I'm a bit disappointed by the reaction of all the big guys in the hacker community. Did they actually read the challenge? You can get to try to break their stuff with almost total privacy (all but your IP address), and you don't have to give up any of your rights if you don't want the money.
Also, you don't give them expertise, as nothing forces you to explain how you hacked their stuff if you did.
Whether you like the idea that SDMI are trying to implement or not, a public challenge is always a good thing. And they are actually giving up a rather convenient and powerful way to test their algorithms...
Finally, the best way to prevent SDMI from existing is certainly to undertake their challenge and to break the schemes. Otherwise, they'll implement it, and maybe it will be broken afterward, but bypassing it then may involve more complicated legal issues...
Who do you think these people are?
Why do you think they are doing this contest?
None of the companies involved in the watermarks design wanted this test. It was imposed upon them by the SDMI consortium. You know, watermarking is a very very hard problem. They know that their schemes might be defeated, and I think it's much more cool to have this challenge than not too.
"Thanks, SDMI, but no thanks. I won't do your dirty work for you."
Come on... Every scheme that has been presented have been deeply analyzed by each of the team that are presenting them, and also by independant consultants.
You feel like helping the evil empire by trying to hack them? Fine. Then, don't. The only thing that could make me not try to hack them is if I have to sign an NDA. Breaking their scheme is a scientific challenge. No more, no less. Now do whatever you want with it. I'll give it a try myself...
The cloaking article says "they can't crack what they can't find"... and sadly I think it's very true.
My home small network has a firewall with only ssh2 open. I get portscanned about 3 times a day.
I think my setting is pretty secure, but I might always have a security hole somewhere.
However, script kiddies will not bother with my computer because so many others are fully open.
Securing a network against SK is fairly easy because you just need to be more secure than the norm. Securing a network for real is certainly harder.
What I'd *REALLY* love to see is Slashdot formatted specifically for WAP. You can currently view Slashdot on a phone, but my home page is split up into 32 screens on a Mistsubishi T250, which has a very large 10-line display. I should think it would be easy to have a Slashdot site that has no slashboxes or links, just a list of stories, each linking to plain-text comments. I'd use it constantly.
You can use the "light" mode of./
(but it might not be enough). What you would want too is that banner removed:)
In any case, what I don't quite get is how WAP-enabled web site will make money. Or will
they stick advertisment on the phones too?
If a WAP-enabled site is really very well designed. Say, you have the stock quotes in real time with an intelligent layout, why would you use the regular web site?
From my point of view, religion exists only because there are still things that science cannot explain. The more men will know, the less religion there will be.
And actually, it is not a coincidence if religion has always tried to stop or slow down scientific research and great discoveries, especially regarding the origin of the universe. (Copernic, Galileo, and even recently Hawking works defining a finite 4-dimension universe and voiding the possibility of a creator with any power have been severely criticized by the catholic church). Possibly, mankind would already be living on mars without religion:)
I agree with you that the debate is still philosophical now (altough scientific evidence of the non-existence of god are getting more and more numerous), but when mankind will know enough, then the debate will actually be scientific.
First the cryptosystem that is behind the system, known has NTRU, has already been attacked. In a publication in summer 1999 (as far as I remember) there was a first attack based on lattice reduction (on the LLL algorithm, to be precise). I believe the attack in fact did not work, however the security of the system, despite the fact that it was designed by brillant mathematicians, cannot yet be assessed precisely.
Second, you can do the trick to divide into chunks and encrypt with different keys with any system. You have to be careful about two things: (i) the chunks should not be too small. (ii) the keys should not be too small. Also, if you encrypt with a lot of different keys, you have to store these keys. Otherwise, you can derive them from a master key, but then, you clearly have less entropy and thus less security.
Finally, and this has already been said several times, you can encrypt as well as you like, problems arise when the music is decrypted, and it has to be decrypted to be played. So, encryption is useless if it is not used together with Intellectual Property Protection schemes, such as watermarking.
I have never been to Kansas myself, however, the reputation of this state is not the coolest possible. I know quite a fair number of people that would not attend any event in Kansas, no matter of interesting the event is.
I think one of the problem with Web sites is that their owners think that they can afford to spend gazillions bucks to make theit site great and that advertising will cover the costs. That's the problem. Creating a Web site doesn't necessarily cost so much. Take Slashdot for example, it started easy, with a few guys having a neat idea and doing some great coding, then it started to become more and more popular, and is now what it is. I'm might just as well be plain wrong, but I believe that Slashdot is generating money. I have a small web site myself (that only costs me web hosting and a few hours of work a week), and I hope to be able to win a bit out of it eventually (pay a rent, maybe?). It won't be a lot, but my point is, it is possible to make a site whose revenues are higher than its costs if you design it without aiming too high right away and without necessarily blowing away hundreds of millions of dollar, like some shity startups do.
