My wife remembers watching the 'Blues Brothers' on network TV. The network had cut out all but three bars of each of the musical numbers to make room for ads.
Continental copyright law is not like US law. There is the doctrine of the moral rights of the author. The widow of Peter Sellers used this right to sue the producers of 'on the trial of the Pink P{anther' which used footage from the previous panther movies which Sellers had rejected.
There are also a bunch of cases where the directors of movies have prevented studios from agreeing to cuts to comply with censorship boards.
You know the US has gotten pretty bad when the joke gets modded up.
I think that the underlying problem is that many people are now as cynical of government motives as during the Watergate crisis.
There is absolutely nothing an administration can do that is more harmful to national security than to use security classifications for political ends. Unfortunately it is very hard to believe this government when it says 'trust me'.
They said 'trust me' over the tax cut which would not break the budget, guess what it did. Then again it still claims that the names of the energy companies that paid to take part in Dick Cheney's 'energy taskforce' are privilleged.
Federal government research that is inconvenient to the administration simply disappears.
I am less worried by this report than the fact that the director of the CIA is unable to support the claims made by the administration concerning Iraq.
I am less concerned about the actions of the administration than the fact that the 'liberal-press' appear determined not to ask the obvious questions.
Re:Keeping .su as an area?
on
See Ya .su
·
· Score: 3, Interesting
The whole system of TLDs is meaningless when an organization can get.com, a company can register.org and.net no longer has any connection with ISPs.
No, it just does not fit into the stupid boxes that the mindles beuraucrats try to fit them in.
The issue that people seem to be missing is backwards compatibility here. Turning off.su breaks stuff. Leaving.su on breaks nothing. So.su should not be turned off unless there is a really really good reason.
The fact that.su is no longer arround does not count. The country code is still assigned by ISO. The relevant RFC states that the assignment of the iso code is all that is relevant. Postel did that on purpose so that IANA did not need to get into stupid disputes on what was and what was not a state.
If ICANN goes this road there is a major risk of fracturing the root. Nobody much gives a hang about.su but if this move succeeds it will be used as a precedent to remove.pl which given that ICANN is far from isolated from the pro-Likud US Congress means that pragmatism is unlikely to prevail.
There are certain to be protests over any US move to throw.pl out of the root. It is exactly the type of thing that the EU are concerned about - the US using the root as an extension of its recent bugger-everyone-else foreign policy. After.pl expect.cu to be next on the list as a sop to the Miami keep-Elian-from-his dad vote.
In summary, ICANN if they had a political clue will not open up this can of worms. They will only create a precedent that can only be damaging in the long run and insert themselves directly into the international equivalent of the US abortion debate.
Re:Good God, are you Clueless?
on
WiFi Triangulation
·
· Score: 5, Informative
It took me all of 30 seconds to enable 128 bit WEP and create a key on my new Linksys 802.11b router. Honestly, how hard is that for people to do?
Not hard but unfortunately not secure either. Due to a broken design the WEP mk1 scheme only gives 24 bits of security regardless of whether you have the 128 bit or 40 bit cards.
However this has since been fixed, and the fixed cards will be available fairly soon. In addition the new cards fix the original major inanity of WEP, the single key shared by every card. The newer cards will have built in certificates to suport 802.1x authentication.
While the triangulation scheme might be used for security purposes, it is no replacement for cryptography. In the first place the scheme appears to be working on signal strength rather than the arrival time of the signals. That is easily spoofed. Arrival time of the signals would be hidously expensive to do right (I used to do that type of thing, but not with IP routers and bridges in the way...)
It might be useful to use triangulation to detect when people were entering an leaving cells, but that can probably be done by just choosing the strongest signal.
I can imagine using this type of thing to track down criminal suspects, the sort of thing that the FBI have fun doing. It is not a replacement for cryptography and probably not even as secure as WEP mk1.
Yeah, maybe if the site had not been slashdotted...
Does not appear that the site considers the most effective way to make a Web server fly, replace the hard drives with RAM. Ditch the obsolete SQL engine and use in memory storage rebuilt from a transaction log.
Of course the problem with that config is that an outage tends to be a problem so just duplicate the hardware at a remote disaster recovery site.
Sound expensive? Well yes, but not half as expensive as some of the systems people put together to run SQL databases...
Java's one of the few programming languages that has security built in from the ground up.Wich makes me really wonder why the.NET runtime environment doesn`t do the same thing?
Java was the first programming language to claim that security had been built in from the ground up. In practice the first versions of Java were not at all secure with lots of holes and a security architecture that was pretty clunky. Every call had a wrapper to check the privs separately, there was no security monitor concept, a single point of auditability.
dotNET does have a strong security monitor concept and a very comprehensive security model. For details see Brian LaMacchia et al. ".NET Framework Security". And yes that is the same Brian who is talking on palladium in LCS today.
I don't quite get what you mean by stating it would be good if IE only acceted dotNET attachments. Certainly it would be good if Outlook was written as dotNET managed code, or at least the attachment handling was. Then attachments could be run in restricted priv mode.
The BSD hack appears to be much less sophisticated than Java or dotNET. It is really just adding back something that most security specialists have thought UNIX lacked all along, granular privilleges. The SUID hack has always been a kludge.
What they can't emulate is the ideas that come from a grass-roots community. If any one person has an idea, they can start to work on it. They have a huge body of software to research and re-use code from, and if they can demonstrate something that other people find useful, they can quickly gather programmers to the project.
