In other words, BAIR is based on voodoo programming; write something without any understanding of how it's supposed to work but hoping like hell that it won't fail too badly.
The Morris worm only worked because the net, at the time, was rather homogenous. That kind of shit won't work today because there's at least four or five different processor architectures (OK, one might be able to get past that problem by using shell script or some such, but then there's the problem of reproduction across the network) and a big honking lot of different software configurations. Sure, the worm might be able to punch through the by default insecure ia32-redhat installs, but how many of these are being used in critical backbone-related tasks? Not a lot, I'd guess. There was even enough bandwidth in the US backbone for it not to go down because of Melissa, and that thing was HUGE.
The internet's major strengths are redundancy and diversity. Let's hope that neither of those go away.
A killer net virus that would destroy the Net as we know it has been very easily in reach once the majority of computers on the Internet became homogenized Windows//MSFT Office//Outlook boxes.
No no no no. It wouldn't destroy the 'net as we know it; the 'net as we know it still doesn't run on microshit/outhouse. Never will, either.
The virus would only wipe out the least fit (i.e. microshaft/outhouse users), which is actually fine with me.
I don't like functional programming languages. This is mostly because the ones I've looked at (scheme, haskell) are too subtle. Yes, scheme may be a great tool for partial enlightenment, but you just can't read the stuff and understand it right away.
Steganography isn't for keeping information unreadable.You can already do that with encryption. The point is that you may not be able to send encrypted information through open channels without a man in black coming to your door and busting your aft section for "hindering the work of law enforcement" or something like that.
The point of steganography is to hide the fact that you're communicating encrypted data in the first place.
Yes, that smells like security through obscurity, but imagine this: You have an encryption algorithm so devious that it's unbreakable (in reasonable time, I mean) and the resulting data is indistinguishable from the stuff you get from/dev/urandom on a good day (which means that it can't be proven to be encrypted data and not meaningless noise). Now hide that data in the low-order bits of an image (replacing the already random enough data there) and no one can prove the data is encrypted since there is no significant difference between the output of (say) RC4 and cat/dev/urandom.
Admittedly there are some caveats to this particular technique (although they can mostly be avoided if care is taken):
There are some (computer generated, mostly) images where the low-order bits aren't random enough in the source image that replacing them with noise would go undetected. With good selection of the carrier data, this doesn't matter. Just use scanned photographs or something like that.
Not all encryption algorithms and/or keys are good enough to get you encrypted data that can't be distinguished from noise. RC4 comes pretty close; I'm not sure about other algorithms.
Yes, we really need to be more empathic towards the big corporations. After all, they're the ones that Keep This Country Running. And they're only doing their jobs.
You wouldn't want the poor assassin's five children starve by dodging a bullet, would you?
Um... I seem to remember that somewhere, somebody mentioned that NT only conforms to POSIX in that it has the standard POSIX function calls somewhere, only they don't actually do anything except return errors. I'm probably wrong, though.
There's no such thing as a tamper-proof PC, and never will be. It's only a matter of time before someone with the time and resources does a silicon-level reverse-engineering of the relevant chips, and then it's the curtains for another (widely spread?) protocol.
Needless to say, if the playing code is in software (which it will be, since not everyone wants to buy a new card for their PC just to listen to a record, at least not immediately) it'll be even easier to recover the keys.
Hint: when you get to the mission where you have unlimited quad-jump permission, jump to the system where the star has collapsed into a black hole. After berzerker jumps in after you, wait a second until he screams "I am slain!" in your comm unit and is sucked in by the black hole. Then jump to solbase and all is well. For the moment.
The tricky bit is usually when he comes after earth; you have to get on his list personally or the earth goes *boom* in the next mission no matter what you do. Make sure all your weapons hit him or something.
Wouldn't the better pronounciation for "C#" be "C splat" (which rhymes nicely with "C flat") or "C roadkill"? Considering that this -- this vile monstrosity came from Microsoft, both "splat" and "roadkill" would seem more appropriate than "sharp".
This would let people collect a certificate that states "this site (will|will not) (sell|share) you information. Information is kept for (foo) months." If visitorse have a problem in the future that they think is a result of visiting this site, or accuse the site of violating their stated terms, they have evidence by which to prove it.
And when $BIG_EVIL_COMPANY notices that you won't give your info away easily, they'll give you a page saying "you'll have to set the $FOOBAR in your $MENU to $PLEASE_REAM_ME in order to gain access to the $OFFERINGS".
Couldn't you just forge your data that the browser sends? I'd think that if enough people send a "Like most other 'net users, I prefer to remain anonymous while surfing"-type P3P data, they'd give up soon enough.
