Check forging, for one. Someone writes you a check (or you steal someone else's), you add a zero or turn a 3 into an 8 (or a 1 into a 7), cash it and run off with the money.
Heh. You don't have to do any chemical analysis to prove that, unless they managed to turn the "Sixteen Dollars and 95/100" into "One Hundred Sixty Nine Dollars and 50/100".
The strongest possible password is the string with the most entropy that you can reliably remember and enter. i.e. the output of a password-generation method that has the largest possible number of different outputs (assuming that they are equally likely up to computational feasibility, and that you can reliably remember and enter the password, and that an attacker has any reasonable chance of guessing how you generated it).
It is NOT the longest string you can commit to memory. There are people who have memorized thousands of digits of pi, but the first thousand digits of pi would be a horrible password if someone knew that you had memorized them. Similarly, Shakespearean soliloquies suck, especially if you are a Shakespeare geek.
A random sentence from War and Peace has maybe 16 bits of entropy. A random paragraph has fewer, because there are fewer paragraphs in War & Peace than there are sentences. A random word from/usr/share/dict/words has about 19 bits of entropy, and thus beats out the sentence. A decent PC could crack any of these in seconds flat, if an attacker suspected you had used one of them.
If the string is anywhere on your hard drive in plaintext form, be it in the words dict, a deleted email from Amazon, or your War and Peace ebook, it has at most 40-some bits of entropy (depending on your hard disk size and its length), and could be cracked on a small cluster in days if your hardrive wore stolen.
A 5-word diceware.com password such as "cleft cam synod lacy yr" has about 63-64 bits of entropy, and is my preferred password type for long passwords because it is fairly easy to remember. A 10-character RAD-64 password such as "4TFA/ii+Xc" has 60 bits. An 18-digit random number has about the same.
If you can narrow each inkblot to 50 possibilities, then a sequence of 10 of them has about 57 bits of entropy in 20 characters. (don't take my word, i calculated it in my head). That's feasible for the govt, or distributed.net, or a very large company. Not bad for a passport account which is unlikely to have its hash lifted anyway, but since I can remember the RAD64 or the diceware one easier and enter it faster, I'll stick with one of them for the accounts I care about.
Anyway, the password strength you need depends on how much you care about what it protects.
For instance, I have 10-word diceware for my PGP master signing key, which is about as strong as the hash. Accounts that I don't really care about, like/., have lousy passwords which are variants on an older one, but are easy to remember and quick to enter. You won't guess any one without looking at the others, and I wouldn't care much if you did.
1) They'd have to compile a new list of pirates after the law became effective. The Constitution prohibits ex post facto prosecution.
Whatever. My point was that the RIAA will quickly use the law to make examples of people, if it ever gets passed, and that sort of scare tactic is a bad thing. Since they can't enforce the law against any substancial fraction of the violators, the want to bring proportionally larger punishments on a few, to frighten the rest away. Remember, we are supposed to have "equal protection under the law."
2) If the students don't want to end up in jail, they can (get this) STOP PUTTING SHIT ON KAZAA FOR OTHER PEOPLE TO DOWNLOAD. It's just that simple. If you don't want to be prosecuted, don't break the law.
Why do you guys find this so hard to comprehend?
You're right, it's illegal. But the punishment sohuld fit the crime. Do you want to throw this college students into jail to be assraped by heroin dealers and murderers?
Music piracy is a minor offense, and should not be considered a felony. You might as well argue for a death penalty for piracy, and if the students don't want to be publically beheaded, "they can (get this) STOP PUTTING SHIT ON KAZAA FOR OTHER PEOPLE TO DOWNLOAD."
Heck, why just piracy? We could make speeding a felony too, it would make the roads so much safer. If people don't want to go to jail, they can stop breaking the law.
[rant subject = RIAA]
Seriously, the RIAA overstates how much these people are costing them. I don't think it's much at all; very few of those "potential sales" are actually lost, as people who would be willing to buy CDs will still buy almost as many. They'll just buy whichever albums they liked most on KaZaA, instead of something they'd never heard.
