First, that was a very interesting post about your project. Thanks for taking the time to talk about it.
If I were to take a crack at breaking your elaborate security precautions, I would take a look at your dongle. Ultimately, anytime you are using a hardware key in software, you are just creating a second vector of attack or shifting the weak point in your software security from software to hardware. Your random seeds aren't likely as random as you think, as true RNG is kind of a tricky business.
In the end, either my machine can or cannot understand your code. If it can, it can be hacked.
As a result, your approach is stymied, unless you can actually understand how the algorithm works and disentangle the input from the security key.
But I can look at they byte code and see exactly what is being done at each step of the process. I can read the buffers. Basically, you are just replacing 'if (password_correct == true)' with 'if (password_hash & xff0a key_buff[x0012] * get_hash_rotation(user.id))' or something similar. obfuscation != security.
In fifteen years of programming, largely R&D, I've come up with one, maybe two completely new solutions to old problems which are significant. One replaces CAPTCHAS with something that testers have had no problem using from ten feet away. A legally blind customer uses it on his site. I believe the law is correct in considering this a new invention.
Your thing might be a valid invention under USPO rules. It is an application of something, and quite likely not even directly tied to any encryption algorithm. Software patents are complete bullshit too, IMHO, since you aren't releasing source code in your patent application, and aren't really sharing you work with the world at large as intended. but that is neither here nor there since there is (quite strangely) no mention of software patents in anything laid down by the founding fathers.
I was speaking about elliptical curve encryption, and any sort of claim that blackberry could make about it. An encryption algorithm is math, pretty much as pure as it gets. That sort of thing should not ever be patentable. Not under software patents, not as bullshit 'business process' patents, not as anything.
Exactly. Gates' current problem is that Microsoft stock is falling, and most of their products are a bust....Gates is attempting to make Google look bad, mostly through classic propaganda techniques......But it's really the question of who's the lesser of two evils.
Yes, you are clearly a genius. Clearly he is attempting to make more money for his portfolio by insulting the philanthropic activities of Microsoft's competitors. Or, perhaps he is just exasperated that more people aren't putting money toward useful, long term efforts to improve the overall state of humanity.
He is an intelligent guy, and hes looking at what is going to happen in 50-100 years, and its probably going to be ugly. If world population stabilizes at 14 billion, you are going to see some really viscous wars of genocide take place, because the way we are expending resources, there inst going to be enough to go around. And when it comes down to food, water and air, are you going to give up your share so someone in Africa can live? The sooner we can stabilize population growth in developing countries, the better and the way you do that is by improving health, education, and food.
If he really gave a fuck about his portfolio and how Microsoft was doing, why wouldn't he just come out of retirement?
If everyone on the other hand tried to sell the stock, the value would crash and the company would go under because everyone was trying to jump ship and sell to squeeze the last bit of profit out of it.
Whoa, why would a company go under if stock value is zero? Their stock value is their perceived value, not their income and expense balances. Suppose that everyone in the world decided to dump Apple stock tomorrow. The stock value implodes in the sell off, and a few slow moving investors get shafted.They still have 80 billion in the bank, and they still are making ipads like crazy, so why would this drive them out of business? The few people who were buying during the sell off craze now own the company, and probably for very little. They can now do anything they want with the company, being investors with majority control.
So, selling your shares in immoral companies that are profitable doesn't do much of anything. Either you should buy shares in said companies, so you can vote out the jerks who are running the company at the next shareholder meeting, or you buy the stock to acquire more personal fiscal power so you can see that moral things are done with it. Just ignoring a river because you don't like water won't make it go away.
More to the point, how the FUCK does one weasel a patent on crypto (which is just math, and therefore, unpatentable) through the system? I would think the USPO would just round file anything coming in that has to do with crypto on general principle...
Also, while you can encrypt to your hear's content, how do you pass people you want to communicate to securely a private key to encrypt and decrypt with? You going to email it? Perhaps text it via SMS? Or, you could call them up and tell them the key? As soon as you transmit a key over a service they control, you are no longer really encrypted. You can meet someone in person to pass a key, but that really only works for people you are physically close to.
