And small scale attempts to hack reporting software like you suggest won't even be a blip either. Sorry to make you realize that you aren't the world-changing, corporate-overthrowing, l33t hax0r you think you are.
My post was intended to be humorous, although the content was serious. You raise a objection which deserves a response.
You argue essentially that the actions of one man can't change the world. To recast this statement, you claim that a single write-in vote has little effect. I agree.
My argument is a little different. If the channel is open and the protocol broken, I can create many spurious activity reports, effectively 'stuffing the ballot box'. If only 20% or better yet 50% of the votes are mine, I'd have a significant influence.
To make this possible, three criteria be satisfied. One, the channel needs to be open and cheap. Using the internet to sending reports meets this criteria. Two, the protocol must be broken. This is the achilles heel. Clever encryption techniques would prevent an attack, but, ReplayTV doesn't have any incentive to do this well. On the other hand, the studios might be able to dictate the protocol. Fortunately, their track record hasn't been very good, so I'll suppose that their protocol can be broken. *smile* Three, the reports must avoid fraud detection mechanisms. Here I only need to make sure that my fake results model the statistics of the real ones close enough to fool the filters. Of course, my personal goals could be even weaker - I can corrupt the system by just casting doubt on all the legitimate results.
Finally, I'd like to commend the judge for this result. Unfortunately, not every spyware mechanism will be thrown out. As another reader has mentioned, the studios could just as easily build their own digital VCRs. If the existence of the spyware cannot be attacked, go for the protocol. If that doesn't work, try something else. Just keep fighting.
This is a sad day for us lying bastards. I was just beginning to relish the idea of hacking the reporting mechanism. Then I'd be able to influence network programming without even viewing the shows. This way I could dictate the mindless drivel without having to watch any of it - a double win! Create enough spurious reports and the system would have been useless. *evil grin*
Re:The guy sounds like a world-class sleazeball.
on
Hacking Web Services
·
· Score: 5, Insightful
he talked about countermeasures instituted against hackers, but doesn't want them openly published (security through obscurity, anyone?)
I'm quite tired of hearing statements like 'company X won't reveal Y; this demonstrates security though obscurity which everyone knows is bad.' Well, it's not! Your statement demonstates that you can echo the slogans but don't understand what security really means. I strongly encourage you to read a recent Crypto-gram by Bruce Schneier. You cannot apply the principles used for analyzing a mathematical system to all real world security issues.
I have quite the opposite view. I paid for the Mac OS X version almost immediately after I downloaded it. In contrast, I haven't paid a dime on Windows. When Opera determines the priority of each platform, the revenue from each makes a major difference. If you use and like the software, pay 'em a few bucks. If Opera never upgrades, then they'll never make any more money from you. You see, paying money actually gives them an incentive to improve.
Personally, I'm not conviced that Opera is the best web browser. But, I figure that investing a few bucks in the hope that competition drives innovation is worthwhile.
I really hate to nit-pick, but shouldn't you *scream* before you *faint*?
BTW: I agree, these are pretty cool systems. I'm amazed that Apple didn't release a rack mount system years ago (and, hence, that we are impressed by this introduction).
Actually the best exception I know is the 1986 UK movie 'Room with a View' which received a PG-13 rating in the US. There are only a handful of such movies. The ratings agency can be persudaded. For instance, 'Fatal Attraction' was released as an R though the ratings board admitted later that this had been a mistake.
On the other side, examples of full female frontal nudity may be found in nearly every R rated movie. I accept the assertion of another reader that both sexes are more comfortable with female nudity. But I don't believe this accounts for the dramatic difference.
For readers interested in this topic, let me suggest a 1999 article from the Online Film Critics Association.
Actually what I find even more stupid is that (in the US) full frontal female nudity is perfectly okay for a R, but any full frontal male scenes and you are talking NC-17 or X. For the nearly all male movie executives and ratings board members, it's not like this should be anything they haven't seen before. Right?
The sad thing is, if only Russia's space agency could of survived after the berlin wall came down, we would probably still have a thriving space race and maybe even more public interest.
The problem is that space exploration isn't a commercially viable enterprise. It is more likely that the large sums invested in their space agency accelerated Russia's evolution (or collapse).
