Huh? Their public key is public (it pretty much has to be). You wouldn't need their private key to mount such an attack.
Also, you wouldn't necessarily have to target Microsoft's servers, you could simply target everyone at random, so long as Microsoft was left to take the blame for it. The public pressure *might* coerce them into revealing the private key so that people could get their data back--after all, they often trade off security for convenience, but who knows?
And although I use Microsoft in the example, such an attack could be leveled at pretty much any corporation.
> There is a way to implement secure backdoors. Like encrypt the encryption key with the public key of NSA and store it on the drive itself. There you go, now only NSA can read your drive.
Backdoor nothing, I've long wondered how long until we see a virus that does this, holding the user's data hostage (unless they wire $x to some random account or whatever).
Alternatively, you could use it to extort some company into revealing their key. Say you grabbed a Microsoft public key of interest (one to which the private key would be really useful), then performed the same extortion attack I just described, but blamed Microsoft for it (e.g. "we think you're a pirate, so we locked up all your data!" or whatever). If widespread enough, it would create public pressure for them to reveal their key, or else to offer to decrypt people's data for them. If they reveal the key, it's straightforward. If they simply decrypt things for you, you can use *that* to mount yet another attack on their key by giving them something that wasn't truly "encrypted", but which is a carefully chosen "ciphertext" that will reveal information about their private key when "decrypted"...
I think that one of the most important things about the internet is how it helps overcome isolationism. It's becoming a little harder to hide inside one's own culture. I suppose they feel that these incursions erode their own culture, but I think it's for the best that we're exposed to more different languages and cultures, however incidentally.
A few decades back, geography created inherent limits on communication. Now the only barrier is language, and given how many people speak some of the biggest languages (Mandarin Chinese, English, French, etc.), even that may not hold out for all that long as people find more need to communicate with each other...
My mother was a teacher, as such, I ended up knowing quite a few teachers as I grew up. Almost every one of them did exactly what you said. Heck, even I ended up helping out by making a few exhibits and things to help them illustrate very basic biology.
Slashdot had an interview way back with some lawyers in the US Copyright Office way back when and discussed the DMCA. One of their answers concerning the perjury provision is that it doesn't mean what we'd like it to mean:[
Supposedly, and IANAL so get one if the answer is important, but the perjury part only applies if they lie about representing the copyright holder. So they might lie outright about having a copyright in the first place, but so long as it's sent by someone who really does represent the (alleged) copyright holder, you can't nail them for perjury:[
That said, if you can convince a judge that their claim was legally frivolous you might still be able to nail the bastards for something anyhow, but it's doubtful you'll get very much. Just look at what all the Cult of Scientology has done using the DMCA and they're still going on. If you can see the 'firehose', you'll see that Slashdot hasn't been publishing much about that one guy who is now in prison for allegedly "threatening" them with a "[Tom] Cruise missile" on Usenet.
> No more copyrighted music at weddings without a license. I'm sure somebody owns the copyright on "Here comes the Bride". You can license it for your wedding at the low low price of $1995.
What a ripoff! SCO would license it to me for only $699...
In my experience, you need to completely remove power in order to properly reset an Ethernet card. If you look at the back of the machine after you shut them down, you'll see the lights are still flashing and that the card still has power.
In a semi-related note, presumably due the the firmware on the buggers, I've had problems where booting to a boot CD broke the Ethernet card, too (because the boot CD's drivers downloaded newer firmware, I think). Then when I booted back into the original OS, the card wouldn't work until I updated the machine's Windows drivers. This was with a Broadcom 10/100 integrated Ethernet card, BTW.
> It would be suicide for Vista to intentionally block the software of the most popular music device out there. Regular users would blame Vista regardless of the underlying technical reasons.
I doubt that such things would stop Microsoft, honestly. I'm sure they'd tell people "it's just a bug, it'll be patched in a few months" followed by something trying to sell them a Zune.
DOS isn't done until Lotus doesn't run?
on
Vista - iPod Killer?