The jackbooted thugs wouldn't stand a chance in a society of psychopaths. A police state doesn't fundamentally work, unless fear overcomes the impulse to fight back and as mentioned impulse control isn't a trait that a psychopath has in abundance. You don't need to organize to fight authority, if everybody is fighting authority.
You would send out a couple of thugs to go collect someone in public to try to put some fear in people, and they would get murdered, because they irritated the wrong person on the way.
Yeah I agree, there is something fundamentally wrong with the claims being made. If I have byte code, I can rebuild loops and conditionals with a decompiler. Sure, I don't have comments or var names, but those can be guessed or worked out in something less than 'several hundred years'.
Suppose you build something that throws in a lot of crazy random jmp calls to make this harder, and I cant be bothered to re-construct a program I want to steal. At some point a single Boolean decision hits the call stack that says, 'Is the app unlocked, yes or no?', and that conditional jmp can be replaced so it is cracked. Unless this guy has come up with a super magic method to keep me out of my own computer, I can crack whatever crackpot protection scheme he cooks up.
DRM doesn't work, on a theoretical level, because you cannot keep people from having access to the data at every single point in the delivery chain. Code is just data. So......QUACK QUACK QUACK.
empathy seems to be linked to our ability to cooperate effectively, a psychopathic populace might be considerably easier to control.
I think you have it backward. A psychopathic population would be incredibly hard to control. The reason I don't stab you in the face and take your wallet is because I empathize with you as a person. Without empathy, you are an bag of annoying meat that has the $50 in pocket change that I want. Without empathy, people would act out impulsive behavior much more frequently.
There is no point in placing asinine hope in democratic processes: we have been shown (time and again) that where these exist (!), they will be subverted by those who do not have your best interests at heart.
Well then, clearly the only hope for any sort of change is violent revolution and mass executions of the monarchists. I'll start building a guillotine, you organize a Committee of Public Safety.
Or we could, I dunno, vote someone into power that will change things. Pretty sure that a mayor and/or a police chief that wants to put and end to this shit will pretty much take care of the problem in any given city.
BTW, I drive a six speed manual without traction control. I drive a lot better than most because I dont expect my car to pull me out of dangerous situations I get myself into.
I am a completely mediocre driver with traction control, anti-lock brakes and as much safety tech as I can slap on a car. When I hit an unexpected patch of black ice, my computer chips will react far faster than any veteran race car driver that ever lived. Don't let pride blind you to to the advantages of technology.
Yeah but the consequences of my beating you to a pulp are fine (as are my taking the consequences of that action). The Constitution precludes the Government from assigning consequences to free speech.
Reported. You just threatened to commit assault and battery, which is a felony. Expect the Swat team to kick in your front door in 15 minutes. Justin could use a cell mate...
However, it sure would reduce cognitive load to not switch languages between browser and server ends.
I don't know, I don't think having to know several languages is that much of a chore. I kind of prefer languages to be specialized for specific purposes, because you can't be the best at everything. I don't know how much sense it would make to use SQL syntax for geometry shaders, or for asm to be used as a HTML dom manipulation. When you write a language to support everything, it is just as much detail to learn as learning several languages (where 'learn' means have a good understanding of API, objects, methods, etc. and not just a rudimentary comprehension of syntax).
droids == zombie == nazis
Rule #1 of the crappy screen writer: You can do anything you want to these three groups, because the deserve it. Need to kill someone/something to show how bad ass your protagonist is, but don't want to have your hero actually commit murder? Pick on of these three groups and start shooting. Nazis are of course, the most evil beings in all history as we all know, so anything you do them is justified (They are more evil than I am, so murder is OK."). Zombies are unfeeling and evil, even though they are typically former victims and possibly friends or family members themselves. Finally, droids aren't human, even if they are sentient, so torture/mutilation/murder is perfectly fine.
