Not quite an accurate analogy though. The JW wouldn't come into your work. If they started to, it would be perfectly reasonable to ban them from work places. The reason is that when you're at work, you're on someone's pay roll and they're paying you for your time. For someone to come in and occupy that time would be wrong.
Coming to my door is fine, I have no problem with that because it's personal, it isn't something someone can do at the click of a button to a million people and most of all, it doesn't cost me anything. If I had to pay every time someone rang my door bell, even if it was a trivially small amount, I would not want unwelcome people at my door. If dozens, some days hundreds of people showed up to talk about hot wet teens and penis enlargement, I'd call my local government and pester them to get rid of these people.
One of the central tenets of free speech is that I'm free to ignore you. I am not censoring anyone if I plug my ears. Although telemarketers are legal, they are not protected under free speech laws. No one has the right to call me up and force me to listen.
With email spammers are utilizing my resources (the bandwidth I pay for, the processor time my computer requires to handle them etc) to send me an uninvited message. They do not have any right to use my resources to disseminate that message. Nor do they have the right to use public resources to disseminate a message. If someone paints a message on the wall of the town hall, no one is censoring that person when they paint over it. People can use their own resources to say whatever the hell they want, but as soon as they start using my resources, they need my permission. Spammers automatically do not have my permission.
Regardless of the content of the spam, and regardless of the intention of the spammer, they do not have a right to send me anything. If they have a message, they can either pay to circulate it and then I will fight to the death to defend their right to do that - or they can rely upon agreed upon public forums. My inbox is not a public forum.
It isn't even a legislation issue. Spammers are trampling on other people's rights. The one thing that pretty much everyone will agree upon is that the government's role is to protect the rights of the citizen. Giving the citizen a legal recourse to go after people who use their resources without consent is exactly what the government should be doing.
I didn't so much feel threatened as just unable to file it anywhere. I had this convenient mental file system that I spent years tweaking, and never realized I didn't have a subdirectory in there somewhere for "Totally Random Facts About Changes In Planetary Gravity that are Not Connected To Anything".
Is binge drinking sort of a hard re-boot for the brain? Does excessive beer equal ctrl-alt-delete in a neural sense? I'll tell you tomorrow.
Seriously. This is cool in a totally irrelevant way, but what the hell am I supposed to do with this information? Bring it up at cocktail parties so that people's blank stares get even blanker? Should I worry about this? Is there some sort of website I can visit for day to day fluctuations? Is there something I can do to stop it, or speed it up (and which one am I supposed to want)?
I'm serious here! WHAT THE HELL AM I SUPPOSED TO DO WITH THIS INFORMATION?!? I feel like this should be huge or something but I just don't have any kind of context for this. I'm just going to act like I didn't read this article, and maybe get back to work.
It just occurred to me thinking over this issue that HP and the other major corporations have made their positions plain - they have decided how they are going to deal with our ability to easily disseminate and copy information. The government has decided what it is going to do in regards to this issue - that is to side unilaterally with the corporations against it's constituents.
Interestingly, we've decided what we're going to do too. Anyone reading this post (trolls and whoever is pressing refresh in attempts to get fp excepted) has already pretty much decided about how they feel. Most/. readers to one degree or another favor the rights of the individual to express him or her self, to share information and to act to actively uphold those ideals.
And one of the brilliant things about/. is that it provides us with a forum to sound off and occasionally mobilize.
What many of us (me included) need to do is really figure out exactly how we're going to react to all of this. Not just what I'm going to think, but what I'm going to actually do. This sort of thing threatens our personal freedoms, in some cases threatens our livelyhood, threatens shared resources that we hold to be valuable etc...Cheering on the occasional script kiddie who DoS's a corporate server isn't enough.
Not trying to start a revolution here, just trying to clarify my thinking in a public place...
Just realized something... have you written up an EULA for the DB? Don't know why that occured to me.
The other guy who replied here seems to have a solid suggestion. A cooperative effort to mark up the EULA's in XML would make this thing incredibly useful without loading the work all onto one person. If someone submits a DTD or preferably a Schema, would you accept it and accept EULAs that people submitted already marked up? (Assuming they marked them up according to the schema or DTD.)