If the RIAA can't sell CDs (which they can), it's mostly because they price them too high, and because driving to the store to get one is inconvenient. I predict that the music CD industry will be mostly destroyed by online content systems like iTMS (hope they port that to Windows soon), and become a niche market.
[/rant]
Disclaimer: I have never pirated music; I don't listen to it much anyway. I don't own any music CDs either. I used to download pirated software, but now that I have OSX there are free alternatives, so I don't anymore.
I agree that it appears to be in favor of the consumer, although it might just be another anti-KaZaA thing.
However, there are several problems with this section. For one thing, software that allows you to do a distributed search should not be considered "enabling software." This capability, in and of itself, does not pose a privacy or security risk. This is what makes me think that it is anti-KaZaA.
Secondly, you can store data on someone's computer in many ways. A browser cookie, for instance. Many applications use mechanisms like this, and could be used for "storage." And there are unintentional covert channels, that is, methods of storing data which the program is not designed for.
I even claim that running an operating system with a simple network stack counts, as nmap can use it for a stealth scan. It does this by forging packets to the victim from the scapegoat computer, then analyzing the sequence numbers that the scapegoat gives it on a ping. The scanner thus stores data on the scapegoat (in its IP sequence numbers), and uses this information to determine the services running on the victim ("search its contents?" sort of...).
In any case, companies would have to tread extremely carefully with any net-connected app. The warning would become very annoying, and people would click through it just like they click through Windows' "Hey! that might be a virus!" warning today.
Furthermore, they must warn "anyone downloading the software," which includes someone who pastes in an FTP link. How you gonna do that? It also would piss off users of package managers, who would now have click/type through warnings on dependencies, possibly well into the install process. The package managers themselves would have to be updated, which would be a PITA for all, and any site which allowed access via an outdated package manager would be in violation.
I'd be happy if the government passed a law requiring spyware to announce itself as such, just as I'm in favor of requiring spam to announce itself as such. But the law has to be written correctly. Many of the goals of the DMCA were good (other than the one of protecting profit margins of the copyright cartels), but the law was poorly written and poorly thought-out. That's part of why people hate it so much.
No, and I think that this portion of the bill has a laudible goal. However, according to the wording of the bill, many applications which are not spyware would have to be retrofitted with these warnings. Third parties can store information on your computer through many means, such as a cookie sent to your browser.
There are also many covert channels that could be used; nmap uses the sequence numbers in packets as a covert channel for "stealthy" port-scanning. As construed, the IP stack both allows a third party to store data on your computer (however temporarily) and allows them to search the contents of other computers (that's a bit loose, but you can find out what services they're running). This warning would have to be placed on basically every networkable application due to such covert channels.
It would also be a major pain for installs from the command line. When I type in fink install foo (yes, I have a Mac), I don't want the install to pause in the middle (which may be quite a long time into the install if I'm installing, say, gimp or gnome) just because some dependency counts as "enabling software".
Do you condone the illegal trade of copyrighted material?
No. But I don't think it should be a criminal offense. Copyright infringement is quite illegal enough, and to be punished more stiffly for this than for theft is ridiculous. I don't condone false advertising either, or spam, or spyware distribution, but I don't think that people should be locked up for any of these offenses.
Furthermore, you know exactly how this bill will be used if it passes. The RIAA will immediately choose 4 random college students out of their database of pirates and land them in jail for 5 years, to scare the others away from KaZaA. That's ridiculous. The billion-dollar suits were bad enough, now they want to land them in jail? Well, I guess that prevents the community from making it up with PayPal donations.
And again, the bill is poorly written. Their definition of public accessibility applies to any vulnerable computer, so running Windows (a copyrighted product) with a network connection would (technically) be a felony. And since it's a criminal offense, parties other than Microsoft can take users to court.
