Slashdot Mirror


User: CodeBuster

CodeBuster's activity in the archive.

Stories
0
Comments
4,754
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,754

  1. Re:Not evisceration, but a major blow on Arizona Judge Shoots Down RIAA Theories · · Score: 1

    Compare that to the case where I put a whole bunch of books on a table out by the sidewalk with a sign "Free books, take as many as you want." Even that would be legal according to the doctrine of first sale. You have the right to dispose of your legally acquired legal copy (i.e. your property) as you wish, including giving it away. However, it would probably not be lawful if you ran off Xerox copies of the books and put the copies on the table with a "free books, take as many as you want" sign. Copyright law covers the right to make and distribute copies, but it does not control what you may or may not do with your legally acquired legal copy once it is in your possession.
  2. Re:I have to say... on Arizona Judge Shoots Down RIAA Theories · · Score: 2, Insightful

    It was not so much that a transaction had not taken place, but rather that the RIAA had failed to prove, in point of fact, that a transaction had actually taken place (i.e. it is not enough that the law could have been broken, it must be shown that it actually was broken). I thought that the following commentary from senior EFF lawyer Fred von Lohmann was especially informative:

    "If the RIAA wants to keep bringing these suits and collecting big settlements, then they have to follow the law and prove their case. It's not enough to say the law could have been broken. The RIAA must prove it actually was broken."

    It has been said that "reason is the light of the law" and we certainly saw that light shine through today in this decision.

  3. Re:We want them broken. on UK to Ban Possession of Certain 'Violent' Pornography · · Score: 1

    which they do by being reelected, not by throwing people into jail. They get re-elected by giving the impression that they are "tough on crime" which means passing more draconian laws and throwing more people in jail for longer mandatory minimum sentences for non-violent "crimes". Convicted criminals don't vote and no politician wants to be branded as "soft on crime" so they do in fact get re-elected by throwing people into jail because that is what ignorant voters have indicated that they want in poll after poll.
  4. Re:Really? on Microsoft Helps Police Crack Your Computer · · Score: 1

    If the whole disk encryption feature is employed then the disk is never written unencrypted, the writes are encrypted and reads are always decrypted on the fly. It is equivalent to running on a virtual disk. There is a special boot loader installed on the boot partition which takes as input the key as the very first step in the boot process and after that Windows runs as if the boot partition was a virtual disk and there are never any unencrypted writes to the disk (including swap file) because the entire partition is encrypted and mounted as a virtual disk. The only possibility is to recover the key from the RAM, which looses all contents once the power is cut (I am not an expert on volatile memory, but I suspect that this is very difficult or impossible to do reliably once the power is cut). A machine configured in this manner can be hard shutdown by cutting the power (an action requiring a couple of seconds or less, especially with a conveniently mounted kill switch) and the encrypted state is always preserved.

  5. Re:Flaw on Microsoft Helps Police Crack Your Computer · · Score: 1

    It is pretty easy to hard shutdown (i.e. cut power) a machine quickly (generally only requires a couple of seconds) and particularly so when one has prepared for such an eventuality with an easily reached kill switch.

  6. Re:Really? on Microsoft Helps Police Crack Your Computer · · Score: 1

    The whole point of encryption is that it cannot be easily bypassed. The only way to get past the encryption is to decrypt the encrypted information. Now obviously Microsoft may have included back door keys or other mechanisms as "safety valves" for law enforcement, but nobody who is serious about their cryptography is going to trust the Microsoft disk encryption services. The full disk encryption services provided by TrueCrypt (free and open source), for example, are NOT going to be easily defeated by any external technical analysis.

  7. Re:Here's a thought... on Hans Reiser Guilty of First Degree Murder · · Score: 1

    Even if she didn't want to come out there are private investigators and bounty hunters out there who can find anybody just about anywhere in the world for less than $100,000 (i.e. unless she is dead and the body missing they will find her) and Riser probably spent more than that on his defense.