Someone out there wants to market a random EULA generator and they're using/. to make up the data!
Seriously, an EULA DB sounds like an excellent idea, but I have an implementation question. Have you considered marking them up in XML (a huge task, I'm sure) so that they can be searched for certain provisions? Reasoning here being that without good internal markup, you pretty much need to read through the whole EULA to compare it to another. Being able to search through the archive for different examples of specific clauses, specific allowances or provisions would be much more useful than simple searches for IE v.4 vs v.5
Good luck though, this is an excellent idea, and I like the idea of seeing included in a software reviews lines like: "...and the EULA scores a 3.4 of 5 on the standardized EULA Draconian scale..."
Now I can have information about increasing my penis 3 to 6 inches beamed directly into my head as I walk down the street. The very idea of pedestrian spam, spamming houses, cars, offices... give the advertisers military grade psychological warfare equipment and this will make email spam seem like well... something pretty damn trivial (drew a complete analogy blank there).
The day I get blasted with an add for Coke beamed directly into my head while walking down the street is the day I quit my job and start organizing consumer boycotts full time.
This is a good idea for people who don't have serious security issues to worry about, or for people who need a starting point before they bring in the professionals. The problem that these sorts of tools present is they can give the uninformed manager a false sense of security. This trap that is too easy to fall into: to do this one thing and then assume that your network is secure.
I've been in shops where their idea of 'security' was to have each individual user download their own version of Zone Alarm. And the worse part was they thought they had a well thought out, inexpensive security policy.
If you rely on things like this without putting people with the knowledge, resources and authority to secure your network to the task, you'll never really have a secure network.
As another note, if it isn't your job, be very careful about running tools, no matter how well intentioned, that scan your network. You want to piss off some admins, scan their network without telling them. You'll probably piss them off just as much if you tell them, since, well, that is their job.
Re:Serious Consequences fo InfoSec People
on
WarTalking Arrest
·
· Score: 1
Perhaps I should have said "the wise manager" rather than just "the manager". My point was that however uncomfortable having security flaws pointed out might be, smart people should direct their energy at the flaws, not the people pointing them out. I agree with the comment someone else made to my analogy regarding a locksmith in the safe, but taking an analogy to an extreme does not render it false.
What I'm really saying is that the trick to all of this is to convey the message of insecure systems in a way that leads to the insecurities being managed. I see too much energy being directed - read, wasted - elsewhere.
Maybe it's a nuance of translation from Spanish to English, but Mr. Villaneuva constantly refering to Bill Gates as "the Bill" was confusing. And I disagree with many of the things Villaneuva had to say about him.
"The Bill does not introduce any discrimination whatever", "The Bill protects equality under the law", "The Bill makes it compulsory for all public bodies to use only free software" - As far as I know, Mr. Gates doesn't do any of these things, strange that the Peruvian government thinks so.
Serious Consequences fo InfoSec People
on
WarTalking Arrest
·
· Score: 5, Insightful
This is something that many people in the InfoSec industry are worried about and more so in the current political environment. EVERY seminar, conference or training event I've been too, there has been someone standing there for twenty minutes lecturing everyone on covering your ass.
What bothers me is that the reason things like this happen is ignorance of non-techies and refusal to see things in a reasonable light. If you were in a bank with a locksmith, and he showed the bank manager that the locks they were using were insecure, the manager would thank the locksmith and change the locks. Show a business manager the exact same thing with their network and they might decide to have you arrested.
Whenever I'm going to show a client ANYTHING I get full written approval ahead of time to discuss or test their security, and I get written approval to discuss my findings. There have been times when I've found vulnerabilities and not said a damn word because the client refused to sign off.
It's sad, there are people out there - and I've worked for and with them often - who really believe in security through anonymity and believe they are acting in their best interests by alienating and prosecuting the people who can really protect their networks.