If you create something, and allow others to freely distribute it, then you have two choices.
You can either license it to them, in which case your license should make it clear n hops down the line that it is still OK to distribute. This is what the GPL does.
Or you can revoke your copyright on it, making your work public domain. Then it's not copyrighted, so they can do whatever they want.
Reading the article carefully, would a vulnerable home PC be considered "publicly accessible"? The public can certainly use their access to acquire whatever copyrighted work you might have placed there.
Hmmm...
Maybe someone should hack and download from Rosen's PC, then report her (after thoroughly scrubbing the logfiles, of course).
Then there's the question of caching proxies. Is the proxy's loading of some file considered a copyright violation, and by whom? The proxy's operator? The person who read the file through the proxy?
At least it'll never pass.
I guess on the plus side, it screws Bonzai Buddy with that "enabling software" requirement. They'd have to tell users that their software is a privacy risk.
I don't particularly like flying. I suppose if I have to get across the country, it's preferable to driving; however, despite the low chance of dying, if you go anywhere from a small airport, you are likely to be bounced around like a [insert lame simile here]. That doesn't happen in a car. At least not on the interstate.
Not if it's bash. Trust me, I tested the code in my own sig.
$ echo "#blah" #blah
Actually, the reason it won't do much is that almost nobody is stupid enough to put . at the beginning of their $PATH. You'd have to name it cta or les or something.
The best thing about the #!/bin/rm -f hack (-rf if you use it on a directories command), is that #! translates "cat foo" to "/bin/rm -f cat foo", thereby removing all traces of your hack, and leaving the victim quite confused.
Yes. However, most ISPs are not responsible. Most universities, however, throttle all UDPs to screw up gamesever pingtime, thus inducing their students to study, or else frag with someone on campus.
You're right about drinking from the firehose. At least under the current spec, you can't limit the rate of incoming packets, so the client could very easily run out of bandwidth. However, this could probably be fixed.
In terms of errors and dropped packages, this is a recognized problem in UDPP2P, for which I emailed them (something similar to my post) suggesting a solution. Basically, you send the whole file as a giant error-correcting code. As another poster pointed out, you can even have a bunch of hosts send it like that, lending their combined bandwidth (firehose problems again). Even if some of the packets are dropped or arrive out of order, you're fine. And it is well-known that those packet-dropping "good routers" are in the minority.
You will note that I am not on the UDPP2P team, and that I suggested IPSec as a better solution. Of course, routers would have to support IPSec to offer much protection against traffic analysis, which they don't really yet.
It's the proverbial finger in the hole in the dam.
Perhaps. Except that in that story, the random passerby putting his finger in the hole (actually, I believe it was in a dyke) prevented it from eroding and widening, thus saving the entire village.
If ROT-13 is an encryption scheme under the DMCA (see Adobe Vs. Elcomsoft), it could be argued that TCP is an encryption scheme under the same rules.
No. To be an encrytion scheme, it has to be designed to hide the data. You could claim that ROT-13 is encryption, or maybe even that changing the extension of a file is encryption, if it stops people from opening it. But you can't claim that TCP is encryption because it's designed to give the data to the recipient, not hide it.
Actually, the folks at UDPP2P had an interesting idea in this regard. The client negotiates through the search network to find a server, but doesn't gets that server's IP. The server sends the data via forged UDP packets, encrypted, with some extra code to correct for out-of-order and dropped packets.
I think there was a paper on/. a while ago about a similar method of sending data; you take a big, not quite square matrix M and multiplied the data file by it, getting a bunch of rows; you send these rows along with row IDs; once the receiver has enough of these rows, he can construct (using the row IDs) the inverse of the submatrix of M that spawned them, and derive the original message, even if the rest were dropped or corrupted. VanderMonde matrices work for this, although I imagine there's a sparser solution.
