a cluster is chained with a consecutive cluster if the bit encountered in the message is similar to the previous bit and a cluster is chained with a non-consecutive cluster if the message bit is different from the previous message bit.
Then, even if the data is encrypted with an unknown key, we can expect almost exactly half the clusters to be chained to consecutive ones, and they are distributed a random fashion. By counting the length of consecutive cluster blocks, we should see that 1/2 of them have 1 cluster, 1/4 have 2 clusters, 1/8 have 3 clusters and so on, and they are evenly distributed along the drive.
It's very unlikely that such a distribution would appear spontaneously on a disk by just using it normally, so someone who knows that this scheme exists can check whether it is present on the disk, even if they're not able to decode the data.
(Disclaimer: I haven't read the actual paper, they may have addressed this. Or the claim in the article may be incorrect.)
I've been worrying about the move to online content for many years now. With regular CDs and DVDs, if the content you want doesn't have a distributor in your region, it's usually easy, if a little more expensive, to buy it from a foreign store. With digital content you don't have that option: if the content is not being distributed by anyone in your region, you have no choice, no matter how much you're willing to pay (unless you're willing to work around the terms of service, or if you move to the other country and consume it there). The internet, which has the potential to make any content accessible to anyone in the world who's interested, instead ends up making the geographical divide stronger.
I'm a completist music freak, so I get really mad when there are digital-only releases or bonus songs I cannot get. I understand that most of the time the artists have no responsibility and don't even realize this is happening, so when I have the chance I try to point it out to them; but I haven't had even a single acknowledgement so far, and I'm starting to wonder if anyone actually thinks this is a problem.
Probably nothing, since one of the first things they suggest is to back up the file on CD, so you can re-import it any time you want.
If you're talking about simply copying the files to a CD (as iTunes suggests after the files are downloaded), you'll lose access to the data if (when) you switch computers and their authentication system no longer provides you with the key you need to play the files.
If you're talking about burning them as audio tracks on CDs that can then be re-imported to whatever format you want, for many people that's not an acceptable solution: it requires you to use many more CDs than simply storing the compressed files (and what happens if I don't want to use CDs at all, but instead backup to some other HD or remote service?), and re-importing it will either cause further quality loss or occupy a lot more space than the original files.
Personally, I only started buying DVDs after CSS was broken, I only buy music from iTunes because QTFairUse is available, and I'd only consider buying encrypted PDFs because there are programs that remove their protection. There are some videos there I'd also like to buy, but I'll only do it the day a program that can remove the DRM from them appears. I prefer buying content in an unprotected format if at all possible, but when it's not, my policy is to never buy any protected content from which I can't remove the protection without losing information.
Comcast has also announced a revenue-sharing program in which participating customers will receive a percentage of the money earned through any wiretaps on their accounts. Unfortunately, unless the customer is also participating in the aforementioned notification program, they will only be informed of their earnings due to a particular wiretap after it has ended.
According to customers, there is too much uncertainty involved with the current conditions. "I can't invest two grand a month without any profit guarantee," said a potentially participating customer who asked not to be identified. "And how can I know if my government-attention-grabbing behavior is being effective if I'll only know about my successes months later? Comcast should realize that it is also in their best interest to inform participants quickly and help them improve their techniques".
Of course you can argue till you're blue in the face that nobody would have bought the music anyways. Which is not really the point. The company placed a selling price on it. Somebody distributed it without paying the price N times. N * sales price.
It would be sort of like arguing that just because you stole something doesn't mean you're liable to replace the seller with the selling price or give the item back. You can argue there that nobody would have bought it either, but it's not very relevent. I know you're not actually equating the two things, but since some people do that, it is usually worth repeating the fundamental difference between the two cases...
With the physical stealing, since the quantity of the item is limited, the seller has actually lost the value he could have obtaining by selling the item to someone else. With the digital copying, the copyright owner has no actual loss from someone getting an unauthorized copy if they wouldn't have paid for an authorized one.
