Actually the master key doesn't exist on all devices. The master key is theoretically kept private and managed by the consortium that oversees HDCP. When a new vendor comes along then the HDCP consortium generates a sub-key from the master key and assigns it to that vendor. The vendor then uses that sub-key to create "sub-sub-keys" for each device they manufacture.
If a device key is compromised then the vendor can revoke it and issue a new sub-sub-key for the device. The HDCP consortium could also revoke the sub-key for the vendor, thereby invalidating all the vendor devices, if necessary.
The problem with the HDCP encryption is that if you have enough of those device keys (50 or so according to reports) then with a bit of grunt work you can reverse-engineer the HDCP consortium master key. That's apparently what happened in this case.
On a related note, if they were in business to make a quality operating system, they would have a tough time selling "upgrades."
Not necessarily. It would just mean that they would have to work harder to design and develop new features that continue to improve functionality & ease of use while maintaining those high quality standards.
The police seem perfectly able to hunt down the owner of a prepaid cellphone when it contains child porn on it. How can they manage that yet not hunt down terrorists the same way?
IANAL, but I believe most District Attorneys that file these sorts of charges are claiming that their hands are tied and they HAVE to because laws regarding child pornography are so strict. The laws don't make any allowances for something like sexting, even if it's a picture involving somebody who is 17.999 years old. Any sexy picture involving somebody under the age of 18 is considered child porn in the eyes of "the law" according to those idiotic DA's.
The two photos of the system in use in the article are clearly taken along a 2-lane road and not a highway. On roads like that it's not at all uncommon to find cars in the breakdown lane, people walking along the side of the road, cars pulling in/out ahead of you, and all sorts of other hazards.
That's the idea. Being 'distracted' by things you might run into is a good thing.
So you're driving down a street in the middle of the night and suddenly a little blue blob appears because the car has detected a person walking across the street a half a mile in front of you. Rather than pay attention to the road directly in front of you, you start squinting at the blue blob to try to figure out what the car is warning you about, or you otherwise simply start paying more attention to the blob to see if it moves. And as you're distracted by whatever-it-is-that-the-car-is-warning-you-about that's at least 30 seconds away from you, you're no longer paying full attention to your immediate surroundings and you start to drift off the road. As the wheels hit the side of the road you suddenly snap back to awareness and jerk the wheel, over-correcting and crashing into a parked car, street light, etc.
Or should this system be drawing lines around all the parked cars, the street lights, the overpasses, the sides of the road, etc. as well as that person half a mile ahead of you? That would be even more distracting IMHO.
Oh yeah, and imagine what it'd be like if it only warned you about things that are potentially an immediate concern, like anything 10 seconds away from you. Your windshield would be constantly flashing different colored highlights at you. As you're driving down a street you get highlights around every car that's turning in/out of the road, every person walking along the sidewalk, parked cars, road signs, etc. Every single time you pass one of those objects it gets briefly highlighted in a different color by the car. The constant flashing of colors highlighted on the windshield would be extremely distracting and eventually lead to being totally useless as drivers learn to ignore it all.
Unless this is done VERY carefully, I'm afraid it'll just end up distracting most drivers. Yes, head-up displays have existed in fighter jets, etc. for decades, but those pilots are highly trained to process all the data given to them. Throw an average driver into a car that suddenly starts highlighting road signs, etc. and you risk distracting him. What happens if the system freaks out as you drive down a street with tons of road signs? You could end up flooding the windshield with lots of neon lines as the system tries to highlight all of them. And how do you decide exactly what to highlight? Suppose it highlights a person crossing the street in darkness a mile down the road? The driver will get distracted trying to figure out what the car is warning him about.
Now imagine all this being done with a teenager behind the wheel who just got his license...
Sorry, but I reject the notion that things like iPads, iPhones, etc. will replace GPS devices. A dedicated GPS from a company like Garmin is much better at what it does than a smartphone. Try using your iPhone's GPS to map your location when you're in an area with no cell coverage. It won't be able to download the map data, so you're screwed. Smartphones also try to speed up GPS triangulation by downloading ephemeris data over the cell network, but again it depends on your having a data connection.