  8. Re:Sociopath. on Hans Reiser Guilty of First Degree Murder · · Score: 1

    and can imagine very easily themselves in the same position without having done anything Which is why you should follow the advice of your attorney and NOT testify. This is doubly true for a nerdy slashdot geek, who is probably not good in social situations anyway, going up against a prosecutor who is educated in the nuances of the (illogical) laws, debate tactics, and is probably a skilled verbal manipulator to boot. The nerd might think that he comes off well with logical responses, but the prosecutor knows that logic is only part of the game and that theatrics, body language, and various appeals to human weaknesses on the jury will also play into the impression of who "won" the cross examination, the prosecutor or the defendant. We accuse the lawyers of misunderstanding technology all of the time so why should we presume to act against the advice of our attorney and compete with an adversary, the prosecutor, on his home field where he (the prosecutor) has a distinct advantage? As the nerd might say, "your expected winnings in that game are negative".
  9. Re:Sociopath. on Hans Reiser Guilty of First Degree Murder · · Score: 1

    A battery of police detectives took the stand to testify that Reiser performed countersurveillance maneuvers following Nina's disappearance This is why the CIA, when training case officers who will be operating overseas, tell their students that it is never a good idea to attempt to evade surveillance. First, you tip them off to the fact that you know they are watching you and second, even if you suceed in ditching them today, they will come back with two and three times the personnel tommorrow with their suspicions confirmed and multiplied that you really have something worth hiding. No, the correct response is to do normal borring things until they become so bored with watching you they give up out of extreme boredom at how uninteresting and normal you are, convinced that they have the wrong guy.
  10. Re:If you get arrested and/or get put on trial... on Hans Reiser Guilty of First Degree Murder · · Score: 1

    Just ask for a lawyer. That is exactly correct. The police are neither judge nor jury, they are simply there to collect and preserve evidence and that includes whatever you say to them. This is why I laugh whenever I see people arguing with the police officer who is writing their traffic citation without even having the common sense to realize that the officer is writing them up for a lesser offence than he *could* have...he is doing them a favor and they don't even know it...they still argue with him.
  11. Re:Coldfusion Anyone? on Half a Million Microsoft-Powered Sites Hit With SQL Injection · · Score: 1

    I have some experience with coldfusion coldfusion is dead or dying. You are the first person that I have heard mention it in years. If people are going to choose a proprietary solution for their web application server needs then they generally choose IIS with ASP.NET; otherwise the choice is probably PHP on Apache or Ruby on Rails.

    So maybe everyone should switch to a safer language, eh? The problem here is not the language it is the use of that language in ways that are specifically warned against as being dangerous. The power to create complex applications brings with it the possibility of self-destruction. The addition of power tools to your wood shop can expand productivity and open up new types of projects which were previously unavailable to you. On the other hand, you have to be careful with that circular saw or you might loose a few fingers. Power and complexity vs safety and simplicity but with limitations are trade offs that every developer must make.
  12. Re:Slashdot on a military roll on Smithsonian Gets Military UAVs · · Score: 1

    It was my understanding that the military geek was more a specific sub-type (in Japan they are called gunji otaku) rather than a contradiction in terms.

  13. Re:The surveillence is the easy bit on Is Cheap Video Surveillance Possible? · · Score: 1

    The primary value of surveillance lies in the deterrence value. The businesses which employ these methods often make no secret of the fact that they are recording what happens on the premises. Surveillance keeps honest people honest, but it will not stop determined adversaries and the police are likely, as you say, to be uninterested unless people were hurt or the monetary value of the stolen property was very high.

  14. Re:IQeye on Is Cheap Video Surveillance Possible? · · Score: 1

    There is no need for a separate motion sensor as motion can be detected by differential analysis of consecutive frames in the video stream (this can be done in either hardware or software). The usual setup for video surveillance is to continuously record the video stream into a fixed sized buffer, generally five (5) minutes worth or so equivalent with size given in KB. If motion is detected in several consecutive frames above a threshold then the entire buffer is dumped to a permanent file (which captures the segment immediately preceding the beginning of the motion and the beginning of motion) and the recording continues adding to both the buffer and the permanent file as long as the motion continues and for the remainder of the buffer after the motion ceases. The hardware and software camera systems that I have encountered for basic home and business surveillance all implement some variation of these methods and usually include an option for continuous recording, regardless of motion, if desired (although this is not necessary in my experience since the motion detection scheme works quite well and you really only care about the portions where something interesting happened...something moved).

    I would suggest high quality black and white cameras that can see clearly (particularly in very low light situations) and deliver sharp images. The full color cameras that can achieve the same resolution and low light capabilities cost a fortune and don't really add anything much over the black and white models. The cheap color cameras are to be avoided because in low light situations they are generally worthless for identifying the individuals or objects in the frames. There are probably Casinos with excellent full color and low light surveillance but for them money is, for all practical purposes, no object.

