Thanks for the link... my favorite part in the Miami Herald story is when the students exercised their 4th amendment rights (by refusing consent to search the car without a warrant), they are accused of being "uncooperative".
'It was probably not the right time for them to be copping an attitude with police,'' said one federal law enforcement source who was up all night monitoring the investigation. ``But that's exactly what happened.''
Lets face it: current computers and humans are both as bad as each other at randomness.
Actually, computers can be quite good at randomness. You know about linux's/dev/random, right? It basically uses a very precise clock to measure the elapsed time between system interrupts, and uses the least significant bits. Since these interrupts are generated by events external to the computer (mouse movement, network events, etc.) the distribution is truly random.
I'm waiting for the day when the national lottery comes up 1,2,3,4,5 with a bonus ball of 6.
Why whould that number combination be a problem? It's just as likeley to occur as any other number set. In fact, if you are trying to pick a winning number, this would be a wise choice, since you are less likely to have to share the jackpot with someone else should you win (because most people believe that an obvious pattern like that is less likely to occur, and will avoid picking such sets).
We learned that when houses were put up for sale, most of the realtors set the dip switches in the garage door openers to a few easy combinations: on,off,on,off,on,etc...
When I was a kid we had a better way... we removed the dip switch in the transmitter, and replaced it with a binary counter (available at Radio Shack). Then we would drive the counter with an oscillator, and like magic it could run through all the combinations in a few seconds.
Re:It's all about the Joules
on
Electric Armor
·
· Score: 1
ermmm... watt seconds? Isn't that sort of redundant? You are, in essence, saying "Joules per second times seconds".
C'mon, do you really think that when the RIAA tries to poison peer-to-peer networks with bogus files, that they are going to use their own netblock? No way, just like spammers, they will be using throw-away DSL accounts, and it'll change constantly.
It sounds like you're assuming the problem is technical. I think it is not. Judging by Rob Malda's comments surrounding the subscription thing, Slashdot's largest expense is the bandwidth. Serving up cached articles could easily increase their bandwidth consumption several times over. (Rob says very few people read comments. So instead of loading one front page, the readers now load one front page plus four cached articles. Bandwidth consumption has just pentupled!)
The other issue here, obviously, is copyright infringement. Sure, you and I know that it's benign, even helpful to the site creator, but not everyone is going to see it that way. I can't imagine the slashdot editors want to deal with the legal headaches that could arise here.
I have an idea, though... maybe Google would be willing to set up a "streamlined" URL submission page for "trusted" submitters - I bet quite a few Google employees read slashdot. It would allow the trusted users to submit URL's that would be immediately cached and indexed, instead of the usual several week lag time. Google can afford the bandwidth, and their cache is already a generally accepted part of the net landscape. Of course, this doesn't help with image-intensive pages, but those stories are usually lame anyway (woahhhh, dude, check out that case mod! it's got a big hole chopped in the side and it's filled with strawberry Jell-O.)
What's really ironic, is that Clarke is labeling the wireless vendors as irresponsible for selling weak crypto, yet U.S. gov't has a long history of trying to suppress strong crypto.
Well, considering that most ISP's have Terms of Service that forbid using their connectivity for illegal activity (including copyright infringement), the RIAA already has this option.
They can mail abuse@whomever with the IP address, date, and details about the infringing material. Just like spammers, I'm sure if the offending user generates enough complaints, their account will get revoked.
Customer and each User agree that those actions may include immediate suspension or termination of the Service or use of usernames, passwords, IP or e-mail addresses or URLs, or removal of or restriction of access to content or material that Customer or other Users make available that we believe to be obscene, indecent, offensive, libelous, slanderous or defamatory or in violation of any law, any third party's copyright or privacy, publicity, trademark or other right or any of the policies, terms and conditions applicable to the Service. We may take those actions without notice to Customer or any other User.
I've got it... you need Lego Mindstorms. Just build some robotics to push the mouse around, whack random keys, etc. Best of all, such a system would be fully platform-independant. I bet Microsoft is already doing this, only they call it "genetic programming".
Read the article, please. It states that he is going to apply a firmware hack to a DVD player to disable region locking. There are no black markers or audio CD's involved.
I wonder why people think the DMCA applies here at all. I thought it only applies to circumventing technological means preventing copying. Region encoding has nothing to do with copying, and is only in place to artificially segment the market.
Do you ever use telnet? Ever? Do you use insecure POP3?
I think you underestimate the readership here. For me the answer is never, I haven't used those services for years now. My ISP steadfastly refuses to run a secure IMAP daemon, so I use ssh to build a tunnel to the mail server. There just isn't any excuse for unencrypted network logins these days.
Still, I agree the risk from this hole was minor. Apple's quick, quiet response is fantastic. It's clear they have their priorities straight with OS X - security and reliability over feature completeness - even though some of the missing features are damned annoying (it drives me crazy that I can't have different sleep settings for battery vs. AC power).