Seriously, like what? Linux is simply a copy of a very old O/S. Apache is a copy of a Web server. Mozilla is a piece of commercial software that failled to maintain its market share.
Nearest there is is perl...
There is plenty of innovative stuff done in Universities but guess what, that is what university research labs are for. Industry has always turned university research into commercial products.
Microsoft has a large research arm which has done stuff way beyond where the market is. But the main strategy they have used to kee u is to buy out comanies that have specialized in innovation. If you do VC stuff then you will see plenty of business models with 'be bought by Microsoft' as the exit strategy. I don't see that as a problem, Vermeer would never have made a tenth the amount they got by selling out to Microsoft if they had tried to market Frontage themselves. They got a huge chunk of change and everyone involved was happy.
Fact is that these days the facilities available to the industrial researcher are way beyond those available to academics.
Microsoft is turning on open source for very different reasons. First the company has to have an enemy, it is their culture. When IBM was on the ropes they were fortunate to hear that Marc Andressen had boasted he was about to turn windows into a set of baddly debugged device drivers. Then when they snuffed it Sun was kind enough to step up to the plate. Now Sun is in serious danger of becoming the Wang of the Internet boom they need a new foe.
Those huge bags of popcorn that are sold in grocery stores will also fit in a coat sleeve - sure I got strange looks when the coat thrown over my shoulder had one sleeve sticking out at a 90 degree angle, but they people who work there really don't care.
I have to have my popcorn fresh. So to avoid price cgouging I take a small portable pop corn popper and a bag of corn. That fits into my pocket real easy.
Some of the other people in the audience sometimes give me funny looks, particularly if the sound of the corn popping gets a bit distracting.
I don't know, how come you have not got -1 Troll? Only the fact that you sound just like certain Republican in laws makes me think you are for real.
President Bush is the only person standing between Handgun control Inc and a ban on high powered sniper rifles with that guy on the loose in Washington.
Bush certainly seems to be unaffected by people getting killed, not least the US military and Iraqui civilians to be killed in the war he is planning. When he was Texas govenor he made jokes about executing Faye-Tucker which is kinda wierd as was the complete lack of interest in whether the person was guilty or not - every clemency appeal was rejected. Maybe he is like the sniper and gets off on killing people.
You people always have to resort to smears and character assasinations. The SEC dismissed the Harken insider trading allegation and even wrote a letter to say that there was no case - which it does not normally do.
Every one of the allegations has been proved in the press. That he was a director of and made money in Harken which used enron style phony accounting is a fact. The dismissal of the SEC investigation was as you point out very unusual and no doubt completely unconnected with the fact his father was vice president at the time.
If it was not for the Bush tax cut the whole economy would be in the crapper as a result of the failed Clinton-Gore economic policies. That is why your guy lost and ours won.
Delusions, under Clinton-Gore the economy grew for 8 solid years and the budget was balanced. Two years after a tax cut we were assured would not create a deficit we have exactly that, and no Bush never told the voters there were any exceptions to his balanced budget commitment.
We have camps and military tribunals for folk like you so just watch it.
It is this threat that might make me think it is a troll. But let me give you a bit of my personal history.
There was a time when I used to be pretty right wing. My family connections in UK politics are similar to those of Bush senior in US politics. The reason I broke with the Conservative party was that I thought that the practice their student wing made of spying on and attempting to intimidate other students smacked of the police state. When I was at University the Federation of Conservative Students on campus let it be known that they maintained a list of 'left wing activists' which they then sold to employers. Quite a few fellow students said that they did not want to take part in student political activities in case it damaged their career prospects.
Incidentally another group doing the same thing was the Baa'th party of Iraq who were monitoring the activities of all the students from the middle east.
I thought that the FCS actions were despicable and told my cousin who at the time was the party chairman, of course they did nothing. However a couple of years later the Conservatives themselves disbanded FCS after the chair published an article accusing ex-Prime Minister Macmillan of complicity in war crimes. Ironically enough the war crimes concerned (repatriation of the Cosacks to be murdered by Stalin) is acknowledged as having occurred and Macmillan was certainly the commanding officer responsible and no evidence has ever been produced that substantiates the claim that he was elsewhere. But accusing your party leader of war crimes is not a good move for the chair of a student wing. They were replaced by 'Conservative Collegiate Forum' which promptly purged the more obnoxious liabilities.
The employee blacklist ended up completely discredited after Rupert Murdoch bought a copy and effectively published it at a Labour party conference. It turned out that the Conservative factions had been busier putting each other on the blacklist as they fell out with each other in their various faction fights.
But yes, it was hypocrisy pure and simple. The party trumpeted freedom and used the tactics of the jackboot.
For God's sake do not let Ashcroft and Bush do the same in the US.
Hypocrisy? Perhaps. But maybe he just wised up in his old age.
It would only hypocrisy if he got where he is now because of drunk driving.
No it would only be hypocrisy if he called for harsh treatment of drunk drivers while concealling his own conviction.
Countries are not hypocritical, the individual politicians running the country are.
For example the idiot in the Whitehouse is a hypocrite because he lectures on corporate ethics desite having received millions in campaign contributions from Kenny boy Lay and Enron, including the loan of a cororate jet and made his money in Harken through the same kind of corporate accounting scams.
George W's does at least have the courage of his conviction for DUI. I have not heard him call for stiffer sentences there. So he gets off on the narrow charge of hypocrisy. However the former coke addict has led the introduction of stiffer penalties for use Texas had he been caught snorting coke and his father had not been able to get him off the way he got him out of serving in Vietnam.
