Assuming that this applies to FreeDB (which I don't think it does) I think that there is prior art. The patent was applied for in 1999, and I think FreeDB existed before that time.
Apparently you can protect information only if it pertains to the Olympics. They suppressed Olympic athletes from posting journals to the web. Really horrible, in my opinion.
Actually, you can protect some facts under trade secret laws. For example, the secret formula of Coca Cola. But the fact that Microsoft is giving the information out causes it not to be a trade secret.
MS has a nasty habit of moving their web pages around, and not using redirects; so the link they publish today may not be available tomorrow (or next week, or next month) even if the vulnerability is still important.
You'd think that a company so into the Internet and selling web servers would understand the concept of URLs. They really do make it hard to link to anything on their site, which is the whole point of the web. Their URLs are neither uniform, nor let you locate resources. (To be fair, places like ZD Net are just as bad.)
Thanks Steven. I appreciate your work. I found this article to be pretty fair. I would have liked to have seen some talk about KDE and better distinction between GNOME and Nautilus, but that's not very realistic given the space limitations. And the red arrows in the online version are cool. I had actually submitted this article to Slashdot, with a link to your homepage, but either it was rejected or somebody beat me to the punch.
PS. I can't wait until the new edition of Hackers is released! I've been looking for it for a couple years now.
The article appeared in this week's issue of Newsweek. (Unfortunately, if you go to www.newsweek.com, it takes you to MSNBC.) The interesting thing I noticed was that the screen capture of Nautilus is completely different in the print version, while MacOS X and Microsoft.NET are the same as in the online version.
If they did release the information, and a competitor started using the same color correction algorithm, HP would have no way to know that that competitor had stolen the code and violated HP's copyright (since the competitor wouldn't open the source either).
Sure they would. If they suspected some company, they could just reverse engineer the other company's driver. Microsoft got caught stealing Stacker code. Stacker took them to court and showed the judge that the assembly code was the same. Stacker was not a big company. If they can do it, surely HP can.
... the fact that you will continue a conversation well past the moderation window.
Yeah, I was thinking maybe we should take this to email.;)
I get your point about the FBI having screwed some things up. And I might even say that they don't care all that much about citizens' rights. But I think they do care about screwing things up so badly that they 1) look bad and 2) can't convict the perps. That's why I think they'll take the suggestions of this report to heart and follow reasonable procedures.
OK, so we still need to be a bit vigilant. I would expect ISPs to demand that Carnovore boxes be removed once the warrant expires. And the warrant will almost certainly have an expiration.
As far as the accounting, I'd bet that that will be changed in response to the report. I expect several other technical and procedural improvements to be made in accordance with the report's recommendations.
I'm pretty sure that the FBI actually would prefer to follow procedures to make sure that information is gathered in a legal manner that does not infringe on citizens' rights. Otherwise, the defense lawyers will end up getting their clients off on technicalities. And if the FBI hates anything, it would be that.
I could find nothing in the link you provided that said that Carnivore would be deployed everywhere. Cringely's article said that we should be worried if the FBI decided to deploy it everywhere. Believing his "if" is true paranoia.
Again I find it difficult to believe that you have read any of the articles that Sloshdot has referenced. The Carnivore boxes have a Zip or Jazz drive, which isn't enough to capture every packet that goes through an ISP. And they have to go to the ISP to get the disk, or else they have to download the info via a regular phone line.
I really don't think we need either. Besides, I just said that if he writes a demo, it could be used as a screensaver. So I was encouraging him to write a demo and submit it to xscreensaver.
If that's true, why are they putting a Carnivore in every ISP POP in the nation?
Where the heck did you come up with that? I find that very hard to believe since the FBI has to get a judge to give a court order specifying particular user information and a set time period every time a Carnivore box is deployed. Not to mention the fact that there are only a small number of people at the FBI capable of installing and monitoring a Carnivore box.
Please stop spreading FUD.
