In order for software to function perfectly, three things must be present: a perfect operator, perfect hardware, a perfect operating system and perfect code. If you've got buggy hardware or an unreliable OS, even something as simple as "Hello World!" can bring you down. And if your human operator makes a mistake, then the entire thing collapses like a house of cards.
Some people think that the provably-correct school of software design is a panacea to all ills. By writing code in a language like SPARK (an Ada83 subset), you can then use mathematical tools to formally prove each part of your code to be "correct". The reason why I put the word "correct" in quotes is because there is no good, formal definition of what "correct" means. The code may be provable to do exactly what you intend for it to do, but that's not necessarily the same as what it should be doing. If you're writing code to control the flight of an F-16, it doesn't matter how perfect your code is if your code makes the assumption "hey, if one engine fails, we can just switch to the other".
(For those who aren't aeronautically inclined, an F-16 has one engine.)
The way to produce better code is clear. Publish your code; do internal audits; put it out in the field in non-critical environments for real-world testing; get a good feedback loop going from your users. This results in code we can trust; it does not result in bug-free code.
Perfect systems require perfect operators, perfect hardware, perfect operating systems and perfect software. Even if you can get the last three, you'll never get the first one.
Doesn't matter what the disability is: the best tool is compassion without condescension from the rest of the LUG.
That said, the best way to proceed is typically to ask the person in question if you need to make any adjustments to accomodate them. The deaf member may have trouble lipreading if the speaker has a big, poorly-trimmed handlebar moustache, for instance; and if the deaf LUG member knows that s/he can say, "hey, guy, no offense, but could you please trim that thing?" and not get nasty stares, well, that's a pretty good place to start from.
If you don't know what you can do to make your LUG more accessible to the deaf and blind, the most logical place to begin isn't an Ask Slashdot. Try asking them instead.
Keep in mind that your club may have legal obligations if you live in the United States; the Americans with Disabilities Act, which is pretty broad-ranging, requires that reasonable steps be made to accomodate the needs of the disabled. You may run into similar laws in other countries as well. If you're concerned about what your legal obligations are under the ADA, check with an attorney.
Guys, please. This is the kind of paranoid delusional ranting that gives us all a bad name. Let's look at it from both a MS-is-the-Antichrist and MS-is-Just-A-Very-Ruthless-Competitor angle:
Bill Gates is the Antichrist:
If Bill Gates is the Antichrist, then don't you think he's read the Evil Overlords list? And somewhere on that Evil Overlords list, shouldn't there be I will be very careful to make sure all of the IP for my company's flagship products is on extraordinarily firm legal footing? If Bill Gates is the Antichrist, then you have to admit: he's a smart, wily, ruthless Antichrist.
The Devil doesn't need to break the rules. He's already the best in the world at cheating within the rules.
MS-as-Ruthless-Competitor:
If you believe this, then you have enough intelligence and reason to see how utterly absurd the question is in the first place. Bill Gates is terrified of the GPL; the company, as evidenced by Allchin's testimony, thinks it's unamerican, dangerous, and--worst of all--"stifling to innovation". Would Bill Gates really let any employee of his put anything in Microsoft code which "stifled" his company's ability to "innovate"?
... Good grief. I can't believe such a stupid question qualified for a Slashdot story. I'll just write it down to an April Fool's thing, but really, I don't see what the joke is.
Check out the Tinker decision, from the Vietnam War. Students in a public school wore black armbands to protest the Vietnam War and were suspended for it. Supreme Court had some very choice words for the Des Moines school district. Upshot: in a public school, students have First Amendment rights because the school is an agency of both the State and Federal Governments. According to the First Amendment, the Federal Government can't intrude on a student's free speech rights without damn good reason; according to the First and Fourteenth Amendments, the State Government can't, either.
I like the 36 year old "programmer" who listed his skills as c, java, xml, cgi, js, fortran, basic. That sentence is like a giant red flag to any engineer, be they a coder or a manager. It screams "im not good at anything but I need a job. Look at all the cool ass technology ive heard of! Helllllp meeeee!!!!"
C and Java are de rigeur nowadays; good luck getting your resume looked at without it. CGI and Javascript are important to Web shops, particularly those who are writing Web-based applications (not applets, applications). FORTRAN just shows how long he's been around; not many people coming out of college today know FORTRAN.
Citing Basic as experience is semi-pathetic. But Visual Basic is an exception, because regardless of what you feel about it, Visual Basic is the most widely-used programming language in the world, right after COBOL.
So if this guy was sending a resume to a business that was developing Web-based applications, those skills would all point to a seasoned professional who'd been around the block a few times who knew the technologies I needed.
Just because you think a certain skill is a "fanboy" skill, that doesn't mean the applicant is a fanboy.
To give you an idea, here's a short list of my skills. No, I don't put them all on a resume, but by your logic, just by possessing them I'm a poseur.
Programming Paradigms
Functional (Scheme, ML)
Procedural (C, Pascal)
Object-Based and Object-Oriented (Ada83, Ada95, C++)
Generic (C++, Ada95)
Parallel (Compositional C++, Fortran/HPF)
Programming Languages
C, C++, Compositional C++, Java
Pascal, Modula-2/3, Oberon
COBOL, JCL
FORTRAN, Fortran and Fortran/HPF
Classic LISP, Scheme, ML
Ada83, Ada95
Markup Languages
LaTeX (not raw TeX)
SGML, HTML, XML
Operating Systems
MS-DOS 3.3-6.22, Windows 95/98/NT/2000
AIX, BSDI, FreeBSD, SunOS 5.7/Solaris 7, Linux
MVS
BeOS
... Am I a poseur simply because I'm a competent, well-versed computer scientist?
Or is your main objection to the applicant who lists C, Java, XML, JavaScript and CGI that he knows more than you do?
Also, pay attention to how you present yourself. You're not coming across as a professional engineer. Professional engineers are people who learn things and solve problems--not people who talk like a wanna-be member of the Wu Tang Clan and blindly condemn every bit of popular technology because it's not C.
Contrary to what you wrote, Real Programmers don't list only the things they're total experts at, and the one or two things they think will help them land their next job. That's a pretty foolish way to go job-shopping. What you do is you figure out where you want your next job to be, and you tailor your resume to fit that position. In today's market, the key skills are Java, XML and Web-based skills. I've got a company in London that's interested in talking to me about a job writing applications in UNIX. Their engineering team has been grilling me about my C++ and UNIX skills.
But if I hadn't put Java and XML on my resume, Management would have never given my resume to their engineering team and said "this guy might do, talk to him".