Oh and it goes without saying that the 'chickenhawks' who want to start Vietnam mk II to distract attention from the aforementioned corruption at Harken and Haliburton are hypocrites since none of the ring-leaders served in Vietnam unless you count being a deserter from the Texas national guard.
If I understand correctly, Palladium checks the integrity of a program "down to a single bit" and will not allow the program to run if a single bit is different from what it expects.
What happens if a sector on the hard drive becomes corrupted?
If the program image is corrupted the logical sequence of events you want to take place is to have the machine say 'corrupted data' on the console and possibly to go off on the Internet and try a repair.
There are very few cases when I would want a corrupted program to make a best effort to continue. Halting the machine is a much better idea.
Of course this might cause problems for the makers of scum-ware like magic-cursor or whatever which corrupt system files to replace them with spyware.
I wonder if they have guys reading all these posts, and preparing answers as we speak?
I think you probably misunderstand the role that techie types tend to play in large organizations. Like if it were his Bill-ship doing the talk then you would be right. Somehow I doubt that Brian is at quite that level.
However Brian reads slashdot so unless his plane gets in real late tonight I suspect he will read the thread.
How can Microsoft, a company with a well-deserved reputation for sloppy security and maladapted software, expect to all of a sudden create and deploy a secure operating system?
Same way they turned Windows into a robust O/S hire a bunch of experts living in the vicinity of Cambridge MA. In the case of WNT they hired David Cutler and the VMS core design team from DEC. Most of their security folk seem to be ex-DEC, ex-MIT or both.
Given an unlimited budget anything is possible. The problem with security is that it takes a lot of time to get anywhere.
Biggest problem to date has been the inadequacy of the security mechanisms for scripting languages. Under VMS you could spawn a process that had reduced privs, e.g. remove network access and disk write access from the process spawned to open mail attachments.
Where is the logic in this? Just because he was the doctoral student of the professor who is holding the lecture doesn't mean that he won't look like an ass when trying to answer an unpredictable array of questions. Statements like these from someone who is supposedly MIT educated? WTF?
Kinda strange logic here, you express suprise at the idea that someone educated at MIT would make statements you find illogical, the statement being that someone who comes from MIT is unlikely to make stupid statements. Were you trying to construct Zeno's paradox?
I know Brian and Hal, have done for years. I have lectured to Hal's class. I have also discussed Palladium with Brian at some length.
The fact is that the questions are far from unpredicatable. In fact the ones you appear concerned about are exceptionally predictable and very easily answered.
Sounds to me like you are a security wannabe who obsesses about perfection in certain areas and ignores the fact that the result is unusable. The perfect is the enemy of the good.
Typically you'd rather lose data on an encrypted disk than risk it being compromised. Key recovery and key escrow go directly against this. Replacing mathimatically proven security for a human trust form of security = Bad idea.
You sound an awful lot like Bruce didfive years ago before he got a clue and wrote secrets and lies which is all about why mathematically perfect systems are not what people want. BTW the main objection to Palladium is that it may not work if it is too perfect.
I sell key recovery systems, all my customers disagree. There are very few companies who would like to loose their accounts (other than those run by close supporters of George W Bush). If there were no demand for key recovery I would not sell it.
As for storing a CC number on your computer and only allowing trusted wallet applications to access it. Sure, its rather stupid to store stuff like that on your computer. However you are far more likely to get it stolen from the other end.
Not so, we can encrypt the cc number so that it is never known to the merchant (apart from the last four digits). SET did this years ago, it failled in part because of complexity but also because of the store on the PC issue.
Finally, if you want to prevent a computer from booting if tampered with. It is pretty easy to boot from a write protected floppy. Put whatever verification you want on that.
That is not particularly practical and not particularly secure either. Unless you can put the whole TCB onto a floppy (hint you can't get much of UNIX onto a floppy) then the attacker can compromise other system files and you are toast.
They want to hear "technical" questions? How about political questions? How about ethical questions? How about legal questions? I don't suppose they're prepared for that are they. They explicitely state that they're not. They want technical questions.
Well since the class is joint with Hal Abelson's Ethics and Law of comp sci which I have lectured to I can assure you that there will be political questions and they will be OK.
Microsoft? Other software vendors? Any software vendor? Artist representatives? Joe blow down the street? Or, hopefully, whosoever the owner selects?
Anyone the content owner selects.
The point is that the content owner has control here. If you don't want to palladium control the video you send to granny then don't lock it, if you do want it protected then lock it.
A more significant question is 'will companies not affiliated with major labels be able to use palladium to control access to their content without discriminatory terms?' In Europe Rupert 'Fox news is not biased right wing crap' Murdoch got control of the independent satellite chanels because he had control over the encryption scheme implemented in the decoders and could discriminate in the charges to use it. The labels could use a similar mechanism to keep out indie labels and band owned labels.
There does have to be a root for hardware though. Microsoft has not yet said how the root will be managed, however since Brian stuck all the SPKI stuff into dotNET he does appear to be into single rooted hierarchites.
Assuming that the harware manufacture will follow the DOCSIS model (which TCPA seem to be doing) there will be a root owned by some manufacturing consortium that any manufacturer can get certified under provided they undertake to meet the trusted criteria.
Or it could be a chance for MS to make themselves look like asses again. Who knows what will happen?
Since Brian LaMacchia was an MIT doctoral student of Hal Abelson who is the prof concerned, chances of that happening are nil. I presume he is giving the talk as he is also speaking at another event on Friday.