·
· Score: -1, Troll
Considering it worked well enough in XP, I'm wondering exactly what they managed to screw up with USB handling...
My opinion, unencumbered by fact, gives it a 99% chance of being Microsoft's fault and a 30/70 on whether it's a bug or an intentional screwup to help their turd, Zune (brown IS the most popular color...). Yeah, that probably doesn't seem very fair, but after all the dirty bastard tricks Microsoft has pulled in the past, I honestly don't think that little things like legality matter to them at all.
To be honest, I'm kind of surprised that no one from Microsoft has ever ended up in prison. Well, not *that* surprised, given the way the law works for international corporations, but...
The only issue I would have with them is a requirement that the Whois information be accurate and that they'll suspend you if it's not. I wouldn't care to put my real name, address & email up there for everyone to harvest, personally.
> Boredom. Bullshit. The user should have a trusted repository of community verified software,
Half of the security problems we face today are because users don't know who to trust.
Me? I'm only safe because I hate the popular but stupid crap and am far too lazy to even try new software until I've heard something about it from several people I respect and I have some reason to believe it doesn't contain any nasty surprises (i.e. spyware or adware). I'm also so anti-advertising that the one time I saw a pop-up a few months back (I let down noscript for just a second and the blasted site launched Java which launched IE which visited some exploit site) that I ran an immediate spyware scan and caught the bastard thing before it even finished installing.
Sadly, I don't think I can convince anyone else to be paranoid enough to stay even marginally safe.
> I'm from Boston. I stood on the subway for a over an hour (normal ride time: 30 minutes or so) because of these dipshit "indie" artists that did this for Turner.
Dude, grow a pair instead of getting pissy because you got stuck on the subway for a few minutes.
Some dumbass got freaked out by a glorified Lite Brite. I hate to break this to you, but circuit boards don't explode, nor do LEDs, nor do Duracell D cell batteries, nor do wires. If your city gets this freaked over nothing, any sensible terrorist would just plant a bunch of hoaxes and laugh while you all piss yourself.
You don't want to help the terrorists win, do you?:]
In terms of being cryptic and user hostile, I agree that editing the registry and browsing to some random port on localhost are about the same.
However, there IS one important difference--it's quite easy to screw over a machine by mucking around in the registry, either by accident or because the instructions you found were incorrect. I can't compare that to simply browsing around localhost. What's the worst you could possibly do? Hit the wrong port and get a screen full of crap from chargen?
It's not so much *him* I'm worried about. It's all the other people they probably hired who aren't or haven't disclosed anything of the sort.
And if you read some of his "corrections" they're technically right, but highly misleading. True, a conforming application does not have to support the legacy crap. But they won't be able to read your average Word document saved as OOXML if they don't.
Which leads me to another point--why'd they name it OOXML? Office Open XML? Pretty slimy to try and pawn itself off as something related to Open Office when it's a Microsoft format. Not unlike what they tried to do with C++/CLI. Sadly, they know too well how governments work, and how they demand silly certifications even if they don't mean anything--that's why they hope for an ISO rubber stamp on this piece of crap so they'll have fewer troubles trying to sell stuff to those pesky governments that were barely starting to realize that they want something open--i.e. something that won't lock them in to a single-vendor solution and leave them with old, unreadable Word documents should Microsoft ever die.
>> "People want technology to be magically easy to configure and re-purpose. But it isn't." > Let's ignore the faction that benefits from the status-quo.
While you can make good technology that works well, ultimately it does rely on a user who knows what they're doing. There are plenty of untrained users who can't figure out anything beyond the wall plug. You can make up new meanings for words like "faction" all you want, but it won't change the fact that I know these people and I answer their illogical questions constantly. Alas, it's what I do all day, for the most part.
>> "Computers don't "think" like people do and it takes a lot of work for a person to think the way a computer does." > It's easier to change computers than it is to change people.
And who's going to change the computers? Oh, right, the same people who don't want to or can't adapt. Actually, it's easier to train people than to try to code up a DWIM instruction. Been there, done that, plenty of times. You bend over backwards trying to make the computer explain everything to them, they get some message because they tried to do something that makes NO sense whatsoever, and then they ask you what the message means. The root cause here is muddled thinking at least as often as program error.
