But here's the problem. Magic Lantern is specifically designed to steal people's PGP keys. And PGP is typically used to encrypt e-mail exchanged between two parties. So, you could very well run Linux with Tripwire, etc. etc. and have a secure system. But if the majority of your correspondants use Windows and a popular anit-virus package like Norton or McAfee, which the vast majority of people do (if they run any anti-virus software at all, that is) then your e-mail isn't really secure at all.
So, don't be under any illusions that you're safe just because you run an unusual and secure system. Heck, I have enough trouble getting my correspondants to use PGP at all, and most of them still don't. So the majority of my e-mail is vulnerable to Carnivore snooping even without Magic Lantern!
Just imagine how hard it will be to convince your non-geek friends to not only use PGP, but to switch to Linux and run Tripwire!
I have an account with Cogeco cable in Windsor, Ontario, Canada, and they had us switch our e-mail addresses about a month ago to user@cogeco.ca. I notice now when I do a traceroute I see only one router with a.home.net name (there used to be many) and the traffic then goes through a bunch of routers in Teleglobe.net starting in Toronto then getting to New York by way of Chicago. So, other than that one router (in Ontario) which may not even be owned by @Home anymore, we seem to be completely independent of Excite@Home. Service seems about the same as always: great when it's up, down a bit too often.
This is like the electric company charging me per light.
They do, in the sense that you pay for electricity by the kilowatt hour so if you have two lights on all month you pay twice as much is if you have one.
Cable modem service is generally charged at a flat rate however, unlike electricity. This is because most customers prefer it that way. You wouldn't want to have to pay for every banner ad that appears as you read the news!
Because you are paying a flat rate, it is understandable that the cable company would want to restrict your ability to "share" your service with others. Just as a restaurant with an all you can eat buffet doesn't generally let you share with a group of other people that come in with you and don't order anything.
But you can't have it both ways. Most people want a flat rate, but then there obviously have to be some restrictions on sharing, otherwise you might have one subscriber who shares his connection with the entire city!
And the drawbacks to not having a flat rate, and instead, a charge per kilobyte are that you have to be much more careful about which websites you visit, as they might push all kinds of unwanted content to you which you have to pay for. How would you like to pay for every banner ad that pops up when you read CNN?
I think a pay-per-byte scheme would lead to a much less satisfying Internet experience. Most people like flat rates. How many people watch pay-per-view movies on cable, for instance? (I should say how many people pay for pay-per-view movies which is a very different question, but I digress.)
But if you want a flat rate, it is obvious that you can't expect to be allowed to connect your entire block up to your "pipe". Just like in a restaurant with an all you can eat buffet, you can't bring in a crowd of 12 people and buy one such meal and share it!
Can't the private key be encrypted with a passphrase before storing it on the server?
Then, when you wish to log in, the encrypted private key is downloaded into the client and decrypted with the passphrase. Thus the folks that run the server never see the private key.
I'm not sure if that's the way Cryptohaven works, but many other services use this model.
As I understand, SDMI can mean more than one thing.
One is the ability to play special encrypted files under carefully controlled circumstances, in addition to being able to play standard, open MP3 files. If that's the case, what does it matter if your player happens to be SDMI compliant? You can just ignore the SDMI features and use it is a normal MP3 player. The only drawback might be you have to pay a little more for the useless SDMI circuitry.
The second phase of SDMI, however, as I understood it, would require the player to look for watermarks, possibly preventing you from playing normal MP3s which have the watermarks embedded in them. Of course, you want to avoid such players like the plague!
Does anyone know what current SDMI-compliant MP3 players do? Do they look at watermarks yet?
I though there was a fairly strong consensus on/. that software is free speech. Certainly that was the opinion while the DeCSS issue was being discussed.
If someone wants to write content filtering software should they be prevented from doing so, and by whom? If not, in a capitalist, free market system with free speech guarantees, isn't it logical that someone will fill a demand for such software to make a buck? Isn't this the way it is supposed to work?
