Why would the American spooks broadcast such things in American territory? Why are they going to spy on in their own territory?
The primary tactical advantage of broadcasting is that it does not reveal who is receiving the message - on a large scale you cannot find the few people who are listening to the broadcasts. This worked well for the saboteurs in Vichy France.
The hacker didn't extract the player key. This might be due to the difficulty of getting the player key, but it really doesn't matter.
The use of title keys instead is a great strategy. It means that the revocation system is worthless - AACSLA may not even know which player is compromised. Gray/black-area web sites can maintain big lists of title keys for movies without a whole lot of trouble. The bigger issue will eventually be getting each new movie to the trusted few pirates that are capable of extracting keys. This is no big deal now, but would be if and once these formats become popular.
A counterattack from Hollywood could be to produce thousands of distinct masters of each movie; the same movie would have thousands of different editions that differ only by their title key. I don't know the current state of disk production however, so this may not be feasible.
The revocation system is itself problematic anyway. A person seeking to damage the system itself would try to crack the most popular player, even if it's more difficult than other players. The cost of a massive recall - plus the fines the manufacturer would pay for their player being the one cracked - would heavily discourage the use of the revocation system. It seems like the revocation system is more of a deterrent against both pirates (if you crack a player we'll change the key making your work worthless) and manufacturers (if you don't obfuscate well enough, we'll cost you millions of dollars).
DVD had a revocation system too, but it was never used. DeCSS and the Drink or Die program that preceded it used a player key, but the CSS algorithm was so badly flawed that it wasn't difficult to derive the remaining player keys. This will not happen with AACS, because they're using real crypto this time.
Be glad that Nintendo didn't go the route of Microsoft and do a challenge-response to authenticate the console to the controller and the controller to the console.
This is exactly why most software EULAs no longer say that you must treat the software like a book, which was once very common. The IP lawyers realized that the draconian things prohibited by a EULA are allowed with a book and have been since antiquity. This is, of course, legally absurd because copyright law doesn't distinguish between electronic and tangible works other than some minor issues.
With a book copyrighted by someone else, you have the right to tell someone to look directly at a word on page 122 (linking). You also have the right to look at a page of the book under a microscope (reverse engineering). And obviously you have the right to critique the quality of the book (performance testing). Yet many EULAs prohibit exactly these things.
If the argument were that the website isn't just copyrighted but is also private property, it still should be legal, in the same sense that you don't need Disney's permission to say where Club 33 is located.
This judge is clearly incompetent, and hopefully the judges along the appeal path aren't as much so.
Vista 32 detects when unsigned drivers have loaded, although it will let them load. If you have a single unsigned driver in your system, Windows Media Player will refuse to play protected songs. Also, Halo 2 will refuse to run whenever that comes out, because it is based on "protected processes" as well.
The #1 reason many games don't work in XP 64 is because games install copy protection kernel drivers that don't have a 64-bit version. Certainly the latest games don't have this problem, but anything older than a year or so does. Installing a crack frequently fixes the issue by eliminating the need for the driver, but that makes you a felon unless you can convince a judge and/or jury that the latest Library of Congress exemptions apply.
The lack of 64-bit hardware drivers is slowly sorting itself out. Eventually, the only real issue will be older games. Microsoft's denial of WHQL certification for drivers that don't have both 32- and 64-bit forms is likely to make almost all new hardware come with both types of drivers.
64-bit is great for many types of servers. Databases can mmap()/MapViewOfFileEx() the entire database, which is a win even if you don't have that much RAM. Authentication servers can do modular exponentiation much faster, which is necessary for things like SSL and SRP.
I won't go to Vista because of its driver signing.
In previous versions of NT, if a DLL doesn't have to be relocated, the kernel will make the read-only portions of the mapped file shared among all processes using that DLL. With address randomization, it's as if *every* DLL is relocated. Won't this eat a lot of memory having a bunch of copies of the same DLL taking up RAM?
Certainly, organic molecules are required for life as we know it. But there are many other possibilities.
Why do we assume that there is no life in some place we can't explore, like inside the Sun? Certainly there is no life there based on complex carbon molecules. However, what excludes the possibility of life based on such other mechanism?
I've always wondered something. When you get a return on investment greater than the rate of inflation, is the money you're receiving entirely money lost by other investors elsewhere? In other words, is investment a zero-sum game? ("Zero" being relative to inflation.)