If this algorithm can be used to find the private corresponding key given a public key, someone would just need to get the private key for a certification authority (say, VeriSign), and they would then be able to create fake certificates at will. Of course the key would be revoked when the compromise is discovered, but a lot of interesting stuff could be done in the meantime. It would be very handy for creating phishing sites, among other uses.
Skype may be doing the same thing, but there is really no way to know, is there? Modify the code for getpwuid() so that it returns a fixed value instead of accessing/etc/passwd, and run Skype with this modified library. Watch whether it still tries to access the file.
Anyone savvy enough to block ads is probably savvy enough to have their browser present its user-agent as Internet Explorer if necessary.
The corollary is that these sites will only block Firefox users who are not savvy enough and would see their ads anyway, and thus doing it may actually reduce their earnings.
From the page:
To enable high security, in future, SSL protocol shall be supported, i.e. all data shall be encrypted, at users request, with user/service certificates. The only application I can see for this is if someone wants to use the random output to generate an encryption key, but in this case, the random data will be only as secure as the SSL protocol encryption. The only way not to reduce the security of the data is to use a key as big as the data itself, but that's impractical.
Any security gains using SSL encryption could provide can be just as easily obtained by simply encrypting the random stream yourself with a key generated from a local random source before using the data.
At least, unlike the Chinese firewall, the Norwegian one would be acknowledged by the government, the blocking criteria would be publicly disclosed, and Norway's citizens would be free to criticize the censorship. For now.
Let's create a new, CC-licensed, birthday song, and start using it in our parties. I bet our collective mind is able to create something better than the annoying, stupid, old "Happy Birthday".
Bonus points if it says something more interesting and meaningful than just "happy birthday". Double bonus points if the birthday person doesn't have to stand with a dumb look on their face while they wait for the song to end, and pretend they've enjoyed it afterwards.
(I'm joking, but replacing the birthday song at our parties and explaining the reason might even be a nice way to draw other people's attention to how stupid copyright law has become.)
"In each of the 17 countries involved in today's actions there are legal music services available to consumers. There is no excuse."
Actually I can think of a few excuses:
the music I want is not available in any legal music service in my country
the music I want is not available in legal music services in a format I can use
the legal music services restrict my usage of the music in ways that make it less useful to me than "illegal" downloads
I cannot use any of the payment methods offered by the legal music services
I want to listen to the music in its entirety to decide if it is worth buying
I do not have enough money to buy the music I want (but intend to buy it when I do)
Some of them may be less acceptable than others, but the notion that the simple existence of a legal music service in a country means that there isn't any excuse for downloading music there is, in my opinion, extremely short-sighted.
The industry and job function fields in the registration form mentioned in the blog entry are clearly indicated as optional in a line above them. What is the problem then?
Okay, maybe the customer didn't see the indication, but it doesn't seem like TigerDirect was purposelly trying to hide it in order to make him think he had to give the information. Or maybe the customer tried to send the form without filling those fields and got an error (I've had similar problems), but in this case this would be a very different issue and should have been mentioned in his story.
I understand the point the Infoworld writer is trying to make: I frequently feel that I'm being asked too many questions when filling forms (both on- and offline). But this was not an appropriate example.
Here's a suggestion. I haven't done it, and I don't know whether it would (technically or legally) work, but it's been in my mind for some time.
I'll assume the computer is running Windows (doing something similar under Linux should be easier). Use Scramdisk or other disk encrypting software and create an encrypted disk where all the (illegal) software will be installed. When the audit comes, unmount the encrypted disk and don't give them the key (after all, the disk is encrypted precisely because it contains your confidential documents). Then they won't be able to prove you have unlicensed software.
But they can still see your Registry, System folder and Start menu for traces of installed software, can't they? There are two solutions:
Tell them you installed the software, but later removed them. Since uninstalling it through Add/Remove programs is too time-consuming, you simply deleted the folders where you had installed them, so the traces in the Windows dir were not removed. It might not be very convincing, though.