What I will admit however is that part of the problem rests with people who try to look smart and show off the security vulnerabilities in a smart-assed kind of way. As annoying as it sometimes is, you need to manage people's expectations, fears and prejudices.
Cash cow if they pull it off
on
Fahrenheit
·
· Score: 2, Insightful
It's encouraging to see new concepts in gaming. There's nothing wrong with many conventional games, but it seems that often you'll be in the middle of something and you'll realize that you've played this game before except the character was a viking/spy/soldier/cop/crook etc.
This looks interesting though, it looks as though they've invested serious resources in the storytelling and plot lines, something that sometimes really helps a game succeed (but sometimes not, did anyone here play 'The Longest Journey') and it looks as though they think they can pull it off.
On a technical level, how are they going to keep people from diverging too much. If in one person's game, the main character finds the clues and evades the cops, and in another's he doesn't and he doesn't, how are both people going to play the next episode. Being railroaded into plot holes could get irritating, but not getting railroaded might mean not getting to finish.
At the end of the day though, if they can get enough people coming back for a couple of episodes, we'll start seeing allot of this - cash cow potential that it has.
It works. This is pretty much how I learned to code. I was NOT a programmer and got assigned to a coding task. Pretty simple stuff in Java, but all I had ever done is a little VB. (Stupid manager took me off something I was really qualified to do too.) There were four 'coders' on the project, one who knew Java really well, one who was a pretty experienced coder but with little Java experience, me with a touch of VB and some poor guy who knew NOTHING.
We paired up, weak with strong, learned as we went and studied our asses off. By the time we were half way through the first stage of the project, around a month in, we started to get it. By month four, we were fully coding on our own and able to independently work on stuff.
Oh, and although I'm glad I've got the experience now, I'm even more glad the manager got fired for putting the teams together that he did.
The entire/. community has successfully been trolled by the MPAA. Score one for them. This is noise, some arrogant egotists making noise about the slightly reduced profits they're seeing. Anyone with an ounce of sense would see what a futile, worthless and ultimately self-destructive gesture hacking and DoSing people would be - and thus - anyone actually working on a project like this would lack the requisite ounce.
The only thing they are really trying to get from this is one more club to beat the ISPs with, one more 'threat' that the lawyers can pull out when they're going after people.
If they are so far removed from reality that they actually try to do anything of the sort... well, how does the saying go about "Sowing the seeds of a wind..."
Some Chicken, thighs work, but whatever One clove of garlic for each piece of chicken, peeled Put them in a baking dish Pour in enough balsamic vinager enough to cover the bottom of the dish, stir a little Cover with tin foil Bake until the chicken is ready (aproximately 35 minutes at 300 degrees assuming you used thighs) Make some rice while it's baking When the chicken is ready, take it out, mash the garlic into the remaining vinager and pour that over the chicken and the rice
I want to see what else can explode in my box. I want to see what happens (with big color pictures) to to a hard drive at 20000 atmospheres of pressure. I want to see ASUS vs ABit mobo's head to head for resisting g-forces. I want to see what happens when you force 100,000 volts through a cat-5 cable.
Isn't this what the internet is all about, pictures of stuff exploding, videos of people endangering their lives for my tittlation while discovering what happens if you fill a case with gasoline and run it as a server. Get cracking people.
Sounds all fine and dandy for science, but people are usually honest with a professional researcher who is going to gaurantee your ananymity, and moreover the research data is going to be used for something tangible rather than selling something right back to you.
Market researchers want information on YOU. They want generic info on your demographics, but this information has been available from other venues for a long time. When spy ware and other information gathering techniques are employed against someone they are being used to collect data to target marketing at that person specifically. Literally employed against that person.
As such, I'll still say that I'm female, in my 50's, from Yemen and making less than $12,000 a year. Randomize away.
I got into a conversation about advertising limits and as an absurd, extreme case someone suggested Coke agreeing to pay for a new born's college education in exchange for tatooing their logo on the inside and outside of the baby's eye lids. Why waste every blink?
What frightens me is that at the time it was meant as a joke, but I could almost see people considering this. A life time of walking subliminal ads and a gauranteed lifetime customer.