Brian designed much of the security architecture for dotNET which is pretty much state of the art for network application security. He also started the MIT PGP key server. Whatever Microsoft's past reputation might be, Brian is not responsible. Don't confuse the security abilities of the folk who write IIS or Outlook with the abilities of security specialists. As a group there are very very few organizations where anyone listens to us. Netscape had a really bad problem with security until they hired Taher and the brothers Weinstein and they only got listened to there because Netscape got burned baddly in several fiascoes in succession - like SSL 1.0 being broken before Marc sat down at the end of his presentation, the random number bug which they had been warned on repeatedly, etc. etc.
Don't fool yourself, all computer software companies have security problems that need to be addressed. I don't think the open-source scheme to get security consulting for free is going to be a good long term solution.
The point that slashdot people miss on Palladium is that for years the common rebuttal to a lot of security solutions has been 'you can't do that without trusted hardware'. So the fact that MSFT is pumping money into developing a trusted platform is a significant step forward.
OK folk may not like trusted hardware being available to the RIAA, but they are not the only people who can benefit. It is kinda like the same situation we had with key recovery and Clipper. Freeh was right, there are commercial uses for key escrow, it is kinda a problem if you have an encrypted disk and there is no copy of the key anywhere. Problem was that Freeh's illegitimate demands killed the legitimate market. Don't let the RIAA do that with Palladium.
For example storing your credit card # on a PC makes no sense, people still do it. They can do it a heck of a lot more safely if there is a trusted platform which will only allow trusted wallet applications access to that key.
Another example, for years we have wanted to have PCs that simply refuse to boot except to repair mode if the O/S has been tampered with. That way a trojan or virus can't lurk for years. Tripwire tries to do something like this but it really is a substitute for secure H/W
The Palladium folk know that any hardware scheme is vulnerable to hardware attacks. That does not make such schemes unworkable however. Despite the fact that smartcards are vulnerable to electron microscope attacks they do raise the bar significantly.
They gave a visa to Mohammed Atta well after the September 11 attacks...
Funny. I thought Atta died [cnn.com] on September 11.
He had a pending visa application in. On 9/11 he was on some sort of student visa.
However according to recent reports none of the hijackers should have been granted visas if the criteria had actually been applied correctly at the time. Three were on the CIA watch list and the 'pilots' had no support.
What would happen if they aren't able to be issued visas in time? Would it be constitutionally valid to try someone in absentia?
Not in this case. In the case you cite the defendant absconded during the trial. Under English common law it is only necessary for the defendant to be present in court to actually enter the plea. Once the plea is entered and the trial has begun the trial can complete whether or not the defendant absconds.
This case is very different, the government is preventing the defendants from attending. They are clearly being denied due process and the government is not entitled to prosecute the case in their absence.
While the article is correct that the consular officials have autonomy I very much doubt that this is an accidental occurrence. There is no way the DoJ wants this trial to take place. The FBI would look like complete idiots, particularly when it becomes obvious that Freeh and Ashcroft were more concerned about copyright than terrorism. The whole point of the scheme was to make the incomming AG look like a tough crime fighter aggressively going after the threats to society that Clinton ignored. Thats why the arrest took place July 2001. I predicted that this would happen when the plea agreement was entered.
Stopping the defendants from appearing for the trial is the easiest way to get the case to fade from view with the least possible amount of fuss. Someone from the DoJ will have had lunch with someone from DoS.
The judge may throw the charges out or leave them on file until the statute of limitations expires. I don't know the federal proceedure. It is possible that the charges will be thrown out on other grounds, the jurisdicition claim looks somewhat dubious to say the least. While the US courts does allow for extra-jurisdicitional charges the courts tend to only do so when the act in question explicitly states that it claims to be applicable in foreign jurisdictions.
What might be interesting is if a civil lawsuit was filed against Ascroft as AG claiming that the case was brought to violate Skylarof's civil rights.
Actually, going from FAT32 to NTFS increases performance, not decrease. I don't know if that's a result of NTFS being so good or FAT32 being so bad. I'll take the latter.
Same was true on VMS and come to that pretty much every log based file system I have used, speed increased on adoption.
Now I suspect that is mainly a function of the age of the file systems being replaced. FAT32 was used for disks that were way bigger than were thought of when it was introduced as an interim hack to keep FAT going.
The thing that is odd about apple is that they have taken so very long to catch up. Microsoft have had a journaling file system for almost 10 years now. NTFS is now supported in XP meaning that all their current O/S products are NTFS based.
The article did not mention what 'above and beyond' might mean. What I want and just about the only O/S feature I would switch for is automatic file versioning a la VMS.
On VMS the O/S would automatically keep backup copies of you files for you. So you edit a word document, save it out to disk and you have my.doc;1 and my.doc;2. This is emulated in some applications (e.g. emacs) but none of the mainstream O/S has the feature.
It would be pretty easy to add as an option, NTFS already allows for folders to be encrypted or compressed. Verisioning could be another option, so you would turn on versioning for a folder and specify the number of copies of the files to keep. If you ran out of disk space (unlikely for me, I buy a new hard drive whenever I get to 50% capacity) you could run a purge command.
WNT already reserves the ; character for use in versioning. All we need to do is to convince the Microsofties that Apple is planning to implement it and we would get it implemented in a service pack within 48 hours:-)
This is not a substitute for a code manager but I used to use the same in combination. I did not commit new versions until the code actually ran (or a major change that almost ran). file level versioning you would use between compiles, so you try a modification, discover it was a disaster and back it out, or you have some finger trouble and delete a critical mod and you can back it out.