So, which would you rather have, a society in which people are allowed to write whatever software they want, including content filtering software (and tunnels to circumvent them) or a society in which software development is regulated and controlled, and content filtering software is outlawed.
Ok, if you're reading this Wil, you shouldn't feel bad. You certainly didn't come off nearly as badly on the show as Roxann. I honestly don't know if she was joking or not, but if not, she sure did not do much to improve her image with her final comments.
As I'm sure you know, it is very common for people to flirt jokingly on celebrity versions of that show. People do it all the time, and yours was no different, except for the fact that you had a much cooler shirt than any I've seen on that show before.
and I highly doubt we're going to be able to download the specs from FBI.gov
No, the point being made is that we don't have to. We need only look in the McAfee anti-virus code to pull out the public keys/checksums/whatever to find the identifying characteristics that must be shared by all the ML code in order for McAfee to ignore it.
Remember that the article stated, however, that McAfee assured the FBI that they would cooperate in taking steps so as not to interfere with ML. The article specifically did not state that the FBI agreed! And for the reasons given here, I doubt they will!
Society's still arguing about whether it's ethical to put CONVICTED PEDOPHILES in such a registry, for crying out loud!
But the difference is that the pedophile database you're referring to is a publically accessible one, and can be used by potential employers, landlords, and nosy neighbors, usually resulting in a situation where it is virtually impossible for the ex-con after serving their time to live anywhere.
By contrast this is a secret database, used only by the police for surviellance purposes. As far as I can tell, it does not impose any obligations on or restrict the freedom of any individuals on the list. Also, prospective employers and schools will not have access to the list, and so no discrimination could result. The only effect of being on the list is that if you commit a crime, there is more likely to be a cop nearby to catch you.
Is it ethical and moral for the government to be telling individuals how they can and can't reproduce?
It's one thing for the gov't to limit or disallow federal funding for research that a large number of taxpayers find objectionable. After all, taxpayers shouldn't be required to fund what a majority of them don't believe is right. If you go to the gov't with your hand out asking for money they certainly have a right to put conditions on how you use it.
But we're talking about something very different and much more sinister here. The house bill actually says you can't spend your own money on cloning. What right to they have to tell people how they can and can't reproduce? The supreme court even said they can't outlaw abortion which is killing a healthy, living human fetus. Now human rights are supposed to extend before conception??? Doesn't anyone else find this somewhat frightening?
Besides that i don't think a law will be passed that makes it illegal for US citizens to install anti-FBI-worm software.
Actually, my question was is it already illegal under obstruction of justice laws? I am aware that no specific "Magic Lantern" laws have been passed. But obstruction of justice laws already do exist. I was just wondering if deleting Magic Lantern from you computer could be considered obstruction of justice. Much like trying to bar the police from entering your house when they serve you with a search warrant.
And even if i was,how would you be detected?
Simple. They install Magic Lantern on your computer and when they attempt to "log in" it isn't there!
I'm curious. Does anyone know anything about the legality of software which would detect and/or thwart Magic Lantern?
Would one be guilty of obstruction of justice if one were to knowingly distribute software which could interfere with law enforcement software? For instance, in many states, radar detectors are illegal. Of course in that case there is a specific law which covers them. I'm just wondering about existing laws which would apply to "Magic Lantern Busters".
And from an end-user perspective, would I be guilty of obstruction of justice if I detected Magic Lantern in my computer and deliberately removed it by, say, re-installing the OS from a CD-ROM? Presumably if Magic Lantern were installed, it would have been done so with a warrant.
This could be a real issue for people who run software like Tripwire. I'm not a lawyer, and I realize Slashdot isn't the best place to seek legal advice, but I am a bit curious if anyone knows of any relevent statutes or precedents. Of course Magic Lantern is too new to have a case history of its own, but does anyone know of related precedents or laws which might be relevent?
CERNlib is a package for high energy physics created by CERN, the people that brought us the web.
It is geared for high energy physics data analysis, but it has many useful tools for doing things such as histogramming data and plotting data, as well as many other numerical routines. MINUIT, the minimization package that comes with CERNlib is the best around.