Check your facts. Junkbuster (and webwasher and other such ad/null content filters) has been around since at least 1998, so I'd hardly call it "new technology". </gripe>
Or you could dump syslog to a serial port and have a 386 with 400 megs of HD store it all. Since it's not possible to crack a computer whose only task is to listen to a serial port without reacting to the data flow in any significant way, those logs ought to be safe. This also kills a lot less trees.
To quote Arthur C. Clarke, "Any sufficiently advanced technology is indistiguishable from magic".
And, come to think of it, "magic" is the exactly appropriate word to describe the "substance" that appears to the average (l)user to make computers work. I'm pretty sure though that there are many more forms of "magic" in the chemistry and physics fields that just hasn't entered the public consciousness yet:-)
4.MP3 rippers will read the encrypted packages off the CD, and embed them into MP3s.
Why would a "pirate" want to use a MP3 encoder that placed a no-sharing header into the resulting MP3 stream? It'd be a trivial exercise for a hacker to comment out the piece of code in LAME, for example.
Yes, this system would probably work, but it'd accomplish nothing. "Pirates" would still keep infringing copyrights and Napster would become useless and devoid of both users and music. It also wouldn't do anything about the fact that cp(1) and such don't honor the no-/copy block.
As I see it, the "pirate" problem can't be solved with technology alone, at least not with computer-enforced copying restrictions. A reasonable micropayment system would be a much better solution, although this would probably leave the record industry out of the loop (which isn't such a bad thing really, but their fighting back with lawyers would slow down the adoption of such a system) while potentially giving the artist(s) more money for recorded music. (since most artists make more money from public performances than record sales, this would be an immediate change for the better, considering that digital distribution of music is practically free compared to pressing CDs)
It's a bit like cheating in multiplayer Quake, really. It can't be solved effectively with with legislation or technology, but a social solution (honor system & server local UIDs in Quake, easy micropayments in music distribution) just might survive better in the long run than what we have now.
Cable modem and wireless LAN are encrypted, and I see no reason why this wouldn't be, too. The encryption isn't very strong (40 or 56 entropy bits RC5, or something like that) but it's enough to keep the neighbor from tcpdump'ing one's connections, at least in real time.
Yeah, but it'll still be much better than the 5 kilobytes/second download rate you get from a modem on a good day, even if the 14 mbps is shared bandwidth. Cable modem or ADSL aren't user-serviceable beyond the plug in the wall either...
Slashdot Mirror
In other words, BAIR is based on voodoo programming; write something without any understanding of how it's supposed to work but hoping like hell that it won't fail too badly.
The Morris worm only worked because the net, at the time, was rather homogenous. That kind of shit won't work today because there's at least four or five different processor architectures (OK, one might be able to get past that problem by using shell script or some such, but then there's the problem of reproduction across the network) and a big honking lot of different software configurations. Sure, the worm might be able to punch through the by default insecure ia32-redhat installs, but how many of these are being used in critical backbone-related tasks? Not a lot, I'd guess. There was even enough bandwidth in the US backbone for it not to go down because of Melissa, and that thing was HUGE.
The internet's major strengths are redundancy and diversity. Let's hope that neither of those go away.
No no no no. It wouldn't destroy the 'net as we know it; the 'net as we know it still doesn't run on microshit/outhouse. Never will, either.
The virus would only wipe out the least fit (i.e. microshaft/outhouse users), which is actually fine with me.
I don't like functional programming languages. This is mostly because the ones I've looked at (scheme, haskell) are too subtle. Yes, scheme may be a great tool for partial enlightenment, but you just can't read the stuff and understand it right away.
Bzzt, wroong, but thank you for playing.
You're thinking about ORBS. ORBS sucks icebergs through a garden hose.
BZZZZT, wrooong, but thank you for playing.
Steganography isn't for keeping information unreadable.You can already do that with encryption. The point is that you may not be able to send encrypted information through open channels without a man in black coming to your door and busting your aft section for "hindering the work of law enforcement" or something like that.
The point of steganography is to hide the fact that you're communicating encrypted data in the first place.
Yes, that smells like security through obscurity, but imagine this: You have an encryption algorithm so devious that it's unbreakable (in reasonable time, I mean) and the resulting data is indistinguishable from the stuff you get from /dev/urandom on a good day (which means that it can't be proven to be encrypted data and not meaningless noise). Now hide that data in the low-order bits of an image (replacing the already random enough data there) and no one can prove the data is encrypted since there is no significant difference between the output of (say) RC4 and cat /dev/urandom.