The writer misses the entire reason GL picked droids for the villains in the prequel. He can do anything to them and nobody will so much as flinch. Light sabres, which appear en mass in the movies, would make a gory mess out of any human they were used on, and that would lose the PG rating that GL needed to suck another couple billion out of the pockets of parents everywhere.
He may be a crappy dialogue writer, but he isn't stupid.
A solid science story, and people are going off on tangents. First thing I though, yeah this is a brilliant plan: How long would you have to point an x-ray machine at someone before it would even cause radiation sickness? Several hours or something? Remember, all EM radiation falls off with the square of the distance, so if someone sits in a truck with an x-ray machine pointed at you from across a parking lot, it is losing a lot of potency. It would be much simpler to go stab the person with a broken bottle if you really don't like them that much.
Also, this thing is hardly going to be medical grade safety, so I give you 50/50 odds that the operator ends up dying of radiation poisoning before any of his 'victims'. Finally, you can generate EM radiation without nuclear material, but that would suck down quite a bit of power to create something as energetic as x-rays. This guy going to power that off his car's cigarette lighter ac adapter?
The NSA is a pack of dimwitted fuckers for pulling this, because the blow back when this was discovered (not if) would clearly far exceed any benefit they could possibly gain. Now, I think this might not be an entirely bad thing that they pulled this shit.
I suspect that as a result, the rest of the world is going to be deeply suspicious of the US in the future, and it is going to be much more difficult to maintain control of the Internet's key systems and keep them inside US borders as much as is possible. I also think this might kick off a new round of encryption and paranoia, which really is a good thing for consumers of tech resources in the long run. Bad for the spy types, because RSA1024 on everything will really put a damper on their ELINT gathering capabilities. They might have to go out and do some honest on the ground trade craft for a change.
Who ever is running the NSA should be sacked on the spot. Not for engaging in massive illegal wire tapping, but for being such a shallow idiot and not considering the fall out of being caught. You have to suppose that there are analysts writing papers about what will likely happen when they get caught, so the Director isn't paying attention to their own intel papers and projections. Fire him for being a fucking inept moron.
Lets ignore the morally correct point that fighting fire with fire isn't actually legal.
Hmm.... That sounded a whole lot like you are using morality and legality as synonyms. That's far from the truth. In fact, in a surprisingly large number of situations, they are antonyms.
I am saying that an eye for an eye vigilantism isn't legal, nor is it moral.
Several ideas for my first free message:
1) Anally Probable monkeys here, $15 each. (I'll be rich!)
2) Earth thinks you are a pack of 6 eyed jerks, and challenges you to a fight.
3) WE CLAIM THE WESTERN ARM OF THE GALAXY, AND DOMINION OVER ALL WHO DWELL THERE.
How is this whole project NOT a bad idea on every level?
Lets ignore the morally correct point that fighting fire with fire isn't actually legal. Lets just think about what you hope to accomplish.
Suppose that you poses the time and skills to properly track your attacker back to their actual home system(s), and you manage to crack it. You upload an virus you wrote in your free time that spreads through their computer, deletes all files, and hides in the BIOS afterwards, frying hardware with malicious hardware calls. After you disconnect from their newly cratered system, how long is if going to be until the next random punk off the internet trys to probe your security?
< 00.1 second.
Good luck with your vendetta, I hope it works out for you.
More to the point, unless the 1.7TB contains something of interest in the first place (ex: stolen source code that isn't encrypted), who is going to bother to download it? See, you have to give people an incentive to download that much shit before they are going to act as your own personal distributed storage service.
Bet when he gets arrested (not if), that there aren't any copies of his 'get out of jail card' in the wild.
Also, just for the record, have there ever been instances of anyone successfully blackmailing the cops into letting them go? Ever?
Slashdot Mirror
First, that was a very interesting post about your project. Thanks for taking the time to talk about it.