If you spend all your time in a major city or driving along highways then a GPS in a smartphone might be enough for you, but if you like to travel to places where cellphone service is spotty or non-existent then a dedicated GPS is a MUCH better choice. When I traveled to Australia a couple years ago I took a dedicated GPS with me and it worked great. If I'd relied on my smartphone I would have had to have paid for a local data plan and prayed that there was coverage everywhere I was going.
Yes, I know ephemeris data can be grabbed from the GPS satellites and I know that newer smartphone apps are now storing map data locally, but I still find a full-featured GPS handheld to be much more useful than a GPS app on an iPhone.
What's evil about this? All sorts of CDN systems could benefit from this. Hell, it could actually provide even the smallest web provider with a poor-man's version of expensive products like F5's global traffic manager.
Yes, I use SPF to identify the MX's of three domains I own, and Yes I use SPF as one of the things SpamAssassin uses for identifying spam. Granted these domains are tiny in the grand scheme of things (one is for family, one for some shareware I wrote, and one for a non-profit my brother is involved in), but it definitely helps. I wrote a script that sends me monthly stats of spam, and here are the results for the last month:
sa score : 1 messages:299 sa score : 2 messages:194 sa score : 3 messages:235 sa score : 4 messages:299 sa score : 5 messages:477 sa score : 6 messages:597 sa score > 10 messages : 31678 highest sa score = 57
total probable spam (sa score of 5 or more) : 32752 total spam blocked outright by sa : 37110
e-mail blocked via SPF : 3007 Unique IP's that passed SPF check : 1389
We only block spam if the SpamAssassin score is above 10, but we tag anything above 5 as spam so the end users can decide what to do with it. As far as SPF goes, in the last month over 3000 bogus e-mails were dropped due to SPF failures, and 1389 other e-mails that were accepted were approved in part because the domains had SPF records that passed the check.
Somehow I seriously doubt a judge or jury will accept the "well our Chinese OEM didn't give it to us" defense.
Just because you hire a Chinese company to develop a product for you doesn't mean you aren't required to ensure your product doesn't violate any laws or license agreements when you sell it here in the USA.
Read the complaint (see my post below for a link to it). For a time it sounds like he was forced to live in a place described as similar to a prison camp, complete with guards, barbed-wire fences, search lights, etc. I seriously doubt they would have let him have access to a telephone in a place like that if his claims are valid.
There's a huge difference between absorbing a few hundred milliwatts of scattered radar energy and 100 kilowatts of concentrated laser energy. Aside from the 10^8 or so factor of difference between the two the laser is also concentrating the energy a lot more than the radar is. A stealthy aircraft designed to avoid radar is going to be just as vulnerable to a laser like this as a non-stealthy one.
I've got an iPhone and I use a Mac at work, but I certainly don't consider myself a "fanboy". I got the iPhone in part because there were a few good apps that I wanted on my first smartphone. However given all the bad press Apple gets over summary rejections of apps I'm very inclined to NOT buy another iPhone when I decide to get rid of this one. There are a number of smartphone apps that I'm aware of that Apple doesn't allow on their phones for one reason or another. My brother can dictate entire e-mails or text messages on his Blackberry using an app from a company called Vlingo. It apparently provides high quality speech to text capabilities and integrates with almost any app on that platform. They released an iPhone version a year ago but it's very limited in what it can do because Apple restricts things so much. The iPhone Vlingo app is limited to Google searches and updating Twitter & Facebook, and it's all apparently because of the way Apple restricts things.
If a company like Vlingo can extend the functionality of smartphones like the Blackberry, Android, etc. in ways that Apple and others never seriously considered then I'll very likely go with those phones in the future, and not one that's artificially restricted due to the limited vision of people like Steve Jobs.
15+ years ago I had to debug some code in a report printing app for OS/2 (remember that OS?). The bug would cause the app to crash when a report was printed out. But the bug would only happen on certain days. Certain days in September. Only on Wednesdays in September. Only when it was a Wednesday in September after the 9th.
The bug? The original programmer had tried to optimize memory usage as much as possible and was off by a count of one. With "September" being the longest month spelled out, "Wednesday" the longest day spelled out, and a 2 digit date, the header that the program put together to send to the printer would overflow its buffer by one character.
