nyone here bright enough to suggest a good way to protect from this? My first thought was to sign the public key with another, use an X.509 certificate or something but the problem is that you can always patch the signature/certificate/checksum/whatever verification mechanism... So what is the solution?
You'd have to put the key and the checking code into tamper-resistant hardware which then had the power to shut down the game and refuse to play it if the signature was bad. Ideally the hardware would be integral to the operation of the system so you couldn't just disable it.
First, most cities are not "restricted airspace". There are no prohibitions against flying over all kinds of areas where just as much damage could be done as happened on 9/11. And in fact, you can't protect cities in this way, because they tend to put airports near cities. So this proposal fails to achieve its most basic security goal.
In fact, most restricted airspace is over isolated areas and is used for military training. It is restricted only so that combat pilots don't have to worry about accidentally ramming into jetliners.
Second, these days one of the main forms of security related restricted airspace is the Temporary Flight Restriction, TFR. This follows the president all over the country as he campaigns for the 2004 elections. But since the locations of the TFRs change daily and unpredictably, there would be no reliable way for the avionics to be loaded with the current TFR locations. Hence the proposal would fail to address one of the main current security concerns.
Third, there are significant safety issues involved. Every system is prone to failure. What happens when the gadget mistakenly activates and starts trying to turn the plane? The pilot will be fighting with the controls at a time when he may be distracted trying to land in bad weather. The system could easily kill many more people than it would save.
And fourth, there are occasions when there is a legitimate need to enter restricted airspace, such as during an emergency. A dumb gadget like this cannot be expected to understand that an engine is failing or that the control surfaces are damaged, and the pilot needs to get the plane on the ground pronto! Military bases, with their ultra-long runways and isolation from civilians, are ideal locations for emergency landings; but they are generally in restricted airspace. Again, imagine the scenario of trying to land a crippled airliner while battling a robot which insists that you don't have the right to land there!
All in all this is such a bad idea that it's clear that no one involved has any experience with the aviation business and what the real security issues are.
I assume this is the same Thomas Gold, Cornell astrophysicist, who is best known for his Deep, Hot Biosphere theory, which says that oil and natural gas do not come from decomposing organic matter, but rather are inorganic products of the deep earth itself. Gold has predicted for decades that our oil and gas discoveries have but scratched the surface, and that there are incredibly more massive reserves waiting to be discovered below.
Unfortunately for Gold, no convincing evidence for his theory has ever been found, and he is widely considered a crank. Now that he has been retired for several years, we have to consider him a senile crank.
Certainly the current paper does nothing to change that opinion. Among the other obvious physics mistakes which have been pointed out, let's look a little closer at his final example, a light beam incident on a dark body. Gold purports to show that the body's velocity calculated based on momentum transfer is inconsistent with the velocity based on energy transfer. But this is an elementary mistake! Any calculation based on equating these two results for an inelastic collision (as when the incident particles are absorbed by the body) will show the same disagreement.
What Gold neglects to consider is that some of the energy is absorbed as heat. You can't calculate the body's velocity based on the assumption that all the energy becomes kinetic. It is the momentum-conservation formula which correctly tells us what the final speed of the body will be.
It's always sad to see a once-great mind descend into senility. I'm not sure whether it's even sadder when the mind was once a crank.
That's right, and it's only going to get worse. The legal criterion is whether you have an "expecation of privacy". Well, walking around in public, you really don't. You've always accepted that people could see where you are and where you are going when you move around in public.
The problem is that with the continuing advancement of sensor and camera technology, eventually virtually every square inch of public space is going to be watched. Then it is just a matter of software to track people as they move from place to place.
In my opinion we should accept this, and make sure it's public. That is, let the cameras all be webcams on the internet, not Big Brother cams feeding into the police station. Then everyone will have access to the same information, and we won't be putting more power into the hands of the government.
All else being equal, "open" surveillance is likely to happen. The only thing that would stop it would be if they passed a law making it illegal to put a webcam in front of your house aimed at the street, in a misguided attempt to protect privacy. All such laws would accomplish is to hide the problem by letting the government watch people in secrecy.
once one person has managed to crack it, Palladium becomes a double edged sword that now swings in favour of the pirates, who can use it to create an untraceable distribution network.