Admittedly there are some caveats to this particular technique (although they can mostly be avoided if care is taken):
Yes, we really need to be more empathic towards the big corporations. After all, they're the ones that Keep This Country Running. And they're only doing their jobs.
You wouldn't want the poor assassin's five children starve by dodging a bullet, would you?
Um... I seem to remember that somewhere, somebody mentioned that NT only conforms to POSIX in that it has the standard POSIX function calls somewhere, only they don't actually do anything except return errors.
I'm probably wrong, though.
There's no such thing as a tamper-proof PC, and never will be. It's only a matter of time before someone with the time and resources does a silicon-level reverse-engineering of the relevant chips, and then it's the curtains for another (widely spread?) protocol.
Needless to say, if the playing code is in software (which it will be, since not everyone wants to buy a new card for their PC just to listen to a record, at least not immediately) it'll be even easier to recover the keys.
OT FOLLOWS
Hint: when you get to the mission where you have unlimited quad-jump permission, jump to the system where the star has collapsed into a black hole. After berzerker jumps in after you, wait a second until he screams "I am slain!" in your comm unit and is sucked in by the black hole. Then jump to solbase and all is well. For the moment.
The tricky bit is usually when he comes after earth; you have to get on his list personally or the earth goes *boom* in the next mission no matter what you do. Make sure all your weapons hit him or something.
Yes. Remember Warhead?
"Theft of intellectual property"? TINST(AIP).
Wouldn't the better pronounciation for "C#" be "C splat" (which rhymes nicely with "C flat") or "C roadkill"? Considering that this -- this vile monstrosity came from Microsoft, both "splat" and "roadkill" would seem more appropriate than "sharp".
And when $BIG_EVIL_COMPANY notices that you won't give your info away easily, they'll give you a page saying "you'll have to set the $FOOBAR in your $MENU to $PLEASE_REAM_ME in order to gain access to the $OFFERINGS".
Next!
Couldn't you just forge your data that the browser sends? I'd think that if enough people send a "Like most other 'net users, I prefer to remain anonymous while surfing"-type P3P data, they'd give up soon enough.
Check your facts. Junkbuster (and webwasher and other such ad/null content filters) has been around since at least 1998, so I'd hardly call it "new technology".
</gripe>
Don't worry, they'll probably listen to Reason.
Or you could dump syslog to a serial port and have a 386 with 400 megs of HD store it all. Since it's not possible to crack a computer whose only task is to listen to a serial port without reacting to the data flow in any significant way, those logs ought to be safe.
This also kills a lot less trees.
Underwater spam.
To quote Arthur C. Clarke, "Any sufficiently advanced technology is indistiguishable from magic".
And, come to think of it, "magic" is the exactly appropriate word to describe the "substance" that appears to the average (l)user to make computers work. I'm pretty sure though that there are many more forms of "magic" in the chemistry and physics fields that just hasn't entered the public consciousness yet :-)
Does this mean that we won't be looking at banner ads anymore? I'm not complaining.
Why would a "pirate" want to use a MP3 encoder that placed a no-sharing header into the resulting MP3 stream? It'd be a trivial exercise for a hacker to comment out the piece of code in LAME, for example.
Yes, this system would probably work, but it'd accomplish nothing. "Pirates" would still keep infringing copyrights and Napster would become useless and devoid of both users and music. It also wouldn't do anything about the fact that cp(1) and such don't honor the no-/copy block.
As I see it, the "pirate" problem can't be solved with technology alone, at least not with computer-enforced copying restrictions. A reasonable micropayment system would be a much better solution, although this would probably leave the record industry out of the loop (which isn't such a bad thing really, but their fighting back with lawyers would slow down the adoption of such a system) while potentially giving the artist(s) more money for recorded music. (since most artists make more money from public performances than record sales, this would be an immediate change for the better, considering that digital distribution of music is practically free compared to pressing CDs)
It's a bit like cheating in multiplayer Quake, really. It can't be solved effectively with with legislation or technology, but a social solution (honor system & server local UIDs in Quake, easy micropayments in music distribution) just might survive better in the long run than what we have now.
Cable modem and wireless LAN are encrypted, and I see no reason why this wouldn't be, too. The encryption isn't very strong (40 or 56 entropy bits RC5, or something like that) but it's enough to keep the neighbor from tcpdump'ing one's connections, at least in real time.
Yeah, but it'll still be much better than the 5 kilobytes/second download rate you get from a modem on a good day, even if the 14 mbps is shared bandwidth.
Cable modem or ADSL aren't user-serviceable beyond the plug in the wall either...
And how many seconds do you think it'll take before someone takes the cdparanoia source code and modifies it to clear the "no-copy" bit?