not going to be seeing mid-ten-digit clock rates any more? That was one thing that really annoyed me about the P4; a 2 GHz P4 was NOT more than twice as fast as a 850 MHz P3. It meant one couldn't compare CPUs with each other any more.
You'd probably be better off listening to the experts, because the bandwidth off a high-res video connection is monstrous, but...
I'm thinking it might be possible to intercept the stream of data the game is sending to DirectX or whichever 3D library you're using, and record it. This data stream should be orders of magnitude lower than the actual video data, and you ought to be able to record it without much disruption to the game performance. Once you had the data, you could then re-render the game play frame-by-frame, and then convert it to video and compress it.
Hum. You might be able to hack this into your game code; but if you can do it externally, it might be a saleable product.
After you discover that your purchased product is inferior to the pirated version, will you continue to purchase the crippled legal version? Or will that be your last purchase of HD content, and you will then become purely a consumer of pirated content, because it is a better product?
I refuse to answer, on grounds that it might tend to incarcerate me.
We're talking about a whole different sort of watermark.
...and what's more, it IMNSHO can never be entirely plugged.
So long as content has to be displayed, it has to be converted to analog signals in the process. And while it may take a large amount of effort to "uncover" the hole - such as, disassembling an LCD panel and tapping into the driver circuitry - it only takes one person to redigitize the open content and distribute it, and all of a sudden it's everywhere again.
There *IS* one strategy that might work; it involves adding a system for embedding a digital watermark to the decryption mechanism, which could help content owners track stolen content back to the one who did the stealing (assuming that person or group had no way to cover their tracks). But if the content owners implemented such a strategy, there'd no longer be a reason to cover the hole!
All I can say is, if I do purchase a HD-disc and then discover it won't play at full resolution on my hardware, I'll simply download a free-market copy. I'm sure they'll still be available.
Get an extra landline to your house. Have Asterisk or some other PBX software answer the phone for you, announce who incoming callers have reached, flip off telemarketers, etc. Use a particular extension for your cell phone, and when someone dials the extension, have the PBX forward the call. If your cell phone rings and the caller ID doesn't show it was forwarded, ignore it.
...extra server bandwidth, since everyone affected will be stuck at home with nothing to do except surf and download stuff...
Is this flaw in encoding or decoding? IOW, will the new version of GPG be able to sniff out modified signatures, or are all signatures made by old versions modifiable w/ no recourse?
Er, s/DSS/ISS/ .
The shuttle was designed in 1960, and was nearly fatally handicapped by the US military placing huge cargo requirements on the platform. A new, simpler design, using technology even twenty years more modern would result in an enormously more efficient launch system. NASA can't do it; they're too stuffed with pork to be able to efficiently utilize the money they're given.
Why does it take a shuttle to service DSS? It'd be impossible to dock anything else to it?
16+ *BILLION* dollars?? And they're complaining they aren't getting enough money? I'm sorry, but I think that's more than plenty for what they need to do. If they'd just get rid of those expensive shuttles and invest in new launch hardware based on modern technology, they'd have plenty of money; but that would mean they'd need to lay off entrenched administrators.
NASA delenda est.