Interestingly enough, this is not necessarily the case. (Put in boldface because the first time I ran across this, it stunned the hell out of me.) It's possible to find RNGs based on radioactive decay which exhibit a degree of determinism. Why? Depends on the time window that you're looking for a radioactive decay in, and the recharge time of the Geiger counter.
Take an extreme example: let's say that if a Geiger counter picks up a stray bit of radiation in a 1-second window, it'll peg a '1'. Otherwise, it pegs '0'. However, after pegging a '1' the Geiger counter has to spend 60 seconds resetting itself. During this time, it'll peg '0's.
Now say that your radiation source is something viciously radioactive, like Pu-238 (even more active than Pu-239). You're essentially guaranteed a peg in the first 1-second window, and then the Geiger counter will peg 60 straight 0s.
That means that with this setup, which is based on creating random numbers by measuring radioactive decay, you can successfully predict that over 98% of the time it'll return a 0, and virtually 100% of the time it'll follow a repeating pattern of 1 followed by 60 zeros on a 61-second cycle.
This example is very contrived so that you can immediately see the problems with generating random numbers via radioactive decay. When the reset time is a fraction of the exposure window, you'll get a mostly random stream.
But you'll never, ever get a truly random stream from a radioactive source/Geiger counter setup.
Even if the source of your randomness is absolutely and totally entropic, your measuring instruments aren't. Hidden determinism enters the system and lowers the quality of your entropy.
John von Neumann proved this way back in the 50s, if memory serves. From an information-theoretic perspective, there is absolutely no difference between a program and data. In fact, some programs use themselves as data. As a trivial example, imagine that you have a Perl script that prettifies source code--now run the program through itself. Presto: the program is the data.
Hardware == Software.
As Andy Grove is fond of saying, hardware is just software that's frozen in silicon. There's no difference between them, again speaking from an information-theoretic perspective.
It's already illegal to have hardware or software that circumvents a protection mechanism.
We all know this one, given the DMCA and how it was used as a big and gnarled club against DeCSS.
... Add it all up. What do you get? If it's already illegal to write a software program which strips usagecontrols from data (ala deCSS), then it's going to be a very short court battle to show that it's also illegal to deliberately write software which never bothers to check for usage controls, or ignores flags in a data file which would normally indicate the presence of usage controls.
If Debian wants to include this, I've got to commend them on their willingness to make a moral stand. But they'd better have damn good legal counsel, and they'd better be expecting a lawsuit from Adobe at any time.
In '94, I was a college student who'd gone through a rigorous internship selection process and had finally been selected as the summer help at a software house. I was especially ecstatic because they were paying me an ungodly sum for an intern--almost as much as one of their engineers.
I was given the good news on a Monday morning, and was told to show up bright and early Tuesday.
By lunch, the company's stock price fell eighty percent.
That afternoon, I got a call from HR. I'd been laid off.
Yes, Einstein. I'm very glad you understand that passphrases are there to protect secrets. That's also not the point.
The point is, 95% of all users can't be bothered to
Choose a good entropic passphrase
Remember a good entropic passphrase
Enter the passphrase each time they want to do crypto operations
... What you wind up with are users saying "well, I'll just have PGP cache my password indefinitely" at best, or "Man! They expect me to remember another password? Forget this software. I have too many passwords to remember already, much less a passphrase."
When it comes to computer security, crypto is only about five percent of the solution. The other ninety-five percent of the problem domain is filled with human problems, like
How do we get people to use crypto?
How can we make crypto transparent for normal users?
How can we surmount the problem of user apathy?
How do we protect against social engineering attacks?
How do we protect against human stupidity?
How do we implement this neat security solution without stepping on Yoyodyne Inc.'s overly-broad patent?
How do we protect against legal attacks, not just computer and cryptanalytic ones?
... As you can imagine, the problem domain is a mess. While I commend your exuberance, please remember that for ninety-five percent of the world, remembering a crypto passphrase is one more headache they don't want to deal with--so they simply won't use crypto, and thus avoid that headache.
It has to do with importance. If the only time you encrypt email is when it's important, then it becomes very easy for an attacker to say--"oh, hey! This fellow usually sends one encrypted email a week, but this week he's sent off 25. I wonder what's up?"
Simply knowing that a message is important can often be all the help an attacker needs. This is called "traffic analysis" (analyzing patterns in who talks to whom about what, whether the conversations are normal or priority traffic, etc).
By routinely encrypting all your traffic, that denies an attacker the ability to say "... hey, encrypted traffic is coming down the wire; something's up."
Encrypting material on mailing lists has a significant "what's the point?" factor. Most mailing lists are so easy to get on that encrypting traffic on the email list serves no useful purpose.
Any mailing list which is open to the public gets no benefit from encryption. Any mailing list which is closed only gets minimal benefit; the security of a message drops to the square of the recipients. If your intent is merely to protect mailing list data from casual eavesdropping along the way, though, here's a scheme.
1. Joining the list is done through the typical process, but a public key is given to the server as part of the process. (Out-of-band verification, etc., is assumed and won't be covered here.)
2. Whenever someone posts to the list, they sign the message and encrypt it with the server's public key.
3. When the server gets a message, it decrypts the message. It now has plaintext + signature. After verifying the signature, it sends the message out to each listmember, encrypting it for their specific key.
4. When a client gets a message, it decrypts-and-verifies that it came from the listserver. It then verifies that it came from the original sender.
... Note that this scheme is horribly naieve and is extremely vulnerable to attack. It also doesn't solve the key management issue; but instead of every listmember needing every listmember's key and all the assorted key management that entails, the burden is shifted entirely to the server.
It's a simpler scheme than every participant encrypting for every other participant's key, and simpler schemes tend to be more robust and secure. That doesn't mean that this scheme is robust and secure.
As I said, encrypting mailing lists has a large what's-the-point factor. There are so many ways to attack a mailing list that I doubt one could be secured.
There's one-click access to PGP, too, through the Outlook Express/Outlook/Eudora plug-ins. This is insufficient, just as it's insufficient to go the CA route.
What do you have to do to get "one click" encryption through the CA route? You have to send $50 off to some place. You have to send photocopies of your driver's license and passport. You have to go through an out-of-band verification process. You get your certificate. You have to set up your email client to use your certificate (and most of them have the most annoyingly vague documentation on how to do it).
Then you can click on "Encrypt"... but a passphrase dialog still pops up.
Going the Verisign/CA route is no easier than going the PGP route. In fact, it's probably considerably more difficult. I've been using PGP for years, but I've never bothered with getting a Verisign certificate. It's simply too much inconvenience and too much hassle.
Before anyone even thinks of refuting this one, think about this: anything that requires more technical know-how than Outlook Express or Eudora is automatically going to fail in the marketplace. Why? Because 95% of the market finds their own technological skills tapped out at the level of using Outlook Express for basic email, to say nothing of doing something as advanced as (gasp) installing a crypto plug-in.