I'm not too sure what the decision exactly means, but I believe that deep-linking a PAGE should always be allowed. Maybe frame tricks and such should be prohibited though. However, it doesn't seem acceptable to me to allow people to deeplink other content such as images, video clip, sound, etc, even if they mention the deeplinking. Obviously, they would only steal resources without any gain for the deeplinked host.
This program was initially mostly made for number theorists, and I haven't really extensively used it myself, but many people told me good things about it. I'm pretty sure it's free, but it might not be OSS. You can check it out.
Hummm. Who want's to win a million dollar? Here is a cipher: "XDFGTHSSGFSWRGHBCVBVC". Decode-it and win!!
Come on. I seems that there is starting to be more and more hype surrounding crypto, but calling this a crypto contest is not serious. Either the algorithm is good, and then it's infeasible, or the algorithm is similar to those used in the "Mickey" comics book I was reading when I was a kid.
Futhermore, It is easy to create a good looking algorithm that would give something perfectly sensical from their "cipher". When you give a crypto challenge, you should give the encryption algorithm...
Rather often, cryptographers and even more often journalists want small cool looking numbers. The solution is simple: do precomputation. Then apply an algorithm that's blazingly fast. Of course, that's often cheating, but... In this case, assuming that they are using the TWINKLE device, there might have been a confusion between the time needed for the device to produce linear relations (but which should be much more than 12us anyway) and the time needed to actually factor the number with the Gaussian elimination step of the Number Field Sieve.
However, my guess would be that it is at best a theoretical model and at worst a hoax. Three days, or even one week would already put down the world economy at once, so 12us...:)
Look everyone, if you are a geek, then don't look for a geekette. That's a no-no. Oh sure, you'd have plenty of things to talk about first, but then... Two friends of mine are living together and they are both (good) sysops. When I discuss with them on monday, it's like:
- [Me] So what have you been doing this week-end? - [Him] Oh. That was cool! We spent the whole saturday night debugging our new kernel driver! By the way, did you know that there was a bug in the file/usr/src/linux/foo/bar.c? Let me explain, blah blah blah blah blah blah... - [Her] That's not perfectly accurate, in fact, it turned out that we found the bug by analyzing network traffic using the tool we developped last month and that the module was sending a bad IP header when blah blah blah blah - [Him] Well yeah, it was lot of fun! [to her:] talking about networking, have you solved the network problem in our company, you told me that a box was loosing a very high number of packets. - [Her] Well, no I spent the whole day yesterday to change cables but nothing, the problem must be coming from somewhere else. Any idea? - [Him] mhhh - [Her to me] how about you? - [Me] err. I went to see a movie on saturday:)
Geeks are stereotypedly (what a cool word) supposed not to have a social life. I thing the stereotype would apply even more to geek couples:)
This is funny. I have just been given moderator access for the first time before this post. I'll use it later I guess.
This being said, I think that giving more moderating power to people with a good karma is a good thing. On the other hand, it assumes that people who post _good_ comments will be _good_ moderators. I believe this is more or less true but this has to be verified.
I'm personally doubtful about the "random" comments moderation. First, it will be a pain to program as the comments should not change each time you reload (OK.OK. that's not my problem, but...:) ). Second, I think that moderators should be given full power for a limited amount of time or small power for a long time. If I'm frustated too often that I can't moderate the comments that I find highly interesting or that irritate me, I think I would not want to moderate any more.
Clearly, AMEX is good at Public relations, but what is new here? It seems to me that this card is just a basic smartcard, like they have been used, for example in France, for many years. This card shouuld be able to store some data and perform computations. Smartcards for crypto tend to have a regular chip and another one dedicated to specific task (like modular exponentiation), so they can perform complex operations such as digital signatures. Hence, one possible use, (which by the way), as already been started by VISA, is to plug a little reader in your computer, then when a query for paiement is made, the reader displays it, you are then asked to type your pin, which unlocks your private key, with which you can actually _sign_ the paiement. And no more credit card fraud.. Cool, isn't it:)
Oh well, I'm french, live in France, but think that France is a very nice place to live in, but NOT a nice country with respect to privacy. A few examples: a friend of mine works in a big bank and he told me not to send any bullshit in my email because they were all scanned.
Also, what about the 5000 illegal tappings performed by former president Mitterand himself? And what about the recent discovery that Paris mayor Tiberi allegedly installed microphones in the offices of all his political opponents?