You don't need to "crack it". Trusted Computing has as its design goal exactly this sort of functionality: allowing networks of computers to trust that all the systems will behave in a predictable way. No one seems to understand that Microsoft wants this kind of functionality. DRM is only part of the picture. TC allows for far more than DRM. It assists any application which involves a network that would benefit if the programs knew what was running on the other end.
Microsoft has surely known all along that TC would allow for this kind of thing. Of course they probably neglected to mention it to the RIAA. But the genius of Palladium is that by allowing programs to prove that they will behave in a certain way, it solves the DRM problem at one stroke whle at the same time allowing for an infinite variety of new applications.
This is what trusted computing will be like. But instead of your employer limiting you at work, it will be Microsoft limiting you at home. "Where the fuck do you think you're going!?"
No, that's not correct. Doing this would reduce the sales of Microsoft software, and Microsoft's goal is to sell more software rather than less.
Instead, trusted computing will add new capabilities to your system, while still letting you do everything you can do today.
These new capabilities will allow "trusted" applications to report their identity unspoofably to remote servers. The servers can then refuse to supply content to users who aren't running software which will enforce DRM rules.
So you will still be able to do what you can today; but maybe everybody else will be able to do a lot more, downloading legal content under DRM restrictions. It's not so much that Trusted Computing will restrict what you can do; it's that it opens up new possibilities, but only under rules that are effectively enforced.
we all deal with 'trusted computing' to some extent or other. in any computer system there is a person/persons/entity that is trusted. in the simplest form it is supervisor/admin/etc. as you design a network you describe who is trusted.
With Trusted Computing, it is the program which is trusted - to behave as it was coded to behave!
I remember when I was a kid, there was a book distributed by the John Birch Society (ultra right wingers): "You can Trust the Communists" A shocking title for the days of McCarthyism. But that wasn't the whole title; there was a continuation in fine print: "(To Be Communists)".
This is kind of how Trusted Computing works. You can trust a program - to be itself. If a local or remote system is running a given program, you can trust that the program will run as written. It may be buggy, it may be inefficient, but those are internal flaws. No one can impose their own rules on the program; no one can alter it, no one can peek into its memory. At most they can cut the program off and prevent it from running. But if it runs, it runs as written.
Yes, I can presently trust that my browser is not lying to me. On a "trusted computing" platform, I will no longer have that trust, because I won't have the final say about what browser and how it's used.
You won't be able to alter or patch your browser without the remote server being able to find out that you have done so. Once your browser is loaded into memory and is running, you won't be able to debug it or alter or inspect its memory. Those are the limitations imposed by the trusted computing concept. None of this changes how or whether your browser may lie to you.
You will still have the final say about what browser to use and what you do with it. However since your browser can report its identity to a remote site in an un-spoofable way, it will increase the power of servers to decide which browsers to accept. Your only choice in some cases may be to refuse to visit certain sites, or else to use a specific browser that will honor some DRM rules, and which the site requires to be used for downloads.
TCPA is a (possibly) good thing. Palladium/DRM, that's the real evil (from the consumer and OSS viewpoints, anyways).
No, that's totally mistaken. TCPA (recently renamed TCG) is essentially identical to Palladium/NGSCB in its basic security goals. TCPA provides for exactly the same kind of features, including the "secure attestation" which is the core requirement for DRM.
This is the feature whereby the TCPA chip (called the TPM) computes a cryptographic hash of the software that loads, and then reports this hash to a remote server. The server can use this to decide if you have loaded software that it will trust, and decide on that basis whether to download content to you. This is precisely how DRM is implemented and facilitated by trusted computing designs, and it is fully documented in the TCPA spec.
The idea that TCPA=good and Palladium=bad is a myth. The systems are fundamentally the same, and they are becoming closer, in that TCPA V2 is probably going to basically be Palladium.
In this context, trusted computing means that your computer program can be trusted to operate according to its software code. That implies that the end user (or anyone else) cannot debug, alter or inspect the program while it is running. All he can do is exert the ultimate control: pull the plug, shut down the computer, stop the program. But if it is allowed to run, it can be trusted to run according to its code.