It's just a simple matter of updating the sites robots.txt files to tell Googlebot to go take a hike. Of course Google could just "break" Googlebot and crawl those sites anyway. But if you really want to boycott Google on your own:
I work as a sysadmin at a Boston-based university, and one of my jobs is managing an HPC cluster. We actually had SiCortex come give us a demo of one of their systems a little over a year ago and were rather impressed from a basic technology standpoint. However the biggest drawback we saw, which was a significant one, was that their cluster wasn't x86 based. We run a number of well known commercial apps on our cluster like Matlab, Mathematica, Fluent, Abaqus, and many others. Without those vendors all actively supporting MIPS, SciCortex was simply a non-starter for us when we were researching our next generation cluster. And by actively I mean rolling out MIPS versions of their products on a schedule comparable to their x86 product releases. Having to wait 6 months or more for MIPS versions simply isn't acceptable. If they could get firm commitments from those commercial vendors then we might have pursued SciCortex, but that simply wasn't the case. Even the inability to run a standard commercial linux distro was a huge drawback, since many commercial software vendors specifically require a commercial distro like Red Hat or SUSE if you're trying to get support from them.
I have accounts at a few different financial institutions and have to say that despite all their other problems I think Bank of America has about the best two-factor authentication scheme I've seen so far.
Cell phones are extremely common these days, and BoA has leveraged that ubiquity. You can set up your account so that any time you attempt to log on the bank will send you an SMS text message with a totally random 6 digit number. You have to enter that number as you're logging into their website (along with your regular password). Since they're using an out-of-band method of sending you the random code the chances of it being intercepted are extremely small. And since it can only be used once then even a keylogger can't defeat it. The only type of attack that I think would work in this situation would be a man-in-the-middle attack, which is very unlikely as well.
Slashdot Mirror
Actually the master key doesn't exist on all devices. The master key is theoretically kept private and managed by the consortium that oversees HDCP. When a new vendor comes along then the HDCP consortium generates a sub-key from the master key and assigns it to that vendor. The vendor then uses that sub-key to create "sub-sub-keys" for each device they manufacture.
If a device key is compromised then the vendor can revoke it and issue a new sub-sub-key for the device. The HDCP consortium could also revoke the sub-key for the vendor, thereby invalidating all the vendor devices, if necessary.
The problem with the HDCP encryption is that if you have enough of those device keys (50 or so according to reports) then with a bit of grunt work you can reverse-engineer the HDCP consortium master key. That's apparently what happened in this case.
It's called pulling the plug.
Seriously though, wouldn't virtually any version of unix or other multi-user OS prior to MS releasing Windows 3.x qualify as prior art?
Not necessarily. It would just mean that they would have to work harder to design and develop new features that continue to improve functionality & ease of use while maintaining those high quality standards.
The police seem perfectly able to hunt down the owner of a prepaid cellphone when it contains child porn on it. How can they manage that yet not hunt down terrorists the same way?
IANAL, but I believe most District Attorneys that file these sorts of charges are claiming that their hands are tied and they HAVE to because laws regarding child pornography are so strict. The laws don't make any allowances for something like sexting, even if it's a picture involving somebody who is 17.999 years old. Any sexy picture involving somebody under the age of 18 is considered child porn in the eyes of "the law" according to those idiotic DA's.
The Hobbit in 3-D
and an unnamed sequel in 3-D
The two photos of the system in use in the article are clearly taken along a 2-lane road and not a highway. On roads like that it's not at all uncommon to find cars in the breakdown lane, people walking along the side of the road, cars pulling in/out ahead of you, and all sorts of other hazards.
That's the idea. Being 'distracted' by things you might run into is a good thing.
So you're driving down a street in the middle of the night and suddenly a little blue blob appears because the car has detected a person walking across the street a half a mile in front of you. Rather than pay attention to the road directly in front of you, you start squinting at the blue blob to try to figure out what the car is warning you about, or you otherwise simply start paying more attention to the blob to see if it moves. And as you're distracted by whatever-it-is-that-the-car-is-warning-you-about that's at least 30 seconds away from you, you're no longer paying full attention to your immediate surroundings and you start to drift off the road. As the wheels hit the side of the road you suddenly snap back to awareness and jerk the wheel, over-correcting and crashing into a parked car, street light, etc.