Why do you think that France waited so long before allowing strong encryption? Well, they waited until the economic loss due lack of encryption would be significant with respect to the fact that communications can't be tapped anymore.
I think that most of the comments are rather rude (although I tend to agree with most of them:) ). What amuses me is that this story seems to be the result of an attempt to focus attention on Abe and on the MTV show itself... Who submitted it? Abe? MTV? Somenone else? Anyway, the slashdot community doesn't seem to be interested at all by this, and I believe there is at most a couple of questions so far (well maybe not that much). So well, once again, I'm sure that the./ community won't convince the others that the show sucks and that the world average IQ would certainly increase a lot if we got rid of all the TVs on Earth, but at least./ is not a vector for the success of a MTV show... Goooood...
I think it's a little bit surprising that the considered distros were Debian 2.1, Caldera 2.2, Mandrake 6.0, Red Hat 6.0, Slackware 4.0, and TurboLinux 3.6 Workstation, and that Suse was not even considered. I believe they make more money then RH (well, not counting the IPO)...
Also, it believe it's quite pointless to give opinions on religious wars subject (like KDE/GNOME) or (EMACS/VI). Whatever they say, they will end up having about half of the Linux community disagreeing with them.
The only to find out (in one way or another) what is the prefered distro or the prefered product (and I use the word prefered instead of best) is through a big vote...
I agree that these 600 pixel width pages are a problem. But either there is something wrong with HTML or with IE and NS. I tried to do the following without success. If someone could explain me the right way to do it (if any) that would be nice.
I wanted to have a table that would take 80% of a page but with fixed length columns.
If only the first columns are fixed, you can do several tables, what if a middle one is? Is there any way to fix the length (in pixels) of a middle column, and have the other share the rest of the page in a specified way?
I totally agree with you that for many artists, the solution of giving away mp3 for free is just fine. But this is not the case for all artists. Public Enemy makes (AFAIK) most of its money by touring. Giving away free music for them is just a great way of getting more popular. If you generalize the distribution of unprotected (free) mp3 music, this will force ALL artists to embrace this business model. For most of them, this will be desastrous (in particular for classical music or jazz). What the SDMI group is trying to do is to define a framework that would allow artists to choose the policy they like, similar to existing software policies (e.g.: free, "shareware", commercial).
Slashdot Mirror
I'm a bit disappointed by the reaction of all the big guys in the hacker community. Did they actually read the challenge? You can get to try to break their stuff with almost total privacy (all but your IP address), and you don't have to give up any of your rights if you don't want the money.
Also, you don't give them expertise, as nothing forces you to explain how you hacked their stuff if you did.
Whether you like the idea that SDMI are trying to implement or not, a public challenge is always a good thing. And they are actually giving up a rather convenient and powerful way to test their algorithms...
Finally, the best way to prevent SDMI from existing is certainly to undertake their challenge and to break the schemes. Otherwise, they'll implement it, and maybe it will be broken afterward, but bypassing it then may involve more complicated legal issues...
Who do you think these people are? Why do you think they are doing this contest? None of the companies involved in the watermarks design wanted this test. It was imposed upon them by the SDMI consortium. You know, watermarking is a very very hard problem. They know that their schemes might be defeated, and I think it's much more cool to have this challenge than not too. "Thanks, SDMI, but no thanks. I won't do your dirty work for you." Come on... Every scheme that has been presented have been deeply analyzed by each of the team that are presenting them, and also by independant consultants. You feel like helping the evil empire by trying to hack them? Fine. Then, don't. The only thing that could make me not try to hack them is if I have to sign an NDA. Breaking their scheme is a scientific challenge. No more, no less. Now do whatever you want with it. I'll give it a try myself...
The cloaking article says "they can't crack what they can't find"... and sadly I think it's very true.
My home small network has a firewall with only ssh2 open. I get portscanned about 3 times a day.
I think my setting is pretty secure, but I might always have a security hole somewhere.
However, script kiddies will not bother with my computer because so many others are fully open.
Securing a network against SK is fairly easy because you just need to be more secure than the norm. Securing a network for real is certainly harder.
You can use the "light" mode of ./
(but it might not be enough). What you would want too is that banner removed :)
In any case, what I don't quite get is how WAP-enabled web site will make money. Or will
they stick advertisment on the phones too?
If a WAP-enabled site is really very well designed. Say, you have the stock quotes in real time with an intelligent layout, why would you use the regular web site?
And actually, it is not a coincidence if religion has always tried to stop or slow down scientific research and great discoveries, especially regarding the origin of the universe. (Copernic, Galileo, and even recently Hawking works defining a finite 4-dimension universe and voiding the possibility of a creator with any power have been severely criticized by the catholic church). Possibly, mankind would already be living on mars without religion :)
I agree with you that the debate is still philosophical now (altough scientific evidence of the non-existence of god are getting more and more numerous), but when mankind will know enough, then the debate will actually be scientific.