  15. AT&T wants to Minimize Potential Lawsuits on AT&T Denies Resetting P2P Connections · · Score: 1

    AT&T said it wants to monitor its network traffic for IP violations. They only said that because there is nothing to be gained from telling the truth, namely that the really don't give crap about IP as long as they are not sued and their customers continue paying for their Internet service. They probably care somewhat about bandwidth, but that is a separate issue from intellectual property (IP). Corporations care about profit and whatever else they say must be viewed through the profit lens because it is probably being said (or spun to put it more precisely) in service of that goal. The first rule of public relations, corporations, and government: never tell the truth when a lie will do just as well. They will tell the truth when it matters (i.e. the potential consequences of lying are not worth the benefits or it is a matter of no consequence where even the small risk of lying is not worth it), but why make it easier for litigants to sue you by telling the truth (i.e. that you don't give a damn about their intellectual property, let them police it)?
  16. Re:Take away monetary incentive from textbooks on Competition In the Free Textbook Market · · Score: 1

    I agree. The best teachers at my university invariably taught with their own notes and materials and eschewed the textbook entirely or provided references to any number of suitable textbook or other published sources for references when necessary and let the students choose what worked best for them. The homework problems and notes were always posted on the course websites in such cases so that information which out of necessity required commonality remained so without burdening the students with this year's required Textbook (same as last year's except new sidebars, re-arranged chapters, and different exercises). The worst teachers invariably wrote or collaborated on their own textbook, required the most recent edition of their own off-brand textbook (for which they receive kickbacks from the publisher) and generally made it hard to get by without buying it while suggesting and dropping hints all the while that it really was required for the course.

  17. Re:Unit Tests are not wasteful on Donald Knuth Rips On Unit Tests and More · · Score: 4, Insightful

    Unit tests, especially if written and organized in an intelligent fashion, can be of tremendous value in eliminating small coding errors that were not inteded but are bound to creep in if the project is large enough. If you are clever about your tests then you can usually inherit the same test multiple times and get multiple uses out a test or part of a test. If unit tests are not used then it is more likely that several small errors in seemingly unrelated classes or methods can combine in an unforseen way to produce nasty and unexpected emergent behavior that is difficult to debug when the whole system is put together. Unit tests will not make up for crappy design, but they will help detect minor flaws in a good design that might otherwise have gone undected until final system integration where they could be much more difficult to debug.

    I actually have a great deal of respect for Knuth, but I think that he is wrong about unit tests. Perhaps it is the difference between the academic computer scientist and the career programmer who admires the ivory tower, but is willing to make concessions in the name of expedience and getting work done on time.

  18. Indiana Jones was My Favorite Pinball Game on The Last Pinball Machine Factory · · Score: 1

    The Indiana Jones Pinball game was really the best of the few which I can remember playing. It had all of the movie scenes from Raiders to Crusade covered in the modes and the funny one-liners from the movie mostly made it into the game too, giving the humour a sarcastic, irreverent, and dry feel that was just perfect for the whole Indy theme. For example, you received 25,000 points for "choosing poorly" in the grail scene (complete with rapidly decomposing corpse). If I could own any Pinball cabinet of my choice then it would have to be Indiana Jones.

  19. Re:GAO Report on Further Details From Soyuz Mishap · · Score: 1

    You are all missing the essential point: How often is the maximum payload launch weight flown on a shuttle mission? I am not certain without looking up the mission records, but I would bet that it is rarely done out of safety concerns. Why not divide the payload into more than one trip on heavy lift boosters? Also, how often would it be the case that more than three (3) crew members would need to embark to the ISS on a single trip (the shuttle carries seven)? The unique capabilities of the Space Shuttle are often cited by defenders of the program without mentioning how rarely those capabilities are actually used or how multiple launches of smaller vehicles could achieve substantially similar results in most cases.

  20. Re:Bias? on 500 Thousand MS Web Servers Hacked · · Score: 1

    Its such a rediculous flamebait, I don't know what to say. Controversy, real or imagined, is what promotes news and blogs which sell ads. They have a saying in the news business, "if it bleeds then it leads", which says a lot about what passes as "news" these days. By the time that people figure out that a story is exaggerated or factually incorrect the world has moved on to the next daily amusement and the journalists who are responsible are rarely if ever punished so why should they check their facts before going to press? If it is sensational then they will make money and even if they have jumped the gun there is no downside (at least for them).
  21. Re:Disagreement is bad? on Bill Gates On the GPL — "We Disagree" · · Score: 1

    To be fair to Mr. Gates, the 1978 computer club open letter was written because the members of computer club(s) were making copies of his MITS Altair 8800 BASIC interpretor program on paper tape and distributing them without (and in some cases with, but Microsoft didn't receive money) charge. In effect they were taking his work without his permission. The GPL allows people to elect to give away their work with certain conditional use clauses attached. If the author choses not to license his program in that way then it is not right to simply take it because you think it should be free.