I don't think we'll ever see how far the advertisers are willing to go, we'll only see how far we're willing to let them.
"Many of the GPS receivers used in Desert Storm were bought at Radio Shack."
Oh sigh, I used to work retail electronic sales and dream about some guy in fatigues walking in and saying "Do you have 183,000 of these in stock? When can you have them in by?"
And the military guys always go for the extended warrantee and the spare battery plus cleaning kit.
This is interesting, we're paying for cable, satellite, digital cable etc. Someone is going to realize that people will pay extra to not have the bottom corner obscured. I already pay $30 (CAN) a month for cable, now some yahoo is going to call me at home (at dinner time) and offer me an upgrade package to get rid of the extra ads.
How big is Slashdot anyway? If we all change the channel and watch something else when one of these ad infested shows comes on can we effect ratings enough that the idea will die? Try it, worst that happens is you yield a little less of your brainspace, best case we get rid of the ads.
I had to go dig up my SANS notes for this one. I'm not a mathematician and I'm not some stego expert. I just attended the seminar.
According to what it says here, when you embed data in an image, you have to alter the color table and this increases the number of near duplicate colors. A normal bitmap has very few duplicates, a stego'd bitmap has many. In the example, a bitmap of a forest scene jumps from 2 duplicate colors to 1046 after being stego'd. Why? Ask an expert, I just work here. When the number of duplicate or near duplicate colors aproaches 50, usually there is a hidden file in the image.
Going to what you said, colors in an image are not randomized, and a random bit stream would stand out exactly for that reason.
This is an article on detecting stego I found on Google, want more info, ask the author.
When you hide an image in a pic, most stego tools take the last two bits of of the 8 bit color code and re-write them. Thus, 10010101 could become 10010100 or some other substitution. The net effect of this over the whole picture is usually to reduce the total number of colors. Simple tools can detect this color reduction pretty simply and reliably.
That doesn't mean you can get the missing data out, anyone going to the trouble using stego will probably encrypt their data.
Slashdot Mirror
Not quite an accurate analogy though. The JW wouldn't come into your work. If they started to, it would be perfectly reasonable to ban them from work places. The reason is that when you're at work, you're on someone's pay roll and they're paying you for your time. For someone to come in and occupy that time would be wrong.
Coming to my door is fine, I have no problem with that because it's personal, it isn't something someone can do at the click of a button to a million people and most of all, it doesn't cost me anything. If I had to pay every time someone rang my door bell, even if it was a trivially small amount, I would not want unwelcome people at my door. If dozens, some days hundreds of people showed up to talk about hot wet teens and penis enlargement, I'd call my local government and pester them to get rid of these people.
One of the central tenets of free speech is that I'm free to ignore you. I am not censoring anyone if I plug my ears. Although telemarketers are legal, they are not protected under free speech laws. No one has the right to call me up and force me to listen.
With email spammers are utilizing my resources (the bandwidth I pay for, the processor time my computer requires to handle them etc) to send me an uninvited message. They do not have any right to use my resources to disseminate that message. Nor do they have the right to use public resources to disseminate a message. If someone paints a message on the wall of the town hall, no one is censoring that person when they paint over it. People can use their own resources to say whatever the hell they want, but as soon as they start using my resources, they need my permission. Spammers automatically do not have my permission.
Regardless of the content of the spam, and regardless of the intention of the spammer, they do not have a right to send me anything. If they have a message, they can either pay to circulate it and then I will fight to the death to defend their right to do that - or they can rely upon agreed upon public forums. My inbox is not a public forum.
It isn't even a legislation issue. Spammers are trampling on other people's rights. The one thing that pretty much everyone will agree upon is that the government's role is to protect the rights of the citizen. Giving the citizen a legal recourse to go after people who use their resources without consent is exactly what the government should be doing.
I didn't so much feel threatened as just unable to file it anywhere. I had this convenient mental file system that I spent years tweaking, and never realized I didn't have a subdirectory in there somewhere for "Totally Random Facts About Changes In Planetary Gravity that are Not Connected To Anything".
