Please go educate the masses of "average consumer".
I'll bet 90% of people of buy DVDs dont know what DRM is or what it does to them.
Consumers are just that: they consume. They buy. If the first gen DVD doesnt work anymore because HDMI, they'll just buy another one...
In a country where people pay $100 a month for premium cable, and where the main reason people buy HDTVs is Live Sporting Event, I dont think DRM will matter.
As long as Marketing is good - and the Americans are freaking good at Marketing - they'll just pay, thats just the way it works. Good luck changing that.
The FSF tactic is akin to the cold war era use of atomic weapon: disuasion.
In practice, the FSF is drawing the line. Its enough for the FSF to say they are going to file a lawsuit, and the offending company usually back down.
This is dangerous, they are playing with the "gray area". At some point one stupid company is going to go for a fight to define what the GPL really means, and then the supreme court will decide after 5 years of lawsuit (because I'm pretty sure they would not stop at a lower court)
It would be much better if they were using technical definitions of what you can do with software than philosophicals one.
I'm not a fucking lawyer, for god sake. How am I supposed to know what the GPL means by linking if its not in technical terms ?
Who doesnt spend as much time in C making sure they got all the '{', the '[' and ';' the right way, than they spend in HTML making sure they got all the tags properly... ?
Lets them do whatever they want to do with the Internet...
Lets just go back being Surfing Teacher or Goat Shepperds
We spend so much time worrying about the freedom on the internet, as if this was the last place we could get any.
Who fucking care about the internet freedom, as long as they have their American Idols, their Hollywood stars, or their daily dose of Slashdot...
The Internet freedom fight is like French protests: A National pasttime, just for the sake of it...
If you want to fight for something, either go to Africa do some good, or pick up a gun and choose your battlefield.
Otherwise just do like I do: learn to live among the chimps, knows that trying to teach them is just a waste of time, and carpe diem as much as you can...
Off course they are not a bank... Paypal terms are fine by me: If they want to terminate my paypal account because I did a chargeback, I dont give a rat's ass...
cansecwest/core06: "security issues related to Pentium SMM"
Loic Duflot Title: Security Issues Related to Pentium System Mgmt Mode
It is day 2 at Cansecwest and this talk wins for 'so frightening that you want to hide under your desk in the fetal position'.
I'll go through the high level technical and then end with pointing out a principal that is one of those universal truths I carry around with me everywhere.
This entire exploit is based on documented x86 functions.
Your CPU runs in a few modes, one of those modes is known as Protected mode, other known as System Mgmt Mode. When your OS is running, your in Protected mode and this is how much of the security is performed and you'll hear of ring0 and ring3. Just know that your in-world universe is in protected mode.
System Management Mode (SMM) is used so that when there is something external to your OS world like say a thermal condition that needs to communicate some message, the CPU saves all its protected mode state out, does all this SMM stuff and then return to its regular scheduled program in protected mode.
There are details that evolve registry addresses and very low level operations but for the most part, a system in a very secure state can be circumvented via this SMM facility. I'm talking free access to all memory and IO.
The song goes a little like this: Enable SMI Open SMRAM space Replace default SMI Handler by custom one (do your duty) Close SMRAM space Trigger SMI Gain access to restricted operations.
In the wider picture: works on most systems. Turns out that Linux and the *BSD's will fall victim to this attack strategy, however, Windows XP is not known to be exploitable because of a few system calls that are not present and more importantly a certain memory range in protected mode is not shared addresses to SMM.
So, for the demo, they did not pick some shabby OS to exploit. How about OpenBSD at level2 (high security) with allowaperture=1 Ummm...it worked. Theo, microphone please?
Theo spoke to this OPENBSD issue and said he and the team have known about it for a year. They are between a rock and a hard-place because Xserver is really the core of the problem. It has too much damn access to regesters and is in the most unfortunate address space in protected mode because when in SMM, what is in that address range can be used to exploit. Solution is for Xserver people to abstract sufficiently so that the kernel can have more governance on the Xservers logic.