On the other hand, the engineering expertise and proud tradition have inspired Russia to take the lead in space tourism. When I compare this to the conservative not-invented-here attitute found at US NASA, I can only cheer: "Go Russia! Go!" We should be embarassed that Russia is teaching the US and Europe lessons in capitalism.
We fell behind in television development, and that hasn't hurt us any.
Ah, but television (a.k.a. the opiate of the modern masses), doesn't enhance productivity. With their entertainment robots, I think Sony has done a brilliant thing. They've taken the output of their research division and produced a customer facing product. This is extremely difficult with such a speculative technology - just ask Bell Labs. As toys, these robots can demonstrate the technology without requiring the stability of a commercial release. And by offering a new market (besides industrial assembly lines), they can justify increased development expenses because they'll be able to spread the costs over a larger market.
OpenVXI 2.0 was released just last week. According to the message on the VXI-discuss mailing list:
OpenVXI is a portable open source library that interprets the VoiceXML 1.0 dialog markup language. It provides a full implementation of the VoiceXML 1.0 specification, including all required features and nearly all optional features. Where the VoiceXML 1.0 specification is vague or incomplete, OpenVXI follows industry direction to fill the gaps.
See http://www.speech.cs.cmu.edu:/openvxi/ for details and source and binary downloads.
There is currently support for Windows (binaries are included) and Linux. Developers are currently working to add Solaris and Mac OS X.
NOTE: This is a VoiceXML interpreter. A real system would require a full speech recognition engine and a full text-to-speech implementation. SpeechWorks International ships a commercial version which connects to their recognizer and TTS products. This is a good playground for experimentation.
One: using firewire, the iPod can hotsync almost instantaneously with your Macintosh. That's very thoughful. The longer that I use technology, the less patient I get. I'd pay a little extra for this speed.
Two: what is the target market? The answer seems to be age 12-25 (junior high to college). These individuals are somewhat less price sensitive (assuming that their parents are paying) and are more likely to be sold by the flashy technology and design. If you agree (with some minor provisions), then you'll accept that Apple has a chance to win young converts to its platform. If this works, it's very attractive for Apple's future.
Biometrics are much easier to implement when the person's alledged identity is known. If the person claims to be X, the system need only compute B(X) and compare that to a precomputed data base entry B'(X). These values will almost never be identical due to noisy real world systems (different lighting, microphone noise, dirt on the fingerprint/retina scanner, etc.). Instead a statistical comparison must be made. If B(X) is statistically similar to B'(X), admit entry, otherwise call the firing squad.
In the article, Bruce assumes his readers understand this. His explanation of why face recognition systems cannot find the rare targets in large populations is quite good. The same logic applies to voice matching for projects like Eschelon.
And, of course, this wouldn't prevent individuals from using their own valid IDs to access public areas. The assumption of most security systems is that the intruder wants to commit a crime and get out while minimizing the probability of detection. A suicidal terrorist does not have this goal. He/she seeks to enter an area, commit a crime, and then die in the attempt. The tools developed for normal security may not be appropriate for suicidal terrorists or individuals on shooting sprees.
On the other hand, I am a strong proponent of academic research. Now that I know that this research is going on, I'm tempted to start adding messages to anything I sell on E-bay. This will keep the researchers happy. After all, there is nothing more depressing that launching a large and time intensive search and the ending up with nothing. Soon, people will be seeing secret fnord messages everywhere.
<sarcasm>Yes, I've always preferred highly macro based toolkits making extensive use of templated classes and multiple inheritance. The result is so easy to debug and read!</sarcasm>
ATL has some things going for it when you compare it to MFC. I'm just not sure that's the best benchmark.
Re:I'm sure the point will be made a thousand time
on
Blaming Encryption
·
· Score: 1
What is it they say, "When encryption is outlawed, only outlaws will have encryption".
I though it was "When encryption is outlawed, #$xp 4po+ xoO2 p;@H c#[) (tH/1 GXw2", though I might be wrong.
Or "I'm going to my congressman, he needs a clue" where 'congressman' = <senator> and 'clue' = 'dead-tree based letter' (because emails don't mean as much to elected representatives).
Slashdot Mirror
And small scale attempts to hack reporting software like you suggest won't even be a blip either. Sorry to make you realize that you aren't the world-changing, corporate-overthrowing, l33t hax0r you think you are.