In practice this is achieved by having some secure hardware report a hash of the program's code as it is loaded into memory, and arranging that no other programs (or the user) can alter the program as it exists in that memory. Microsoft is augmenting the Intel memory management model to achieve this kind of protection.
It's not a matter of the program lying to you as the user. You can trust the program just as much as anyone else - to run according to its code. You no longer have the power to alter the program and to make it run differently. But you can still trust it to behave as it was coded to behave.
This means that trusted programs do have a certain immunity to viruses, in that if another program gets corrupted, it can't affect the trusted one. However trusted programs can still have bugs and so they will still be able to be subverted. All the "trusted" protection can achieve is to minimize the damage, so that one program which gets broken can't infect or alter others.
So WHAT exactly is the EFF campaigning against? If it's campaigning against the above, and suggesting that people should be able to redistribute the works of others without the permission of the people who were responsible for us having those works in the first place, then how is this going to make the EFF, technical community, and peer-to-peer advocates look in general?
You're right, that's exactly what the EFF is suggesting. Read their lnks and you'll see that all of them involve sharing music without the permission of the creators. Then they have some method, voluntary or involuntary, of funding the creative artists.
Of course, there's no consideration of whether the artists find this level of funding acceptable. Apparently in the EFF world, we take from the artists according to their ability, and we fund them according to whatever we feel like.
I just hope that people are able to see and understand the fundamental immorality of refusing to honor the conditions under which creative artists are willing to release their works. We are so fortunate to have people in the world who are willing and able to create new and wonderful works of art. It is sad that we think that we have the right to ignore the wishes of the creators.
The problem is that there is no adequate system in place that allows music lovers access to their favorite music while compensating artists and copyright holders.
What the EFF really wants is Socialized Music.
The government would lay a new tax on Internet users, maybe spread uniformly, maybe based on how much you download, maybe on how much money you have. This would then be used to fund approved artists.
That's right. All artists would be paid by the government! If you think the DMV and the IRS are great ways to spend your money, just wait until your music is funded via the same kind of bureaucracies.
This is such a terrible idea that it deserves all the ridicule and opposition we can muster. I'd rather suffer a thousand RIAA lawsuits than to put the government in charge of music and the other arts.
As others have pointed out, iTunes demonstrates that people will be willing to pay for music if they can download it quickly and easily. That's all it's going to take, the carrot of easy and relatively cheap downloads, plus the stick of suing heavy file traders. This problem is about to be solved, and we don't have to get the government involved.
He's not being charged the full $180 million (which is probably excessive, but it really doesn't matter) he's being charged $500 a month for life. That charge really isn't inflated.
There's a decent chance that in 50 years or so, medicine will have advanced to the point that current causes of death can all be fixed, making humans virtually immortal. What happens to his $500/month for life, then? Huh? Did you think of that? $500 times infinity is...
This is not an exploit designed to show that biometric systems can be fooled or that you could create some kind of fake image that would match an existing one.
The whole point is that this shows that biometric templates are privacy-sensitive. Previously it was thought that they could be stored and promulgated without interfering with anyone's privacy, because it was thought to be infeasible to start from the template and reconstruct personally identifiable information about the subject.
The new paper shows that this is not true; from the templates, you can reconstruct an identifiable picture of the individual. That means that, for example, if you had a bunch of templates of people who went in for an AIDS test, you could re-create pictures of the people who went in, adequate to recognize individuals.
This would therefore interfere with the privacy of those individuals. And that implies that templates need to be subject to the same kind of privacy restrictions as other forms of personally identifying information, a standard to which they have not traditionally been held.
If you or anyone else can find attacks Freenet's protection of anonymity that an entity such as the RIAA would be capable of carrying out and that could provide enough evidence for a lawsuit, I'd be much surprised.
Won't attack X break Freenet's anonymity?
Short answer: Probably yes.
Long answer:
Freenet does not offer true anonymity in the way that the Mixmaster and cypherpunk remailers do.... On Freenet, whatever you do, your identity is still revealed to the first Freenet Node you talk to.... The anonymity that Freenet offers is really just obscurity....
It is our intention that Freenet's node-to-node communications should be encrypted, but that has not been implemented either....