Of course, your ISP/firewall wouldn't necessarily be happy about sending out all those fake UDPs, and many university networks throttle them. Also, the..AA can still set up a fake server which logs you, since the server knows the client's IP, unless you proxy, which would cost in bandwidth. Or, you could send it to someone on the receiver's subnet and let them sniff, which wouldn't entirely give away their location.
Perhaps one should point out that this is practically a new internet protocol, requiring root access and stuff... it might be better for them just to use IPSec with address hiding.
An important advance in this direction is LFS, the Log-structured FileSystem. It's not exactly new; most of the recent improvements in it have been fine-tuning of the access and cleaning algos.
Basically, the main structure on disk is the Log. It stores all the iNodes and all the file data and metadata. If you have to write something to disk, you write it at the end of the Log. With a good buffer cache, this is extremely fast because you write large amounts of data contiguously.
Every so often you create a checkpoint, which is the metadata required to locate all the inodes and file data on disk at a particular time. Although I'm not aware of any implementation that allows this, you could theoretically roll the filesystem, or some part of it, back to any particular checkpoint (which has not been cleaned yet), or make it look to some user level program as if you had (they'd only have r/o access tho). Checkpoints also make crash recovery pretty fast.
Reading times are not quite as good as Ext2/3 under some circumstances (some workloads can massively frag files) but if you rewrite the majority of a file at a time, reading times can actually be faster. And running the cleaner a lot makes it even better.
There is a lot of CPU overhead, but very little disk-seeking overhead. The result is that as CPUs get faster, your IO will get faster; disk seek times are not getting much faster, and they are not the bottleneck with LFS.
The only major downside of LFS is the cleaner. Since the log only gets written at the end, it accumulates cruft and fragmentation over time, and grows enormous. You need garbage collection. So you have to deallocate data which has been rewritten later in the log, and compact highly framented segments into a smaller number of dense segments, in order to vacate segments for writing. This cleaner process burns serious CPU and disk, and is the main thing keeping LFS off the desktop. But if you're content to let your CPU spin for awhile every night to clean up, you don't have to run it while you're working.
The reason that breaking copy-protection schemes is illegal is pretty simple. If you were to break one and distribute the hack, they wouldn't have much of a case against you otherwise; you could simply say that it is there as a means of making backups (like Hotline, KaZaA, etc do). But lots of people would download it, and use it to pirate stuff, and never get caught.
However, with this law, they can sue your pants off, and that is what they want. The law was poorly written and screws home users as well, but its purpose was to target pirates.
Now, as for why the government favors copyright holders over individuals, the answer is entirely obvious. Who pays for their campaigns?
Another point of the taint flag is that you cannot make a binary distribution of a tainted kernel. Under the GPL, if you distribute any modifications of the original kernel, you must include the source, which you can't do if you have closed-source drivers.
If everyone pronounces it 'giga' (ie with a hard g), then the correct pronunciation is 'giga', not 'jiga'. It's not someone's name, so the 'correct' pronunciation is how people who are familiar with the term say it.
In fact, the prefix giga- is from Greek 'gigas'. The Greek gamma is always the hard 'g' sound; there is no sound in Greek that is at all like 'j'. In names like John, 'i' is substituted ('Ioannos' or something).
That's what my new cloths will be after I microwave them to ensure that no RFID devices remain functional.
That's what your clothes will be after you blow up the RFID tag and set them on fire:
While microwaving an RFID tag will destroy it(a microwave emits high frequency electromagnetic energy that overloads the antenna, eventually blowing out the chip), there is a good chance the the tag will burst into flames first.
Slashdot Mirror
Check forging, for one. Someone writes you a check (or you steal someone else's), you add a zero or turn a 3 into an 8 (or a 1 into a 7), cash it and run off with the money.
Heh. You don't have to do any chemical analysis to prove that, unless they managed to turn the "Sixteen Dollars and 95/100" into "One Hundred Sixty Nine Dollars and 50/100".
[am not! are too! am not!]