As long as crypto software has any kind of significant learning curve, crypto software is not going to be widely-used. SSH is widely-used today, mostly because for casual use it's indistinguishable from telnet--the sysadmin (who has tech savvy) takes care of key management and the users just have to be told "type ssh instead of telnet".
Public-key infrastructure is still mostly a myth.
For all the millions which have been invested in PKI, it's mostly a crapshoot. The typical user still doesn't have a bat's chance in hell of using a public-key infrastructure properly. If Joe User wants to encrypt a message for John User, Joe doesn't know where to find John's public key, wouldn't know how to import the key even if he had it, and wouldn't know to do an out-of-band fingerprint verification before using it.
Crypto requires learning.
Sometime, take a look at the documentation that comes with PGP. It's pretty good, all things considered. It's also about the heftiest documentation I've ever seen for a consumer software product.
Users don't want to learn. Users think (not unreasonably) that programmers should make programs work the way the users think they should, instead of demanding that users learn the way the programmers think the program should work.
... Those reasons are the big ones for why more email isn't encrypted. 95% of the population lacks the technical skill to use encrypted email, and 95% of the population doesn't recognize the need to encrypt mail anyway.
For the record, my public key is available on Slashdot. I encourage anyone who sends email to me to use it. Even without a fingerprint verification, it's better than nothing.
If the US government were to send in the marines they'd be invading another country. A declaration of war. That would violate more treaties than you can count. The repercussions would be horrendous politcally.
Grenada, '84.
Panama, '89.
Either of these two ring a bell?:) Or, for the Europeans out there, did this logic stop the British from protecting their interests in the Falklands? Or the French, who send their Foreign Legion and paratroops off to the Third World all the time in order to "look after the interests of former colonies"?
Treaties can only be broken if there's a relevant treaty in the first place. The US has no pacts or treaties with Sealand, so there's no treaty to be broken.
For a lawsuit to be brought, first the Canadian would have to be served with papers from a US court.
Guess what? You can only be served with US court papers... if you're in the United States. The US has no legal authority to go about co-opting citizens or residents of other countries in order to enforce its own laws. Even in the event that criminal charges were filed, extradition from a foreign country is never guaranteed.
So as long as the Canadian never sets foot in the US, he's totally immune to the United States civil-justice system.
things like the "outlawing" of evolutionary instruction
If you're talking about Kansas, they outlawed the requirement that children be taught evolutionary theory; they did not outlaw the teaching of evolutionary theory. I understand that this is Slashdot, and hard fact as opposed to propaganda is like Kryptonite to the vast majority of the viewing audience, but please.
I fear that the constant downgrading of NASA is perhaps that warning sign of trouble.
How much did it cost to make the Keck Observatory?
How much did the Hubble Space Telescope cost?
What about Mars Pathfinder?
NEAR?
Now... how many billions of dollars overbudget is the ISS? How many Pathfinders, Hubbles, Kecks, Hipparcos and Chandras haven't been launched, haven't been built, haven't even been designed, because the ISS was slurping up so many billions that it left nothing else for other projects?
We live in a world of finite resources. If the ISS is gobbling up more than its share of resources, then either (a) it should be cut back to its proper share, or (b) it should be done away with altogether.
I'm fully in favor of long-term habitation of space. But the more I hear about the ISS, the more I think the ISS isn't the right way to do it.
If the Administration hadn't expressed an interest in constraining budget growth of the ISS, I'd be worried.
Anyone want to post hard numbers on exactly how many billions of dollars the ISS is over-budget? How much of our "financial aid" to Russia has really been "please, take this bribe and keep Baikonur operating a little while longer"?
The ISS is hugely, massively overbudget. The Administration's expressed interest in constraining more costs is prudence, not Visigothism. Saying "this thing is already several billion overbudget, and we don't want to see it grow one dollar moreso" is a great deal different from saying "we're not going to give this the funding it needs".
While I'm adamantly in favor of the space program and long-term habitation in space, I'm not in favor of the idea (which some Slashdotters seem to agree with) that any level of funding is acceptable, and any constraint on funding is neo-Luddism.
The fact that the Supreme Court says it's false was my first hint.
No offense, but that was a pretty foolish question. If the Supreme Court says "the Constitution grants no rights" (Cruickshank is the first cite I can find), then that's a pretty clear indicator that free speech isn't guaranteed to citizens in law.
Absolutely false. The Supreme Court has said, time and time again, that the Constitution grants absolutely no rights. Instead, the Constitution recognizes some rights as existing even in the absence of law which establishes them. Under American legal theory, free speech is a universal human right; that even were the Government to abolish the First Amendment tomorrow, citizens would still enjoy the liberty of speaking freely.
Free speech is not guaranteed to citizens in law. Law recognizes that citizens possess free speech, whether the government wants to recognize it or not.
If the government provided your right to speak freely, then the government could revoke that right at any time. They can't, because they don't provide it.
You want your education, you don't do anything to make the jobs of educators any harder than they already are.
The students don't have a choice in whether or not to show up to school, for the most part--skip school and truancy officers start looking for you. Apparently, you'd like to have it both ways: you'd like for students to be required to show up for school, and you'd like to be able to forbid them from school if they're being disruptive.
You can have it one way or the other, but asking for it both strikes me as hypocritical.
Let me get this straight: you were developing software for another party, presumably for pay. You put the copyright in your name, regardless of the fact that as a work-for-hire it belongs to the people who were paying you. You had it licensed under the terms of the GNU GPL, even though your employers had no clue what those licensing terms were and what they really meant in a practical sense.
At this point, let me just ask a simple question:
ARE YOU INCOMPETENT, OR WERE YOU JUST HIGH?
There exists such things as ethics in the engineering profession. Two of the most important ethical rules are
Always be honest and frank in all matters of your engineering,
Always keep your employers well-informed on the major engineering decisions you make
... These aren't hard rules to follow. They're simple, straightforward, commonsense.
If you put your own name on a copyright, despite the fact that as a work-for-hire you have no legal or ethical basis for it, and you compound everything by putting licensing terms on it without fully informing Management as to the requirements and meaning of those terms, and you get in trouble as a result... what? Are we supposed to have sympathy for you?
You broke the rules. You got caught. Your employers are going to do whatever the hell they damn well please with the source, and if you're smart, you'll get rid of all source that you don't have a legal and moral right to possess.
... there's an (alleged) traitor named Robert Hanssen, a senior FBI agent.
... there's a (convicted) serial murderer named Robert Hansen, who was born and raised in Iowa.
... and an FBI agent named John Douglas was instrumental in the capture of Robert Hansen.