In fact it is clear reading this FAQ that Freenet makes only very weak claims about anonymity protection!
Fundamentally, no P2P network can truly protect your anonymity, because there has to be a gateway which an RIAA official can connect to and download a copyrighted song. That gateway can then be held responsible for contributory infringement. This applies to Freenet or to any other so-called anonymous P2P system.
Plain old copyright law required that the defendant had to actually make some money for it to be illegal. Just making copies and even distributing them for free was legal. It was a fair use to do it like that. It wasn't till the DMCA came around that distributing copyright material (for free or not) was illegal.
You're right that "plain old copyright law" did require some profit motive. But it wasn't the DMCA that fixed it. It was the NET Act, the No Electronic Theft Act.
Among other things, the NET Act will:
"Permit the Department to prosecute individuals under misdemeanor or felony provisions(1) in cases involving large-scale illegal reproduction or distribution of copyrighted works where the infringers act willfully but without a discernible profit motive..."
I assume a good number of people have rights to the music they download, and there is no reason for me, nor the courts, to presume otherwise.
Then you'll be surprised to learn that courts deal with reality and truth, rather than sophistry and pretense. You and I both know that the vast majority of music file sharers do not have rights to the music they download, and the judge is no fool, either. Courtrooms deal with the reality of the situation, and arguments like yours go nowhere.
The only problem I see is that the hashes are still derived from SCO's intellectual property and are therefore still covered by copyright.
The issue is not copyright. It is the non-disclosure agreement.
If it were just copyright, anyone who saw the code could say what was in it. Copyright only covers the specific expression of the idea. It does not cover a description of the same ideas in different words. So anyone who had seen the SCO code could say what functionality it had.
The NDA is obviously much more restrictive than that. No one is (apparently) allowed to say much of anything about the code at all. It's likely that talking about MD5 checksums of the code would be covered as well.
Jobs said the design sucked. Who knows what it looked like back then? He's talking about the shape, the way it looks. I'd say the Segway looks pretty cool right now. Chances are that what Kamen put together out of cardboard boxes was a crude prototype. They probably did get a design firm involved to finalize the shape and appearance of the device. Jobs is right, a good industrial design firm can produce devices that look like works of art.
Why, Gramps used to use a good ol' corn-cob pipe. You can make all kinds of decorative and useful utensils and home decorations out of corn cobs. Don't throw them out!
Did anyone else find that the font size changed on slashdot about two weeks ago? I'm using Netscape 4.72 on Linux, and the new appearance looks terrible. I used the Internet Archive to compare with last year's pages and those still look fine, so I don't think it's anything I did.
Maybe you could have a page where you report on code changes, so users are given a clue about what might have happened when things break?
The issue is UHF. All those channels from 14 to 89 or whatever, over 90% of them sitting there unused on a national basis. That's an enormous amount of bandwidth that can't be used for any other purpose. It just sits there like a stagnant pond or a weed-filled vacant lot.
ANY use you put that to would be better than the way it's being managed now. You couldn't do worse!
The fact is DRM takes away the PEOPLES' rights to choose who to trust.
Wrong, DRM gives everyone the power to choose who to trust. That's why you hate it - because you don't want the content companies to have the power to choose whether or not to trust you!
But the shoe fits both feet. You also gain the power to choose who to trust. For example, you could join a P2P network and choose whether to let people in with clients that are going to cheat, send bogus data and flood the net. It's your decision.
And even when someone else is choosing whether to trust you or not, you can always refuse to play the game. They won't trust you, they won't give you whatever privileges or juicy data they were handing out, but it's a mutual decision.
Do you see why this is a bad thing? Not just because I can't listen to it in my car, but because I no longer have any control over the music I bought. I paid money for the damned thing, and now I can't even listen to it in my car.
Maybe you should have thought of that before you agreed to these restrictions as a condition of purchase. If someone wants to sell music and put conditions on it that you don't like, you have every right to refuse to buy it. But if you do buy it and agree to those conditions, then don't go on whining about it!
If you don't like the restrictions, then buy music from people who don't put restrictions on it. Or make your own music. But if someone wants to say that you can only listen to their music while wearing a pink tu-tu, you can either agree to the conditions, take the music, and be honest about what you promised, or you can tell them to go take a flying leap.