>> "Being pretty much accurate for most of the data most of the time is what you get when the untrained person attempts it." > They're usually better domain experts than the turf-protecting programmers.
Doesn't help much. I have a huge mass of legacy code written by "domain experts" who were not programmers. There's no error checking, they apparently don't know how to allocate memory (malloc() is apparently unknown to them) and do nice things line making an array of 1,000,000 of a certain struct. They have huge masses of effectively dead code, require people to enumerate all possible options in a configuration file (then proceed to silently overwrite all of the data in the file with hard-coded, recalculated values). But maybe that's not so bad, because they slurp in the file with scanf() and don't bother to check ANY part of anything for stupid things like error codes. And no, it's sure as hell not some speed-critical loop, nor is the application carefully isolated by other things which DO check for errors.
Fact of the matter is that you have to be both. If you're not a programmer, you'll create a brittle, WTF of a program. If you're not an expert on the problem you're trying to solve, well, you probably won't finish your application and no one will use it because they prefer the old piece of crap they've been using the whole time.
But anyhow, the proper role is to have the domain experts write the specs and do the testing, while the programmers write the actual code. Otherwise, I'll probably end up submitting your code to The Daily WTF if I'm unfortunate enough to come across it:P
In a side note, given the nature of his site, I'm honestly not surprised the Daily WTF's maintainer is the fanboy of Windows that he is...
Slashdot Mirror
Huh? Their public key is public (it pretty much has to be). You wouldn't need their private key to mount such an attack.
Also, you wouldn't necessarily have to target Microsoft's servers, you could simply target everyone at random, so long as Microsoft was left to take the blame for it. The public pressure *might* coerce them into revealing the private key so that people could get their data back--after all, they often trade off security for convenience, but who knows?
And although I use Microsoft in the example, such an attack could be leveled at pretty much any corporation.
> There is a way to implement secure backdoors. Like encrypt the encryption key with the public key of NSA and store it on the drive itself. There you go, now only NSA can read your drive.
...
Backdoor nothing, I've long wondered how long until we see a virus that does this, holding the user's data hostage (unless they wire $x to some random account or whatever).
Alternatively, you could use it to extort some company into revealing their key. Say you grabbed a Microsoft public key of interest (one to which the private key would be really useful), then performed the same extortion attack I just described, but blamed Microsoft for it (e.g. "we think you're a pirate, so we locked up all your data!" or whatever). If widespread enough, it would create public pressure for them to reveal their key, or else to offer to decrypt people's data for them. If they reveal the key, it's straightforward. If they simply decrypt things for you, you can use *that* to mount yet another attack on their key by giving them something that wasn't truly "encrypted", but which is a carefully chosen "ciphertext" that will reveal information about their private key when "decrypted"
Evil, no?
Tant pis.
I think that one of the most important things about the internet is how it helps overcome isolationism. It's becoming a little harder to hide inside one's own culture. I suppose they feel that these incursions erode their own culture, but I think it's for the best that we're exposed to more different languages and cultures, however incidentally.
A few decades back, geography created inherent limits on communication. Now the only barrier is language, and given how many people speak some of the biggest languages (Mandarin Chinese, English, French, etc.), even that may not hold out for all that long as people find more need to communicate with each other...
My mother was a teacher, as such, I ended up knowing quite a few teachers as I grew up. Almost every one of them did exactly what you said. Heck, even I ended up helping out by making a few exhibits and things to help them illustrate very basic biology.