My post was intended to be humorous, although the content was serious. You raise a objection which deserves a response.
You argue essentially that the actions of one man can't change the world. To recast this statement, you claim that a single write-in vote has little effect. I agree.
My argument is a little different. If the channel is open and the protocol broken, I can create many spurious activity reports, effectively 'stuffing the ballot box'. If only 20% or better yet 50% of the votes are mine, I'd have a significant influence.
To make this possible, three criteria be satisfied. One, the channel needs to be open and cheap. Using the internet to sending reports meets this criteria. Two, the protocol must be broken. This is the achilles heel. Clever encryption techniques would prevent an attack, but, ReplayTV doesn't have any incentive to do this well. On the other hand, the studios might be able to dictate the protocol. Fortunately, their track record hasn't been very good, so I'll suppose that their protocol can be broken. *smile* Three, the reports must avoid fraud detection mechanisms. Here I only need to make sure that my fake results model the statistics of the real ones close enough to fool the filters. Of course, my personal goals could be even weaker - I can corrupt the system by just casting doubt on all the legitimate results.
Finally, I'd like to commend the judge for this result. Unfortunately, not every spyware mechanism will be thrown out. As another reader has mentioned, the studios could just as easily build their own digital VCRs. If the existence of the spyware cannot be attacked, go for the protocol. If that doesn't work, try something else. Just keep fighting.
This is a sad day for us lying bastards. I was just beginning to relish the idea of hacking the reporting mechanism. Then I'd be able to influence network programming without even viewing the shows. This way I could dictate the mindless drivel without having to watch any of it - a double win! Create enough spurious reports and the system would have been useless. *evil grin*
It's A and (B or C).
he talked about countermeasures instituted against hackers, but doesn't want them openly published (security through obscurity, anyone?)
I'm quite tired of hearing statements like 'company X won't reveal Y; this demonstrates security though obscurity which everyone knows is bad.' Well, it's not! Your statement demonstates that you can echo the slogans but don't understand what security really means. I strongly encourage you to read a recent Crypto-gram by Bruce Schneier. You cannot apply the principles used for analyzing a mathematical system to all real world security issues.
I have quite the opposite view. I paid for the Mac OS X version almost immediately after I downloaded it. In contrast, I haven't paid a dime on Windows. When Opera determines the priority of each platform, the revenue from each makes a major difference. If you use and like the software, pay 'em a few bucks. If Opera never upgrades, then they'll never make any more money from you. You see, paying money actually gives them an incentive to improve.
Personally, I'm not conviced that Opera is the best web browser. But, I figure that investing a few bucks in the hope that competition drives innovation is worthwhile.
I really hate to nit-pick, but shouldn't you *scream* before you *faint*?
BTW: I agree, these are pretty cool systems. I'm amazed that Apple didn't release a rack mount system years ago (and, hence, that we are impressed by this introduction).
Actually the best exception I know is the 1986 UK movie 'Room with a View' which received a PG-13 rating in the US. There are only a handful of such movies. The ratings agency can be persudaded. For instance, 'Fatal Attraction' was released as an R though the ratings board admitted later that this had been a mistake.
On the other side, examples of full female frontal nudity may be found in nearly every R rated movie. I accept the assertion of another reader that both sexes are more comfortable with female nudity. But I don't believe this accounts for the dramatic difference.
For readers interested in this topic, let me suggest a 1999 article from the Online Film Critics Association.
Actually what I find even more stupid is that (in the US) full frontal female nudity is perfectly okay for a R, but any full frontal male scenes and you are talking NC-17 or X. For the nearly all male movie executives and ratings board members, it's not like this should be anything they haven't seen before. Right?
The sad thing is, if only Russia's space agency could of survived after the berlin wall came down, we would probably still have a thriving space race and maybe even more public interest.
The problem is that space exploration isn't a commercially viable enterprise. It is more likely that the large sums invested in their space agency accelerated Russia's evolution (or collapse).
On the other hand, the engineering expertise and proud tradition have inspired Russia to take the lead in space tourism. When I compare this to the conservative not-invented-here attitute found at US NASA, I can only cheer: "Go Russia! Go!" We should be embarassed that Russia is teaching the US and Europe lessons in capitalism.