Trusted means that your computer is going to behave in a predictable way, that it will just execute the damn program and not fuck with it.
Is that so horrible? If you can't stand the thought of running a program without screwing with it, then don't try to tell other people that that's what you're going to do.
All trusted computing means is that you tell other people that you'll run the software cleanly, and they can trust you to tell them the truth. If you can't stand this level of honesty then maybe you better take a good hard look at yourself.
Slashdot Mirror
nyone here bright enough to suggest a good way to protect from this? My first thought was to sign the public key with another, use an X.509 certificate or something but the problem is that you can always patch the signature/certificate/checksum/whatever verification mechanism... So what is the solution?
You'd have to put the key and the checking code into tamper-resistant hardware which then had the power to shut down the game and refuse to play it if the signature was bad. Ideally the hardware would be integral to the operation of the system so you couldn't just disable it.
This is a terrible idea for many reasons.
First, most cities are not "restricted airspace". There are no prohibitions against flying over all kinds of areas where just as much damage could be done as happened on 9/11. And in fact, you can't protect cities in this way, because they tend to put airports near cities. So this proposal fails to achieve its most basic security goal.
In fact, most restricted airspace is over isolated areas and is used for military training. It is restricted only so that combat pilots don't have to worry about accidentally ramming into jetliners.
Second, these days one of the main forms of security related restricted airspace is the Temporary Flight Restriction, TFR. This follows the president all over the country as he campaigns for the 2004 elections. But since the locations of the TFRs change daily and unpredictably, there would be no reliable way for the avionics to be loaded with the current TFR locations. Hence the proposal would fail to address one of the main current security concerns.
Third, there are significant safety issues involved. Every system is prone to failure. What happens when the gadget mistakenly activates and starts trying to turn the plane? The pilot will be fighting with the controls at a time when he may be distracted trying to land in bad weather. The system could easily kill many more people than it would save.
And fourth, there are occasions when there is a legitimate need to enter restricted airspace, such as during an emergency. A dumb gadget like this cannot be expected to understand that an engine is failing or that the control surfaces are damaged, and the pilot needs to get the plane on the ground pronto! Military bases, with their ultra-long runways and isolation from civilians, are ideal locations for emergency landings; but they are generally in restricted airspace. Again, imagine the scenario of trying to land a crippled airliner while battling a robot which insists that you don't have the right to land there!
All in all this is such a bad idea that it's clear that no one involved has any experience with the aviation business and what the real security issues are.
I assume this is the same Thomas Gold, Cornell astrophysicist, who is best known for his Deep, Hot Biosphere theory, which says that oil and natural gas do not come from decomposing organic matter, but rather are inorganic products of the deep earth itself. Gold has predicted for decades that our oil and gas discoveries have but scratched the surface, and that there are incredibly more massive reserves waiting to be discovered below.
Unfortunately for Gold, no convincing evidence for his theory has ever been found, and he is widely considered a crank. Now that he has been retired for several years, we have to consider him a senile crank.
Certainly the current paper does nothing to change that opinion. Among the other obvious physics mistakes which have been pointed out, let's look a little closer at his final example, a light beam incident on a dark body. Gold purports to show that the body's velocity calculated based on momentum transfer is inconsistent with the velocity based on energy transfer. But this is an elementary mistake! Any calculation based on equating these two results for an inelastic collision (as when the incident particles are absorbed by the body) will show the same disagreement.
What Gold neglects to consider is that some of the energy is absorbed as heat. You can't calculate the body's velocity based on the assumption that all the energy becomes kinetic. It is the momentum-conservation formula which correctly tells us what the final speed of the body will be.
It's always sad to see a once-great mind descend into senility. I'm not sure whether it's even sadder when the mind was once a crank.
That's right, and it's only going to get worse. The legal criterion is whether you have an "expecation of privacy". Well, walking around in public, you really don't. You've always accepted that people could see where you are and where you are going when you move around in public.
The problem is that with the continuing advancement of sensor and camera technology, eventually virtually every square inch of public space is going to be watched. Then it is just a matter of software to track people as they move from place to place.
