Slashdot Mirror


User: QuantumG

QuantumG's activity in the archive.

Stories
0
Comments
11,687
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,687

  1. Re:Summary? on CPRM Lecture · · Score: 2

    Well John Gilmore pretty much stole the floor which you can see if you've seen the flick. I think the organiser actually gave his microphone to John. Basically everyone in the room was like "I can break this, I dont even have to go home and think about it, I'll break it right now" which is a sure sign that your system is lame. But yes, there were some serious questions after the presentation about why Jeff was doing this. He appeared like a very ivory tower type who had fallen into a project that would have actual real effects on society and he had no real idea about what was happening around him. The most worrying thing he kept saying was "well, this is just entertainment" to which I quite annoyingly pointed out was another word for "culture", something that he is actively aiding a cartel to control. His opinion was that this technology is useful to avoid overbearing laws. Laws that make the DMCA look tame.

  2. Re:Missing the Point on CPRM Lecture · · Score: 2

    Worth it? I dont understand, the question is, do you want something that really is hard to get around or do you want something that you are required by law not to get around. I think it would be amuzing to see the battle between DVD rippers and 4C, but I'd much rather see it on a more level playing field. So far what I've seen has not impressed me.

  3. Re:Missing the Point on CPRM Lecture · · Score: 2

    no not at all. If I'm going to have a boot in my face I want it to be a real boot. Not some fake boot that I have to pretend is real because there's a law that says it is illegal to break it. The mere fact that you can build circumvention devices shows that it is impossible to do this. So yes, come up with a better system and I will break that one too and another and another and in 10 years time when no-one has been able to agree on a secure music standard, I will know I've won.

  4. Re:arg on CPRM Lecture · · Score: 1

    I ran ispell bitch, you want to give me an example of something misspelt?

  5. Re:Highly confusing. on CPRM Lecture · · Score: 2

    No, there's a uniq id on the hub of the DVD (in the "burst cut" area that can't be written to by anyone who doesn't have funky lasers) which is hashed with the media key and the key taken from the media key block (which you need the device key to decode) to determine the cypher key. So you essentially copy all the bits off the DVD and put them onto a new DVD but you cant change the uniq id in the burst cut area so the player cant decode the data.

  6. Re:why not use mpeg? on CPRM Lecture · · Score: 2

    Microsoft provides the data storage for Stanford (as if Stanford can't afford a few gig harddrives) and as part of the agreement they have to use WMP format. The lecturer was quite upset about this.

  7. Re:Summary? on CPRM Lecture · · Score: 2

    damn straight. It is my summary of CPRM, which I can sum up in one sentence: it aint gunna happen.

  8. Re:Unique Media Key? on CPRM Lecture · · Score: 2

    The unique id is hashed with the media key and the key you retrieve from the media key block to get the cypher key. You could build a device that just tries to bruteforce the unique id (which is on the burst cut area of the dvd that you cant write to) but you cant use a standard player, and that's the point.

  9. Re:Getting Keys from Black Boxes on CPRM Lecture · · Score: 2

    it's not really trivial.. you have to encrypt a plaintext message with every one of your (how many billion) keys and then feed them in one by one. But yes, this is how they would do it.

  10. Re:i love these lectures. on CPRM Lecture · · Score: 2

    first to post

    No, that would be the only person who went. There was a guy from The Register there, so you might see a story come out of it, but basically we had access to the creator of a technology that everyone makes a big stink about, who you could have asked questions, interrogated (and John did man) or otherwise annoyed, but no-one went.

  11. Re:Finding the purloined key on CPRM Lecture · · Score: 2

    Once again, very nice to see people thinking about the technology. Lotspiech was quite agreeable with the claim that WMP would have keys inside and that you would be able to break it. I dont see your claim about the key's being decoded one by one. Even if this is how it works (and I'm not saying it is) then one can always note that key, flip a bit, watch the decryption fail and get the next key. Scratching the DVD could be the simplest way to get a player to give up all its keys. Also I dont think this is going to be a custom bit of silicon. These days the line between software and hardware is so blured in consumer devices that most just use a "secure processor" which contains some firmware. This is hard to break, but if you're going to succeed, you are going to get all the keys, not just one. It occurs to me that 4C being able to essential paperwieght a lot of hardware that has already been sold to stop people copying content is a little too draconian.

  12. Re:Interesting Lecture. on CPRM Lecture · · Score: 2

    I disagree. Either the protection would be a the disk drive level, WMP would have different keys for every copy, or hard-drive based software would be outside of the realm of CPRM. If the protection is at the disk drive level, WMP would rely on the hard drive to provide keys and decoding, and by distributing keys you would only be limiting your own ability to play new media. If each copy of WMP has its own keys, then again, you aren't damaging Microsoft, but you may be linking yourself to the crime. If you compromise two keys, then Microsoft may me able to link you to breaking the keys.