It's useless against knowledgeable criminals.
So is a phone wire tap. But criminals aren't exactly known for being super-intelligent. This is the FBI, not the CIA.
DHCP requests can only be read if you are within the LAN broadcast group. If there is a router between Carnivore and the "suspect", Carnivore must listen to everyone in an attempt to nab the suspect. If you split your DHCP ranges into subnets (and who doesn't) that means one carnivore box per subnet - totally unfeasible.
But they are targeting only 1 person, so they only need 1 Carnivore box -- placed as near as possible to the person they are looking for. They said that in the paper.
And it stands without even mentioning network cards with reprogrammable MACs, rotary MAC network stacks, RADIUS through encrypted tunnels, or international traffic where the broadcast range is way out of U.S. jurisdiction.
I don't think Carnivore is targeting these types of people, especially ones outside of US jurisdiction. Let's face it, you can circumvent Carnivore quite a bit by using SSL, SSH, and PGP. Most criminals are going to be smart enough to use those if they know how to reprogram their MAC address.
If you have comments or concerns with the report, the authors really would like your input. They understand that they might not have considered every aspect. Please let them know of your thoughts on their paper, but please do so in a non-inflamatory manner.
1. No matter HOW they try to spin it with Perot-Esque charts, current RAMBUS designs will never have the potential speed of DDR, and probably never will. Pumping data really really fast 16-bits at a time just simply can't compete with pumping data not quite as fast (yet) 64-bits at a time. RAMBUS is like figuring out a way to run a `286 really really REALLY insanely fast, but it's still only 16-bits.
Actually, we are starting to find that serial buses can be made faster than parallel buses. Look at USB replacing parallel ports for printers and scanners. Look at the upcoming IDE specs -- they're moving to serial. I believe Fiber-channel uses the SCSI command set on a serial bus, and future SCSI interfaces will also be serial.
The fact is that it is often actually easier to pump 1 bit at a super-fast rate than to try to synchronize 64-bits at a fast rate. Think about it -- which would be easier to run at 5 MHz, a CPU the complexity of a 286, or one the complexity of a Pentium IV? Also consider the money saved by having to run fewer data lines. Just because Rambus was incompetent does not mean that the technology is necessarily bad.
The chart on the first page of the article says that the memory bus increased only 4X from 1989 to 2000. I have to disagree. The article says that the FP SIMMs on 486s ran at 16 MHz. Those SIMMs were either 8-bit SIMMs run in banks of 4 or 32-bit SIMMs. Today's DIMMs do 64-bits at 133 MHz. So that would be 16 times faster, or 32 times if you count DDR. That's approximately equal to the increase in processor speed.
The whole point of the article, that RAM latencies have not kept up, is still a valid point. Although even the latencies have improved 8X. Remember, another reason that we don't have higher bandwidth memory is that it is hard to make motherboards and CPU interfaces that can handle higher clock frequencies.
I'm wondering if we could improve bandwidth and latency by going back to banked memory, perhaps interleaved.
I think JWZ was saying that if he creates a demo, he could contribute it to be used in xscreensaver. I don't think that he was implying that xscreensaver hacks are great demos, although I would say that many of them are pretty good mini-demos.
The monitoring service would not be a single point -- it would be a network. If nothing else, they could distribute it via Akamai or something similar.
The 286 had a major bug. The 286 was supposed to be able to do everything that the 386 does, but there was a bug with the MMU or virtualization or something. That's why Linux and other 32-bit OSes require at least a 386. Without the bugs, the 286 would be usable for those OSes.
A couple other highlights:
Segmented architecture through the 1990s
16-bit code more prevalent than 32-bit code through the mid-1990s
Hardly any registers to work with (still)
Real mode, virtual mode, protected mode
Assembler with operands listed destination,source (maybe to be more like C string functions?)