The package is FORTRAN based, and works with g77/Linux as well as other systems.
This is another typical Slashdot exaggeration. There is no legal requirement that people remember all passwords. The only requirement is that people can provide the means to decrypt encrypted files. So if you use a password or passphrase to unlock a decryption key (as is commonly done in PGP, for example) you need to remember that password. But there is no harm in forgetting passwords used to access computer accounts beyond possibly losing access to your account or annoying a sysadmin who has to assign you a new password.
If you are like me you have several passwords for account access and only a very few for decrypting things. You are only legally required to remember the decryption passwords.
Slashdot Mirror
But here's the problem. Magic Lantern is specifically designed to steal people's PGP keys. And PGP is typically used to encrypt e-mail exchanged between two parties. So, you could very well run Linux with Tripwire, etc. etc. and have a secure system. But if the majority of your correspondants use Windows and a popular anit-virus package like Norton or McAfee, which the vast majority of people do (if they run any anti-virus software at all, that is) then your e-mail isn't really secure at all.
So, don't be under any illusions that you're safe just because you run an unusual and secure system. Heck, I have enough trouble getting my correspondants to use PGP at all, and most of them still don't. So the majority of my e-mail is vulnerable to Carnivore snooping even without Magic Lantern!
Just imagine how hard it will be to convince your non-geek friends to not only use PGP, but to switch to Linux and run Tripwire!
I have an account with Cogeco cable in Windsor, Ontario, Canada, and they had us switch our e-mail addresses about a month ago to user@cogeco.ca. I notice now when I do a traceroute I see only one router with a .home.net name (there used to be many) and the traffic then goes through a bunch of routers in Teleglobe.net starting in Toronto then getting to New York by way of Chicago. So, other than that one router (in Ontario) which may not even be owned by @Home anymore, we seem to be completely independent of Excite@Home. Service seems about the same as always: great when it's up, down a bit too often.
They do, in the sense that you pay for electricity by the kilowatt hour so if you have two lights on all month you pay twice as much is if you have one.
Cable modem service is generally charged at a flat rate however, unlike electricity. This is because most customers prefer it that way. You wouldn't want to have to pay for every banner ad that appears as you read the news!
Because you are paying a flat rate, it is understandable that the cable company would want to restrict your ability to "share" your service with others. Just as a restaurant with an all you can eat buffet doesn't generally let you share with a group of other people that come in with you and don't order anything.
And the drawbacks to not having a flat rate, and instead, a charge per kilobyte are that you have to be much more careful about which websites you visit, as they might push all kinds of unwanted content to you which you have to pay for. How would you like to pay for every banner ad that pops up when you read CNN?
I think a pay-per-byte scheme would lead to a much less satisfying Internet experience. Most people like flat rates. How many people watch pay-per-view movies on cable, for instance? (I should say how many people pay for pay-per-view movies which is a very different question, but I digress.)
But if you want a flat rate, it is obvious that you can't expect to be allowed to connect your entire block up to your "pipe". Just like in a restaurant with an all you can eat buffet, you can't bring in a crowd of 12 people and buy one such meal and share it!
Then, when you wish to log in, the encrypted private key is downloaded into the client and decrypted with the passphrase. Thus the folks that run the server never see the private key.
I'm not sure if that's the way Cryptohaven works, but many other services use this model.
One is the ability to play special encrypted files under carefully controlled circumstances, in addition to being able to play standard, open MP3 files. If that's the case, what does it matter if your player happens to be SDMI compliant? You can just ignore the SDMI features and use it is a normal MP3 player. The only drawback might be you have to pay a little more for the useless SDMI circuitry.
The second phase of SDMI, however, as I understood it, would require the player to look for watermarks, possibly preventing you from playing normal MP3s which have the watermarks embedded in them. Of course, you want to avoid such players like the plague!
Does anyone know what current SDMI-compliant MP3 players do? Do they look at watermarks yet?
If someone wants to write content filtering software should they be prevented from doing so, and by whom? If not, in a capitalist, free market system with free speech guarantees, isn't it logical that someone will fill a demand for such software to make a buck? Isn't this the way it is supposed to work?