In my opinion we should accept this, and make sure it's public. That is, let the cameras all be webcams on the internet, not Big Brother cams feeding into the police station. Then everyone will have access to the same information, and we won't be putting more power into the hands of the government.
All else being equal, "open" surveillance is likely to happen. The only thing that would stop it would be if they passed a law making it illegal to put a webcam in front of your house aimed at the street, in a misguided attempt to protect privacy. All such laws would accomplish is to hide the problem by letting the government watch people in secrecy.
once one person has managed to crack it, Palladium becomes a double edged sword that now swings in favour of the pirates, who can use it to create an untraceable distribution network.
You don't need to "crack it". Trusted Computing has as its design goal exactly this sort of functionality: allowing networks of computers to trust that all the systems will behave in a predictable way. No one seems to understand that Microsoft wants this kind of functionality. DRM is only part of the picture. TC allows for far more than DRM. It assists any application which involves a network that would benefit if the programs knew what was running on the other end.
Microsoft has surely known all along that TC would allow for this kind of thing. Of course they probably neglected to mention it to the RIAA. But the genius of Palladium is that by allowing programs to prove that they will behave in a certain way, it solves the DRM problem at one stroke whle at the same time allowing for an infinite variety of new applications.
This is what trusted computing will be like. But instead of your employer limiting you at work, it will be Microsoft limiting you at home. "Where the fuck do you think you're going!?"
No, that's not correct. Doing this would reduce the sales of Microsoft software, and Microsoft's goal is to sell more software rather than less.
Instead, trusted computing will add new capabilities to your system, while still letting you do everything you can do today.
These new capabilities will allow "trusted" applications to report their identity unspoofably to remote servers. The servers can then refuse to supply content to users who aren't running software which will enforce DRM rules.
So you will still be able to do what you can today; but maybe everybody else will be able to do a lot more, downloading legal content under DRM restrictions. It's not so much that Trusted Computing will restrict what you can do; it's that it opens up new possibilities, but only under rules that are effectively enforced.
we all deal with 'trusted computing' to some extent or other. in any computer system there is a person/persons/entity that is trusted. in the simplest form it is supervisor/admin/etc. as you design a network you describe who is trusted.
With Trusted Computing, it is the program which is trusted - to behave as it was coded to behave!
I remember when I was a kid, there was a book distributed by the John Birch Society (ultra right wingers): "You can Trust the Communists" A shocking title for the days of McCarthyism. But that wasn't the whole title; there was a continuation in fine print: "(To Be Communists)".
This is kind of how Trusted Computing works. You can trust a program - to be itself. If a local or remote system is running a given program, you can trust that the program will run as written. It may be buggy, it may be inefficient, but those are internal flaws. No one can impose their own rules on the program; no one can alter it, no one can peek into its memory. At most they can cut the program off and prevent it from running. But if it runs, it runs as written.
Yes, I can presently trust that my browser is not lying to me. On a "trusted computing" platform, I will no longer have that trust, because I won't have the final say about what browser and how it's used.
You won't be able to alter or patch your browser without the remote server being able to find out that you have done so. Once your browser is loaded into memory and is running, you won't be able to debug it or alter or inspect its memory. Those are the limitations imposed by the trusted computing concept. None of this changes how or whether your browser may lie to you.
You will still have the final say about what browser to use and what you do with it. However since your browser can report its identity to a remote site in an un-spoofable way, it will increase the power of servers to decide which browsers to accept. Your only choice in some cases may be to refuse to visit certain sites, or else to use a specific browser that will honor some DRM rules, and which the site requires to be used for downloads.
TCPA is a (possibly) good thing. Palladium/DRM, that's the real evil (from the consumer and OSS viewpoints, anyways).
No, that's totally mistaken. TCPA (recently renamed TCG) is essentially identical to Palladium/NGSCB in its basic security goals. TCPA provides for exactly the same kind of features, including the "secure attestation" which is the core requirement for DRM.
This is the feature whereby the TCPA chip (called the TPM) computes a cryptographic hash of the software that loads, and then reports this hash to a remote server. The server can use this to decide if you have loaded software that it will trust, and decide on that basis whether to download content to you. This is precisely how DRM is implemented and facilitated by trusted computing designs, and it is fully documented in the TCPA spec.