  22. Re:Public Key Cryptography and Message Signing. on Researchers Infiltrate and 'Pollute' Storm Botnet · · Score: 2, Interesting

    it would simply be a matter of analysis to locate the key. Allow me to be more clear: the key stored in the bot code would be the public key of the botnet operator so even if the researches found it it would not help them to sign false messages. For that they would need the private key which, of course, would be retained by the botnet operator and never distributed. If the correct signature cannot be forged without the private key then the command messages would be safe, even if analysis recovered the public key from the bot binary.

    Messages to the Command and Control will still be protected if public-key crypto is used...The signatures will not be able to be faked, so your approach is correct in that it would prevent the researchers from injecting commands. Right and right again. I should have been more clear about the public key issue in the message signing part of the original post.

    The bots can use PKI to talk among themselves, but because each bot will have its own keys (and how will they negotiate keys to encrypt?)

    The diffie-hellman key exchange algorithm does not require PKI to work, although the addition of PKI can make it more secure. If PKI is not employed as part of the key exchange then it is vulnerable to man-in-the-middle (MITM is usually difficult to do in practice over TCP/IP due to timing and network latency issues among other difficulties).

    the process should be at least observable at a much deeper level unless the programmers are very careful to have considered a man-in-the-middle attack and, for example, used signed keys PKI between bot instances is impractical. There are too many instances (on the order of hundreds of thousands at least) and how would they securely store their individual private keys and distribute and forward all of their public keys? They could use naive Diffie-Hellman, but not PKI for inter bot communications. I agree that this would be vulnerable to analysis in a controlled environment.

    This would prevent forgery of signatures, but would still allow the researchers to intercept any communications for a bot which the researchers can control. A small percentage, but in a lab this could allow the researchers to decode at least some of the "Secret Handshakes" used, those being the ones for bot to bot communication. Right, I agree. Although it might be somewhat cumbersome to set up the controlled environment. You would need at least two (2) bots in the sandbox network that can be induced to communicate with each other with a third host performing the MITM and analyzing the secret handshakes (which occur after the secure connection is established via Diffie-Hellman).

    Communication TO the Command and Control, however, would remain inaccessible. Right, and this probably how the really important operations are executed anyway, under the command and control of the botnet operator.

    However, public key encryption is notoriously hard on the CPU, requiring many more cycles when compared to a similar (equal protection from brute force attack) symmetric algorithm. Right and the PKI for the command and control protocol would have to use big keys because if they are cracked then the entire command and control network is cracked (probably 2048 bit RSA would be used). The private key for message signing on the command and control protocol would be an attractive target to say the least. As for slowing down the machine that probably wouldn't tip of f the naive user/owner since they will probably chalk it up to "their computer is old" or "well, that is Windows for you".

    I guess your approach will work partially, but enough to make life difficult for "the good guys". That is all that the botnet author really needs to do, make it hard enough so that people don't want to bother with attempting to disrupt the bot network.
  23. Re:Public Key Cryptography and Message Signing. on Researchers Infiltrate and 'Pollute' Storm Botnet · · Score: 1

    As in, they mess with the encryption key so that any data that comes in from the controllers or other bots will be reported as bogus due to the controller/bot keys not matching. This is probably due to a flaw in the bot implementation which allows input data to smash the stack and overwrite the stored public keys which are being used for cryptography operations (the session keys are presumably negotiated online with Diffie-Hellman exchange). If the bot authors patch this vulnerability allowing key overwrites then the cryptography approach would still be sound.
  24. Public Key Cryptography and Message Signing. on Researchers Infiltrate and 'Pollute' Storm Botnet · · Score: 5, Insightful

    I predict that the botnet authors will respond with the following counter-measures:

    1) Command messages sent to the botnet by the operator will employ public key cryptography and message signing so that bots can determine real commands from headquarters (i.e. the bot net operator) from fake ones.

    2) The bots themselves will use encryption to communicate amongst themselves and employ secret handshakes once the encrypted channel has been established to detect imposters. It would not be difficult to arrange for the botnet to automatically coordinate and begin punative attacks against hosts which attempt to inject false commands into the botnet.

  25. Multi-License Software is Possible on Bill Gates On the GPL — "We Disagree" · · Score: 2, Interesting

    The GPL does not prevent you from negotiating a separate and different agreement with the copyright holders and operating under that agreement instead of the GPL. The MySQL project (which seems to have fallen out of favor recently here on Slashdot) is an example of such a licensing scheme. Now, in practice it may be difficult to track down and negotiate with each of the individual copyright holders who have contributed to a GPL project, but it is not impossible to do so if one really does not want to release improvements under an open source license such as the GPL.