If you had read the report yourself, you would have found the answers to your questions. To read a dynamic IP address, you type in the MAC address of the system in question and Carnivore will listen for DHCP. It can also listen for RADIUS-assigned IP addresses by watching for the login name.
Just about all concerns with the system were addressed in the paper. The paper does make some recommendations to the FBI, like requiring access to the box to be auditable. There seem to be many checks and balances between the FBI and the court in regards to making sure that only the data listed in the court order is recorded. And the paper makes some recommendations to further check that.
All in all, I'm impressed with the paper. It is much more thorough and professional than I had expected. And while I was very skeptical before, I'm fairly well convinced that there is nothing sinister going on with the FBI in regards to Carnivore.
And Windows ME has much different options for ipconfig than Windows 2000.
C:\WINDOWS>ipconfig/?
Windows IP Configuration
Command line options: /All - Display detailed information. /Batch [file] - Write to file or./WINIPCFG.OUT /renew_all - Renew all adapters. /release_all - Release all adapters. /renew N - Renew adapter N. /release N - Release adapter N.
See what I mean? And the dialogs for each Windows version are all different as well.
My NIC wasn't working. In Windows I'd go to the "System Properties," find a yellow question mark, and work on the driver. Under Linux I was lost.
Obviously you've only ever used 1 version of Windows. In Windows 3.11, you had to set the NIC in one place. In Windows 95 it was in another. NT 4.0 - different. Windows 2000 - different again. Just setting an IP address is the worst.
I've got Microsoft and Linux certifications, and I've used both about equally. And I can unequivocally say that they are both very inconsistent when it comes to configuring anything. There is no consistent management/configuration program in Linux. (But at least I can use ifconfig to do it manually, and can find the man page quickly.) And Windows keeps moving configuration programs around on me - really just confusing me, because all the different versions look pretty much the same.
And people will keep buying P4's from Intel, simply because Intel is the standard.
Not quite true. Look at Intel's last quarter. They didn't meet expectations, saying that the European market was softening. Yet AMD did OK. Intel has been faltering lately, and this looks like they are going to continue to do so. And AMD is there ready to take up the slack.
I get the feeling that it may be time to short Intel's stock. It looks like they're going to have another miserable failure on their hands. Why would anyone want to buy something that is more expensive for about the same performance, but with a guaranteed retirement of all the components in 6 months?
The point was that when you bought the record, you paid for 2 things: 1) the media that the music came on, i.e. the 12" vinyl album itself, and 2) the right to listen to the music recorded on that medium.
The cost of the media itself is about $2 these days, including packaging. Give that about 100% markup and a bit more for distribution costs. That comes to $5 for the media, and about $7-$12 for the right to listen to the contents.
But if you have already paid for the right to listen to the contents on a copy you previously bought, why do you have to pay full price to receive a second copy of the media?
The conclusion that you could draw is that since the second copy that you purchase for yourself costs the same as the first, then the record companies are charging 100% of the price for the media and that the right to listen to it is 0% of the price. Therefore, if I copy the music and give it to someone else, I have cost the music company $0. So if I were to make a copy and distribute it on Napster, the record company would be able to sue me for that $0, and nothing more.
Actually, they would capture RADIUS packets to determine when a particular user logs in to the ISP's network. Then they get an IP address for the user. Then they can filter all email coming from that address. Or all packets from that address, as the case may be. To me, this actually shows that they are trying to filter traffic from only one IP address. (Not proof, mind you, but an indication.)
Slashdot Mirror
Assuming that this applies to FreeDB (which I don't think it does) I think that there is prior art. The patent was applied for in 1999, and I think FreeDB existed before that time.
Apparently you can protect information only if it pertains to the Olympics. They suppressed Olympic athletes from posting journals to the web. Really horrible, in my opinion.
Actually, you can protect some facts under trade secret laws. For example, the secret formula of Coca Cola. But the fact that Microsoft is giving the information out causes it not to be a trade secret.