Vista has crazy driver signing stuff for both the 32 bit version and the two 64 bit versions. In the 64 bit versions, unsigned drivers are not allowed at all. In the 32 bit version, unsigned drivers are allowed, but if you an unsigned driver, you will be locked out of DRM'd media.
This is all about their Protected Audio Path initiative. Microsoft knows that if it is possible to write drivers anonymously, then someone will write a fake sound card driver that dumps everything to disk. By requiring signing, there is now a $500/year price tag for driver development, and there is no longer anonymity. If you make such a driver, VeriSign has your name and address for the RIAA's legal complaint.
VMs are an easy way around this driver signing problem. If you use virtualization, then you don't need to load a custom kernel driver - you just intercept the sound card writes entirely. A program on the host alongside the VM monitor, or the VM monitor itself, can record anything it gets from the guest OS. If some song or movie is only released in Microsoft's Vista DRM format, as certainly they will eventually do, they don't want the song to leak because a good DRM system would attract record companies away from Apple. However, all it takes is for someone with 2 Vistas in VMs buying that song twice, and it's out all over the Internet unencrypted. *
Having a strong DRM system gives Microsoft a competitive advantage over Apple, because it attracts record companies to them instead. The record companies will use Vista's DRM as leverage in negotiations with Apple ("Why should we go with you when Microsoft has strong protections for our intellectual property?"). Apple knows this, and I strongly suspect that Leopard will have equal enforced driver signing due to this and AACS.
* Record song using each VM. Binary compare them. Where a bit is different, select one or the other randomly. Bye bye watermark. Microsoft has too many customers to embed watermarks that can identify 2 collaborators.
When this man stole the money, whose liability was it? To the bank, the withdrawals looked like those customers, and they couldn't have known it was fraud. When the victims find out, can they go to the bank to get their money back, or is the bank immune?
Under American patent law, if you use a product made by a company that did not have a license to a necessary patent, you can be sued, not just the company.
An implication of the Microsoft-Novell agreement is that Microsoft could sue any Linux (or Samba?) user who did not buy it through Novell. It major lawsuits start happening and Microsoft wins the lawsuits, Linux will disappear from corporations in America, or they'll all go through Novell. If Linux isn't open, there's no point in using it.
I hear all these things about Guitar Hero yet it's just a ripoff of Guitar Freaks, part of the Beatmania/DDR/etc. series from Konami. What is so new about Guitar Hero that makes it get all this press? Why didn't Guitar Freaks get it 5 years ago?
What you've described is the definition of DRM. The only way to control what happens when the data is on the computer is to use DRM, and even that isn't very effective.
- a: You can use an N+1 attack against watermarking. Start with 2 copies of the same file from 2 sources presumably watermarked to each. Compare the two files. While there is a difference, destroy the contents of those different bits. If no differences were found, you're done. Otherwise, get another copy of the song with a different watermark. N is the number of people the watermarking system can prove are collaborating. Get that many copies plus 1 to defeat the watermark - and it's easy to figure out N.
- b: As can be seen from the piracy of the strongly-watermarked program "IDA Pro", watermarking can be defeated by stealing someone's copy, or by purchasing the copy through fraudulent means. I have a legitimate copy of IDA at work, but I see ".idb" files (disassembly databases) all the time tagged with the same name of a nonexistent person.
- c: Watermarking audio in such a way that survives compressed->digital->analog->digital->compressed transformation at the same time as being mostly inaudible is considered basically impossible. Video is easier, because our eyes are much less accurate than our ears. They already watermark movies and most people aren't bothered.
2. No objection.
3. Why would they care whether it's watermarked for determining who to sue?
4. People aren't deterred by either small fines (see speeding) or by the remote potential of huge damages (see recent RIAA and MPAA lawsuits).
Oh, it's a buffer overflow? Yes, then I guess there's not much to worry about. No exploit author will bother targeting such a small percentage of people, especially when it's harder to do than Win32 with NX always enabled and table-based exception handlers.
There was a nasty exploit in 2004 with XMLHTTP that wasn't a buffer overflow - you could actually ask it to download and run an.exe file and it would >_
Slashdot Mirror
C# is D flat.
From my friend harmony7.
Why would the American spooks broadcast such things in American territory? Why are they going to spy on in their own territory?
The primary tactical advantage of broadcasting is that it does not reveal who is receiving the message - on a large scale you cannot find the few people who are listening to the broadcasts. This worked well for the saboteurs in Vichy France.
What benefit would you get on friendly territory?
Melissa
I like the 3D remake of Final Fantasy 3 for DS. (If you played Final Fantasy 3 for SNES, that's actually 6.)
