I also had a paper at this year's CCS conference, so perhaps I can shed some light on the process. The publisher had some fairly picky requirements for the PDFs, and warned that most PDFs created by (for example) pdflatex would probably not pass muster. So along with a PDF we had to submit a Postscript file so that they could distill it into a PDF that met their requirements if necessary. That's likely what happened here--the final Acrobat Distiller step was probably done by the publisher to make everything fit their publishing requirements.
I believe this has been shown incorrect; from the article:
As it turns out, the reason for all those routing resets and general instability was due to a previously unknown Cisco bug involving AS paths close to 255 in length.
Last time I installed Ubuntu it still asked for a password for the normal user account. It asked for that same password when it needed to elevate privileges and perform some configuration command as root (via sudo).
So, you have a password, and if you need to you can get root-level privs, but the random everyday stuff you do doesn't have the potential to wipe out the whole OS.
The iPhone doesn't have support for Linux (no iTunes!), and since it (unlike previous incarnations of the iPod) doesn't function as a standard USB mass storage device, it's effectively useless on that platform. I agree that it's not limited to one, but it is limited to two.
Current workarounds involve jailbreaking your iPhone/iPod and then (I am not making this up) syncing files over SSH.
It's more plausible than you may think. If any of the current video chat frameworks use SDL for their output, you can use SDL's AALib output driver. It will automagically mogrify your video into text, live!
Well, when divide people into two groups, name one of them "hegemonic", and then analyze the two groups... yeah, you're going to end up with the word "hegemonic" being used a lot. I have a feeling that "subaltern" would come up with roughly the same word count, but don't feel like copying and pasting into a terminal to find out.
I'm not familiar with iCal as an app, but I don't see why the iCalendar spec would have any trouble with recurring appointments and multiple calendars in Japan--there's support for multiple time zones and a full-featured (if somewhat byzantine) syntax for recurrence rules. Does iCal just have poor support for the standard?
Give the Debian Popularity Contest a shot. It's an opt-in thing that reports what packages you have installed back up to a central server, which then produces stats on the popularity of packages. This won't necessarily tell you what package is *better*, but it will tell you which one is more widely used (and hence probably more supported).
This is only because root is not allowed to log in remotely by default. "-fanyotheruser" will still work. I believe the current favorite is "-fbin". Also, if you've commented out the console line in/etc/default/login, it will allow access to root.
This has been confirmed on the latest version of Solaris 10.
I think you may be misunderstanding what I mean--I'm talking about something that creates a device that looks to every other app like a standard CDRW device, but when burned to, creates an image instead. As far as I know, Nero can't do that.
One thing I would love to see is something similar to Daemon Tools, only that emulates a CDRW/DVDRW drive rather than a CD/DVD-ROM, and writes info out to a CD image. That would at least eliminate the "coaster" byproduct of the iTunes download/burn/rip/encode dance.
I'm never sure exactly what to say when commnets like this come around, because it feels like the people posting them occupy some bizarre parallel universe that I have never visited.
The installer was freezing? I've only experienced this before with bad hardware or flaky media.
You couldn't figure out how to update the system? Because the biggest issue was "finding the right server"? Every time I've installed debian (and keep in mind that I've done it on dozens of different systems over the past five years, on hardware ranging from ancient Sun machines or DEC Alphas to brand spanking new P4 gaming rigs), the first step after installation was to select an apt mirror from a list (that was shown in a nice text menu) and update the system. After that, apt-get update; apt-get upgrade.
In any case, I kind of question the wisdom of getting your boss (who apparently has never used Linux?) to try software that you don't know how to use. Probably not going to make the best impression, advocacy-wise.
No. And it's unlikely that it ever will. Reasons why below.
2) How does it work?
WMDRM stores encryption keys on the system that purchased the media originally, and then uses those keys to decrypt the content when you want to listen to it (and stores / encrypts them in a way that is pretty obfuscated). What the creators of this program have done is find a way to duplicate that process, but then just dump the decrypted content back out to an unencrypted.wma file that will play anywhere.
So to answer (1) more fully, to work on Linux this thing would have to access the keys from the Windows install that originally purchased the content, AND it would have to fully re-implement the decryption process (unlike the way I believe the current version works, which is by figuring out how to call the decryption functions in the MS DLLs correctly).