Is binge drinking sort of a hard re-boot for the brain? Does excessive beer equal ctrl-alt-delete in a neural sense? I'll tell you tomorrow.
Seriously. This is cool in a totally irrelevant way, but what the hell am I supposed to do with this information? Bring it up at cocktail parties so that people's blank stares get even blanker? Should I worry about this? Is there some sort of website I can visit for day to day fluctuations? Is there something I can do to stop it, or speed it up (and which one am I supposed to want)?
I'm serious here! WHAT THE HELL AM I SUPPOSED TO DO WITH THIS INFORMATION?!? I feel like this should be huge or something but I just don't have any kind of context for this. I'm just going to act like I didn't read this article, and maybe get back to work.
I think I need a drink, I'm leaving early today.
It just occurred to me thinking over this issue that HP and the other major corporations have made their positions plain - they have decided how they are going to deal with our ability to easily disseminate and copy information. The government has decided what it is going to do in regards to this issue - that is to side unilaterally with the corporations against it's constituents.
/. readers to one degree or another favor the rights of the individual to express him or her self, to share information and to act to actively uphold those ideals.
/. is that it provides us with a forum to sound off and occasionally mobilize.
Interestingly, we've decided what we're going to do too. Anyone reading this post (trolls and whoever is pressing refresh in attempts to get fp excepted) has already pretty much decided about how they feel. Most
And one of the brilliant things about
What many of us (me included) need to do is really figure out exactly how we're going to react to all of this. Not just what I'm going to think, but what I'm going to actually do. This sort of thing threatens our personal freedoms, in some cases threatens our livelyhood, threatens shared resources that we hold to be valuable etc...Cheering on the occasional script kiddie who DoS's a corporate server isn't enough.
Not trying to start a revolution here, just trying to clarify my thinking in a public place...
Just realized something... have you written up an EULA for the DB? Don't know why that occured to me.
The other guy who replied here seems to have a solid suggestion. A cooperative effort to mark up the EULA's in XML would make this thing incredibly useful without loading the work all onto one person. If someone submits a DTD or preferably a Schema, would you accept it and accept EULAs that people submitted already marked up? (Assuming they marked them up according to the schema or DTD.)
Someone out there wants to market a random EULA generator and they're using /. to make up the data!
Seriously, an EULA DB sounds like an excellent idea, but I have an implementation question. Have you considered marking them up in XML (a huge task, I'm sure) so that they can be searched for certain provisions? Reasoning here being that without good internal markup, you pretty much need to read through the whole EULA to compare it to another. Being able to search through the archive for different examples of specific clauses, specific allowances or provisions would be much more useful than simple searches for IE v.4 vs v.5
Good luck though, this is an excellent idea, and I like the idea of seeing included in a software reviews lines like: "...and the EULA scores a 3.4 of 5 on the standardized EULA Draconian scale..."
Thank you! I hate drawing an analogy blank. Man, where were you the other day at the pub when I really needed you.
Now I can have information about increasing my penis 3 to 6 inches beamed directly into my head as I walk down the street. The very idea of pedestrian spam, spamming houses, cars, offices... give the advertisers military grade psychological warfare equipment and this will make email spam seem like well... something pretty damn trivial (drew a complete analogy blank there).
The day I get blasted with an add for Coke beamed directly into my head while walking down the street is the day I quit my job and start organizing consumer boycotts full time.
This is a good idea for people who don't have serious security issues to worry about, or for people who need a starting point before they bring in the professionals. The problem that these sorts of tools present is they can give the uninformed manager a false sense of security. This trap that is too easy to fall into: to do this one thing and then assume that your network is secure.
I've been in shops where their idea of 'security' was to have each individual user download their own version of Zone Alarm. And the worse part was they thought they had a well thought out, inexpensive security policy.
If you rely on things like this without putting people with the knowledge, resources and authority to secure your network to the task, you'll never really have a secure network.