Closing TK comments: A system or a world that has a policy governed by in-world mechanisms cannot be effective when a process in-world can reach to the out-world to cause in-world change. You could also say that since a problem cannot be resolved at the same logical realm it has been created, then it is also the case that the most effective governance of a world can only come from outside that world. Think about all the crazy things we do in the physical world. As soon as we could get to the strong and weak forces at the atomic level, we created a incredibly destructive device. I just hope that if string theory is right and there really are energy strings at the lowest level of the universe, that no one in our world get control of them. The negative outcome caused by the power hungry is too high a risk to even consider the positive benefits.
Its late and I have been blogging way too much today I am certain that my mental packet loss is abnormally high. I'll return to this in-game out-game concepts later in another blog entry, when I am less sleep deprived.
Obviously the cpu, and your debugger still see the same data. Theres just a big encryption/decryption block on DRAM bus.
The interesting thing though, is what cipher they are using, that allows random access to anywhere in the DRAM ciphertext to be decrypted. (Not your trusted AES-CBC for sure)
At least they are both principal partners of ATT/SBC IPTV project. - MS is providing the software for the settop box. - Alcatel is providing the network infrastructure.
Thats funny, could they be using the same decoder in their MS boxes?
Actually the box itself is probably not made by MSFT, but this still make for some interesting business strategies...
For the same reason you let Sales and Marketing have most of their lunch on the Company credit cards.
Because you trust they will not abuse it. Because its part of the perks that goes with the job. If you cant trust them, why would you want them to work for you in the first place.
Off course trust has it limits, thats why credit card have limits too, and probably a open network policy should have its limits too. But gosh, setting up your IT like a High Security Prison, thats a bit too much...
Ok people wait a minute, this is completely unfair to BluRay. BluRay is NOT a Sony format. Some other big names are behinf it too.
Lets also take a look at history and the two most successful digital media format still being used today:
CD Audio (Red Book): Philips and Sony DVD : 10 founders - Hitachi, Matsushita, Pioneer, Philips, Sony, Thomson, Time Warner, Toshiba, JVC.
No granted those two formats didnt have any competition, but when you campare BluRay and HD-DVD who do you find behind each format?
HD-DVD: Toshiba and NEC BluRay: Hitachi, Matsushita, Pioneer, Philips, Sony, Thomson, LG, Sharp, Samsung
JVC, who was VHS proponent against Sony's Betamax, is not among the BluRay founders, but still is a BluRay supporter.
So please, do not count BluRay as a Sony Failure, it might end up being a failure but I dont think Sony would deserve to be the first to take the blame. (I would probably blame Fox first)
This is a Public Company. Grantrd the board of director seems mainly French, but if you want to now who really owns or control a multinational like that, you need to be a financial detective.
France used to rely on Governement Owned Company for critical infrastructure and defense industries, because thats the only way to keep control. The US has never done that (except maybe during FDR's New Deal) so why should it be more worried now ?
Once we start assuming that a company is a person, things get confused. A company is like a person, whose mind is controlled by real people. The nationality of the company doesnt really matter, mostly what you should be worried about is the intentions of the people owning the company.
Do you really think the intentions of a French Capitalist are so different that the intention of an American one ?
Actually the more interresting question is how Intel can keep up the yield of their wafer when they have multi core chips.
When the multi core chips get tested, if only one of the cores is bad the whole chip is thrown away.
Now imagine that when they are doing single core cpus, they have 10% (random number) defects, thats 90% chance of having a good chip. Now assume (for simplicity) that there dual core waffer is basically the same except they bundle the core two by two. So they have the same number of core per waffer (but half the chips), and each individual core has 10% defect rate. Now assuming that the defects are evenly distributed on the waffer, the probably that both core of a single chip are good is only 81% instead of 90%.
4 cores : 65% 8 cores : 43% 16 cores : 18%
How are they going to keep this up ?
Actually the problem is not new, its the same issue with just increasing the number of gates, but while adding gates add some value to the chips that might offset the reduction in yield, it doesnt seem very obvious to me the value added of a dual-core chip compared to two single core is going to offset the reduction in yield.