... and there's a Slashdotter (me) named Robert Hansen.
... whose best friend in high school was named John Douglas.
I'm telling you, I think I'm going to have to go commit a crime against humanity or something in order to live up to the high standards my other namesakes have left for me.:)
Delete your files. This will keep a six-year-old from recovering them. If you're running a UNIX which doesn't have a recycling bin, nor a broken file system which still leaves data lingering intact long after "deletion", then you'll be able to keep a seven-year-old from recovering them.
The cryptographic way
Follow the following procedure:
Overwrite all your data with 0xFF.
Overwrite all your data again with 0x00.
Overwrite all your data with a good random or pseudorandom stream of data.
Repeat this process at least seven times--more if you like.
The smart way
Follow the cryptographic method outlined above. Then get out a sledgehammer and physically destroy the drive. Drop the platter in a metal wastebasket, douse it in lighter fluid and set the thing on fire. Don't stop until the platter is totally destroyed.
... All this may sound overly paranoid, but if your data really is that important it's the only way to go. A new hard drive is $250 nowadays; the cost of important secrets getting out is easily a few orders of magnitude higher. Physical destruction of media is the only way to be fairly certain that the data is destroyed.
Keep in mind that the cryptographic method may fail, and even a bulk degausser isn't guaranteed. They can do amazing things with electron microscopy today.
In today's society, there are several taboo subjects that you absolutely can't broach except in the most somber of ways. Race relations are one; race in America is such a hot topic that there's an entire culture which has sprouted up around the issue, and race is the godhead of the culture. If you want to approach the godhead, you have to make a ritual out of it to put an Orthodox rabbi to shame.
What was this young lady's offense? Apparently, not following the rituals. She foolishly thought that it was acceptable to talk frankly about subjects without simultaneously holding them in reverence; that it was acceptable to think without arriving to the same conclusions which we're indoctrinated to arrive at; that it was, in short, acceptable to apply the reason God gave her to a problem which tickled her fancy.
Heavens to Betsy. She forgot to venerate the great godhead of modern social life, the bogeyman of racism. And here I thought the First Amendment meant we don't have to venerate anything we don't want to, and there's nothing the government can do to compel our worship.
Hannibal isn't a sequel; it's third in a series
on
Hannibal's Return
·
· Score: 4
The Hannibal Lecter movie arc encompasses three movies:
Manhunter, a 1986 Michael Mann film. Starring William Peterson, Brian Cox, Tom Noonan, Joan Allen and Kim Greist.
Manhunter is the story of Will Graham, a retired FBI behavioral-science expert. (What caused him to retire? Well, he was the only man both sane and crazy enough to be able to crawl inside Hannibal Lecter's mind. He almost didn't come out again.) After a new serial killer murders two families, Jack Crawford (played by Dennis Farina here) pulls Will out of retirement. But lo and behold, this new serial killer is patterning himself after Lecter.
If you can forgive the mid-80s fashions and soundtrack, this is my personal favorite of all the three films.
Silence of the Lambs. A 1991 Jonathan Demme film, starring Jodie Foster, Sir Anthony Hopkins and Scott Glenn.
Sir Anthony Hopkins takes over the role of Hannibal Lecter from Scottish actor Brian Cox. Hopkins and Cox take totally different approaches to The Bad Doctor; I prefer Cox, but Hopkins' performance is far from slouching.
Hannibal, a 2001 Ridley Scott film. Starring Sir Anthony Hopkins, Julianne Moore, Ray Liotta and Gary Oldman. Review as posted above.
... If you haven't seen Manhunter yet, give it a try. It's a "nobody's-ever-seen-it" film, and provided you can understand that in the mid-80s people actually dressed that way and listened to that sort of music, there's a heck of a lot to appreciate in it.
ObDisclosure: Last year I was employed by a San Francisco company which was competing with Gemstar for the ebook market. Specifically, my job was security and countersecurity--making sure that our ebook offerings were crack-resistant, and exposing weaknesses in other companies' offerings so as to give my firm competitive advantage. I am probably very biased here: take everything I'm saying with several (large) grains of salt.
Is it crackable?
The answer is an unqualified, unhesitant yes, it is. This shouldn't be a surprise, because any ebook on the market is crackable. The current state of the art in computer security allows two people, each of whom trusts the other to communicate in good faith, to communicate securely.
What do you mean, "good faith"?
If Alice and Bob want to talk privately, and Alice and Bob trust each other to respect the privacy of the conversation, there are wonderful tools (IPsec, OpenPGP, etc.) to facilitate secure communications. But if Alice and Bob don't trust each other to respect the privacy of the communication, there's no technology that will help. (Example: Alice suspects Bob is a shill for the NSA. Alice PGP-encrypts all of her emails to Bob. PGP won't help, though, because Bob will just decrypt the traffic and hand the plaintext to Fort Meade.)
The good-faith assumption is at the heart of most cryptographic protocols nowadays. As soon as that goes away, so does security. Now, if you're selling ebooks, can you really possess any certainty that all the people who buy ebooks from you have proper, lawful motives at heart? Apparently not, because then you wouldn't need security, right? But if you can't trust your customers, what sort of security can you reasonably expect? -- These questions are equal parts rhetorical and realistic. There are no good, pat answers to them.
So how can the Gemstar ebook be cracked?
Given the DMCA's anticircumvention standards, I do not feel the political climate is safe to give specifics. (If any Congressional aides are reading this, take note of the chilling effect the DMCA has on frank discussion of technological issues.)
In general, how can ebooks be cracked?
Display drivers.
If the signal gets sent to the PC screen at some point, that signal can be intercepted. Step through each page of the ebook, take a screenshot of each page, then run it through OCR to translate it into ASCII. Presto: you've stripped all watermarks from the book. There are some countermeasures, though--DVD decoder cards bypass the OS screen-drawing routines completely to render directly to the screen, precisely so that people can't take screenshots of DVD movies as they're being played.
Pulling decryption keys
It's really not very hard to do this. A computer program tends to possess very little real entropy. If you find a 16-byte block in a computer program which passes every statistical test for randomness, it's a decent bet that you've found a 128-bit key. Similar statistical analysis can find likely asymmetric keys. Once you've located likely places for the keys to be stored, it's pretty simple to pull the keys out.
Reverse-engineering
Once you reverse-engineer the reader, there typically no longer exists any security anywhere in the system. Reverse-engineering a Kerberos client doesn't get you very far in cracking Kerberos, because Kerberos access is controlled at the server level; but since nobody wants to connect their Palm Pilot to the Net every time they want to read Alice in Wonderland, ebook access is controlled at the client level. Reverse-engineering a client thus gives you control of the security mechanisms.