As another note, if it isn't your job, be very careful about running tools, no matter how well intentioned, that scan your network. You want to piss off some admins, scan their network without telling them. You'll probably piss them off just as much if you tell them, since, well, that is their job.
Perhaps I should have said "the wise manager" rather than just "the manager". My point was that however uncomfortable having security flaws pointed out might be, smart people should direct their energy at the flaws, not the people pointing them out. I agree with the comment someone else made to my analogy regarding a locksmith in the safe, but taking an analogy to an extreme does not render it false.
What I'm really saying is that the trick to all of this is to convey the message of insecure systems in a way that leads to the insecurities being managed. I see too much energy being directed - read, wasted - elsewhere.
Maybe it's a nuance of translation from Spanish to English, but Mr. Villaneuva constantly refering to Bill Gates as "the Bill" was confusing. And I disagree with many of the things Villaneuva had to say about him.
"The Bill does not introduce any discrimination whatever", "The Bill protects equality under the law", "The Bill makes it compulsory for all public bodies to use only free software" - As far as I know, Mr. Gates doesn't do any of these things, strange that the Peruvian government thinks so.
This is something that many people in the InfoSec industry are worried about and more so in the current political environment. EVERY seminar, conference or training event I've been too, there has been someone standing there for twenty minutes lecturing everyone on covering your ass.
What bothers me is that the reason things like this happen is ignorance of non-techies and refusal to see things in a reasonable light. If you were in a bank with a locksmith, and he showed the bank manager that the locks they were using were insecure, the manager would thank the locksmith and change the locks. Show a business manager the exact same thing with their network and they might decide to have you arrested.
Whenever I'm going to show a client ANYTHING I get full written approval ahead of time to discuss or test their security, and I get written approval to discuss my findings. There have been times when I've found vulnerabilities and not said a damn word because the client refused to sign off.
It's sad, there are people out there - and I've worked for and with them often - who really believe in security through anonymity and believe they are acting in their best interests by alienating and prosecuting the people who can really protect their networks.
What I will admit however is that part of the problem rests with people who try to look smart and show off the security vulnerabilities in a smart-assed kind of way. As annoying as it sometimes is, you need to manage people's expectations, fears and prejudices.
It's encouraging to see new concepts in gaming. There's nothing wrong with many conventional games, but it seems that often you'll be in the middle of something and you'll realize that you've played this game before except the character was a viking/spy/soldier/cop/crook etc.
This looks interesting though, it looks as though they've invested serious resources in the storytelling and plot lines, something that sometimes really helps a game succeed (but sometimes not, did anyone here play 'The Longest Journey') and it looks as though they think they can pull it off.
On a technical level, how are they going to keep people from diverging too much. If in one person's game, the main character finds the clues and evades the cops, and in another's he doesn't and he doesn't, how are both people going to play the next episode. Being railroaded into plot holes could get irritating, but not getting railroaded might mean not getting to finish.
At the end of the day though, if they can get enough people coming back for a couple of episodes, we'll start seeing allot of this - cash cow potential that it has.
Am I supposed to register for the NYTimes or not?
It works. This is pretty much how I learned to code. I was NOT a programmer and got assigned to a coding task. Pretty simple stuff in Java, but all I had ever done is a little VB. (Stupid manager took me off something I was really qualified to do too.) There were four 'coders' on the project, one who knew Java really well, one who was a pretty experienced coder but with little Java experience, me with a touch of VB and some poor guy who knew NOTHING.
We paired up, weak with strong, learned as we went and studied our asses off. By the time we were half way through the first stage of the project, around a month in, we started to get it. By month four, we were fully coding on our own and able to independently work on stuff.
Oh, and although I'm glad I've got the experience now, I'm even more glad the manager got fired for putting the teams together that he did.
The entire /. community has successfully been trolled by the MPAA. Score one for them. This is noise, some arrogant egotists making noise about the slightly reduced profits they're seeing. Anyone with an ounce of sense would see what a futile, worthless and ultimately self-destructive gesture hacking and DoSing people would be - and thus - anyone actually working on a project like this would lack the requisite ounce.