No offense taken! I've only had a semester's worth of crypto education, roughly enough to make sure I know that the subject is subtle enough that I should consult someone actually skilled in the area before talking out of my ass:) Thanks for the reply.
This actually raises a question to which I don't know the answer: if you take a fairly standard symmetric cypher, say DES, and two keys K1 and K2, does there always exist a key K3 such that E_K1(E_K2(Message)) == E_K3(Message) ? This is not actually an obvious thing to prove, and I have a feeling it may vary from cipher to cipher.
My guess is that the submitter/editor just couldn't remember the spelling. That's my most common reason for abbreviating Massachuss... Masachussett... um, MA.:)
Why would CC numbers pull up extra garbage? The initial pass of #### #### #### #### might, but CCs are constructed so that you can do initial validation just on the number. Check this page for details.
I'm going to guess that this is a full-blown root compromise. There have been rumblings for several weeks now about new attacks against wireless drivers themselves, and this Blackhat presentation seems to be the public release of that research.
Depends--if Norvig got Russell (co-author with him on Artificial Intelligence - a Modern Approach) to go in with him for a tag-team kind of thing, they'd probably win. On the other hand, Berners-Lee has the W3C on his side, a notoriously large and heavy organization, which could be hard to topple.
As a side note, I heard from a friend who was attending that Norvig's opening comment about people always asking him "Why are you against the Semantic Web?" was a response to Berners-Lee's opening, 'Poeple always ask me, "Why are you against Artificial Intelligence?"'
Slashdot Mirror
Eye pie? That sounds kind of gross.
I also had a paper at this year's CCS conference, so perhaps I can shed some light on the process. The publisher had some fairly picky requirements for the PDFs, and warned that most PDFs created by (for example) pdflatex would probably not pass muster. So along with a PDF we had to submit a Postscript file so that they could distill it into a PDF that met their requirements if necessary. That's likely what happened here--the final Acrobat Distiller step was probably done by the publisher to make everything fit their publishing requirements.
I believe this has been shown incorrect; from the article:
(emphasis mine). More info:
http://blog.ioshints.info/2009/02/oversized-as-paths-cisco-ios-bug.html
And the Cisco description (the bug ID, CSCsx73770, is linked in there, but you need a login to access it):
http://tools.cisco.com/security/center/viewAlert.x?alertId=17670
Last time I installed Ubuntu it still asked for a password for the normal user account. It asked for that same password when it needed to elevate privileges and perform some configuration command as root (via sudo).
So, you have a password, and if you need to you can get root-level privs, but the random everyday stuff you do doesn't have the potential to wipe out the whole OS.
Seems like a win-win to me, really.
Out of curiosity, what did a real root account get you that "sudo -s" didn't?
The iPhone doesn't have support for Linux (no iTunes!), and since it (unlike previous incarnations of the iPod) doesn't function as a standard USB mass storage device, it's effectively useless on that platform. I agree that it's not limited to one, but it is limited to two.
Current workarounds involve jailbreaking your iPhone/iPod and then (I am not making this up) syncing files over SSH.
It's more plausible than you may think. If any of the current video chat frameworks use SDL for their output, you can use SDL's AALib output driver. It will automagically mogrify your video into text, live!
Here's the FAQ entry on it: http://www.libsdl.org/faq.php?action=listentries&category=3#30
Well, when divide people into two groups, name one of them "hegemonic", and then analyze the two groups... yeah, you're going to end up with the word "hegemonic" being used a lot. I have a feeling that "subaltern" would come up with roughly the same word count, but don't feel like copying and pasting into a terminal to find out.
I'm not familiar with iCal as an app, but I don't see why the iCalendar spec would have any trouble with recurring appointments and multiple calendars in Japan--there's support for multiple time zones and a full-featured (if somewhat byzantine) syntax for recurrence rules. Does iCal just have poor support for the standard?
Give the Debian Popularity Contest a shot. It's an opt-in thing that reports what packages you have installed back up to a central server, which then produces stats on the popularity of packages. This won't necessarily tell you what package is *better*, but it will tell you which one is more widely used (and hence probably more supported).
http://popcon.debian.org/
This is only because root is not allowed to log in remotely by default. "-fanyotheruser" will still work. I believe the current favorite is "-fbin". Also, if you've commented out the console line in /etc/default/login, it will allow access to root.