Brute-force attacks
Last year there were several ebook companies who were encrypting their text using severely broken cryptosystems. A 1024-bit RSA key provides no security when it's coupled with a 40-bit Blowfish implementation. 3DES provides minimal security when it's coupled with 512-bit RSA.
The most critical problem with ebook security is that the security precautions must protect the content for the entire duration of copyright--which, at this point, is darn near eternal. Last year, one of our competitors (which was using a 40-bit key) announced that they were making their cipher "over sixteen million times more secure" by switching to a 64-bit key. Well, gee. Given Moore's Law, that means in twenty years 64 bits will be as easy to break as 40 bits today--hardly a good forward-looking security strategy.
If anyone wants to talk to me further about this, feel free to email me. That's what my address is up there for.:)
Slashdot Mirror
In order for software to function perfectly, three things must be present: a perfect operator, perfect hardware, a perfect operating system and perfect code. If you've got buggy hardware or an unreliable OS, even something as simple as "Hello World!" can bring you down. And if your human operator makes a mistake, then the entire thing collapses like a house of cards.
Some people think that the provably-correct school of software design is a panacea to all ills. By writing code in a language like SPARK (an Ada83 subset), you can then use mathematical tools to formally prove each part of your code to be "correct". The reason why I put the word "correct" in quotes is because there is no good, formal definition of what "correct" means. The code may be provable to do exactly what you intend for it to do, but that's not necessarily the same as what it should be doing. If you're writing code to control the flight of an F-16, it doesn't matter how perfect your code is if your code makes the assumption "hey, if one engine fails, we can just switch to the other".
(For those who aren't aeronautically inclined, an F-16 has one engine.)
The way to produce better code is clear. Publish your code; do internal audits; put it out in the field in non-critical environments for real-world testing; get a good feedback loop going from your users. This results in code we can trust; it does not result in bug-free code.
Perfect systems require perfect operators, perfect hardware, perfect operating systems and perfect software. Even if you can get the last three, you'll never get the first one.
Doesn't matter what the disability is: the best tool is compassion without condescension from the rest of the LUG.
That said, the best way to proceed is typically to ask the person in question if you need to make any adjustments to accomodate them. The deaf member may have trouble lipreading if the speaker has a big, poorly-trimmed handlebar moustache, for instance; and if the deaf LUG member knows that s/he can say, "hey, guy, no offense, but could you please trim that thing?" and not get nasty stares, well, that's a pretty good place to start from.
If you don't know what you can do to make your LUG more accessible to the deaf and blind, the most logical place to begin isn't an Ask Slashdot. Try asking them instead.
Keep in mind that your club may have legal obligations if you live in the United States; the Americans with Disabilities Act, which is pretty broad-ranging, requires that reasonable steps be made to accomodate the needs of the disabled. You may run into similar laws in other countries as well. If you're concerned about what your legal obligations are under the ADA, check with an attorney.
Guys, please. This is the kind of paranoid delusional ranting that gives us all a bad name. Let's look at it from both a MS-is-the-Antichrist and MS-is-Just-A-Very-Ruthless-Competitor angle:
Bill Gates is the Antichrist:
If Bill Gates is the Antichrist, then don't you think he's read the Evil Overlords list? And somewhere on that Evil Overlords list, shouldn't there be I will be very careful to make sure all of the IP for my company's flagship products is on extraordinarily firm legal footing? If Bill Gates is the Antichrist, then you have to admit: he's a smart, wily, ruthless Antichrist.
The Devil doesn't need to break the rules. He's already the best in the world at cheating within the rules.
MS-as-Ruthless-Competitor:
If you believe this, then you have enough intelligence and reason to see how utterly absurd the question is in the first place. Bill Gates is terrified of the GPL; the company, as evidenced by Allchin's testimony, thinks it's unamerican, dangerous, and--worst of all--"stifling to innovation". Would Bill Gates really let any employee of his put anything in Microsoft code which "stifled" his company's ability to "innovate"?
... Good grief. I can't believe such a stupid question qualified for a Slashdot story. I'll just write it down to an April Fool's thing, but really, I don't see what the joke is.
Check out the Tinker decision, from the Vietnam War. Students in a public school wore black armbands to protest the Vietnam War and were suspended for it. Supreme Court had some very choice words for the Des Moines school district. Upshot: in a public school, students have First Amendment rights because the school is an agency of both the State and Federal Governments. According to the First Amendment, the Federal Government can't intrude on a student's free speech rights without damn good reason; according to the First and Fourteenth Amendments, the State Government can't, either.
C and Java are de rigeur nowadays; good luck getting your resume looked at without it. CGI and Javascript are important to Web shops, particularly those who are writing Web-based applications (not applets, applications). FORTRAN just shows how long he's been around; not many people coming out of college today know FORTRAN.
Citing Basic as experience is semi-pathetic. But Visual Basic is an exception, because regardless of what you feel about it, Visual Basic is the most widely-used programming language in the world, right after COBOL.
So if this guy was sending a resume to a business that was developing Web-based applications, those skills would all point to a seasoned professional who'd been around the block a few times who knew the technologies I needed.
Just because you think a certain skill is a "fanboy" skill, that doesn't mean the applicant is a fanboy.
To give you an idea, here's a short list of my skills. No, I don't put them all on a resume, but by your logic, just by possessing them I'm a poseur.
- Programming Paradigms
- Functional (Scheme, ML)
- Procedural (C, Pascal)
- Object-Based and Object-Oriented (Ada83, Ada95, C++)
- Generic (C++, Ada95)
- Parallel (Compositional C++, Fortran/HPF)
- Programming Languages
- C, C++, Compositional C++, Java
- Pascal, Modula-2/3, Oberon
- COBOL, JCL
- FORTRAN, Fortran and Fortran/HPF
- Classic LISP, Scheme, ML
- Ada83, Ada95
- Markup Languages
- LaTeX (not raw TeX)
- SGML, HTML, XML
- Operating Systems
- MS-DOS 3.3-6.22, Windows 95/98/NT/2000
- AIX, BSDI, FreeBSD, SunOS 5.7/Solaris 7, Linux
- MVS
- BeOS
... Am I a poseur simply because I'm a competent, well-versed computer scientist?Or is your main objection to the applicant who lists C, Java, XML, JavaScript and CGI that he knows more than you do?
Also, pay attention to how you present yourself. You're not coming across as a professional engineer. Professional engineers are people who learn things and solve problems--not people who talk like a wanna-be member of the Wu Tang Clan and blindly condemn every bit of popular technology because it's not C.