Melissa
The hacker didn't extract the player key. This might be due to the difficulty of getting the player key, but it really doesn't matter.
The use of title keys instead is a great strategy. It means that the revocation system is worthless - AACSLA may not even know which player is compromised. Gray/black-area web sites can maintain big lists of title keys for movies without a whole lot of trouble. The bigger issue will eventually be getting each new movie to the trusted few pirates that are capable of extracting keys. This is no big deal now, but would be if and once these formats become popular.
A counterattack from Hollywood could be to produce thousands of distinct masters of each movie; the same movie would have thousands of different editions that differ only by their title key. I don't know the current state of disk production however, so this may not be feasible.
The revocation system is itself problematic anyway. A person seeking to damage the system itself would try to crack the most popular player, even if it's more difficult than other players. The cost of a massive recall - plus the fines the manufacturer would pay for their player being the one cracked - would heavily discourage the use of the revocation system. It seems like the revocation system is more of a deterrent against both pirates (if you crack a player we'll change the key making your work worthless) and manufacturers (if you don't obfuscate well enough, we'll cost you millions of dollars).
DVD had a revocation system too, but it was never used. DeCSS and the Drink or Die program that preceded it used a player key, but the CSS algorithm was so badly flawed that it wasn't difficult to derive the remaining player keys. This will not happen with AACS, because they're using real crypto this time.
Melissa
Be glad that Nintendo didn't go the route of Microsoft and do a challenge-response to authenticate the console to the controller and the controller to the console.
Melissa
This is exactly why most software EULAs no longer say that you must treat the software like a book, which was once very common. The IP lawyers realized that the draconian things prohibited by a EULA are allowed with a book and have been since antiquity. This is, of course, legally absurd because copyright law doesn't distinguish between electronic and tangible works other than some minor issues.
With a book copyrighted by someone else, you have the right to tell someone to look directly at a word on page 122 (linking). You also have the right to look at a page of the book under a microscope (reverse engineering). And obviously you have the right to critique the quality of the book (performance testing). Yet many EULAs prohibit exactly these things.
If the argument were that the website isn't just copyrighted but is also private property, it still should be legal, in the same sense that you don't need Disney's permission to say where Club 33 is located.
This judge is clearly incompetent, and hopefully the judges along the appeal path aren't as much so.
Melissa
Vista 32 detects when unsigned drivers have loaded, although it will let them load. If you have a single unsigned driver in your system, Windows Media Player will refuse to play protected songs. Also, Halo 2 will refuse to run whenever that comes out, because it is based on "protected processes" as well.
The #1 reason many games don't work in XP 64 is because games install copy protection kernel drivers that don't have a 64-bit version. Certainly the latest games don't have this problem, but anything older than a year or so does. Installing a crack frequently fixes the issue by eliminating the need for the driver, but that makes you a felon unless you can convince a judge and/or jury that the latest Library of Congress exemptions apply.
The lack of 64-bit hardware drivers is slowly sorting itself out. Eventually, the only real issue will be older games. Microsoft's denial of WHQL certification for drivers that don't have both 32- and 64-bit forms is likely to make almost all new hardware come with both types of drivers.
64-bit is great for many types of servers. Databases can mmap()/MapViewOfFileEx() the entire database, which is a win even if you don't have that much RAM. Authentication servers can do modular exponentiation much faster, which is necessary for things like SSL and SRP.
I won't go to Vista because of its driver signing.
In previous versions of NT, if a DLL doesn't have to be relocated, the kernel will make the read-only portions of the mapped file shared among all processes using that DLL. With address randomization, it's as if *every* DLL is relocated. Won't this eat a lot of memory having a bunch of copies of the same DLL taking up RAM?
Melissa
Does NX cause Word to crash instead of run a worm with this exploit?
Melissa
...It doesn't scale linearly. You would need a heck of a lot to stick a human to a wall.
Melissa
Wouldn't that be called D?
Certainly, organic molecules are required for life as we know it. But there are many other possibilities.
Why do we assume that there is no life in some place we can't explore, like inside the Sun? Certainly there is no life there based on complex carbon molecules. However, what excludes the possibility of life based on such other mechanism?
I've always wondered something. When you get a return on investment greater than the rate of inflation, is the money you're receiving entirely money lost by other investors elsewhere? In other words, is investment a zero-sum game? ("Zero" being relative to inflation.)