So, which would you rather have, a society in which people are allowed to write whatever software they want, including content filtering software (and tunnels to circumvent them) or a society in which software development is regulated and controlled, and content filtering software is outlawed.
As I'm sure you know, it is very common for people to flirt jokingly on celebrity versions of that show. People do it all the time, and yours was no different, except for the fact that you had a much cooler shirt than any I've seen on that show before.
No, the point being made is that we don't have to. We need only look in the McAfee anti-virus code to pull out the public keys/checksums/whatever to find the identifying characteristics that must be shared by all the ML code in order for McAfee to ignore it.
Remember that the article stated, however, that McAfee assured the FBI that they would cooperate in taking steps so as not to interfere with ML. The article specifically did not state that the FBI agreed! And for the reasons given here, I doubt they will!
But the difference is that the pedophile database you're referring to is a publically accessible one, and can be used by potential employers, landlords, and nosy neighbors, usually resulting in a situation where it is virtually impossible for the ex-con after serving their time to live anywhere.
By contrast this is a secret database, used only by the police for surviellance purposes. As far as I can tell, it does not impose any obligations on or restrict the freedom of any individuals on the list. Also, prospective employers and schools will not have access to the list, and so no discrimination could result. The only effect of being on the list is that if you commit a crime, there is more likely to be a cop nearby to catch you.
It's one thing for the gov't to limit or disallow federal funding for research that a large number of taxpayers find objectionable. After all, taxpayers shouldn't be required to fund what a majority of them don't believe is right. If you go to the gov't with your hand out asking for money they certainly have a right to put conditions on how you use it.
But we're talking about something very different and much more sinister here. The house bill actually says you can't spend your own money on cloning. What right to they have to tell people how they can and can't reproduce? The supreme court even said they can't outlaw abortion which is killing a healthy, living human fetus. Now human rights are supposed to extend before conception??? Doesn't anyone else find this somewhat frightening?
Actually, my question was is it already illegal under obstruction of justice laws? I am aware that no specific "Magic Lantern" laws have been passed. But obstruction of justice laws already do exist. I was just wondering if deleting Magic Lantern from you computer could be considered obstruction of justice. Much like trying to bar the police from entering your house when they serve you with a search warrant.
And even if i was,how would you be detected?
Simple. They install Magic Lantern on your computer and when they attempt to "log in" it isn't there!
Would one be guilty of obstruction of justice if one were to knowingly distribute software which could interfere with law enforcement software? For instance, in many states, radar detectors are illegal. Of course in that case there is a specific law which covers them. I'm just wondering about existing laws which would apply to "Magic Lantern Busters".
And from an end-user perspective, would I be guilty of obstruction of justice if I detected Magic Lantern in my computer and deliberately removed it by, say, re-installing the OS from a CD-ROM? Presumably if Magic Lantern were installed, it would have been done so with a warrant.
This could be a real issue for people who run software like Tripwire. I'm not a lawyer, and I realize Slashdot isn't the best place to seek legal advice, but I am a bit curious if anyone knows of any relevent statutes or precedents. Of course Magic Lantern is too new to have a case history of its own, but does anyone know of related precedents or laws which might be relevent?
And which country is that? Afghanistan?
It is geared for high energy physics data analysis, but it has many useful tools for doing things such as histogramming data and plotting data, as well as many other numerical routines. MINUIT, the minimization package that comes with CERNlib is the best around.
The package is FORTRAN based, and works with g77/Linux as well as other systems.
This is another typical Slashdot exaggeration. There is no legal requirement that people remember all passwords. The only requirement is that people can provide the means to decrypt encrypted files. So if you use a password or passphrase to unlock a decryption key (as is commonly done in PGP, for example) you need to remember that password. But there is no harm in forgetting passwords used to access computer accounts beyond possibly losing access to your account or annoying a sysadmin who has to assign you a new password. If you are like me you have several passwords for account access and only a very few for decrypting things. You are only legally required to remember the decryption passwords.