Re:Domination of an Industry
on
Ebay buys PayPal
·
· Score: 2, Interesting
Yes, back in the "old days" I used to buy quite a bit of fairly expensive stuff from rec.audio.marketplace, and other usenet classifieds. Mostly you just trusted people, though the sellers would usually send things COD. It wasn't perfect, but everything was traceable.
OK, so now we worship how ebay works, yet scorn amazon for their dotcom business?
These types of comments drive me crazy. Has it ever occurred to you that slashdot is not a single organism? That it is not guilty of hypocricy simply because different members of the community have different opinions?
Why are you so hellbent on having everyone agree? Image what the U.S. would be like if everyone voted for the same political party... oh wait, never mind, we already know what that's like.
I'm sort of new to the PVR world... can someone explain what happens if you don't connect your box to the phone line? Obviously, you can't access their program data, but can you still use the device like a traditional VCR?
In other words, can you tell the device "record channel 4 starting at 7 pm"?
Chrisd's right on about the power supply, valves have pretty demanding power requirements, and the voltage is much higher (300+ volts is typical) than what's normally present in a PC.
Also, most tube amps require output transformers, which is noticably absent from the photo.
Thirdly, there's only one tube! Presumably, if they are really after the audiophile market, it would at least be a stereo amplifier. Not to say anything about the noise problems present near high speed digital circuits. This is bunk.
We have this it's called CVV2(the number should be on the back of your card)
This is a tiny step in the right direction, (i.e. a PIN type number that's distinct from your account number) but it doesn't really prevent a "replay" attack. Someone could obtain your CVV number just by eavesdropping on your communications with a merchant (be it face-to-face, voice, or electronic). Still, the card companies are claiming it is helping to reduce chargebacks when merchants use it, but it's only a matter of time before fraudulant users catch on, and start collecting CCV numbers along with the rest.
A few banks are issuing single-use card numbers, which is a neat idea, and works better...
The authentication schemes used by credit cards are really lousy. We need a system where the number itself doesn't have to be private in order to be secure. What I'd love to see is a smartcard that stores a secret key and uses some sort of challenge-response system.
The notion that such things as your home address and phone number constitute "authentication" is ridiculous.
When you want to make a purchase, the merchant asks for your credit card number, and sends you a "challenge", a random message, which you then input into your smartcard (either via a small keypad on the card or a USB port). The card generates a signature (the "response") that the merchant can verify using your public key which is available from the card issuer.
Assuming that attacking the crypto is sufficiently difficult, nobody can ever use your credit card without being in physical posession of it.
This is no worse than the current system of debit cards with mag stripes on the back that are trivial to duplicate with not much more
equipment.
No, biomentric authentication is the worst possible system. If someone steals your magnetic card, you cancel it and get a new one. If someone obtains a copy of your fingerprint, you have absolutely no way to revoke it.
Slashdot Mirror
a Buick Century full of tapes.
Are you sure you're not confused about the meaning of a honeypot?
But sure, I'd use it, why not? But I'd probably try to block the ads.
Lets face it: current computers and humans are both as bad as each other at randomness.
/dev/random, right? It basically uses a very precise clock to measure the elapsed time between system interrupts, and uses the least significant bits. Since these interrupts are generated by events external to the computer (mouse movement, network events, etc.) the distribution is truly random.
Actually, computers can be quite good at randomness. You know about linux's
I'm waiting for the day when the national lottery comes up 1,2,3,4,5 with a bonus ball of 6.
Why whould that number combination be a problem? It's just as likeley to occur as any other number set. In fact, if you are trying to pick a winning number, this would be a wise choice, since you are less likely to have to share the jackpot with someone else should you win (because most people believe that an obvious pattern like that is less likely to occur, and will avoid picking such sets).
That is absolutely the funniest thing I've heard all week... thanks.
We learned that when houses were put up for sale, most of the realtors set the dip switches in the garage door openers to a few easy combinations: on,off,on,off,on,etc...
When I was a kid we had a better way... we removed the dip switch in the transmitter, and replaced it with a binary counter (available at Radio Shack). Then we would drive the counter with an oscillator, and like magic it could run through all the combinations in a few seconds.
ermmm... watt seconds? Isn't that sort of redundant? You are, in essence, saying "Joules per second times seconds".
C'mon, do you really think that when the RIAA tries to poison peer-to-peer networks with bogus files, that they are going to use their own netblock? No way, just like spammers, they will be using throw-away DSL accounts, and it'll change constantly.
This ISP is just trying to grab headlines...
This code would be VERY simple to write.
It sounds like you're assuming the problem is technical. I think it is not. Judging by Rob Malda's comments surrounding the subscription thing, Slashdot's largest expense is the bandwidth. Serving up cached articles could easily increase their bandwidth consumption several times over. (Rob says very few people read comments. So instead of loading one front page, the readers now load one front page plus four cached articles. Bandwidth consumption has just pentupled!)
The other issue here, obviously, is copyright infringement. Sure, you and I know that it's benign, even helpful to the site creator, but not everyone is going to see it that way. I can't imagine the slashdot editors want to deal with the legal headaches that could arise here.