This is great however if it requires 3 to 4 times as much CPU power as mpeg 2 then i don't think it will gain widespread adoption among computer video enthusiest mainly because it would take them a very long time to convert any reasonably sized movie
I don't thinkk the CPU is going to be the issue, more likely that the patent license terms will make or break it. If the holders try the stupid stuff they did for MPEG4 then this is going to be Dead on Arrival.
Problem is that people get this idea 'people are going to use my stuff and make $$$$ so I should get $$$'. Only thing is that if you want $$$ and there is an alternative only half as good that costs only $$ then you are going to get 0$.
I suspect that MPEG2 is going to be acceptable for some time yet and that there will be no switchover until acceptable license terms are offered.
As an All-In-Wonder Radeon owner, here's the deal: PC's will never replace Tivos until they can replicate Tivo's Season Pass functionality and knowingly record not only the shows I want, but the ones it thinks I will want.
It is not necessary for the card manufacturers to provide this, all they need to do is to provide a standard API that allows control the card. It would be even better if it was a Web Service so you could control the device remotely.
Of course Tivo probably have patents covering the more blatantly obvious techniques here.
Rather than asking why the HP device costs $1400 for a tivo, consider why it costs $1400 for a PC! I just bought a new motherboard, processor, RAM and video card for $350 that give a remarkably similar performance.
Slashdot Mirror
Continental copyright law is not like US law. There is the doctrine of the moral rights of the author. The widow of Peter Sellers used this right to sue the producers of 'on the trial of the Pink P{anther' which used footage from the previous panther movies which Sellers had rejected.
There are also a bunch of cases where the directors of movies have prevented studios from agreeing to cuts to comply with censorship boards.
I think that the underlying problem is that many people are now as cynical of government motives as during the Watergate crisis.
There is absolutely nothing an administration can do that is more harmful to national security than to use security classifications for political ends. Unfortunately it is very hard to believe this government when it says 'trust me'.
They said 'trust me' over the tax cut which would not break the budget, guess what it did. Then again it still claims that the names of the energy companies that paid to take part in Dick Cheney's 'energy taskforce' are privilleged.
Federal government research that is inconvenient to the administration simply disappears.
I am less worried by this report than the fact that the director of the CIA is unable to support the claims made by the administration concerning Iraq.
I am less concerned about the actions of the administration than the fact that the 'liberal-press' appear determined not to ask the obvious questions.
No, it just does not fit into the stupid boxes that the mindles beuraucrats try to fit them in.
The issue that people seem to be missing is backwards compatibility here. Turning off .su breaks stuff. Leaving .su on breaks nothing. So .su should not be turned off unless there is a really really good reason.
The fact that .su is no longer arround does not count. The country code is still assigned by ISO. The relevant RFC states that the assignment of the iso code is all that is relevant. Postel did that on purpose so that IANA did not need to get into stupid disputes on what was and what was not a state.
If ICANN goes this road there is a major risk of fracturing the root. Nobody much gives a hang about .su but if this move succeeds it will be used as a precedent to remove .pl which given that ICANN is far from isolated from the pro-Likud US Congress means that pragmatism is unlikely to prevail.
There are certain to be protests over any US move to throw .pl out of the root. It is exactly the type of thing that the EU are concerned about - the US using the root as an extension of its recent bugger-everyone-else foreign policy. After .pl expect .cu to be next on the list as a sop to the Miami keep-Elian-from-his dad vote.
In summary, ICANN if they had a political clue will not open up this can of worms. They will only create a precedent that can only be damaging in the long run and insert themselves directly into the international equivalent of the US abortion debate.
Not hard but unfortunately not secure either. Due to a broken design the WEP mk1 scheme only gives 24 bits of security regardless of whether you have the 128 bit or 40 bit cards.
However this has since been fixed, and the fixed cards will be available fairly soon. In addition the new cards fix the original major inanity of WEP, the single key shared by every card. The newer cards will have built in certificates to suport 802.1x authentication.
While the triangulation scheme might be used for security purposes, it is no replacement for cryptography. In the first place the scheme appears to be working on signal strength rather than the arrival time of the signals. That is easily spoofed. Arrival time of the signals would be hidously expensive to do right (I used to do that type of thing, but not with IP routers and bridges in the way...)
It might be useful to use triangulation to detect when people were entering an leaving cells, but that can probably be done by just choosing the strongest signal.
I can imagine using this type of thing to track down criminal suspects, the sort of thing that the FBI have fun doing. It is not a replacement for cryptography and probably not even as secure as WEP mk1.
Yeah, maybe if the site had not been slashdotted...
Does not appear that the site considers the most effective way to make a Web server fly, replace the hard drives with RAM. Ditch the obsolete SQL engine and use in memory storage rebuilt from a transaction log.
Of course the problem with that config is that an outage tends to be a problem so just duplicate the hardware at a remote disaster recovery site.
Sound expensive? Well yes, but not half as expensive as some of the systems people put together to run SQL databases...
Java was the first programming language to claim that security had been built in from the ground up. In practice the first versions of Java were not at all secure with lots of holes and a security architecture that was pretty clunky. Every call had a wrapper to check the privs separately, there was no security monitor concept, a single point of auditability.
dotNET does have a strong security monitor concept and a very comprehensive security model. For details see Brian LaMacchia et al. ".NET Framework Security". And yes that is the same Brian who is talking on palladium in LCS today.