/usr/share/dict/words has about 19 bits of entropy, and thus beats out the sentence. A decent PC could crack any of these in seconds flat, if an attacker suspected you had used one of them.
/., have lousy passwords which are variants on an older one, but are easy to remember and quick to enter. You won't guess any one without looking at the others, and I wouldn't care much if you did.
The strongest possible password is the string with the most entropy that you can reliably remember and enter. i.e. the output of a password-generation method that has the largest possible number of different outputs (assuming that they are equally likely up to computational feasibility, and that you can reliably remember and enter the password, and that an attacker has any reasonable chance of guessing how you generated it).
It is NOT the longest string you can commit to memory. There are people who have memorized thousands of digits of pi, but the first thousand digits of pi would be a horrible password if someone knew that you had memorized them. Similarly, Shakespearean soliloquies suck, especially if you are a Shakespeare geek.
A random sentence from War and Peace has maybe 16 bits of entropy. A random paragraph has fewer, because there are fewer paragraphs in War & Peace than there are sentences. A random word from
If the string is anywhere on your hard drive in plaintext form, be it in the words dict, a deleted email from Amazon, or your War and Peace ebook, it has at most 40-some bits of entropy (depending on your hard disk size and its length), and could be cracked on a small cluster in days if your hardrive wore stolen.
A 5-word diceware.com password such as "cleft cam synod lacy yr" has about 63-64 bits of entropy, and is my preferred password type for long passwords because it is fairly easy to remember. A 10-character RAD-64 password such as "4TFA/ii+Xc" has 60 bits. An 18-digit random number has about the same.
If you can narrow each inkblot to 50 possibilities, then a sequence of 10 of them has about 57 bits of entropy in 20 characters. (don't take my word, i calculated it in my head). That's feasible for the govt, or distributed.net, or a very large company. Not bad for a passport account which is unlikely to have its hash lifted anyway, but since I can remember the RAD64 or the diceware one easier and enter it faster, I'll stick with one of them for the accounts I care about.
Anyway, the password strength you need depends on how much you care about what it protects.
For instance, I have 10-word diceware for my PGP master signing key, which is about as strong as the hash. Accounts that I don't really care about, like
I believe you mean the GNU/GPL: GNU is not Unix is not Unix is not Unix is not Unix is not ... is not Unix General Public License.
Yes, you're right, that's about what I would do. I might actually report it instead of looking at it mylelf, but there's a good chance that I'd do it.
I think that JFK thing was a bad example.
...or at least it seems so. I was proofing a script against HTML insertion attacks, and tried that for kicks. It doesn't crash IE6/Win2k.
1) They'd have to compile a new list of pirates after the law became effective. The Constitution prohibits ex post facto prosecution.
Whatever. My point was that the RIAA will quickly use the law to make examples of people, if it ever gets passed, and that sort of scare tactic is a bad thing. Since they can't enforce the law against any substancial fraction of the violators, the want to bring proportionally larger punishments on a few, to frighten the rest away. Remember, we are supposed to have "equal protection under the law."
2) If the students don't want to end up in jail, they can (get this) STOP PUTTING SHIT ON KAZAA FOR OTHER PEOPLE TO DOWNLOAD. It's just that simple. If you don't want to be prosecuted, don't break the law.
Why do you guys find this so hard to comprehend?
You're right, it's illegal. But the punishment sohuld fit the crime. Do you want to throw this college students into jail to be assraped by heroin dealers and murderers?
Music piracy is a minor offense, and should not be considered a felony. You might as well argue for a death penalty for piracy, and if the students don't want to be publically beheaded, "they can (get this) STOP PUTTING SHIT ON KAZAA FOR OTHER PEOPLE TO DOWNLOAD."
Heck, why just piracy? We could make speeding a felony too, it would make the roads so much safer. If people don't want to go to jail, they can stop breaking the law.
[rant subject = RIAA]
Seriously, the RIAA overstates how much these people are costing them. I don't think it's much at all; very few of those "potential sales" are actually lost, as people who would be willing to buy CDs will still buy almost as many. They'll just buy whichever albums they liked most on KaZaA, instead of something they'd never heard.