If I were to take a crack at breaking your elaborate security precautions, I would take a look at your dongle. Ultimately, anytime you are using a hardware key in software, you are just creating a second vector of attack or shifting the weak point in your software security from software to hardware. Your random seeds aren't likely as random as you think, as true RNG is kind of a tricky business.
In the end, either my machine can or cannot understand your code. If it can, it can be hacked.
As a result, your approach is stymied, unless you can actually understand how the algorithm works and disentangle the input from the security key.
But I can look at they byte code and see exactly what is being done at each step of the process. I can read the buffers. Basically, you are just replacing 'if (password_correct == true)' with 'if (password_hash & xff0a key_buff[x0012] * get_hash_rotation(user.id))' or something similar. obfuscation != security.
In fifteen years of programming, largely R&D, I've come up with one, maybe two completely new solutions to old problems which are significant. One replaces CAPTCHAS with something that testers have had no problem using from ten feet away. A legally blind customer uses it on his site. I believe the law is correct in considering this a new invention.
Your thing might be a valid invention under USPO rules. It is an application of something, and quite likely not even directly tied to any encryption algorithm. Software patents are complete bullshit too, IMHO, since you aren't releasing source code in your patent application, and aren't really sharing you work with the world at large as intended. but that is neither here nor there since there is (quite strangely) no mention of software patents in anything laid down by the founding fathers.
I was speaking about elliptical curve encryption, and any sort of claim that blackberry could make about it. An encryption algorithm is math, pretty much as pure as it gets. That sort of thing should not ever be patentable. Not under software patents, not as bullshit 'business process' patents, not as anything.
Exactly. Gates' current problem is that Microsoft stock is falling, and most of their products are a bust....Gates is attempting to make Google look bad, mostly through classic propaganda techniques. .....But it's really the question of who's the lesser of two evils.
Yes, you are clearly a genius. Clearly he is attempting to make more money for his portfolio by insulting the philanthropic activities of Microsoft's competitors. Or, perhaps he is just exasperated that more people aren't putting money toward useful, long term efforts to improve the overall state of humanity.
He is an intelligent guy, and hes looking at what is going to happen in 50-100 years, and its probably going to be ugly. If world population stabilizes at 14 billion, you are going to see some really viscous wars of genocide take place, because the way we are expending resources, there inst going to be enough to go around. And when it comes down to food, water and air, are you going to give up your share so someone in Africa can live? The sooner we can stabilize population growth in developing countries, the better and the way you do that is by improving health, education, and food.
If he really gave a fuck about his portfolio and how Microsoft was doing, why wouldn't he just come out of retirement?
Gates is no better than a random Somali witch doctor/mullah who does the same to girls.
And people who engage in ridiculous reductionist arguments like this are no better than Nazis! Nazis, I say!
If everyone on the other hand tried to sell the stock, the value would crash and the company would go under because everyone was trying to jump ship and sell to squeeze the last bit of profit out of it.
Whoa, why would a company go under if stock value is zero? Their stock value is their perceived value, not their income and expense balances. Suppose that everyone in the world decided to dump Apple stock tomorrow. The stock value implodes in the sell off, and a few slow moving investors get shafted.They still have 80 billion in the bank, and they still are making ipads like crazy, so why would this drive them out of business? The few people who were buying during the sell off craze now own the company, and probably for very little. They can now do anything they want with the company, being investors with majority control.
So, selling your shares in immoral companies that are profitable doesn't do much of anything. Either you should buy shares in said companies, so you can vote out the jerks who are running the company at the next shareholder meeting, or you buy the stock to acquire more personal fiscal power so you can see that moral things are done with it. Just ignoring a river because you don't like water won't make it go away.
More to the point, how the FUCK does one weasel a patent on crypto (which is just math, and therefore, unpatentable) through the system? I would think the USPO would just round file anything coming in that has to do with crypto on general principle...
Also, while you can encrypt to your hear's content, how do you pass people you want to communicate to securely a private key to encrypt and decrypt with? You going to email it? Perhaps text it via SMS? Or, you could call them up and tell them the key? As soon as you transmit a key over a service they control, you are no longer really encrypted. You can meet someone in person to pass a key, but that really only works for people you are physically close to.