Well, I guess the guys at Intel found out that it does offset it at least for dual cores...
If I take the bus (public place) in a Canadian city, and some dude is chanting "Niggers, Jews and Arabs go back from where you came", I certainly hope that the bus driver will do something to make it stop.
If he doesnt, because its the bus company policy, I certainly hope that this company will be held partially responsible.
Its time to realize that not everything is protected by Free Speech. Going after hate content is not going to endanger democracy. Most european countries do have way stricter laws against "hate speech", and I dont see then as less Democratic than the US.
And if you open a forum, you'd better assume some reponsability over whats being said there. If you are not prepared to do that, by all means please do abstain.
Its very reasonable, the article says: "Internet servers, if they are aware there is hate content and don't take timely action to remove it, can be held liable," Note the "If they are aware there is hate content and don't take timely action".
You're burden should very light: When somebody complain, investigate and remove the offending content.
Read the article to see the specific of the case: The hosting company and the white supremacists were basically the same person. Its not just some random posting on a forum.
.. or Palladium or Trusted Secure Computing Platform or whatever it is called this day.
The only way to defeat an advanced rootkit today is to require strong crypto all the way down in the hardware. This means pratically everything down to the BIOS should be signed. There should be a chain of trust, and untrusted software should not be able to do permanent damage. The updates to the permanent storage should also be signed.
The technology is here. And it would be relatively easy to at least secure the root of your system (BIOS and OS kernel) from rootkits.
I dont know about Asia, or the rest of Europe, but I know France already has 3G.
The 3G coverage is still pretty small (Paris and most big cities I think) but 3G phones are being marketed there (mostly high end phones).
As for the services, apparently its mostly TV on your mobile and faster internet speeds.
As for the US, The first US cell phone provider (Cingular)is using GSM, on both 800 and 1900. (Europe is using 900 and 1800), so its not that alien at all. They also have started deploying UMTS (aka 3G) in a few select market.
Basically today in the US it seem to turn into a battle between Cingular (GSM - 54M customers) and Verizon (CDMA - 51M customers), after that you get Sprint (CDMA - ~47M) and T-Mobile(GSM - ~20M) and thats about it for nationwide providers.
So far, you probably still have better geographic coverage with CDMA networks, but as far as demographic coverage its going to be pretty much the same.
I've heard from an anonymous source in the US intelligence community that British Intelligence has informed the White House that the newly decrypted enigma messages contains information regarding Irak WMD locations, and clear indication of the Saddam-Osama link...
> Will someone please tell me what the hell this is supposed to mean?!
>> If Mozilla permit the sale of copied versions of its software, >> it makes it virtually impossible for us, from a practical point of view, >> to enforce UK anti-piracy legislation.
Well very simple: If Mozilla (and others) permit the sale of copied versions of its software, then this mean they have to find and read the licenses to make the differences between legals and illegal copies. Which mean they need to have employees who can read.
So 'from a practical point of view' teaching the monkeys (cf reference to banana merchant) to read software license is impossible.
So basically, after the expiration data, If I want to copy a Beatle CD, I have to pay Michael and Sony (which pay back Paul) but not EMI (which doesnt payback Ringo anymore)?
So Ringo is the one getting screwed here...
hum... when does the copyright on the lyrics and music expires ? Do we have to wait for Paul to die ?
Slashdot Mirror
Please go educate the masses of "average consumer".
I'll bet 90% of people of buy DVDs dont know what DRM is or what it does to them.
Consumers are just that: they consume. They buy. If the first gen DVD doesnt work anymore because HDMI, they'll just buy another one...
In a country where people pay $100 a month for premium cable, and where the main reason people buy HDTVs is Live Sporting Event, I dont think DRM will matter.
As long as Marketing is good - and the Americans are freaking good at Marketing - they'll just pay, thats just the way it works. Good luck changing that.
The FSF tactic is akin to the cold war era use of atomic weapon: disuasion.