The idea that TCPA=good and Palladium=bad is a myth. The systems are fundamentally the same, and they are becoming closer, in that TCPA V2 is probably going to basically be Palladium.
In this context, trusted computing means that your computer program can be trusted to operate according to its software code. That implies that the end user (or anyone else) cannot debug, alter or inspect the program while it is running. All he can do is exert the ultimate control: pull the plug, shut down the computer, stop the program. But if it is allowed to run, it can be trusted to run according to its code.
In practice this is achieved by having some secure hardware report a hash of the program's code as it is loaded into memory, and arranging that no other programs (or the user) can alter the program as it exists in that memory. Microsoft is augmenting the Intel memory management model to achieve this kind of protection.
It's not a matter of the program lying to you as the user. You can trust the program just as much as anyone else - to run according to its code. You no longer have the power to alter the program and to make it run differently. But you can still trust it to behave as it was coded to behave.
This means that trusted programs do have a certain immunity to viruses, in that if another program gets corrupted, it can't affect the trusted one. However trusted programs can still have bugs and so they will still be able to be subverted. All the "trusted" protection can achieve is to minimize the damage, so that one program which gets broken can't infect or alter others.
So WHAT exactly is the EFF campaigning against? If it's campaigning against the above, and suggesting that people should be able to redistribute the works of others without the permission of the people who were responsible for us having those works in the first place, then how is this going to make the EFF, technical community, and peer-to-peer advocates look in general?
You're right, that's exactly what the EFF is suggesting. Read their lnks and you'll see that all of them involve sharing music without the permission of the creators. Then they have some method, voluntary or involuntary, of funding the creative artists.
Of course, there's no consideration of whether the artists find this level of funding acceptable. Apparently in the EFF world, we take from the artists according to their ability, and we fund them according to whatever we feel like.
I just hope that people are able to see and understand the fundamental immorality of refusing to honor the conditions under which creative artists are willing to release their works. We are so fortunate to have people in the world who are willing and able to create new and wonderful works of art. It is sad that we think that we have the right to ignore the wishes of the creators.
The problem is that there is no adequate system in place that allows music lovers access to their favorite music while compensating artists and copyright holders.
What the EFF really wants is Socialized Music.
The government would lay a new tax on Internet users, maybe spread uniformly, maybe based on how much you download, maybe on how much money you have. This would then be used to fund approved artists.
That's right. All artists would be paid by the government! If you think the DMV and the IRS are great ways to spend your money, just wait until your music is funded via the same kind of bureaucracies.
This is such a terrible idea that it deserves all the ridicule and opposition we can muster. I'd rather suffer a thousand RIAA lawsuits than to put the government in charge of music and the other arts.
As others have pointed out, iTunes demonstrates that people will be willing to pay for music if they can download it quickly and easily. That's all it's going to take, the carrot of easy and relatively cheap downloads, plus the stick of suing heavy file traders. This problem is about to be solved, and we don't have to get the government involved.
Fight Socialized Music!
There's a decent chance that in 50 years or so, medicine will have advanced to the point that current causes of death can all be fixed, making humans virtually immortal. What happens to his $500/month for life, then? Huh? Did you think of that? $500 times infinity is...
Every comment I have read has missed the point!
This is not an exploit designed to show that biometric systems can be fooled or that you could create some kind of fake image that would match an existing one.
The whole point is that this shows that biometric templates are privacy-sensitive. Previously it was thought that they could be stored and promulgated without interfering with anyone's privacy, because it was thought to be infeasible to start from the template and reconstruct personally identifiable information about the subject.
The new paper shows that this is not true; from the templates, you can reconstruct an identifiable picture of the individual. That means that, for example, if you had a bunch of templates of people who went in for an AIDS test, you could re-create pictures of the people who went in, adequate to recognize individuals.
This would therefore interfere with the privacy of those individuals. And that implies that templates need to be subject to the same kind of privacy restrictions as other forms of personally identifying information, a standard to which they have not traditionally been held.
And that's the point of the paper.
Did you even read the link you posted? I quote:
In fact it is clear reading this FAQ that Freenet makes only very weak claims about anonymity protection!