We fell behind in television development, and that hasn't hurt us any.
Ah, but television (a.k.a. the opiate of the modern masses), doesn't enhance productivity. With their entertainment robots, I think Sony has done a brilliant thing. They've taken the output of their research division and produced a customer facing product. This is extremely difficult with such a speculative technology - just ask Bell Labs. As toys, these robots can demonstrate the technology without requiring the stability of a commercial release. And by offering a new market (besides industrial assembly lines), they can justify increased development expenses because they'll be able to spread the costs over a larger market.
...or simply make him very hard to kill, but worth zero experience and (upon death) dropping no items. If you get nothing from the effort, why bother?
This is a good way to store all those 4096 bit keys with your physical ones. Just don't lose that ring!
What do you mean by 'disparage MS using its own software'? You're merely documenting one of the many features of XP.
OpenVXI 2.0 was released just last week. According to the message on the VXI-discuss mailing list:
There is currently support for Windows (binaries are included) and Linux. Developers are currently working to add Solaris and Mac OS X.
NOTE: This is a VoiceXML interpreter. A real system would require a full speech recognition engine and a full text-to-speech implementation. SpeechWorks International ships a commercial version which connects to their recognizer and TTS products. This is a good playground for experimentation.
I haven't seen either of these points mentioned.
One: using firewire, the iPod can hotsync almost instantaneously with your Macintosh. That's very thoughful. The longer that I use technology, the less patient I get. I'd pay a little extra for this speed.
Two: what is the target market? The answer seems to be age 12-25 (junior high to college). These individuals are somewhat less price sensitive (assuming that their parents are paying) and are more likely to be sold by the flashy technology and design. If you agree (with some minor provisions), then you'll accept that Apple has a chance to win young converts to its platform. If this works, it's very attractive for Apple's future.
Okay, the comment was funny. But when I noticed the moderation, insightful, my ribs began to hurt.
Biometrics are much easier to implement when the person's alledged identity is known. If the person claims to be X, the system need only compute B(X) and compare that to a precomputed data base entry B'(X). These values will almost never be identical due to noisy real world systems (different lighting, microphone noise, dirt on the fingerprint/retina scanner, etc.). Instead a statistical comparison must be made. If B(X) is statistically similar to B'(X), admit entry, otherwise call the firing squad.
In the article, Bruce assumes his readers understand this. His explanation of why face recognition systems cannot find the rare targets in large populations is quite good. The same logic applies to voice matching for projects like Eschelon.
And, of course, this wouldn't prevent individuals from using their own valid IDs to access public areas. The assumption of most security systems is that the intruder wants to commit a crime and get out while minimizing the probability of detection. A suicidal terrorist does not have this goal. He/she seeks to enter an area, commit a crime, and then die in the attempt. The tools developed for normal security may not be appropriate for suicidal terrorists or individuals on shooting sprees.
On the other hand, I am a strong proponent of academic research. Now that I know that this research is going on, I'm tempted to start adding messages to anything I sell on E-bay. This will keep the researchers happy. After all, there is nothing more depressing that launching a large and time intensive search and the ending up with nothing. Soon, people will be seeing secret fnord messages everywhere.
And if you go to the Mac OS X section on Apple's site, you can see the updated info. This discusses the $19.95 upgrade and the in-store free update.
Then use ATL's windowing support instead.
<sarcasm>Yes, I've always preferred highly macro based toolkits making extensive use of templated classes and multiple inheritance. The result is so easy to debug and read!</sarcasm>
ATL has some things going for it when you compare it to MFC. I'm just not sure that's the best benchmark.
What is it they say, "When encryption is outlawed, only outlaws will have encryption".
I though it was "When encryption is outlawed, #$xp 4po+ xoO2 p;@H c#[) (tH/1 GXw2", though I might be wrong.
Or "I'm going to my congressman, he needs a clue" where 'congressman' = <senator> and 'clue' = 'dead-tree based letter' (because emails don't mean as much to elected representatives).
[Oops... the markup got stripped!]
Sarcasm is rarely recognized without the <sarcasm> tag.
Sarcasm is rarely recognized without the tag.
Amen! Where can I sign up?