I don't quite get what you mean by stating it would be good if IE only acceted dotNET attachments. Certainly it would be good if Outlook was written as dotNET managed code, or at least the attachment handling was. Then attachments could be run in restricted priv mode.
The BSD hack appears to be much less sophisticated than Java or dotNET. It is really just adding back something that most security specialists have thought UNIX lacked all along, granular privilleges. The SUID hack has always been a kludge.
Seriously, like what? Linux is simply a copy of a very old O/S. Apache is a copy of a Web server. Mozilla is a piece of commercial software that failled to maintain its market share.
Nearest there is is perl...
There is plenty of innovative stuff done in Universities but guess what, that is what university research labs are for. Industry has always turned university research into commercial products.
Microsoft has a large research arm which has done stuff way beyond where the market is. But the main strategy they have used to kee u is to buy out comanies that have specialized in innovation. If you do VC stuff then you will see plenty of business models with 'be bought by Microsoft' as the exit strategy. I don't see that as a problem, Vermeer would never have made a tenth the amount they got by selling out to Microsoft if they had tried to market Frontage themselves. They got a huge chunk of change and everyone involved was happy.
Fact is that these days the facilities available to the industrial researcher are way beyond those available to academics.
Microsoft is turning on open source for very different reasons. First the company has to have an enemy, it is their culture. When IBM was on the ropes they were fortunate to hear that Marc Andressen had boasted he was about to turn windows into a set of baddly debugged device drivers. Then when they snuffed it Sun was kind enough to step up to the plate. Now Sun is in serious danger of becoming the Wang of the Internet boom they need a new foe.
I have to have my popcorn fresh. So to avoid price cgouging I take a small portable pop corn popper and a bag of corn. That fits into my pocket real easy.
Some of the other people in the audience sometimes give me funny looks, particularly if the sound of the corn popping gets a bit distracting.
I don't know, how come you have not got -1 Troll? Only the fact that you sound just like certain Republican in laws makes me think you are for real.
President Bush is the only person standing between Handgun control Inc and a ban on high powered sniper rifles with that guy on the loose in Washington.
Bush certainly seems to be unaffected by people getting killed, not least the US military and Iraqui civilians to be killed in the war he is planning. When he was Texas govenor he made jokes about executing Faye-Tucker which is kinda wierd as was the complete lack of interest in whether the person was guilty or not - every clemency appeal was rejected. Maybe he is like the sniper and gets off on killing people.
You people always have to resort to smears and character assasinations. The SEC dismissed the Harken insider trading allegation and even wrote a letter to say that there was no case - which it does not normally do.
Every one of the allegations has been proved in the press. That he was a director of and made money in Harken which used enron style phony accounting is a fact. The dismissal of the SEC investigation was as you point out very unusual and no doubt completely unconnected with the fact his father was vice president at the time.
If it was not for the Bush tax cut the whole economy would be in the crapper as a result of the failed Clinton-Gore economic policies. That is why your guy lost and ours won.
Delusions, under Clinton-Gore the economy grew for 8 solid years and the budget was balanced. Two years after a tax cut we were assured would not create a deficit we have exactly that, and no Bush never told the voters there were any exceptions to his balanced budget commitment.
We have camps and military tribunals for folk like you so just watch it.
It is this threat that might make me think it is a troll. But let me give you a bit of my personal history.
There was a time when I used to be pretty right wing. My family connections in UK politics are similar to those of Bush senior in US politics. The reason I broke with the Conservative party was that I thought that the practice their student wing made of spying on and attempting to intimidate other students smacked of the police state. When I was at University the Federation of Conservative Students on campus let it be known that they maintained a list of 'left wing activists' which they then sold to employers. Quite a few fellow students said that they did not want to take part in student political activities in case it damaged their career prospects.
Incidentally another group doing the same thing was the Baa'th party of Iraq who were monitoring the activities of all the students from the middle east.
I thought that the FCS actions were despicable and told my cousin who at the time was the party chairman, of course they did nothing. However a couple of years later the Conservatives themselves disbanded FCS after the chair published an article accusing ex-Prime Minister Macmillan of complicity in war crimes. Ironically enough the war crimes concerned (repatriation of the Cosacks to be murdered by Stalin) is acknowledged as having occurred and Macmillan was certainly the commanding officer responsible and no evidence has ever been produced that substantiates the claim that he was elsewhere. But accusing your party leader of war crimes is not a good move for the chair of a student wing. They were replaced by 'Conservative Collegiate Forum' which promptly purged the more obnoxious liabilities.
The employee blacklist ended up completely discredited after Rupert Murdoch bought a copy and effectively published it at a Labour party conference. It turned out that the Conservative factions had been busier putting each other on the blacklist as they fell out with each other in their various faction fights.
But yes, it was hypocrisy pure and simple. The party trumpeted freedom and used the tactics of the jackboot.
For God's sake do not let Ashcroft and Bush do the same in the US.
It would only hypocrisy if he got where he is now because of drunk driving.
No it would only be hypocrisy if he called for harsh treatment of drunk drivers while concealling his own conviction.
Countries are not hypocritical, the individual politicians running the country are.
For example the idiot in the Whitehouse is a hypocrite because he lectures on corporate ethics desite having received millions in campaign contributions from Kenny boy Lay and Enron, including the loan of a cororate jet and made his money in Harken through the same kind of corporate accounting scams.