Slashdot had an interview way back with some lawyers in the US Copyright Office way back when and discussed the DMCA. One of their answers concerning the perjury provision is that it doesn't mean what we'd like it to mean :[
:[
Supposedly, and IANAL so get one if the answer is important, but the perjury part only applies if they lie about representing the copyright holder. So they might lie outright about having a copyright in the first place, but so long as it's sent by someone who really does represent the (alleged) copyright holder, you can't nail them for perjury
That said, if you can convince a judge that their claim was legally frivolous you might still be able to nail the bastards for something anyhow, but it's doubtful you'll get very much. Just look at what all the Cult of Scientology has done using the DMCA and they're still going on. If you can see the 'firehose', you'll see that Slashdot hasn't been publishing much about that one guy who is now in prison for allegedly "threatening" them with a "[Tom] Cruise missile" on Usenet.
> No more copyrighted music at weddings without a license. I'm sure somebody owns the copyright on "Here comes the Bride". You can license it for your wedding at the low low price of $1995.
What a ripoff! SCO would license it to me for only $699...
Maybe, but I think that mauve has the most RAM :-]
VERY few image formats are allowed by the specification to contain arbitrary code...
(The other times you hear it happening, someone has managed to find a buffer overrun, the executable bit isn't part of the image format itself.)
There's a list about "i-Technology" and neither Jonathan Ive, nor even Steve Jobs is anywhere to be found!?
You buy a brown Zune or something? I guess people are sensitive about that or something :]
Yup, we do (although I don't think we use it for anything--it's enabled by default).
In my experience, you need to completely remove power in order to properly reset an Ethernet card. If you look at the back of the machine after you shut them down, you'll see the lights are still flashing and that the card still has power.
In a semi-related note, presumably due the the firmware on the buggers, I've had problems where booting to a boot CD broke the Ethernet card, too (because the boot CD's drivers downloaded newer firmware, I think). Then when I booted back into the original OS, the card wouldn't work until I updated the machine's Windows drivers. This was with a Broadcom 10/100 integrated Ethernet card, BTW.
> It would be suicide for Vista to intentionally block the software of the most popular music device out there. Regular users would blame Vista regardless of the underlying technical reasons.
I doubt that such things would stop Microsoft, honestly. I'm sure they'd tell people "it's just a bug, it'll be patched in a few months" followed by something trying to sell them a Zune.
Considering it worked well enough in XP, I'm wondering exactly what they managed to screw up with USB handling...
My opinion, unencumbered by fact, gives it a 99% chance of being Microsoft's fault and a 30/70 on whether it's a bug or an intentional screwup to help their turd, Zune (brown IS the most popular color...). Yeah, that probably doesn't seem very fair, but after all the dirty bastard tricks Microsoft has pulled in the past, I honestly don't think that little things like legality matter to them at all.
To be honest, I'm kind of surprised that no one from Microsoft has ever ended up in prison. Well, not *that* surprised, given the way the law works for international corporations, but...
The only issue I would have with them is a requirement that the Whois information be accurate and that they'll suspend you if it's not. I wouldn't care to put my real name, address & email up there for everyone to harvest, personally.
You know it's bad when even Slashdotters are telling you to get a life :]
...
After all, the only life most of us have is Second Life or Half-Life
> Boredom. Bullshit. The user should have a trusted repository of community verified software,
Half of the security problems we face today are because users don't know who to trust.
Me? I'm only safe because I hate the popular but stupid crap and am far too lazy to even try new software until I've heard something about it from several people I respect and I have some reason to believe it doesn't contain any nasty surprises (i.e. spyware or adware). I'm also so anti-advertising that the one time I saw a pop-up a few months back (I let down noscript for just a second and the blasted site launched Java which launched IE which visited some exploit site) that I ran an immediate spyware scan and caught the bastard thing before it even finished installing.
Sadly, I don't think I can convince anyone else to be paranoid enough to stay even marginally safe.
I doubt they'll ever get it, frankly, but I just hope that enough of the rest of the world moves on without them that it becomes a non-issue.
> I'm from Boston. I stood on the subway for a over an hour (normal ride time: 30 minutes or so) because of these dipshit "indie" artists that did this for Turner.
:]
Dude, grow a pair instead of getting pissy because you got stuck on the subway for a few minutes.