If the RIAA can't sell CDs (which they can), it's mostly because they price them too high, and because driving to the store to get one is inconvenient. I predict that the music CD industry will be mostly destroyed by online content systems like iTMS (hope they port that to Windows soon), and become a niche market.
[/rant]
Disclaimer: I have never pirated music; I don't listen to it much anyway. I don't own any music CDs either. I used to download pirated software, but now that I have OSX there are free alternatives, so I don't anymore.
I agree that it appears to be in favor of the consumer, although it might just be another anti-KaZaA thing.
However, there are several problems with this section. For one thing, software that allows you to do a distributed search should not be considered "enabling software." This capability, in and of itself, does not pose a privacy or security risk. This is what makes me think that it is anti-KaZaA.
Secondly, you can store data on someone's computer in many ways. A browser cookie, for instance. Many applications use mechanisms like this, and could be used for "storage." And there are unintentional covert channels, that is, methods of storing data which the program is not designed for.
I even claim that running an operating system with a simple network stack counts, as nmap can use it for a stealth scan. It does this by forging packets to the victim from the scapegoat computer, then analyzing the sequence numbers that the scapegoat gives it on a ping. The scanner thus stores data on the scapegoat (in its IP sequence numbers), and uses this information to determine the services running on the victim ("search its contents?" sort of...).
In any case, companies would have to tread extremely carefully with any net-connected app. The warning would become very annoying, and people would click through it just like they click through Windows' "Hey! that might be a virus!" warning today.
Furthermore, they must warn "anyone downloading the software," which includes someone who pastes in an FTP link. How you gonna do that? It also would piss off users of package managers, who would now have click/type through warnings on dependencies, possibly well into the install process. The package managers themselves would have to be updated, which would be a PITA for all, and any site which allowed access via an outdated package manager would be in violation.
I'd be happy if the government passed a law requiring spyware to announce itself as such, just as I'm in favor of requiring spam to announce itself as such. But the law has to be written correctly. Many of the goals of the DMCA were good (other than the one of protecting profit margins of the copyright cartels), but the law was poorly written and poorly thought-out. That's part of why people hate it so much.
[/rant]
Not magically enhanced for being done via the computer.
Even by a Computer of Jail Time +5?
Do you condone spyware?
No, and I think that this portion of the bill has a laudible goal. However, according to the wording of the bill, many applications which are not spyware would have to be retrofitted with these warnings. Third parties can store information on your computer through many means, such as a cookie sent to your browser.
There are also many covert channels that could be used; nmap uses the sequence numbers in packets as a covert channel for "stealthy" port-scanning. As construed, the IP stack both allows a third party to store data on your computer (however temporarily) and allows them to search the contents of other computers (that's a bit loose, but you can find out what services they're running). This warning would have to be placed on basically every networkable application due to such covert channels.
It would also be a major pain for installs from the command line. When I type in fink install foo (yes, I have a Mac), I don't want the install to pause in the middle (which may be quite a long time into the install if I'm installing, say, gimp or gnome) just because some dependency counts as "enabling software".
Do you condone the illegal trade of copyrighted material?
No. But I don't think it should be a criminal offense. Copyright infringement is quite illegal enough, and to be punished more stiffly for this than for theft is ridiculous. I don't condone false advertising either, or spam, or spyware distribution, but I don't think that people should be locked up for any of these offenses.
Furthermore, you know exactly how this bill will be used if it passes. The RIAA will immediately choose 4 random college students out of their database of pirates and land them in jail for 5 years, to scare the others away from KaZaA. That's ridiculous. The billion-dollar suits were bad enough, now they want to land them in jail? Well, I guess that prevents the community from making it up with PayPal donations.