Copy everything each software installs in the Windows folder to some place in the encrypted disk, and export the corresponding Registry keys to a file on this disk as well. Create a batch program which copies these files to the appropriate places, and another one that removes everything (you can create a Regedit file to erase the appropriate entries). Before using the program, run the first batch, and afterwards (or when the audit comes) run the second one. You should wipe the free disk space after removing the files.
The second method is not very straightforward, but it should provide good security. Once one person analyses each software and creates the appropriate reg and batch files, everyone can use them.
Using this method, when the BSA comes, there will be no signs of illegal software in the computer. And if they try to break the encryption on the disk, simply sue them under the DMCA...
When the digital output from a CD player is connected to the digital input of Philips CD recorder, or Sony Mini Disc recorder, the German disc gives the error message "Copy Prohibit" or "Cannot Copy".
All MiniDisc recorders allow a first-generation digital copy from a CD into a MD. This behaviour is mentioned on the Sony MZ-R90 manual, and probably in every other MD recorder's manual as well. It would be nice if lots of MD recorders in Germany (especially the Sony ones, and those still in their guarantee period) were taken to a Service Dealer for not operating correctly when trying to record from this CD.
What will Sony do if one of the main features of their MD recorders (making music compilations) doesn't work with their own CDs? I don't think it would help sales...
Slashdot Mirror
a cluster is chained with a consecutive cluster if the bit encountered in the message is similar to the previous bit and a cluster is chained with a non-consecutive cluster if the message bit is different from the previous message bit.
Then, even if the data is encrypted with an unknown key, we can expect almost exactly half the clusters to be chained to consecutive ones, and they are distributed a random fashion. By counting the length of consecutive cluster blocks, we should see that 1/2 of them have 1 cluster, 1/4 have 2 clusters, 1/8 have 3 clusters and so on, and they are evenly distributed along the drive.
It's very unlikely that such a distribution would appear spontaneously on a disk by just using it normally, so someone who knows that this scheme exists can check whether it is present on the disk, even if they're not able to decode the data.
(Disclaimer: I haven't read the actual paper, they may have addressed this. Or the claim in the article may be incorrect.)
I'm a completist music freak, so I get really mad when there are digital-only releases or bonus songs I cannot get. I understand that most of the time the artists have no responsibility and don't even realize this is happening, so when I have the chance I try to point it out to them; but I haven't had even a single acknowledgement so far, and I'm starting to wonder if anyone actually thinks this is a problem.
If you're talking about simply copying the files to a CD (as iTunes suggests after the files are downloaded), you'll lose access to the data if (when) you switch computers and their authentication system no longer provides you with the key you need to play the files.
If you're talking about burning them as audio tracks on CDs that can then be re-imported to whatever format you want, for many people that's not an acceptable solution: it requires you to use many more CDs than simply storing the compressed files (and what happens if I don't want to use CDs at all, but instead backup to some other HD or remote service?), and re-importing it will either cause further quality loss or occupy a lot more space than the original files.
Personally, I only started buying DVDs after CSS was broken, I only buy music from iTunes because QTFairUse is available, and I'd only consider buying encrypted PDFs because there are programs that remove their protection. There are some videos there I'd also like to buy, but I'll only do it the day a program that can remove the DRM from them appears. I prefer buying content in an unprotected format if at all possible, but when it's not, my policy is to never buy any protected content from which I can't remove the protection without losing information.
Comcast has also announced a revenue-sharing program in which participating customers will receive a percentage of the money earned through any wiretaps on their accounts. Unfortunately, unless the customer is also participating in the aforementioned notification program, they will only be informed of their earnings due to a particular wiretap after it has ended.
According to customers, there is too much uncertainty involved with the current conditions. "I can't invest two grand a month without any profit guarantee," said a potentially participating customer who asked not to be identified. "And how can I know if my government-attention-grabbing behavior is being effective if I'll only know about my successes months later? Comcast should realize that it is also in their best interest to inform participants quickly and help them improve their techniques".
It would be sort of like arguing that just because you stole something doesn't mean you're liable to replace the seller with the selling price or give the item back. You can argue there that nobody would have bought it either, but it's not very relevent. I know you're not actually equating the two things, but since some people do that, it is usually worth repeating the fundamental difference between the two cases...