    Thanks for thinking about this. I specifically asked Lotspiech this question and outlined the senario. His response was "umm, so you dont believe in tamperproof software" I told him I didn't and he said "no, neither than I" he then repeated his statement about this being a "little speedbump". As for the question of this going into harddrives and harddrives doing the decoding, it's not going to happen for the sole reason that there will not be standard and 4C cant control the manufacturers.

  13. Re:Why didn't more slashdotters attend...? on CPRM Lecture · · Score: 2

    what do you mean "more"? No-one attended. Not a single person. Not one.

  14. Re:Jeffrey B. Lotspiech at Stanford Tommorrow! on CPRM Voted Down · · Score: 2

    you can read my summary of the day and my own opinions here.

  15. Re:Copyright isn't the point at all! on Windows Exec Doug Miller Responds · · Score: 2

    Although I think a wholesale replacement of copyright with patent law would be better than our current system I still like to think that there is something expressive about code that should be copyrightable.

  16. Legit Peer to Peer on Does Peer-to-Peer Suck? · · Score: 2

    You know, it's pretty damn trivial to make a legit napster.. all you've got to do is only put songs on your server that you have the rights to distribute. Now, there are ways to beat this, right. What an attacker can do is rename "Some leet song" to "Back Hoe Boys - Lame Song" (which the legit napster has on its server) and place it in his shared folder. Well that's easy to stop, all the legit napster has to do is sign the song before they distribute it to the first peer. I hear you, you'll just hack the client to accept any song, even ones that are not signed. But I'm not suggesting that your client should not accept songs that are incorrectly signed, instead the receiving client should check the signature and if it is dodgy then it should immediately tell the server that the client that sent the song has sent an invalid song, the server then removes that client from the search list. Once it has done that the recieving client can pop up a box saying "this song may be damaged or invalid, do you wish to keep it?" Why do this and not just delete the file? Because then the receiving user will have a reason to hack his client. If we dont do this then the receiving client has no reason to hack his client. The sender can hack his client as much as he wants, but it is the receiver who narqs on him.

  17. Re:minor nitpick... on Does Peer-to-Peer Suck? · · Score: 2

    We should make the "fuck SETI" at home project that just bounces random signals off the moon. We could use the SETI@home algorithm as a metric in a genetic algorithm and distribute it. So the geeks with their big telescopes get all excited "we found a signal!!! It appears to be intelligent" and they start communicating with it and before you know it we've actually got some distributed electronic lifeform squirming through the web.

  18. Re:So Jon on Does Peer-to-Peer Suck? · · Score: 2

    that would require independant thought.. which hasn't been coded in the Katz script yet.

  19. Jon Katz is a bot on Does Peer-to-Peer Suck? · · Score: 1

    and a poorly coded one. He was written by some kid in high school, just like Napster, who now works for Microsoft. One day we hope he will become sentient, but until then we have to put up with shit like this. I say pull the plug man, delete the code, throw the backups into the fire.

  20. Re:How about hate email? on Smutty E-Mail Legal In Australia · · Score: 2

    nuke the whales.

  21. Re:If Netscape would just get off their ass on MSIE Security Worsens: Patch Bungled · · Score: 2

    why would you be morally opposed to running KDE? It's GPL.

  22. Re:Sweet Mozilla, on MSIE Security Worsens: Patch Bungled · · Score: 1

    who closes their browser?

  23. Re:Jeffrey B. Lotspiech at Stanford Tommorrow! on CPRM Voted Down · · Score: 1

    except for the fact that it 404's. Besides, it's just not the same without all the hecklers from Slashdot that I hope to see there this afternoon :)

  24. Re:Patents and "other industries" on Windows Exec Doug Miller Responds · · Score: 2

    The point is that software has both functional and expressive portions and we cant copyright the expressive part seperately, so copyright ends up covering purely functional portions which is not right. If all software patents were required to contain source code and be submitted to a searchable database we would have a wealth of code to use. You could choose whether you want to use a patented technique to perform some computation or come up with your own. As it stands, we reimplement and reimplement stuff over and over because we wrap it up with compilers and copyright and never stand on each other's shoulders.

  25. Patents and "other industries" on Windows Exec Doug Miller Responds · · Score: 2

    Should we be required to publish the source code or underlying designs of all our software so that anyone can copy it? I would hope not - much the same that companies in other industries have the right to build products and retain the intellectual property rights associated with those products.

    Go on, show me one other industry where a company has the right to make a product and not provide an enabling specification as to how it works. Only with copyright (which btw, is supposed to cover expressive works, not functional ones) do companies have such a good deal as to be able to create something and not tell anyone how it works.