Some dumbass got freaked out by a glorified Lite Brite. I hate to break this to you, but circuit boards don't explode, nor do LEDs, nor do Duracell D cell batteries, nor do wires. If your city gets this freaked over nothing, any sensible terrorist would just plant a bunch of hoaxes and laugh while you all piss yourself.
You don't want to help the terrorists win, do you?
In terms of being cryptic and user hostile, I agree that editing the registry and browsing to some random port on localhost are about the same.
However, there IS one important difference--it's quite easy to screw over a machine by mucking around in the registry, either by accident or because the instructions you found were incorrect. I can't compare that to simply browsing around localhost. What's the worst you could possibly do? Hit the wrong port and get a screen full of crap from chargen?
That, or it was a side view of a line :]
You some kinda' Europeon fancy-pantsy girly man?
:]
Us regular folk been watching "Ow! My balls!"
> Imagine the fire hazard if they were hooked up when they read the latest DRM or MS article!!!
:-)
Flame on!
(Sorry
It's not so much *him* I'm worried about. It's all the other people they probably hired who aren't or haven't disclosed anything of the sort.
And if you read some of his "corrections" they're technically right, but highly misleading. True, a conforming application does not have to support the legacy crap. But they won't be able to read your average Word document saved as OOXML if they don't.
Which leads me to another point--why'd they name it OOXML? Office Open XML? Pretty slimy to try and pawn itself off as something related to Open Office when it's a Microsoft format. Not unlike what they tried to do with C++/CLI. Sadly, they know too well how governments work, and how they demand silly certifications even if they don't mean anything--that's why they hope for an ISO rubber stamp on this piece of crap so they'll have fewer troubles trying to sell stuff to those pesky governments that were barely starting to realize that they want something open--i.e. something that won't lock them in to a single-vendor solution and leave them with old, unreadable Word documents should Microsoft ever die.
>> "People want technology to be magically easy to configure and re-purpose. But it isn't."
:P
> Let's ignore the faction that benefits from the status-quo.
While you can make good technology that works well, ultimately it does rely on a user who knows what they're doing. There are plenty of untrained users who can't figure out anything beyond the wall plug. You can make up new meanings for words like "faction" all you want, but it won't change the fact that I know these people and I answer their illogical questions constantly. Alas, it's what I do all day, for the most part.
>> "Computers don't "think" like people do and it takes a lot of work for a person to think the way a computer does."
> It's easier to change computers than it is to change people.
And who's going to change the computers? Oh, right, the same people who don't want to or can't adapt. Actually, it's easier to train people than to try to code up a DWIM instruction. Been there, done that, plenty of times. You bend over backwards trying to make the computer explain everything to them, they get some message because they tried to do something that makes NO sense whatsoever, and then they ask you what the message means. The root cause here is muddled thinking at least as often as program error.
>> "Being pretty much accurate for most of the data most of the time is what you get when the untrained person attempts it."
> They're usually better domain experts than the turf-protecting programmers.
Doesn't help much. I have a huge mass of legacy code written by "domain experts" who were not programmers. There's no error checking, they apparently don't know how to allocate memory (malloc() is apparently unknown to them) and do nice things line making an array of 1,000,000 of a certain struct. They have huge masses of effectively dead code, require people to enumerate all possible options in a configuration file (then proceed to silently overwrite all of the data in the file with hard-coded, recalculated values). But maybe that's not so bad, because they slurp in the file with scanf() and don't bother to check ANY part of anything for stupid things like error codes. And no, it's sure as hell not some speed-critical loop, nor is the application carefully isolated by other things which DO check for errors.
Fact of the matter is that you have to be both. If you're not a programmer, you'll create a brittle, WTF of a program. If you're not an expert on the problem you're trying to solve, well, you probably won't finish your application and no one will use it because they prefer the old piece of crap they've been using the whole time.
But anyhow, the proper role is to have the domain experts write the specs and do the testing, while the programmers write the actual code. Otherwise, I'll probably end up submitting your code to The Daily WTF if I'm unfortunate enough to come across it
In a side note, given the nature of his site, I'm honestly not surprised the Daily WTF's maintainer is the fanboy of Windows that he is...