Melissa
Tell the server that you're no longer authorized so you can move your license, then hit the rewind button in VMWare =)
Melissa
Vista has crazy driver signing stuff for both the 32 bit version and the two 64 bit versions. In the 64 bit versions, unsigned drivers are not allowed at all. In the 32 bit version, unsigned drivers are allowed, but if you an unsigned driver, you will be locked out of DRM'd media.
This is all about their Protected Audio Path initiative. Microsoft knows that if it is possible to write drivers anonymously, then someone will write a fake sound card driver that dumps everything to disk. By requiring signing, there is now a $500/year price tag for driver development, and there is no longer anonymity. If you make such a driver, VeriSign has your name and address for the RIAA's legal complaint.
VMs are an easy way around this driver signing problem. If you use virtualization, then you don't need to load a custom kernel driver - you just intercept the sound card writes entirely. A program on the host alongside the VM monitor, or the VM monitor itself, can record anything it gets from the guest OS. If some song or movie is only released in Microsoft's Vista DRM format, as certainly they will eventually do, they don't want the song to leak because a good DRM system would attract record companies away from Apple. However, all it takes is for someone with 2 Vistas in VMs buying that song twice, and it's out all over the Internet unencrypted. *
Having a strong DRM system gives Microsoft a competitive advantage over Apple, because it attracts record companies to them instead. The record companies will use Vista's DRM as leverage in negotiations with Apple ("Why should we go with you when Microsoft has strong protections for our intellectual property?"). Apple knows this, and I strongly suspect that Leopard will have equal enforced driver signing due to this and AACS.
* Record song using each VM. Binary compare them. Where a bit is different, select one or the other randomly. Bye bye watermark. Microsoft has too many customers to embed watermarks that can identify 2 collaborators.
Melissa
In America, a program written in 1980 will not leave copyright until 2075. Thank Sonny Bono.
Melissa
You have to be administrator to create symlinks in Vista. It's really lame.
Melissa
When this man stole the money, whose liability was it? To the bank, the withdrawals looked like those customers, and they couldn't have known it was fraud. When the victims find out, can they go to the bank to get their money back, or is the bank immune?
Melissa
Under American patent law, if you use a product made by a company that did not have a license to a necessary patent, you can be sued, not just the company.
An implication of the Microsoft-Novell agreement is that Microsoft could sue any Linux (or Samba?) user who did not buy it through Novell. It major lawsuits start happening and Microsoft wins the lawsuits, Linux will disappear from corporations in America, or they'll all go through Novell. If Linux isn't open, there's no point in using it.
Melissa
Anyone notice that the email address of Terror Alert Brown is terror@sony.com? Maybe I should be rootkit@sony.com...
Melissa
I hear all these things about Guitar Hero yet it's just a ripoff of Guitar Freaks, part of the Beatmania/DDR/etc. series from Konami. What is so new about Guitar Hero that makes it get all this press? Why didn't Guitar Freaks get it 5 years ago?
What you've described is the definition of DRM. The only way to control what happens when the data is on the computer is to use DRM, and even that isn't very effective.
Melissa
1. This doesn't work for several reasons.
- a: You can use an N+1 attack against watermarking. Start with 2 copies of the same file from 2 sources presumably watermarked to each. Compare the two files. While there is a difference, destroy the contents of those different bits. If no differences were found, you're done. Otherwise, get another copy of the song with a different watermark. N is the number of people the watermarking system can prove are collaborating. Get that many copies plus 1 to defeat the watermark - and it's easy to figure out N.
- b: As can be seen from the piracy of the strongly-watermarked program "IDA Pro", watermarking can be defeated by stealing someone's copy, or by purchasing the copy through fraudulent means. I have a legitimate copy of IDA at work, but I see ".idb" files (disassembly databases) all the time tagged with the same name of a nonexistent person.
- c: Watermarking audio in such a way that survives compressed->digital->analog->digital->compressed transformation at the same time as being mostly inaudible is considered basically impossible. Video is easier, because our eyes are much less accurate than our ears. They already watermark movies and most people aren't bothered.
2. No objection.
3. Why would they care whether it's watermarked for determining who to sue?
4. People aren't deterred by either small fines (see speeding) or by the remote potential of huge damages (see recent RIAA and MPAA lawsuits).
Oh, it's a buffer overflow? Yes, then I guess there's not much to worry about. No exploit author will bother targeting such a small percentage of people, especially when it's harder to do than Win32 with NX always enabled and table-based exception handlers.
.exe file and it would >_
There was a nasty exploit in 2004 with XMLHTTP that wasn't a buffer overflow - you could actually ask it to download and run an
Melissa