George W's does at least have the courage of his conviction for DUI. I have not heard him call for stiffer sentences there. So he gets off on the narrow charge of hypocrisy. However the former coke addict has led the introduction of stiffer penalties for use Texas had he been caught snorting coke and his father had not been able to get him off the way he got him out of serving in Vietnam.
Oh and it goes without saying that the 'chickenhawks' who want to start Vietnam mk II to distract attention from the aforementioned corruption at Harken and Haliburton are hypocrites since none of the ring-leaders served in Vietnam unless you count being a deserter from the Texas national guard.
If the program image is corrupted the logical sequence of events you want to take place is to have the machine say 'corrupted data' on the console and possibly to go off on the Internet and try a repair.
There are very few cases when I would want a corrupted program to make a best effort to continue. Halting the machine is a much better idea.
Of course this might cause problems for the makers of scum-ware like magic-cursor or whatever which corrupt system files to replace them with spyware.
I think you probably misunderstand the role that techie types tend to play in large organizations. Like if it were his Bill-ship doing the talk then you would be right. Somehow I doubt that Brian is at quite that level.
However Brian reads slashdot so unless his plane gets in real late tonight I suspect he will read the thread.
Same way they turned Windows into a robust O/S hire a bunch of experts living in the vicinity of Cambridge MA. In the case of WNT they hired David Cutler and the VMS core design team from DEC. Most of their security folk seem to be ex-DEC, ex-MIT or both.
Given an unlimited budget anything is possible. The problem with security is that it takes a lot of time to get anywhere.
Biggest problem to date has been the inadequacy of the security mechanisms for scripting languages. Under VMS you could spawn a process that had reduced privs, e.g. remove network access and disk write access from the process spawned to open mail attachments.
Kinda strange logic here, you express suprise at the idea that someone educated at MIT would make statements you find illogical, the statement being that someone who comes from MIT is unlikely to make stupid statements. Were you trying to construct Zeno's paradox?
I know Brian and Hal, have done for years. I have lectured to Hal's class. I have also discussed Palladium with Brian at some length.
The fact is that the questions are far from unpredicatable. In fact the ones you appear concerned about are exceptionally predictable and very easily answered.
Typically you'd rather lose data on an encrypted disk than risk it being compromised. Key recovery and key escrow go directly against this. Replacing mathimatically proven security for a human trust form of security = Bad idea.
You sound an awful lot like Bruce didfive years ago before he got a clue and wrote secrets and lies which is all about why mathematically perfect systems are not what people want. BTW the main objection to Palladium is that it may not work if it is too perfect.
I sell key recovery systems, all my customers disagree. There are very few companies who would like to loose their accounts (other than those run by close supporters of George W Bush). If there were no demand for key recovery I would not sell it.
As for storing a CC number on your computer and only allowing trusted wallet applications to access it. Sure, its rather stupid to store stuff like that on your computer. However you are far more likely to get it stolen from the other end.
Not so, we can encrypt the cc number so that it is never known to the merchant (apart from the last four digits). SET did this years ago, it failled in part because of complexity but also because of the store on the PC issue.
Finally, if you want to prevent a computer from booting if tampered with. It is pretty easy to boot from a write protected floppy. Put whatever verification you want on that.
That is not particularly practical and not particularly secure either. Unless you can put the whole TCB onto a floppy (hint you can't get much of UNIX onto a floppy) then the attacker can compromise other system files and you are toast.
Well since the class is joint with Hal Abelson's Ethics and Law of comp sci which I have lectured to I can assure you that there will be political questions and they will be OK.
No, that is wrong. The actual conditions are:
There is a specification in OASIS called XrML that Microsoft is going to use for the control functions.
Anyone the content owner selects.
The point is that the content owner has control here. If you don't want to palladium control the video you send to granny then don't lock it, if you do want it protected then lock it.
A more significant question is 'will companies not affiliated with major labels be able to use palladium to control access to their content without discriminatory terms?' In Europe Rupert 'Fox news is not biased right wing crap' Murdoch got control of the independent satellite chanels because he had control over the encryption scheme implemented in the decoders and could discriminate in the charges to use it. The labels could use a similar mechanism to keep out indie labels and band owned labels.
There does have to be a root for hardware though. Microsoft has not yet said how the root will be managed, however since Brian stuck all the SPKI stuff into dotNET he does appear to be into single rooted hierarchites.
Assuming that the harware manufacture will follow the DOCSIS model (which TCPA seem to be doing) there will be a root owned by some manufacturing consortium that any manufacturer can get certified under provided they undertake to meet the trusted criteria.
Since Brian LaMacchia was an MIT doctoral student of Hal Abelson who is the prof concerned, chances of that happening are nil. I presume he is giving the talk as he is also speaking at another event on Friday.
Brian designed much of the security architecture for dotNET which is pretty much state of the art for network application security. He also started the MIT PGP key server. Whatever Microsoft's past reputation might be, Brian is not responsible. Don't confuse the security abilities of the folk who write IIS or Outlook with the abilities of security specialists. As a group there are very very few organizations where anyone listens to us. Netscape had a really bad problem with security until they hired Taher and the brothers Weinstein and they only got listened to there because Netscape got burned baddly in several fiascoes in succession - like SSL 1.0 being broken before Marc sat down at the end of his presentation, the random number bug which they had been warned on repeatedly, etc. etc.
Don't fool yourself, all computer software companies have security problems that need to be addressed. I don't think the open-source scheme to get security consulting for free is going to be a good long term solution.