You'd think that a company so into the Internet and selling web servers would understand the concept of URLs. They really do make it hard to link to anything on their site, which is the whole point of the web. Their URLs are neither uniform, nor let you locate resources. (To be fair, places like ZD Net are just as bad.)
PS. I can't wait until the new edition of Hackers is released! I've been looking for it for a couple years now.
The article appeared in this week's issue of Newsweek. (Unfortunately, if you go to www.newsweek.com, it takes you to MSNBC.) The interesting thing I noticed was that the screen capture of Nautilus is completely different in the print version, while MacOS X and Microsoft .NET are the same as in the online version.
Sure they would. If they suspected some company, they could just reverse engineer the other company's driver. Microsoft got caught stealing Stacker code. Stacker took them to court and showed the judge that the assembly code was the same. Stacker was not a big company. If they can do it, surely HP can.
Yeah, I was thinking maybe we should take this to email. ;)
I get your point about the FBI having screwed some things up. And I might even say that they don't care all that much about citizens' rights. But I think they do care about screwing things up so badly that they 1) look bad and 2) can't convict the perps. That's why I think they'll take the suggestions of this report to heart and follow reasonable procedures.
OK, so we still need to be a bit vigilant. I would expect ISPs to demand that Carnovore boxes be removed once the warrant expires. And the warrant will almost certainly have an expiration.
As far as the accounting, I'd bet that that will be changed in response to the report. I expect several other technical and procedural improvements to be made in accordance with the report's recommendations.
I'm pretty sure that the FBI actually would prefer to follow procedures to make sure that information is gathered in a legal manner that does not infringe on citizens' rights. Otherwise, the defense lawyers will end up getting their clients off on technicalities. And if the FBI hates anything, it would be that.
If a CPO is a Chief Privacy Officer, what would a C3PO be?
Again I find it difficult to believe that you have read any of the articles that Sloshdot has referenced. The Carnivore boxes have a Zip or Jazz drive, which isn't enough to capture every packet that goes through an ISP. And they have to go to the ISP to get the disk, or else they have to download the info via a regular phone line.
I really don't think we need either. Besides, I just said that if he writes a demo, it could be used as a screensaver. So I was encouraging him to write a demo and submit it to xscreensaver.
Where the heck did you come up with that? I find that very hard to believe since the FBI has to get a judge to give a court order specifying particular user information and a set time period every time a Carnivore box is deployed. Not to mention the fact that there are only a small number of people at the FBI capable of installing and monitoring a Carnivore box.
Please stop spreading FUD.
So is a phone wire tap. But criminals aren't exactly known for being super-intelligent. This is the FBI, not the CIA.
But they are targeting only 1 person, so they only need 1 Carnivore box -- placed as near as possible to the person they are looking for. They said that in the paper.
I don't think Carnivore is targeting these types of people, especially ones outside of US jurisdiction. Let's face it, you can circumvent Carnivore quite a bit by using SSL, SSH, and PGP. Most criminals are going to be smart enough to use those if they know how to reprogram their MAC address.
If you have comments or concerns with the report, the authors really would like your input. They understand that they might not have considered every aspect. Please let them know of your thoughts on their paper, but please do so in a non-inflamatory manner.
Actually, we are starting to find that serial buses can be made faster than parallel buses. Look at USB replacing parallel ports for printers and scanners. Look at the upcoming IDE specs -- they're moving to serial. I believe Fiber-channel uses the SCSI command set on a serial bus, and future SCSI interfaces will also be serial.
The fact is that it is often actually easier to pump 1 bit at a super-fast rate than to try to synchronize 64-bits at a fast rate. Think about it -- which would be easier to run at 5 MHz, a CPU the complexity of a 286, or one the complexity of a Pentium IV? Also consider the money saved by having to run fewer data lines. Just because Rambus was incompetent does not mean that the technology is necessarily bad.