In practice, the FSF is drawing the line. Its enough for the FSF to say they are going to file a lawsuit, and the offending company usually back down.
This is dangerous, they are playing with the "gray area". At some point one stupid company is going to go for a fight to define what the GPL really means, and then the supreme court will decide after 5 years of lawsuit (because I'm pretty sure they would not stop at a lower court)
It would be much better if they were using technical definitions of what you can do with software than philosophicals one.
I'm not a fucking lawyer, for god sake. How am I supposed to know what the GPL means by linking if its not in technical terms ?
I wont believe it until then...
Yeah, you heard me right...
... ?
Who doesnt spend as much time in C making sure they got all the '{', the '[' and ';' the right way, than they spend in HTML making sure they got all the tags properly
Lets them do whatever they want to do with the Internet...
Lets just go back being Surfing Teacher or Goat Shepperds
We spend so much time worrying about the freedom on the internet, as if this was the last place we could get any.
Who fucking care about the internet freedom, as long as they have their American Idols, their Hollywood stars, or their daily dose of Slashdot...
The Internet freedom fight is like French protests: A National pasttime, just for the sake of it...
If you want to fight for something, either go to Africa do some good, or pick up a gun and choose your battlefield.
Otherwise just do like I do: learn to live among the chimps, knows that trying to teach them is just a waste of time, and carpe diem as much as you can...
Off course they are not a bank... Paypal terms are fine by me: If they want to terminate my paypal account because I did a chargeback, I dont give a rat's ass...
They are not a bank: dont use them as a bank.
Not if you can find a way to have the target heat up with a user account.
8 6&cid=15108037
Better article: http://hardware.slashdot.org/comments.pl?sid=1827
http://hardware.slashdot.org/comments.pl?sid=1827
From : http://blog.ncircle.com/ (scroll down)
cansecwest/core06: "security issues related to Pentium SMM"
Loic Duflot
Title: Security Issues Related to Pentium System Mgmt Mode
It is day 2 at Cansecwest and this talk wins for 'so frightening that you want to hide under your desk in the fetal position'.
I'll go through the high level technical and then end with pointing out a principal that is one of those universal truths I carry around with me everywhere.
This entire exploit is based on documented x86 functions.
Your CPU runs in a few modes, one of those modes is known as Protected mode, other known as System Mgmt Mode. When your OS is running, your in Protected mode and this is how much of the security is performed and you'll hear of ring0 and ring3. Just know that your in-world universe is in protected mode.
System Management Mode (SMM) is used so that when there is something external to your OS world like say a thermal condition that needs to communicate some message, the CPU saves all its protected mode state out, does all this SMM stuff and then return to its regular scheduled program in protected mode.
There are details that evolve registry addresses and very low level operations but for the most part, a system in a very secure state can be circumvented via this SMM facility. I'm talking free access to all memory and IO.
The song goes a little like this:
Enable SMI
Open SMRAM space
Replace default SMI Handler by custom one (do your duty)
Close SMRAM space
Trigger SMI
Gain access to restricted operations.
In the wider picture: works on most systems. Turns out that Linux and the *BSD's will fall victim to this attack strategy, however, Windows XP is not known to be exploitable because of a few system calls that are not present and more importantly a certain memory range in protected mode is not shared addresses to SMM.
So, for the demo, they did not pick some shabby OS to exploit. How about OpenBSD at level2 (high security) with allowaperture=1
Ummm...it worked. Theo, microphone please?
Theo spoke to this OPENBSD issue and said he and the team have known about it for a year. They are between a rock and a hard-place because Xserver is really the core of the problem. It has too much damn access to regesters and is in the most unfortunate address space in protected mode because when in SMM, what is in that address range can be used to exploit.
Solution is for Xserver people to abstract sufficiently so that the kernel can have more governance on the Xservers logic.