The jackbooted thugs wouldn't stand a chance in a society of psychopaths. A police state doesn't fundamentally work, unless fear overcomes the impulse to fight back and as mentioned impulse control isn't a trait that a psychopath has in abundance. You don't need to organize to fight authority, if everybody is fighting authority.
You would send out a couple of thugs to go collect someone in public to try to put some fear in people, and they would get murdered, because they irritated the wrong person on the way.
Yeah I agree, there is something fundamentally wrong with the claims being made. If I have byte code, I can rebuild loops and conditionals with a decompiler. Sure, I don't have comments or var names, but those can be guessed or worked out in something less than 'several hundred years'.
Suppose you build something that throws in a lot of crazy random jmp calls to make this harder, and I cant be bothered to re-construct a program I want to steal. At some point a single Boolean decision hits the call stack that says, 'Is the app unlocked, yes or no?', and that conditional jmp can be replaced so it is cracked. Unless this guy has come up with a super magic method to keep me out of my own computer, I can crack whatever crackpot protection scheme he cooks up.
DRM doesn't work, on a theoretical level, because you cannot keep people from having access to the data at every single point in the delivery chain. Code is just data. So......QUACK QUACK QUACK.
I didn't like it at first, but it grew on me.
empathy seems to be linked to our ability to cooperate effectively, a psychopathic populace might be considerably easier to control.
I think you have it backward. A psychopathic population would be incredibly hard to control. The reason I don't stab you in the face and take your wallet is because I empathize with you as a person. Without empathy, you are an bag of annoying meat that has the $50 in pocket change that I want. Without empathy, people would act out impulsive behavior much more frequently.
Your opinion is that of an armchair historian, with a very different perspective than leaders at the time had.
It could be said that Neville Chamberlain was a compassionate leader...
There is no point in placing asinine hope in democratic processes: we have been shown (time and again) that where these exist (!), they will be subverted by those who do not have your best interests at heart.
Well then, clearly the only hope for any sort of change is violent revolution and mass executions of the monarchists. I'll start building a guillotine, you organize a Committee of Public Safety.
Or we could, I dunno, vote someone into power that will change things. Pretty sure that a mayor and/or a police chief that wants to put and end to this shit will pretty much take care of the problem in any given city.
BTW, I drive a six speed manual without traction control. I drive a lot better than most because I dont expect my car to pull me out of dangerous situations I get myself into.
I am a completely mediocre driver with traction control, anti-lock brakes and as much safety tech as I can slap on a car. When I hit an unexpected patch of black ice, my computer chips will react far faster than any veteran race car driver that ever lived. Don't let pride blind you to to the advantages of technology.
Yeah but the consequences of my beating you to a pulp are fine (as are my taking the consequences of that action). The Constitution precludes the Government from assigning consequences to free speech.
Reported. You just threatened to commit assault and battery, which is a felony. Expect the Swat team to kick in your front door in 15 minutes. Justin could use a cell mate...
However, it sure would reduce cognitive load to not switch languages between browser and server ends.
I don't know, I don't think having to know several languages is that much of a chore. I kind of prefer languages to be specialized for specific purposes, because you can't be the best at everything. I don't know how much sense it would make to use SQL syntax for geometry shaders, or for asm to be used as a HTML dom manipulation. When you write a language to support everything, it is just as much detail to learn as learning several languages (where 'learn' means have a good understanding of API, objects, methods, etc. and not just a rudimentary comprehension of syntax).
droids == zombie == nazis Rule #1 of the crappy screen writer: You can do anything you want to these three groups, because the deserve it. Need to kill someone/something to show how bad ass your protagonist is, but don't want to have your hero actually commit murder? Pick on of these three groups and start shooting. Nazis are of course, the most evil beings in all history as we all know, so anything you do them is justified (They are more evil than I am, so murder is OK."). Zombies are unfeeling and evil, even though they are typically former victims and possibly friends or family members themselves. Finally, droids aren't human, even if they are sentient, so torture/mutilation/murder is perfectly fine.