The chart on the first page of the article says that the memory bus increased only 4X from 1989 to 2000. I have to disagree. The article says that the FP SIMMs on 486s ran at 16 MHz. Those SIMMs were either 8-bit SIMMs run in banks of 4 or 32-bit SIMMs. Today's DIMMs do 64-bits at 133 MHz. So that would be 16 times faster, or 32 times if you count DDR. That's approximately equal to the increase in processor speed.
The whole point of the article, that RAM latencies have not kept up, is still a valid point. Although even the latencies have improved 8X. Remember, another reason that we don't have higher bandwidth memory is that it is hard to make motherboards and CPU interfaces that can handle higher clock frequencies.
I'm wondering if we could improve bandwidth and latency by going back to banked memory, perhaps interleaved.
I think JWZ was saying that if he creates a demo, he could contribute it to be used in xscreensaver. I don't think that he was implying that xscreensaver hacks are great demos, although I would say that many of them are pretty good mini-demos.
The monitoring service would not be a single point -- it would be a network. If nothing else, they could distribute it via Akamai or something similar.
A couple other highlights:
If you had read the report yourself, you would have found the answers to your questions. To read a dynamic IP address, you type in the MAC address of the system in question and Carnivore will listen for DHCP. It can also listen for RADIUS-assigned IP addresses by watching for the login name.
Just about all concerns with the system were addressed in the paper. The paper does make some recommendations to the FBI, like requiring access to the box to be auditable. There seem to be many checks and balances between the FBI and the court in regards to making sure that only the data listed in the court order is recorded. And the paper makes some recommendations to further check that.
All in all, I'm impressed with the paper. It is much more thorough and professional than I had expected. And while I was very skeptical before, I'm fairly well convinced that there is nothing sinister going on with the FBI in regards to Carnivore.
See what I mean? And the dialogs for each Windows version are all different as well.
Obviously you've only ever used 1 version of Windows. In Windows 3.11, you had to set the NIC in one place. In Windows 95 it was in another. NT 4.0 - different. Windows 2000 - different again. Just setting an IP address is the worst.
I've got Microsoft and Linux certifications, and I've used both about equally. And I can unequivocally say that they are both very inconsistent when it comes to configuring anything. There is no consistent management/configuration program in Linux. (But at least I can use ifconfig to do it manually, and can find the man page quickly.) And Windows keeps moving configuration programs around on me - really just confusing me, because all the different versions look pretty much the same.
Not quite true. Look at Intel's last quarter. They didn't meet expectations, saying that the European market was softening. Yet AMD did OK. Intel has been faltering lately, and this looks like they are going to continue to do so. And AMD is there ready to take up the slack.
I get the feeling that it may be time to short Intel's stock. It looks like they're going to have another miserable failure on their hands. Why would anyone want to buy something that is more expensive for about the same performance, but with a guaranteed retirement of all the components in 6 months?
The point was that when you bought the record, you paid for 2 things: 1) the media that the music came on, i.e. the 12" vinyl album itself, and 2) the right to listen to the music recorded on that medium.
The cost of the media itself is about $2 these days, including packaging. Give that about 100% markup and a bit more for distribution costs. That comes to $5 for the media, and about $7-$12 for the right to listen to the contents.
But if you have already paid for the right to listen to the contents on a copy you previously bought, why do you have to pay full price to receive a second copy of the media?
The conclusion that you could draw is that since the second copy that you purchase for yourself costs the same as the first, then the record companies are charging 100% of the price for the media and that the right to listen to it is 0% of the price. Therefore, if I copy the music and give it to someone else, I have cost the music company $0. So if I were to make a copy and distribute it on Napster, the record company would be able to sue me for that $0, and nothing more.
QED.
Actually, they would capture RADIUS packets to determine when a particular user logs in to the ISP's network. Then they get an IP address for the user. Then they can filter all email coming from that address. Or all packets from that address, as the case may be. To me, this actually shows that they are trying to filter traffic from only one IP address. (Not proof, mind you, but an indication.)