And again, the bill is poorly written. Their definition of public accessibility applies to any vulnerable computer, so running Windows (a copyrighted product) with a network connection would (technically) be a felony. And since it's a criminal offense, parties other than Microsoft can take users to court.
Disclaimer: I'm not a lawyer.
If you create something, and allow others to freely distribute it, then you have two choices.
You can either license it to them, in which case your license should make it clear n hops down the line that it is still OK to distribute. This is what the GPL does.
Or you can revoke your copyright on it, making your work public domain. Then it's not copyrighted, so they can do whatever they want.
Reading the article carefully, would a vulnerable home PC be considered "publicly accessible"? The public can certainly use their access to acquire whatever copyrighted work you might have placed there.
Hmmm...
Maybe someone should hack and download from Rosen's PC, then report her (after thoroughly scrubbing the logfiles, of course).
Then there's the question of caching proxies. Is the proxy's loading of some file considered a copyright violation, and by whom? The proxy's operator? The person who read the file through the proxy?
At least it'll never pass.
I guess on the plus side, it screws Bonzai Buddy with that "enabling software" requirement. They'd have to tell users that their software is a privacy risk.
I don't particularly like flying. I suppose if I have to get across the country, it's preferable to driving; however, despite the low chance of dying, if you go anywhere from a small airport, you are likely to be bounced around like a [insert lame simile here]. That doesn't happen in a car. At least not on the interstate.
The best thing about the #!/bin/rm -f hack (-rf if you use it on a directories command), is that #! translates "cat foo" to "/bin/rm -f cat foo", thereby removing all traces of your hack, and leaving the victim quite confused.
Yes. However, most ISPs are not responsible. Most universities, however, throttle all UDPs to screw up gamesever pingtime, thus inducing their students to study, or else frag with someone on campus.
You're right about drinking from the firehose. At least under the current spec, you can't limit the rate of incoming packets, so the client could very easily run out of bandwidth. However, this could probably be fixed.
In terms of errors and dropped packages, this is a recognized problem in UDPP2P, for which I emailed them (something similar to my post) suggesting a solution. Basically, you send the whole file as a giant error-correcting code. As another poster pointed out, you can even have a bunch of hosts send it like that, lending their combined bandwidth (firehose problems again). Even if some of the packets are dropped or arrive out of order, you're fine. And it is well-known that those packet-dropping "good routers" are in the minority.
You will note that I am not on the UDPP2P team, and that I suggested IPSec as a better solution. Of course, routers would have to support IPSec to offer much protection against traffic analysis, which they don't really yet.
It's the proverbial finger in the hole in the dam.
Perhaps. Except that in that story, the random passerby putting his finger in the hole (actually, I believe it was in a dyke) prevented it from eroding and widening, thus saving the entire village.
If ROT-13 is an encryption scheme under the DMCA (see Adobe Vs. Elcomsoft), it could be argued that TCP is an encryption scheme under the same rules.
No. To be an encrytion scheme, it has to be designed to hide the data. You could claim that ROT-13 is encryption, or maybe even that changing the extension of a file is encryption, if it stops people from opening it. But you can't claim that TCP is encryption because it's designed to give the data to the recipient, not hide it.
Actually, the folks at UDPP2P had an interesting idea in this regard. The client negotiates through the search network to find a server, but doesn't gets that server's IP. The server sends the data via forged UDP packets, encrypted, with some extra code to correct for out-of-order and dropped packets.
/. a while ago about a similar method of sending data; you take a big, not quite square matrix M and multiplied the data file by it, getting a bunch of rows; you send these rows along with row IDs; once the receiver has enough of these rows, he can construct (using the row IDs) the inverse of the submatrix of M that spawned them, and derive the original message, even if the rest were dropped or corrupted. VanderMonde matrices work for this, although I imagine there's a sparser solution.
..AA can still set up a fake server which logs you, since the server knows the client's IP, unless you proxy, which would cost in bandwidth. Or, you could send it to someone on the receiver's subnet and let them sniff, which wouldn't entirely give away their location.