The point that slashdot people miss on Palladium is that for years the common rebuttal to a lot of security solutions has been 'you can't do that without trusted hardware'. So the fact that MSFT is pumping money into developing a trusted platform is a significant step forward.
OK folk may not like trusted hardware being available to the RIAA, but they are not the only people who can benefit. It is kinda like the same situation we had with key recovery and Clipper. Freeh was right, there are commercial uses for key escrow, it is kinda a problem if you have an encrypted disk and there is no copy of the key anywhere. Problem was that Freeh's illegitimate demands killed the legitimate market. Don't let the RIAA do that with Palladium.
For example storing your credit card # on a PC makes no sense, people still do it. They can do it a heck of a lot more safely if there is a trusted platform which will only allow trusted wallet applications access to that key.
Another example, for years we have wanted to have PCs that simply refuse to boot except to repair mode if the O/S has been tampered with. That way a trojan or virus can't lurk for years. Tripwire tries to do something like this but it really is a substitute for secure H/W
The Palladium folk know that any hardware scheme is vulnerable to hardware attacks. That does not make such schemes unworkable however. Despite the fact that smartcards are vulnerable to electron microscope attacks they do raise the bar significantly.
Funny. I thought Atta died [cnn.com] on September 11.
He had a pending visa application in. On 9/11 he was on some sort of student visa.
However according to recent reports none of the hijackers should have been granted visas if the criteria had actually been applied correctly at the time. Three were on the CIA watch list and the 'pilots' had no support.
Not in this case. In the case you cite the defendant absconded during the trial. Under English common law it is only necessary for the defendant to be present in court to actually enter the plea. Once the plea is entered and the trial has begun the trial can complete whether or not the defendant absconds.
This case is very different, the government is preventing the defendants from attending. They are clearly being denied due process and the government is not entitled to prosecute the case in their absence.
While the article is correct that the consular officials have autonomy I very much doubt that this is an accidental occurrence. There is no way the DoJ wants this trial to take place. The FBI would look like complete idiots, particularly when it becomes obvious that Freeh and Ashcroft were more concerned about copyright than terrorism. The whole point of the scheme was to make the incomming AG look like a tough crime fighter aggressively going after the threats to society that Clinton ignored. Thats why the arrest took place July 2001. I predicted that this would happen when the plea agreement was entered.
Stopping the defendants from appearing for the trial is the easiest way to get the case to fade from view with the least possible amount of fuss. Someone from the DoJ will have had lunch with someone from DoS.
The judge may throw the charges out or leave them on file until the statute of limitations expires. I don't know the federal proceedure. It is possible that the charges will be thrown out on other grounds, the jurisdicition claim looks somewhat dubious to say the least. While the US courts does allow for extra-jurisdicitional charges the courts tend to only do so when the act in question explicitly states that it claims to be applicable in foreign jurisdictions.
What might be interesting is if a civil lawsuit was filed against Ascroft as AG claiming that the case was brought to violate Skylarof's civil rights.
Same was true on VMS and come to that pretty much every log based file system I have used, speed increased on adoption.
Now I suspect that is mainly a function of the age of the file systems being replaced. FAT32 was used for disks that were way bigger than were thought of when it was introduced as an interim hack to keep FAT going.
The thing that is odd about apple is that they have taken so very long to catch up. Microsoft have had a journaling file system for almost 10 years now. NTFS is now supported in XP meaning that all their current O/S products are NTFS based.
The article did not mention what 'above and beyond' might mean. What I want and just about the only O/S feature I would switch for is automatic file versioning a la VMS.
On VMS the O/S would automatically keep backup copies of you files for you. So you edit a word document, save it out to disk and you have my.doc;1 and my.doc;2. This is emulated in some applications (e.g. emacs) but none of the mainstream O/S has the feature.
It would be pretty easy to add as an option, NTFS already allows for folders to be encrypted or compressed. Verisioning could be another option, so you would turn on versioning for a folder and specify the number of copies of the files to keep. If you ran out of disk space (unlikely for me, I buy a new hard drive whenever I get to 50% capacity) you could run a purge command.
WNT already reserves the ; character for use in versioning. All we need to do is to convince the Microsofties that Apple is planning to implement it and we would get it implemented in a service pack within 48 hours :-)
This is not a substitute for a code manager but I used to use the same in combination. I did not commit new versions until the code actually ran (or a major change that almost ran). file level versioning you would use between compiles, so you try a modification, discover it was a disaster and back it out, or you have some finger trouble and delete a critical mod and you can back it out.
What I would pay $1,400 for is the feature lacking from my DishTV PVR, the damn thing won't fast forward when in live mode.
I don't thinkk the CPU is going to be the issue, more likely that the patent license terms will make or break it. If the holders try the stupid stuff they did for MPEG4 then this is going to be Dead on Arrival.
Problem is that people get this idea 'people are going to use my stuff and make $$$$ so I should get $$$'. Only thing is that if you want $$$ and there is an alternative only half as good that costs only $$ then you are going to get 0$.
I suspect that MPEG2 is going to be acceptable for some time yet and that there will be no switchover until acceptable license terms are offered.
It is not necessary for the card manufacturers to provide this, all they need to do is to provide a standard API that allows control the card. It would be even better if it was a Web Service so you could control the device remotely.
Of course Tivo probably have patents covering the more blatantly obvious techniques here.
Rather than asking why the HP device costs $1400 for a tivo, consider why it costs $1400 for a PC! I just bought a new motherboard, processor, RAM and video card for $350 that give a remarkably similar performance.