This has been confirmed on the latest version of Solaris 10.
PatchGuard is already broken. Go read Skape and Skywing's article in Uninformed. For what it's worth, Ionescu's post mentions this explicitly.
Do you have the numbers used for this comparison? I'd like to see how the 2G, 0.94" x 0.94" x 0.94", 0.63 oz MobiBLU cube MP3 player stacks up.
Yes, but this story has the magic fairy dust of "terrorism" that we can sprinkle on it to instantly make it relevant to the mass media!
I always wanted to break up with a girl via electronic greeting card:
"moyix has sent you an e-card! Click here to read it!"
*click*
"Yeah, I'm breaking up with you. Enjoy this cute picture of a kitten, though."
I think you may be misunderstanding what I mean--I'm talking about something that creates a device that looks to every other app like a standard CDRW device, but when burned to, creates an image instead. As far as I know, Nero can't do that.
Since I posted this, though, I did find Original CD Emulator
, which purports to do what I want. Anyone heard of any other software like this, possibly even something that can also emulate a DVD-R/W device?One thing I would love to see is something similar to Daemon Tools, only that emulates a CDRW/DVDRW drive rather than a CD/DVD-ROM, and writes info out to a CD image. That would at least eliminate the "coaster" byproduct of the iTunes download/burn/rip/encode dance.
I'm never sure exactly what to say when commnets like this come around, because it feels like the people posting them occupy some bizarre parallel universe that I have never visited.
The installer was freezing? I've only experienced this before with bad hardware or flaky media.
You couldn't figure out how to update the system? Because the biggest issue was "finding the right server"? Every time I've installed debian (and keep in mind that I've done it on dozens of different systems over the past five years, on hardware ranging from ancient Sun machines or DEC Alphas to brand spanking new P4 gaming rigs), the first step after installation was to select an apt mirror from a list (that was shown in a nice text menu) and update the system. After that, apt-get update; apt-get upgrade.
In any case, I kind of question the wisdom of getting your boss (who apparently has never used Linux?) to try software that you don't know how to use. Probably not going to make the best impression, advocacy-wise.
No. And it's unlikely that it ever will. Reasons why below.
WMDRM stores encryption keys on the system that purchased the media originally, and then uses those keys to decrypt the content when you want to listen to it (and stores / encrypts them in a way that is pretty obfuscated). What the creators of this program have done is find a way to duplicate that process, but then just dump the decrypted content back out to an unencrypted .wma file that will play anywhere.
So to answer (1) more fully, to work on Linux this thing would have to access the keys from the Windows install that originally purchased the content, AND it would have to fully re-implement the decryption process (unlike the way I believe the current version works, which is by figuring out how to call the decryption functions in the MS DLLs correctly).
No offense taken! I've only had a semester's worth of crypto education, roughly enough to make sure I know that the subject is subtle enough that I should consult someone actually skilled in the area before talking out of my ass :) Thanks for the reply.
This actually raises a question to which I don't know the answer: if you take a fairly standard symmetric cypher, say DES, and two keys K1 and K2, does there always exist a key K3 such that E_K1(E_K2(Message)) == E_K3(Message) ? This is not actually an obvious thing to prove, and I have a feeling it may vary from cipher to cipher.
Any crypto experts want to weigh in?
My guess is that the submitter/editor just couldn't remember the spelling. That's my most common reason for abbreviating Massachuss... Masachussett... um, MA. :)
Why would CC numbers pull up extra garbage? The initial pass of #### #### #### #### might, but CCs are constructed so that you can do initial validation just on the number. Check this page for details.
I'm going to guess that this is a full-blown root compromise. There have been rumblings for several weeks now about new attacks against wireless drivers themselves, and this Blackhat presentation seems to be the public release of that research.
Depends--if Norvig got Russell (co-author with him on Artificial Intelligence - a Modern Approach) to go in with him for a tag-team kind of thing, they'd probably win. On the other hand, Berners-Lee has the W3C on his side, a notoriously large and heavy organization, which could be hard to topple.
As a side note, I heard from a friend who was attending that Norvig's opening comment about people always asking him "Why are you against the Semantic Web?" was a response to Berners-Lee's opening, 'Poeple always ask me, "Why are you against Artificial Intelligence?"'