Closing TK comments:
A system or a world that has a policy governed by in-world mechanisms cannot be effective when a process in-world can reach to the out-world to cause in-world change. You could also say that since a problem cannot be resolved at the same logical realm it has been created, then it is also the case that the most effective governance of a world can only come from outside that world. Think about all the crazy things we do in the physical world. As soon as we could get to the strong and weak forces at the atomic level, we created a incredibly destructive device. I just hope that if string theory is right and there really are energy strings at the lowest level of the universe, that no one in our world get control of them. The negative outcome caused by the power hungry is too high a risk to even consider the positive benefits.
Its late and I have been blogging way too much today I am certain that my mental packet loss is abnormally high. I'll return to this in-game out-game concepts later in another blog entry, when I am less sleep deprived.
--tk
Wether its BluRay and HD-DVD, or Live TV HD Broadcast/On Demand (IPTV, Cable and Satellite)
If you dont care about HD then DRM wont bother you.
But if you want HD, you are going to have to deal with DRM.
No.
Obviously the cpu, and your debugger still see the same data. Theres just a big encryption/decryption block on DRAM bus.
The interesting thing though, is what cipher they are using, that allows random access to anywhere in the DRAM ciphertext to be decrypted. (Not your trusted AES-CBC for sure)
At least they are both principal partners of ATT/SBC IPTV project.
- MS is providing the software for the settop box.
- Alcatel is providing the network infrastructure.
Thats funny, could they be using the same decoder in their MS boxes?
Actually the box itself is probably not made by MSFT, but this still make for some interesting business strategies...
Why should not you block Skype?
For the same reason you let Sales and Marketing have most of their lunch on the Company credit cards.
Because you trust they will not abuse it.
Because its part of the perks that goes with the job.
If you cant trust them, why would you want them to work for you in the first place.
Off course trust has it limits, thats why credit card have limits too, and probably a open network policy should have its limits too. But gosh, setting up your IT like a High Security Prison, thats a bit too much...
Ok people wait a minute, this is completely unfair to BluRay. BluRay is NOT a Sony format. Some other big names are behinf it too.
Lets also take a look at history and the two most successful digital media format still being used today:
CD Audio (Red Book): Philips and Sony
DVD : 10 founders - Hitachi, Matsushita, Pioneer, Philips, Sony, Thomson, Time Warner, Toshiba, JVC.
No granted those two formats didnt have any competition, but when you campare BluRay and HD-DVD who do you find behind each format?
HD-DVD: Toshiba and NEC
BluRay: Hitachi, Matsushita, Pioneer, Philips, Sony, Thomson, LG, Sharp, Samsung
JVC, who was VHS proponent against Sony's Betamax, is not among the BluRay founders, but still is a BluRay supporter.
So please, do not count BluRay as a Sony Failure, it might end up being a failure but I dont think Sony would deserve to be the first to take the blame. (I would probably blame Fox first)
Geez... Alcatel is French allright, but what does that really means ?
)
CGE/Alcatel is not a Government Owned Company since 1987. (http://www.alcatel.com/apropos/history/index.htm
This is a Public Company. Grantrd the board of director seems mainly French, but if you want to now who really owns or control a multinational like that, you need to be a financial detective.
France used to rely on Governement Owned Company for critical infrastructure and defense industries, because thats the only way to keep control. The US has never done that (except maybe during FDR's New Deal) so why should it be more worried now ?
Once we start assuming that a company is a person, things get confused.
A company is like a person, whose mind is controlled by real people. The nationality of the company doesnt really matter, mostly what you should be worried about is the intentions of the people owning the company.
Do you really think the intentions of a French Capitalist are so different that the intention of an American one ?
You know this is Slashdot right ? These people are geeks, so why do you expect them to be grounded to reality ?
Actually the more interresting question is how Intel can keep up the yield of their wafer when they have multi core chips.
When the multi core chips get tested, if only one of the cores is bad the whole chip is thrown away.
Now imagine that when they are doing single core cpus, they have 10% (random number) defects, thats 90% chance of having a good chip.
Now assume (for simplicity) that there dual core waffer is basically the same except they bundle the core two by two. So they have the same number of core per waffer (but half the chips), and each individual core has 10% defect rate. Now assuming that the defects are evenly distributed on the waffer, the probably that both core of a single chip are good is only 81% instead of 90%.