The only thing they are really trying to get from this is one more club to beat the ISPs with, one more 'threat' that the lawyers can pull out when they're going after people.
If they are so far removed from reality that they actually try to do anything of the sort... well, how does the saying go about "Sowing the seeds of a wind..."
Recipe
Some Chicken, thighs work, but whatever
One clove of garlic for each piece of chicken, peeled
Put them in a baking dish
Pour in enough balsamic vinager enough to cover the bottom of the dish, stir a little
Cover with tin foil
Bake until the chicken is ready (aproximately 35 minutes at 300 degrees assuming you used thighs)
Make some rice while it's baking
When the chicken is ready, take it out, mash the garlic into the remaining vinager and pour that over the chicken and the rice
Tastes awesome.
I want to see more of this kind of story!
I want to see what else can explode in my box. I want to see what happens (with big color pictures) to to a hard drive at 20000 atmospheres of pressure. I want to see ASUS vs ABit mobo's head to head for resisting g-forces. I want to see what happens when you force 100,000 volts through a cat-5 cable.
Isn't this what the internet is all about, pictures of stuff exploding, videos of people endangering their lives for my tittlation while discovering what happens if you fill a case with gasoline and run it as a server. Get cracking people.
Sounds all fine and dandy for science, but people are usually honest with a professional researcher who is going to gaurantee your ananymity, and moreover the research data is going to be used for something tangible rather than selling something right back to you.
Market researchers want information on YOU. They want generic info on your demographics, but this information has been available from other venues for a long time. When spy ware and other information gathering techniques are employed against someone they are being used to collect data to target marketing at that person specifically. Literally employed against that person.
As such, I'll still say that I'm female, in my 50's, from Yemen and making less than $12,000 a year. Randomize away.
I got into a conversation about advertising limits and as an absurd, extreme case someone suggested Coke agreeing to pay for a new born's college education in exchange for tatooing their logo on the inside and outside of the baby's eye lids. Why waste every blink?
What frightens me is that at the time it was meant as a joke, but I could almost see people considering this. A life time of walking subliminal ads and a gauranteed lifetime customer.
I don't think we'll ever see how far the advertisers are willing to go, we'll only see how far we're willing to let them.
"Many of the GPS receivers used in Desert Storm were bought at Radio Shack."
Oh sigh, I used to work retail electronic sales and dream about some guy in fatigues walking in and saying "Do you have 183,000 of these in stock? When can you have them in by?"
And the military guys always go for the extended warrantee and the spare battery plus cleaning kit.
This is interesting, we're paying for cable, satellite, digital cable etc. Someone is going to realize that people will pay extra to not have the bottom corner obscured. I already pay $30 (CAN) a month for cable, now some yahoo is going to call me at home (at dinner time) and offer me an upgrade package to get rid of the extra ads.
How big is Slashdot anyway? If we all change the channel and watch something else when one of these ad infested shows comes on can we effect ratings enough that the idea will die? Try it, worst that happens is you yield a little less of your brainspace, best case we get rid of the ads.
I had to go dig up my SANS notes for this one. I'm not a mathematician and I'm not some stego expert. I just attended the seminar.
According to what it says here, when you embed data in an image, you have to alter the color table and this increases the number of near duplicate colors. A normal bitmap has very few duplicates, a stego'd bitmap has many. In the example, a bitmap of a forest scene jumps from 2 duplicate colors to 1046 after being stego'd. Why? Ask an expert, I just work here. When the number of duplicate or near duplicate colors aproaches 50, usually there is a hidden file in the image.
Going to what you said, colors in an image are not randomized, and a random bit stream would stand out exactly for that reason.
This is an article on detecting stego I found on Google, want more info, ask the author.
When you hide an image in a pic, most stego tools take the last two bits of of the 8 bit color code and re-write them. Thus, 10010101 could become 10010100 or some other substitution. The net effect of this over the whole picture is usually to reduce the total number of colors. Simple tools can detect this color reduction pretty simply and reliably.
That doesn't mean you can get the missing data out, anyone going to the trouble using stego will probably encrypt their data.