Or should this system be drawing lines around all the parked cars, the street lights, the overpasses, the sides of the road, etc. as well as that person half a mile ahead of you? That would be even more distracting IMHO.
Oh yeah, and imagine what it'd be like if it only warned you about things that are potentially an immediate concern, like anything 10 seconds away from you. Your windshield would be constantly flashing different colored highlights at you. As you're driving down a street you get highlights around every car that's turning in/out of the road, every person walking along the sidewalk, parked cars, road signs, etc. Every single time you pass one of those objects it gets briefly highlighted in a different color by the car. The constant flashing of colors highlighted on the windshield would be extremely distracting and eventually lead to being totally useless as drivers learn to ignore it all.
Unless this is done VERY carefully, I'm afraid it'll just end up distracting most drivers. Yes, head-up displays have existed in fighter jets, etc. for decades, but those pilots are highly trained to process all the data given to them. Throw an average driver into a car that suddenly starts highlighting road signs, etc. and you risk distracting him. What happens if the system freaks out as you drive down a street with tons of road signs? You could end up flooding the windshield with lots of neon lines as the system tries to highlight all of them. And how do you decide exactly what to highlight? Suppose it highlights a person crossing the street in darkness a mile down the road? The driver will get distracted trying to figure out what the car is warning him about.
Now imagine all this being done with a teenager behind the wheel who just got his license...
Sorry, but I reject the notion that things like iPads, iPhones, etc. will replace GPS devices. A dedicated GPS from a company like Garmin is much better at what it does than a smartphone. Try using your iPhone's GPS to map your location when you're in an area with no cell coverage. It won't be able to download the map data, so you're screwed. Smartphones also try to speed up GPS triangulation by downloading ephemeris data over the cell network, but again it depends on your having a data connection.
If you spend all your time in a major city or driving along highways then a GPS in a smartphone might be enough for you, but if you like to travel to places where cellphone service is spotty or non-existent then a dedicated GPS is a MUCH better choice. When I traveled to Australia a couple years ago I took a dedicated GPS with me and it worked great. If I'd relied on my smartphone I would have had to have paid for a local data plan and prayed that there was coverage everywhere I was going.
Yes, I know ephemeris data can be grabbed from the GPS satellites and I know that newer smartphone apps are now storing map data locally, but I still find a full-featured GPS handheld to be much more useful than a GPS app on an iPhone.
What's evil about this? All sorts of CDN systems could benefit from this. Hell, it could actually provide even the smallest web provider with a poor-man's version of expensive products like F5's global traffic manager.
Considering it was originally designed to only operate for 90 days and now has 2200+ days under it's belt, I'd say it's done a stellar job.
Yes, I use SPF to identify the MX's of three domains I own, and Yes I use SPF as one of the things SpamAssassin uses for identifying spam. Granted these domains are tiny in the grand scheme of things (one is for family, one for some shareware I wrote, and one for a non-profit my brother is involved in), but it definitely helps. I wrote a script that sends me monthly stats of spam, and here are the results for the last month:
sa score : 1 messages :299 :194 :235 :299 :477 :597
sa score : 2 messages
sa score : 3 messages
sa score : 4 messages
sa score : 5 messages
sa score : 6 messages
sa score > 10 messages : 31678
highest sa score = 57
total probable spam (sa score of 5 or more) : 32752
total spam blocked outright by sa : 37110
e-mail blocked via SPF : 3007
Unique IP's that passed SPF check : 1389
We only block spam if the SpamAssassin score is above 10, but we tag anything above 5 as spam so the end users can decide what to do with it. As far as SPF goes, in the last month over 3000 bogus e-mails were dropped due to SPF failures, and 1389 other e-mails that were accepted were approved in part because the domains had SPF records that passed the check.
Somehow I seriously doubt a judge or jury will accept the "well our Chinese OEM didn't give it to us" defense.
Just because you hire a Chinese company to develop a product for you doesn't mean you aren't required to ensure your product doesn't violate any laws or license agreements when you sell it here in the USA.