I have an idea, though... maybe Google would be willing to set up a "streamlined" URL submission page for "trusted" submitters - I bet quite a few Google employees read slashdot. It would allow the trusted users to submit URL's that would be immediately cached and indexed, instead of the usual several week lag time. Google can afford the bandwidth, and their cache is already a generally accepted part of the net landscape. Of course, this doesn't help with image-intensive pages, but those stories are usually lame anyway (woahhhh, dude, check out that case mod! it's got a big hole chopped in the side and it's filled with strawberry Jell-O.)
hrmmm... if I was a spammer I'd have a list of adresses/domains to NOT spam. I'm sure they know that people are trying to "poison" their lists.
abuse@*
root@*
postmaster@*
president@whitehouse.gov
*@fbi.gov
etc...
What's really ironic, is that Clarke is labeling the wireless vendors as irresponsible for selling weak crypto, yet U.S. gov't has a long history of trying to suppress strong crypto.
They can mail abuse@whomever with the IP address, date, and details about the infringing material. Just like spammers, I'm sure if the offending user generates enough complaints, their account will get revoked.
For example, this is from my ISP's ToS:
I've got it... you need Lego Mindstorms. Just build some robotics to push the mouse around, whack random keys, etc. Best of all, such a system would be fully platform-independant. I bet Microsoft is already doing this, only they call it "genetic programming".
Read the article, please. It states that he is going to apply a firmware hack to a DVD player to disable region locking. There are no black markers or audio CD's involved.
I wonder why people think the DMCA applies here at all. I thought it only applies to circumventing technological means preventing copying. Region encoding has nothing to do with copying, and is only in place to artificially segment the market.
Do you ever use telnet? Ever? Do you use insecure POP3?
I think you underestimate the readership here. For me the answer is never, I haven't used those services for years now. My ISP steadfastly refuses to run a secure IMAP daemon, so I use ssh to build a tunnel to the mail server. There just isn't any excuse for unencrypted network logins these days.
Still, I agree the risk from this hole was minor. Apple's quick, quiet response is fantastic. It's clear they have their priorities straight with OS X - security and reliability over feature completeness - even though some of the missing features are damned annoying (it drives me crazy that I can't have different sleep settings for battery vs. AC power).
Is there a viable alternative to eBay
Yes. Check out ePier.
"freon" is the old english word for "friend", and is also the root of the modern english "freedom".
Yes, back in the "old days" I used to buy quite a bit of fairly expensive stuff from rec.audio.marketplace, and other usenet classifieds. Mostly you just trusted people, though the sellers would usually send things COD. It wasn't perfect, but everything was traceable.
OK, so now we worship how ebay works, yet scorn amazon for their dotcom business?
These types of comments drive me crazy. Has it ever occurred to you that slashdot is not a single organism? That it is not guilty of hypocricy simply because different members of the community have different opinions?
Why are you so hellbent on having everyone agree? Image what the U.S. would be like if everyone voted for the same political party... oh wait, never mind, we already know what that's like.
I'm sort of new to the PVR world... can someone explain what happens if you don't connect your box to the phone line? Obviously, you can't access their program data, but can you still use the device like a traditional VCR?
In other words, can you tell the device "record channel 4 starting at 7 pm"?
Neat photo, but a couple of problems:
Chrisd's right on about the power supply, valves have pretty demanding power requirements, and the voltage is much higher (300+ volts is typical) than what's normally present in a PC.
Also, most tube amps require output transformers, which is noticably absent from the photo.
Thirdly, there's only one tube! Presumably, if they are really after the audiophile market, it would at least be a stereo amplifier. Not to say anything about the noise problems present near high speed digital circuits. This is bunk.
We have this it's called CVV2(the number should be on the back of your card)
This is a tiny step in the right direction, (i.e. a PIN type number that's distinct from your account number) but it doesn't really prevent a "replay" attack. Someone could obtain your CVV number just by eavesdropping on your communications with a merchant (be it face-to-face, voice, or electronic). Still, the card companies are claiming it is helping to reduce chargebacks when merchants use it, but it's only a matter of time before fraudulant users catch on, and start collecting CCV numbers along with the rest.
A few banks are issuing single-use card numbers, which is a neat idea, and works better...
The authentication schemes used by credit cards are really lousy. We need a system where the number itself doesn't have to be private in order to be secure. What I'd love to see is a smartcard that stores a secret key and uses some sort of challenge-response system.
The notion that such things as your home address and phone number constitute "authentication" is ridiculous.
When you want to make a purchase, the merchant asks for your credit card number, and sends you a "challenge", a random message, which you then input into your smartcard (either via a small keypad on the card or a USB port). The card generates a signature (the "response") that the merchant can verify using your public key which is available from the card issuer.
Assuming that attacking the crypto is sufficiently difficult, nobody can ever use your credit card without being in physical posession of it.
This is no worse than the current system of debit cards with mag stripes on the back that are trivial to duplicate with not much more equipment.
No, biomentric authentication is the worst possible system. If someone steals your magnetic card, you cancel it and get a new one. If someone obtains a copy of your fingerprint, you have absolutely no way to revoke it.