Fundamentally, no P2P network can truly protect your anonymity, because there has to be a gateway which an RIAA official can connect to and download a copyrighted song. That gateway can then be held responsible for contributory infringement. This applies to Freenet or to any other so-called anonymous P2P system.
You're right that "plain old copyright law" did require some profit motive. But it wasn't the DMCA that fixed it. It was the NET Act, the No Electronic Theft Act.
Among other things, the NET Act will:
I assume a good number of people have rights to the music they download, and there is no reason for me, nor the courts, to presume otherwise.
Then you'll be surprised to learn that courts deal with reality and truth, rather than sophistry and pretense. You and I both know that the vast majority of music file sharers do not have rights to the music they download, and the judge is no fool, either. Courtrooms deal with the reality of the situation, and arguments like yours go nowhere.
The only problem I see is that the hashes are still derived from SCO's intellectual property and are therefore still covered by copyright.
The issue is not copyright. It is the non-disclosure agreement.
If it were just copyright, anyone who saw the code could say what was in it. Copyright only covers the specific expression of the idea. It does not cover a description of the same ideas in different words. So anyone who had seen the SCO code could say what functionality it had.
The NDA is obviously much more restrictive than that. No one is (apparently) allowed to say much of anything about the code at all. It's likely that talking about MD5 checksums of the code would be covered as well.
Jobs said the design sucked. Who knows what it looked like back then? He's talking about the shape, the way it looks. I'd say the Segway looks pretty cool right now. Chances are that what Kamen put together out of cardboard boxes was a crude prototype. They probably did get a design firm involved to finalize the shape and appearance of the device. Jobs is right, a good industrial design firm can produce devices that look like works of art.
Why, Gramps used to use a good ol' corn-cob pipe. You can make all kinds of decorative and useful utensils and home decorations out of corn cobs. Don't throw them out!
Did anyone else find that the font size changed on slashdot about two weeks ago? I'm using Netscape 4.72 on Linux, and the new appearance looks terrible. I used the Internet Archive to compare with last year's pages and those still look fine, so I don't think it's anything I did.
Maybe you could have a page where you report on code changes, so users are given a clue about what might have happened when things break?
The issue is UHF. All those channels from 14 to 89 or whatever, over 90% of them sitting there unused on a national basis. That's an enormous amount of bandwidth that can't be used for any other purpose. It just sits there like a stagnant pond or a weed-filled vacant lot.
ANY use you put that to would be better than the way it's being managed now. You couldn't do worse!
The fact is DRM takes away the PEOPLES' rights to choose who to trust.
Wrong, DRM gives everyone the power to choose who to trust. That's why you hate it - because you don't want the content companies to have the power to choose whether or not to trust you!
But the shoe fits both feet. You also gain the power to choose who to trust. For example, you could join a P2P network and choose whether to let people in with clients that are going to cheat, send bogus data and flood the net. It's your decision.
And even when someone else is choosing whether to trust you or not, you can always refuse to play the game. They won't trust you, they won't give you whatever privileges or juicy data they were handing out, but it's a mutual decision.
Do you see why this is a bad thing? Not just because I can't listen to it in my car, but because I no longer have any control over the music I bought. I paid money for the damned thing, and now I can't even listen to it in my car.
Maybe you should have thought of that before you agreed to these restrictions as a condition of purchase. If someone wants to sell music and put conditions on it that you don't like, you have every right to refuse to buy it. But if you do buy it and agree to those conditions, then don't go on whining about it!
If you don't like the restrictions, then buy music from people who don't put restrictions on it. Or make your own music. But if someone wants to say that you can only listen to their music while wearing a pink tu-tu, you can either agree to the conditions, take the music, and be honest about what you promised, or you can tell them to go take a flying leap.
Trusted means that your computer is going to behave in a predictable way, that it will just execute the damn program and not fuck with it.
Is that so horrible? If you can't stand the thought of running a program without screwing with it, then don't try to tell other people that that's what you're going to do.
All trusted computing means is that you tell other people that you'll run the software cleanly, and they can trust you to tell them the truth. If you can't stand this level of honesty then maybe you better take a good hard look at yourself.