I think there was a paper on
Of course, your ISP/firewall wouldn't necessarily be happy about sending out all those fake UDPs, and many university networks throttle them. Also, the
Perhaps one should point out that this is practically a new internet protocol, requiring root access and stuff... it might be better for them just to use IPSec with address hiding.
An important advance in this direction is LFS, the Log-structured FileSystem. It's not exactly new; most of the recent improvements in it have been fine-tuning of the access and cleaning algos.
Basically, the main structure on disk is the Log. It stores all the iNodes and all the file data and metadata. If you have to write something to disk, you write it at the end of the Log. With a good buffer cache, this is extremely fast because you write large amounts of data contiguously.
Every so often you create a checkpoint, which is the metadata required to locate all the inodes and file data on disk at a particular time. Although I'm not aware of any implementation that allows this, you could theoretically roll the filesystem, or some part of it, back to any particular checkpoint (which has not been cleaned yet), or make it look to some user level program as if you had (they'd only have r/o access tho). Checkpoints also make crash recovery pretty fast.
Reading times are not quite as good as Ext2/3 under some circumstances (some workloads can massively frag files) but if you rewrite the majority of a file at a time, reading times can actually be faster. And running the cleaner a lot makes it even better.
There is a lot of CPU overhead, but very little disk-seeking overhead. The result is that as CPUs get faster, your IO will get faster; disk seek times are not getting much faster, and they are not the bottleneck with LFS.
The only major downside of LFS is the cleaner. Since the log only gets written at the end, it accumulates cruft and fragmentation over time, and grows enormous. You need garbage collection. So you have to deallocate data which has been rewritten later in the log, and compact highly framented segments into a smaller number of dense segments, in order to vacate segments for writing. This cleaner process burns serious CPU and disk, and is the main thing keeping LFS off the desktop. But if you're content to let your CPU spin for awhile every night to clean up, you don't have to run it while you're working.
Google for Sprite LFS
The reason that breaking copy-protection schemes is illegal is pretty simple. If you were to break one and distribute the hack, they wouldn't have much of a case against you otherwise; you could simply say that it is there as a means of making backups (like Hotline, KaZaA, etc do). But lots of people would download it, and use it to pirate stuff, and never get caught.
However, with this law, they can sue your pants off, and that is what they want. The law was poorly written and screws home users as well, but its purpose was to target pirates.
Now, as for why the government favors copyright holders over individuals, the answer is entirely obvious. Who pays for their campaigns?
We farm out our computation to users of operating systems which are not secure by default.
Another point of the taint flag is that you cannot make a binary distribution of a tainted kernel. Under the GPL, if you distribute any modifications of the original kernel, you must include the source, which you can't do if you have closed-source drivers.
Unlike with 'jiga,' a substantial portion of the population (geez, I hope it's the majority), pronounces February and nuclear in the preferred manner.
If essentially all the population, including nuclear scientists, pronounced it 'nucular', then that would be the established pronunciation.
You wouldn't try to argue that the "established" pronunciation of 'knight' is as it's written, even though it once was pronounced that way.
My point about the Greek is that in the case of 'giga', you cannot even defend your position based on the original pronunciation.
If everyone pronounces it 'giga' (ie with a hard g), then the correct pronunciation is 'giga', not 'jiga'. It's not someone's name, so the 'correct' pronunciation is how people who are familiar with the term say it.
In fact, the prefix giga- is from Greek 'gigas'. The Greek gamma is always the hard 'g' sound; there is no sound in Greek that is at all like 'j'. In names like John, 'i' is substituted ('Ioannos' or something).
That's what my new cloths will be after I microwave them to ensure that no RFID devices remain functional.
That's what your clothes will be after you blow up the RFID tag and set them on fire:
While microwaving an RFID tag will destroy it(a microwave emits high frequency electromagnetic energy that overloads the antenna, eventually blowing out the chip), there is a good chance the the tag will burst into flames first.