Contrary to what you wrote, Real Programmers don't list only the things they're total experts at, and the one or two things they think will help them land their next job. That's a pretty foolish way to go job-shopping. What you do is you figure out where you want your next job to be, and you tailor your resume to fit that position. In today's market, the key skills are Java, XML and Web-based skills. I've got a company in London that's interested in talking to me about a job writing applications in UNIX. Their engineering team has been grilling me about my C++ and UNIX skills.
But if I hadn't put Java and XML on my resume, Management would have never given my resume to their engineering team and said "this guy might do, talk to him".
Radioactive decay is the prime example
Interestingly enough, this is not necessarily the case. (Put in boldface because the first time I ran across this, it stunned the hell out of me.) It's possible to find RNGs based on radioactive decay which exhibit a degree of determinism. Why? Depends on the time window that you're looking for a radioactive decay in, and the recharge time of the Geiger counter.
Take an extreme example: let's say that if a Geiger counter picks up a stray bit of radiation in a 1-second window, it'll peg a '1'. Otherwise, it pegs '0'. However, after pegging a '1' the Geiger counter has to spend 60 seconds resetting itself. During this time, it'll peg '0's.
Now say that your radiation source is something viciously radioactive, like Pu-238 (even more active than Pu-239). You're essentially guaranteed a peg in the first 1-second window, and then the Geiger counter will peg 60 straight 0s.
That means that with this setup, which is based on creating random numbers by measuring radioactive decay, you can successfully predict that over 98% of the time it'll return a 0, and virtually 100% of the time it'll follow a repeating pattern of 1 followed by 60 zeros on a 61-second cycle.
This example is very contrived so that you can immediately see the problems with generating random numbers via radioactive decay. When the reset time is a fraction of the exposure window, you'll get a mostly random stream.
But you'll never, ever get a truly random stream from a radioactive source/Geiger counter setup.
Even if the source of your randomness is absolutely and totally entropic, your measuring instruments aren't. Hidden determinism enters the system and lowers the quality of your entropy.
John von Neumann proved this way back in the 50s, if memory serves. From an information-theoretic perspective, there is absolutely no difference between a program and data. In fact, some programs use themselves as data. As a trivial example, imagine that you have a Perl script that prettifies source code--now run the program through itself. Presto: the program is the data.
As Andy Grove is fond of saying, hardware is just software that's frozen in silicon. There's no difference between them, again speaking from an information-theoretic perspective.
We all know this one, given the DMCA and how it was used as a big and gnarled club against DeCSS.
... Add it all up. What do you get? If it's already illegal to write a software program which strips usagecontrols from data (ala deCSS), then it's going to be a very short court battle to show that it's also illegal to deliberately write software which never bothers to check for usage controls, or ignores flags in a data file which would normally indicate the presence of usage controls.
If Debian wants to include this, I've got to commend them on their willingness to make a moral stand. But they'd better have damn good legal counsel, and they'd better be expecting a lawsuit from Adobe at any time.
In '94, I was a college student who'd gone through a rigorous internship selection process and had finally been selected as the summer help at a software house. I was especially ecstatic because they were paying me an ungodly sum for an intern--almost as much as one of their engineers.
:)
I was given the good news on a Monday morning, and was told to show up bright and early Tuesday.
By lunch, the company's stock price fell eighty percent.
That afternoon, I got a call from HR. I'd been laid off.
All before I ever showed up for work.
Yes, Einstein. I'm very glad you understand that passphrases are there to protect secrets. That's also not the point.
The point is, 95% of all users can't be bothered to
- Choose a good entropic passphrase
- Remember a good entropic passphrase
- Enter the passphrase each time they want to do crypto operations
... What you wind up with are users saying "well, I'll just have PGP cache my password indefinitely" at best, or "Man! They expect me to remember another password? Forget this software. I have too many passwords to remember already, much less a passphrase."When it comes to computer security, crypto is only about five percent of the solution. The other ninety-five percent of the problem domain is filled with human problems, like
- How do we get people to use crypto?
- How can we make crypto transparent for normal users?
- How can we surmount the problem of user apathy?
- How do we protect against social engineering attacks?
- How do we protect against human stupidity?
- How do we implement this neat security solution without stepping on Yoyodyne Inc.'s overly-broad patent?
- How do we protect against legal attacks, not just computer and cryptanalytic ones?
... As you can imagine, the problem domain is a mess. While I commend your exuberance, please remember that for ninety-five percent of the world, remembering a crypto passphrase is one more headache they don't want to deal with--so they simply won't use crypto, and thus avoid that headache.It has to do with importance. If the only time you encrypt email is when it's important, then it becomes very easy for an attacker to say--"oh, hey! This fellow usually sends one encrypted email a week, but this week he's sent off 25. I wonder what's up?"
Simply knowing that a message is important can often be all the help an attacker needs. This is called "traffic analysis" (analyzing patterns in who talks to whom about what, whether the conversations are normal or priority traffic, etc).
By routinely encrypting all your traffic, that denies an attacker the ability to say "... hey, encrypted traffic is coming down the wire; something's up."
Encrypting material on mailing lists has a significant "what's the point?" factor. Most mailing lists are so easy to get on that encrypting traffic on the email list serves no useful purpose.
Any mailing list which is open to the public gets no benefit from encryption. Any mailing list which is closed only gets minimal benefit; the security of a message drops to the square of the recipients. If your intent is merely to protect mailing list data from casual eavesdropping along the way, though, here's a scheme.
1. Joining the list is done through the typical process, but a public key is given to the server as part of the process. (Out-of-band verification, etc., is assumed and won't be covered here.)
2. Whenever someone posts to the list, they sign the message and encrypt it with the server's public key.
3. When the server gets a message, it decrypts the message. It now has plaintext + signature. After verifying the signature, it sends the message out to each listmember, encrypting it for their specific key.
4. When a client gets a message, it decrypts-and-verifies that it came from the listserver. It then verifies that it came from the original sender.
... Note that this scheme is horribly naieve and is extremely vulnerable to attack. It also doesn't solve the key management issue; but instead of every listmember needing every listmember's key and all the assorted key management that entails, the burden is shifted entirely to the server.
It's a simpler scheme than every participant encrypting for every other participant's key, and simpler schemes tend to be more robust and secure. That doesn't mean that this scheme is robust and secure.
As I said, encrypting mailing lists has a large what's-the-point factor. There are so many ways to attack a mailing list that I doubt one could be secured.
There's one-click access to PGP, too, through the Outlook Express/Outlook/Eudora plug-ins. This is insufficient, just as it's insufficient to go the CA route.
What do you have to do to get "one click" encryption through the CA route? You have to send $50 off to some place. You have to send photocopies of your driver's license and passport. You have to go through an out-of-band verification process. You get your certificate. You have to set up your email client to use your certificate (and most of them have the most annoyingly vague documentation on how to do it).