With the physical stealing, since the quantity of the item is limited, the seller has actually lost the value he could have obtaining by selling the item to someone else. With the digital copying, the copyright owner has no actual loss from someone getting an unauthorized copy if they wouldn't have paid for an authorized one.
If this algorithm can be used to find the private corresponding key given a public key, someone would just need to get the private key for a certification authority (say, VeriSign), and they would then be able to create fake certificates at will. Of course the key would be revoked when the compromise is discovered, but a lot of interesting stuff could be done in the meantime. It would be very handy for creating phishing sites, among other uses.
The corollary is that these sites will only block Firefox users who are not savvy enough and would see their ads anyway, and thus doing it may actually reduce their earnings.
Any security gains using SSL encryption could provide can be just as easily obtained by simply encrypting the random stream yourself with a key generated from a local random source before using the data.
At least, unlike the Chinese firewall, the Norwegian one would be acknowledged by the government, the blocking criteria would be publicly disclosed, and Norway's citizens would be free to criticize the censorship. For now.
Let's create a new, CC-licensed, birthday song, and start using it in our parties. I bet our collective mind is able to create something better than the annoying, stupid, old "Happy Birthday".
Bonus points if it says something more interesting and meaningful than just "happy birthday". Double bonus points if the birthday person doesn't have to stand with a dumb look on their face while they wait for the song to end, and pretend they've enjoyed it afterwards.
(I'm joking, but replacing the birthday song at our parties and explaining the reason might even be a nice way to draw other people's attention to how stupid copyright law has become.)
Actually I can think of a few excuses:
Some of them may be less acceptable than others, but the notion that the simple existence of a legal music service in a country means that there isn't any excuse for downloading music there is, in my opinion, extremely short-sighted.
Okay, maybe the customer didn't see the indication, but it doesn't seem like TigerDirect was purposelly trying to hide it in order to make him think he had to give the information. Or maybe the customer tried to send the form without filling those fields and got an error (I've had similar problems), but in this case this would be a very different issue and should have been mentioned in his story.
I understand the point the Infoworld writer is trying to make: I frequently feel that I'm being asked too many questions when filling forms (both on- and offline). But this was not an appropriate example.
I'll assume the computer is running Windows (doing something similar under Linux should be easier). Use Scramdisk or other disk encrypting software and create an encrypted disk where all the (illegal) software will be installed. When the audit comes, unmount the encrypted disk and don't give them the key (after all, the disk is encrypted precisely because it contains your confidential documents). Then they won't be able to prove you have unlicensed software.
But they can still see your Registry, System folder and Start menu for traces of installed software, can't they? There are two solutions:
- Tell them you installed the software, but later removed them. Since uninstalling it through Add/Remove programs is too time-consuming, you simply deleted the folders where you had installed them, so the traces in the Windows dir were not removed. It might not be very convincing, though.
- Copy everything each software installs in the Windows folder to some place in the encrypted disk, and export the corresponding Registry keys to a file on this disk as well. Create a batch program which copies these files to the appropriate places, and another one that removes everything (you can create a Regedit file to erase the appropriate entries). Before using the program, run the first batch, and afterwards (or when the audit comes) run the second one. You should wipe the free disk space after removing the files.
The second method is not very straightforward, but it should provide good security. Once one person analyses each software and creates the appropriate reg and batch files, everyone can use them.Using this method, when the BSA comes, there will be no signs of illegal software in the computer. And if they try to break the encryption on the disk, simply sue them under the DMCA...
All MiniDisc recorders allow a first-generation digital copy from a CD into a MD. This behaviour is mentioned on the Sony MZ-R90 manual, and probably in every other MD recorder's manual as well. It would be nice if lots of MD recorders in Germany (especially the Sony ones, and those still in their guarantee period) were taken to a Service Dealer for not operating correctly when trying to record from this CD.
What will Sony do if one of the main features of their MD recorders (making music compilations) doesn't work with their own CDs? I don't think it would help sales...