4 cores : 65%
8 cores : 43%
16 cores : 18%
How are they going to keep this up ?
Actually the problem is not new, its the same issue with just increasing the number of gates, but while adding gates add some value to the chips that might offset the reduction in yield, it doesnt seem very obvious to me the value added of a dual-core chip compared to two single core is going to offset the reduction in yield.
Well, I guess the guys at Intel found out that it does offset it at least for dual cores...
Yes but the difference, is that currently with Smart Cards (Chips & PIN as you call it) the price and the button are on the card reader.
You dont know whst the software in the card reader is really doing.
If I take the bus (public place) in a Canadian city, and some dude is chanting "Niggers, Jews and Arabs go back from where you came", I certainly hope that the bus driver will do something to make it stop.
If he doesnt, because its the bus company policy, I certainly hope that this company will be held partially responsible.
Its time to realize that not everything is protected by Free Speech. Going after hate content is not going to endanger democracy. Most european countries do have way stricter laws against "hate speech", and I dont see then as less Democratic than the US.
And if you open a forum, you'd better assume some reponsability over whats being said there. If you are not prepared to do that, by all means please do abstain.
Its very reasonable, the article says: "Internet servers, if they are aware there is hate content and don't take timely action to remove it, can be held liable,"
Note the "If they are aware there is hate content and don't take timely action".
You're burden should very light: When somebody complain, investigate and remove the offending content.
Read the article to see the specific of the case: The hosting company and the white supremacists were basically the same person. Its not just some random posting on a forum.
.. or Palladium or Trusted Secure Computing Platform or whatever it is called this day.
The only way to defeat an advanced rootkit today is to require strong crypto all the way down in the hardware. This means pratically everything down to the BIOS should be signed. There should be a chain of trust, and untrusted software should not be able to do permanent damage. The updates to the permanent storage should also be signed.
The technology is here. And it would be relatively easy to at least secure the root of your system (BIOS and OS kernel) from rootkits.
I dont know about Asia, or the rest of Europe, but I know France already has 3G.
The 3G coverage is still pretty small (Paris and most big cities I think) but 3G phones are being marketed there (mostly high end phones).
As for the services, apparently its mostly TV on your mobile and faster internet speeds.
As for the US, The first US cell phone provider (Cingular)is using GSM, on both 800 and 1900. (Europe is using 900 and 1800), so its not that alien at all. They also have started deploying UMTS (aka 3G) in a few select market.
Basically today in the US it seem to turn into a battle between Cingular (GSM - 54M customers) and Verizon (CDMA - 51M customers), after that you get Sprint (CDMA - ~47M) and T-Mobile(GSM - ~20M) and thats about it for nationwide providers.
So far, you probably still have better geographic coverage with CDMA networks, but as far as demographic coverage its going to be pretty much the same.
Because you can disable it ?
This already exists on Firefox anyway, its called the netcraft toolbar
I've heard from an anonymous source in the US intelligence community that British Intelligence has informed the White House that the newly decrypted enigma messages contains information regarding Irak WMD locations, and clear indication of the Saddam-Osama link...
> Will someone please tell me what the hell this is supposed to mean?!
>> If Mozilla permit the sale of copied versions of its software,
>> it makes it virtually impossible for us, from a practical point of view,
>> to enforce UK anti-piracy legislation.
Well very simple:
If Mozilla (and others) permit the sale of copied versions of its software, then this mean they have to find and read the licenses to make the differences between legals and illegal copies. Which mean they need to have employees who can read.
So 'from a practical point of view' teaching the monkeys (cf reference to banana merchant) to read software license is impossible.
So basically, after the expiration data, If I want to copy a Beatle CD, I have to pay Michael and Sony (which pay back Paul) but not EMI (which doesnt payback Ringo anymore)?
So Ringo is the one getting screwed here...
hum... when does the copyright on the lyrics and music expires ? Do we have to wait for Paul to die ?