Then you can click on "Encrypt"... but a passphrase dialog still pops up.
Going the Verisign/CA route is no easier than going the PGP route. In fact, it's probably considerably more difficult. I've been using PGP for years, but I've never bothered with getting a Verisign certificate. It's simply too much inconvenience and too much hassle.
- Crypto software is hard to use.
- Public-key infrastructure is still mostly a myth.
- Crypto requires learning.
... Those reasons are the big ones for why more email isn't encrypted. 95% of the population lacks the technical skill to use encrypted email, and 95% of the population doesn't recognize the need to encrypt mail anyway.Before anyone even thinks of refuting this one, think about this: anything that requires more technical know-how than Outlook Express or Eudora is automatically going to fail in the marketplace. Why? Because 95% of the market finds their own technological skills tapped out at the level of using Outlook Express for basic email, to say nothing of doing something as advanced as (gasp) installing a crypto plug-in.
As long as crypto software has any kind of significant learning curve, crypto software is not going to be widely-used. SSH is widely-used today, mostly because for casual use it's indistinguishable from telnet--the sysadmin (who has tech savvy) takes care of key management and the users just have to be told "type ssh instead of telnet".
For all the millions which have been invested in PKI, it's mostly a crapshoot. The typical user still doesn't have a bat's chance in hell of using a public-key infrastructure properly. If Joe User wants to encrypt a message for John User, Joe doesn't know where to find John's public key, wouldn't know how to import the key even if he had it, and wouldn't know to do an out-of-band fingerprint verification before using it.
Sometime, take a look at the documentation that comes with PGP. It's pretty good, all things considered. It's also about the heftiest documentation I've ever seen for a consumer software product.
Users don't want to learn. Users think (not unreasonably) that programmers should make programs work the way the users think they should, instead of demanding that users learn the way the programmers think the program should work.
For the record, my public key is available on Slashdot. I encourage anyone who sends email to me to use it. Even without a fingerprint verification, it's better than nothing.
If the US government were to send in the marines they'd be invading another country. A declaration of war. That would violate more treaties than you can count. The repercussions would be horrendous politcally.
:) Or, for the Europeans out there, did this logic stop the British from protecting their interests in the Falklands? Or the French, who send their Foreign Legion and paratroops off to the Third World all the time in order to "look after the interests of former colonies"?
Grenada, '84.
Panama, '89.
Either of these two ring a bell?
Treaties can only be broken if there's a relevant treaty in the first place. The US has no pacts or treaties with Sealand, so there's no treaty to be broken.
For a lawsuit to be brought, first the Canadian would have to be served with papers from a US court.
Guess what? You can only be served with US court papers... if you're in the United States. The US has no legal authority to go about co-opting citizens or residents of other countries in order to enforce its own laws. Even in the event that criminal charges were filed, extradition from a foreign country is never guaranteed.
So as long as the Canadian never sets foot in the US, he's totally immune to the United States civil-justice system.
things like the "outlawing" of evolutionary instruction
If you're talking about Kansas, they outlawed the requirement that children be taught evolutionary theory; they did not outlaw the teaching of evolutionary theory. I understand that this is Slashdot, and hard fact as opposed to propaganda is like Kryptonite to the vast majority of the viewing audience, but please.
I fear that the constant downgrading of NASA is perhaps that warning sign of trouble.
How much did it cost to make the Keck Observatory?
How much did the Hubble Space Telescope cost?
What about Mars Pathfinder?
NEAR?
Now... how many billions of dollars overbudget is the ISS? How many Pathfinders, Hubbles, Kecks, Hipparcos and Chandras haven't been launched, haven't been built, haven't even been designed, because the ISS was slurping up so many billions that it left nothing else for other projects?
We live in a world of finite resources. If the ISS is gobbling up more than its share of resources, then either (a) it should be cut back to its proper share, or (b) it should be done away with altogether.
I'm fully in favor of long-term habitation of space. But the more I hear about the ISS, the more I think the ISS isn't the right way to do it.
If the Administration hadn't expressed an interest in constraining budget growth of the ISS, I'd be worried.
Anyone want to post hard numbers on exactly how many billions of dollars the ISS is over-budget? How much of our "financial aid" to Russia has really been "please, take this bribe and keep Baikonur operating a little while longer"?
The ISS is hugely, massively overbudget. The Administration's expressed interest in constraining more costs is prudence, not Visigothism. Saying "this thing is already several billion overbudget, and we don't want to see it grow one dollar moreso" is a great deal different from saying "we're not going to give this the funding it needs".
While I'm adamantly in favor of the space program and long-term habitation in space, I'm not in favor of the idea (which some Slashdotters seem to agree with) that any level of funding is acceptable, and any constraint on funding is neo-Luddism.
What is false about this?
The fact that the Supreme Court says it's false was my first hint.
No offense, but that was a pretty foolish question. If the Supreme Court says "the Constitution grants no rights" (Cruickshank is the first cite I can find), then that's a pretty clear indicator that free speech isn't guaranteed to citizens in law.
Free Speech is guaranteed to citizens in law.
Absolutely false. The Supreme Court has said, time and time again, that the Constitution grants absolutely no rights. Instead, the Constitution recognizes some rights as existing even in the absence of law which establishes them. Under American legal theory, free speech is a universal human right; that even were the Government to abolish the First Amendment tomorrow, citizens would still enjoy the liberty of speaking freely.
Free speech is not guaranteed to citizens in law. Law recognizes that citizens possess free speech, whether the government wants to recognize it or not.
If the government provided your right to speak freely, then the government could revoke that right at any time. They can't, because they don't provide it.
You want your education, you don't do anything to make the jobs of educators any harder than they already are.
The students don't have a choice in whether or not to show up to school, for the most part--skip school and truancy officers start looking for you. Apparently, you'd like to have it both ways: you'd like for students to be required to show up for school, and you'd like to be able to forbid them from school if they're being disruptive.
You can have it one way or the other, but asking for it both strikes me as hypocritical.
At this point, let me just ask a simple question:
ARE YOU INCOMPETENT, OR WERE YOU JUST HIGH?
There exists such things as ethics in the engineering profession. Two of the most important ethical rules are
- Always be honest and frank in all matters of your engineering,
- Always keep your employers well-informed on the major engineering decisions you make
... These aren't hard rules to follow. They're simple, straightforward, commonsense.If you put your own name on a copyright, despite the fact that as a work-for-hire you have no legal or ethical basis for it, and you compound everything by putting licensing terms on it without fully informing Management as to the requirements and meaning of those terms, and you get in trouble as a result... what? Are we supposed to have sympathy for you?