The writer misses the entire reason GL picked droids for the villains in the prequel. He can do anything to them and nobody will so much as flinch. Light sabres, which appear en mass in the movies, would make a gory mess out of any human they were used on, and that would lose the PG rating that GL needed to suck another couple billion out of the pockets of parents everywhere.
He may be a crappy dialogue writer, but he isn't stupid.
A solid science story, and people are going off on tangents. First thing I though, yeah this is a brilliant plan: How long would you have to point an x-ray machine at someone before it would even cause radiation sickness? Several hours or something? Remember, all EM radiation falls off with the square of the distance, so if someone sits in a truck with an x-ray machine pointed at you from across a parking lot, it is losing a lot of potency. It would be much simpler to go stab the person with a broken bottle if you really don't like them that much.
Also, this thing is hardly going to be medical grade safety, so I give you 50/50 odds that the operator ends up dying of radiation poisoning before any of his 'victims'. Finally, you can generate EM radiation without nuclear material, but that would suck down quite a bit of power to create something as energetic as x-rays. This guy going to power that off his car's cigarette lighter ac adapter?
The NSA is a pack of dimwitted fuckers for pulling this, because the blow back when this was discovered (not if) would clearly far exceed any benefit they could possibly gain. Now, I think this might not be an entirely bad thing that they pulled this shit.
I suspect that as a result, the rest of the world is going to be deeply suspicious of the US in the future, and it is going to be much more difficult to maintain control of the Internet's key systems and keep them inside US borders as much as is possible. I also think this might kick off a new round of encryption and paranoia, which really is a good thing for consumers of tech resources in the long run. Bad for the spy types, because RSA1024 on everything will really put a damper on their ELINT gathering capabilities. They might have to go out and do some honest on the ground trade craft for a change.
Who ever is running the NSA should be sacked on the spot. Not for engaging in massive illegal wire tapping, but for being such a shallow idiot and not considering the fall out of being caught. You have to suppose that there are analysts writing papers about what will likely happen when they get caught, so the Director isn't paying attention to their own intel papers and projections. Fire him for being a fucking inept moron.
Lets ignore the morally correct point that fighting fire with fire isn't actually legal.
Hmm.... That sounded a whole lot like you are using morality and legality as synonyms. That's far from the truth. In fact, in a surprisingly large number of situations, they are antonyms.
I am saying that an eye for an eye vigilantism isn't legal, nor is it moral.
Several ideas for my first free message: 1) Anally Probable monkeys here, $15 each. (I'll be rich!) 2) Earth thinks you are a pack of 6 eyed jerks, and challenges you to a fight. 3) WE CLAIM THE WESTERN ARM OF THE GALAXY, AND DOMINION OVER ALL WHO DWELL THERE. How is this whole project NOT a bad idea on every level?
Lets ignore the morally correct point that fighting fire with fire isn't actually legal. Lets just think about what you hope to accomplish.
Suppose that you poses the time and skills to properly track your attacker back to their actual home system(s), and you manage to crack it. You upload an virus you wrote in your free time that spreads through their computer, deletes all files, and hides in the BIOS afterwards, frying hardware with malicious hardware calls. After you disconnect from their newly cratered system, how long is if going to be until the next random punk off the internet trys to probe your security?
< 00.1 second.
Good luck with your vendetta, I hope it works out for you.
Bet its a 'Rick Astley video, re-sized to massive resolution and the password is 'RickrollAll'.
More to the point, unless the 1.7TB contains something of interest in the first place (ex: stolen source code that isn't encrypted), who is going to bother to download it? See, you have to give people an incentive to download that much shit before they are going to act as your own personal distributed storage service.
Bet when he gets arrested (not if), that there aren't any copies of his 'get out of jail card' in the wild.
Also, just for the record, have there ever been instances of anyone successfully blackmailing the cops into letting them go? Ever?