Read the complaint (see my post below for a link to it). For a time it sounds like he was forced to live in a place described as similar to a prison camp, complete with guards, barbed-wire fences, search lights, etc. I seriously doubt they would have let him have access to a telephone in a place like that if his claims are valid.
For those of you who are interested, you can read the original court complaint filing here:
http://www.scribd.com/doc/23175190/Complaint-filed112509
There's a huge difference between absorbing a few hundred milliwatts of scattered radar energy and 100 kilowatts of concentrated laser energy. Aside from the 10^8 or so factor of difference between the two the laser is also concentrating the energy a lot more than the radar is. A stealthy aircraft designed to avoid radar is going to be just as vulnerable to a laser like this as a non-stealthy one.
I've got an iPhone and I use a Mac at work, but I certainly don't consider myself a "fanboy". I got the iPhone in part because there were a few good apps that I wanted on my first smartphone. However given all the bad press Apple gets over summary rejections of apps I'm very inclined to NOT buy another iPhone when I decide to get rid of this one. There are a number of smartphone apps that I'm aware of that Apple doesn't allow on their phones for one reason or another. My brother can dictate entire e-mails or text messages on his Blackberry using an app from a company called Vlingo. It apparently provides high quality speech to text capabilities and integrates with almost any app on that platform. They released an iPhone version a year ago but it's very limited in what it can do because Apple restricts things so much. The iPhone Vlingo app is limited to Google searches and updating Twitter & Facebook, and it's all apparently because of the way Apple restricts things.
If a company like Vlingo can extend the functionality of smartphones like the Blackberry, Android, etc. in ways that Apple and others never seriously considered then I'll very likely go with those phones in the future, and not one that's artificially restricted due to the limited vision of people like Steve Jobs.
15+ years ago I had to debug some code in a report printing app for OS/2 (remember that OS?). The bug would cause the app to crash when a report was printed out. But the bug would only happen on certain days. Certain days in September. Only on Wednesdays in September. Only when it was a Wednesday in September after the 9th.
The bug? The original programmer had tried to optimize memory usage as much as possible and was off by a count of one. With "September" being the longest month spelled out, "Wednesday" the longest day spelled out, and a 2 digit date, the header that the program put together to send to the printer would overflow its buffer by one character.
The bacteria is a strain of bubonic plague that's more deadly than the mines themselves...
User-agent: Googlebot /
Disallow:
I work as a sysadmin at a Boston-based university, and one of my jobs is managing an HPC cluster. We actually had SiCortex come give us a demo of one of their systems a little over a year ago and were rather impressed from a basic technology standpoint. However the biggest drawback we saw, which was a significant one, was that their cluster wasn't x86 based. We run a number of well known commercial apps on our cluster like Matlab, Mathematica, Fluent, Abaqus, and many others. Without those vendors all actively supporting MIPS, SciCortex was simply a non-starter for us when we were researching our next generation cluster. And by actively I mean rolling out MIPS versions of their products on a schedule comparable to their x86 product releases. Having to wait 6 months or more for MIPS versions simply isn't acceptable. If they could get firm commitments from those commercial vendors then we might have pursued SciCortex, but that simply wasn't the case. Even the inability to run a standard commercial linux distro was a huge drawback, since many commercial software vendors specifically require a commercial distro like Red Hat or SUSE if you're trying to get support from them.
If the government wants access to my inbox they'll need to talk to me since I'm the admin of my mail server.
I have accounts at a few different financial institutions and have to say that despite all their other problems I think Bank of America has about the best two-factor authentication scheme I've seen so far.
Cell phones are extremely common these days, and BoA has leveraged that ubiquity. You can set up your account so that any time you attempt to log on the bank will send you an SMS text message with a totally random 6 digit number. You have to enter that number as you're logging into their website (along with your regular password). Since they're using an out-of-band method of sending you the random code the chances of it being intercepted are extremely small. And since it can only be used once then even a keylogger can't defeat it. The only type of attack that I think would work in this situation would be a man-in-the-middle attack, which is very unlikely as well.
I guess the Mediterranean will soon be full of Bart Simpson's favorite seafood.