You broke the rules. You got caught. Your employers are going to do whatever the hell they damn well please with the source, and if you're smart, you'll get rid of all source that you don't have a legal and moral right to possess.
... there's an (alleged) traitor named Robert Hanssen, a senior FBI agent.
:)
... there's a (convicted) serial murderer named Robert Hansen, who was born and raised in Iowa.
... and an FBI agent named John Douglas was instrumental in the capture of Robert Hansen.
... and there's a Slashdotter (me) named Robert Hansen.
... whose best friend in high school was named John Douglas.
I'm telling you, I think I'm going to have to go commit a crime against humanity or something in order to live up to the high standards my other namesakes have left for me.
- The naieve way
- The cryptographic way
- Overwrite all your data with 0xFF.
- Overwrite all your data again with 0x00.
- Overwrite all your data with a good random or pseudorandom stream of data.
- Repeat this process at least seven times--more if you like.
- The smart way
... All this may sound overly paranoid, but if your data really is that important it's the only way to go. A new hard drive is $250 nowadays; the cost of important secrets getting out is easily a few orders of magnitude higher. Physical destruction of media is the only way to be fairly certain that the data is destroyed.Delete your files. This will keep a six-year-old from recovering them. If you're running a UNIX which doesn't have a recycling bin, nor a broken file system which still leaves data lingering intact long after "deletion", then you'll be able to keep a seven-year-old from recovering them.
Follow the following procedure:
Follow the cryptographic method outlined above. Then get out a sledgehammer and physically destroy the drive. Drop the platter in a metal wastebasket, douse it in lighter fluid and set the thing on fire. Don't stop until the platter is totally destroyed.
Keep in mind that the cryptographic method may fail, and even a bulk degausser isn't guaranteed. They can do amazing things with electron microscopy today.
In today's society, there are several taboo subjects that you absolutely can't broach except in the most somber of ways. Race relations are one; race in America is such a hot topic that there's an entire culture which has sprouted up around the issue, and race is the godhead of the culture. If you want to approach the godhead, you have to make a ritual out of it to put an Orthodox rabbi to shame.
What was this young lady's offense? Apparently, not following the rituals. She foolishly thought that it was acceptable to talk frankly about subjects without simultaneously holding them in reverence; that it was acceptable to think without arriving to the same conclusions which we're indoctrinated to arrive at; that it was, in short, acceptable to apply the reason God gave her to a problem which tickled her fancy.
Heavens to Betsy. She forgot to venerate the great godhead of modern social life, the bogeyman of racism. And here I thought the First Amendment meant we don't have to venerate anything we don't want to, and there's nothing the government can do to compel our worship.
Manhunter is the story of Will Graham, a retired FBI behavioral-science expert. (What caused him to retire? Well, he was the only man both sane and crazy enough to be able to crawl inside Hannibal Lecter's mind. He almost didn't come out again.) After a new serial killer murders two families, Jack Crawford (played by Dennis Farina here) pulls Will out of retirement. But lo and behold, this new serial killer is patterning himself after Lecter.
If you can forgive the mid-80s fashions and soundtrack, this is my personal favorite of all the three films.
Sir Anthony Hopkins takes over the role of Hannibal Lecter from Scottish actor Brian Cox. Hopkins and Cox take totally different approaches to The Bad Doctor; I prefer Cox, but Hopkins' performance is far from slouching.
... If you haven't seen Manhunter yet, give it a try. It's a "nobody's-ever-seen-it" film, and provided you can understand that in the mid-80s people actually dressed that way and listened to that sort of music, there's a heck of a lot to appreciate in it.
The answer is an unqualified, unhesitant yes, it is. This shouldn't be a surprise, because any ebook on the market is crackable. The current state of the art in computer security allows two people, each of whom trusts the other to communicate in good faith, to communicate securely.
If Alice and Bob want to talk privately, and Alice and Bob trust each other to respect the privacy of the conversation, there are wonderful tools (IPsec, OpenPGP, etc.) to facilitate secure communications. But if Alice and Bob don't trust each other to respect the privacy of the communication, there's no technology that will help. (Example: Alice suspects Bob is a shill for the NSA. Alice PGP-encrypts all of her emails to Bob. PGP won't help, though, because Bob will just decrypt the traffic and hand the plaintext to Fort Meade.)
The good-faith assumption is at the heart of most cryptographic protocols nowadays. As soon as that goes away, so does security. Now, if you're selling ebooks, can you really possess any certainty that all the people who buy ebooks from you have proper, lawful motives at heart? Apparently not, because then you wouldn't need security, right? But if you can't trust your customers, what sort of security can you reasonably expect? -- These questions are equal parts rhetorical and realistic. There are no good, pat answers to them.
Given the DMCA's anticircumvention standards, I do not feel the political climate is safe to give specifics. (If any Congressional aides are reading this, take note of the chilling effect the DMCA has on frank discussion of technological issues.)
If the signal gets sent to the PC screen at some point, that signal can be intercepted. Step through each page of the ebook, take a screenshot of each page, then run it through OCR to translate it into ASCII. Presto: you've stripped all watermarks from the book. There are some countermeasures, though--DVD decoder cards bypass the OS screen-drawing routines completely to render directly to the screen, precisely so that people can't take screenshots of DVD movies as they're being played.
It's really not very hard to do this. A computer program tends to possess very little real entropy. If you find a 16-byte block in a computer program which passes every statistical test for randomness, it's a decent bet that you've found a 128-bit key. Similar statistical analysis can find likely asymmetric keys. Once you've located likely places for the keys to be stored, it's pretty simple to pull the keys out.
Once you reverse-engineer the reader, there typically no longer exists any security anywhere in the system. Reverse-engineering a Kerberos client doesn't get you very far in cracking Kerberos, because Kerberos access is controlled at the server level; but since nobody wants to connect their Palm Pilot to the Net every time they want to read Alice in Wonderland, ebook access is controlled at the client level. Reverse-engineering a client thus gives you control of the security mechanisms.
Last year there were several ebook companies who were encrypting their text using severely broken cryptosystems. A 1024-bit RSA key provides no security when it's coupled with a 40-bit Blowfish implementation. 3DES provides minimal security when it's coupled with 512-bit RSA.
The most critical problem with ebook security is that the security precautions must protect the content for the entire duration of copyright--which, at this point, is darn near eternal. Last year, one of our competitors (which was using a 40-bit key) announced that they were making their cipher "over sixteen million times more secure" by switching to a 64-bit key. Well, gee. Given Moore's Law, that means in twenty years 64 bits will be as easy to break as 40 bits today--hardly a good forward-looking security strategy.
If anyone wants to talk to me further about this, feel free to email me. That's what my address is up there for.