I have never been to Kansas myself, however, the reputation of this state is not the coolest possible. I know quite a fair number of people that would not attend any event in Kansas, no matter of interesting the event is.
I think one of the problem with Web sites is that their owners think that they can afford to spend
gazillions bucks to make theit site great and that advertising will cover the costs. That's the problem. Creating a Web site doesn't necessarily cost so much. Take Slashdot for example, it started easy, with a few guys having a neat idea and doing some great coding, then it started to become more and more popular, and is now what it is. I'm might just as well be plain wrong, but I believe that Slashdot is generating money. I have a small web site myself (that only costs me web hosting and a few hours of work a week), and I hope to be able to win a bit out of it eventually (pay a rent, maybe?). It won't be a lot, but my point is, it is possible to make a site whose revenues are higher than its costs if you design it without aiming too high right away and without necessarily blowing away hundreds of millions of dollar, like some shity startups do.
I'm not too sure what the decision exactly means, but I believe that deep-linking a PAGE should always be allowed. Maybe frame tricks and such should be prohibited though. However, it doesn't seem acceptable to me to allow people to deeplink other content such as images, video clip, sound, etc, even if they mention the deeplinking. Obviously, they would only steal resources without any gain for the deeplinked host.
This program was initially mostly made for number theorists, and I haven't really extensively used it myself, but many people told me good things about it. I'm pretty sure it's free, but it might not be OSS. You can check it out.
Hummm. Who want's to win a million dollar?
Here is a cipher:
"XDFGTHSSGFSWRGHBCVBVC".
Decode-it and win!!
Come on. I seems that there is starting to be more and more hype surrounding crypto, but calling this a crypto contest is not serious. Either the algorithm is good, and then it's infeasible, or the algorithm is similar to those used in the "Mickey" comics book I was reading when I was a kid.
Futhermore, It is easy to create a good looking algorithm that would give something perfectly sensical from their "cipher". When you give a crypto challenge, you should give the encryption algorithm...
Rather often, cryptographers and even more often journalists want small cool looking numbers.
:)
The solution is simple: do precomputation. Then apply an algorithm that's blazingly fast. Of course, that's often cheating, but...
In this case, assuming that they are using the TWINKLE device, there might have been a confusion between the time needed for the device to produce linear relations (but which should be much more than 12us anyway) and the time needed to actually factor the number with the Gaussian elimination step of the Number Field Sieve.
However, my guess would be that it is at best a theoretical model and at worst a hoax. Three days, or even one week would already put down the world economy at once, so 12us...
Look everyone, if you are a geek, then don't look for a geekette. That's a no-no. Oh sure, you'd have plenty of things to talk about first, but then... Two friends of mine are living together and they are both (good) sysops. When I discuss with them on monday, it's like:
/usr/src/linux/foo/bar.c? Let me explain, blah blah blah blah blah blah... :)
:)
- [Me] So what have you been doing this week-end?
- [Him] Oh. That was cool! We spent the whole saturday night debugging our new kernel driver! By the way, did you know that there was a bug in the file
- [Her] That's not perfectly accurate, in fact, it turned out that we found the bug by analyzing network traffic using the tool we developped last month and that the module was sending a bad IP header when blah blah blah blah
- [Him] Well yeah, it was lot of fun! [to her:] talking about networking, have you solved the network problem in our company, you told me that a box was loosing a very high number of packets.
- [Her] Well, no I spent the whole day yesterday to change cables but nothing, the problem must be coming from somewhere else. Any idea?
- [Him] mhhh
- [Her to me] how about you?
- [Me] err. I went to see a movie on saturday
Geeks are stereotypedly (what a cool word) supposed not to have a social life. I thing the stereotype would apply even more to geek couples
This is funny. I have just been given moderator access for the first time before this post. I'll use it later I guess.
This being said, I think that giving more moderating power to people with a good karma is a good thing. On the other hand, it assumes that people who post _good_ comments will be _good_ moderators. I believe this is more or less true but this has to be verified.
I'm personally doubtful about the "random" comments moderation. First, it will be a pain to program as the comments should not change each time you reload (OK.OK. that's not my problem, but...:) ). Second, I think that moderators should be given full power for a limited amount of time or small power for a long time. If I'm frustated too often that I can't moderate the comments that I find highly interesting or that irritate me, I think I would not want to moderate any more.
Clearly, AMEX is good at Public relations, but what is new here? It seems to me that this card is just a basic smartcard, like they have been used, for example in France, for many years. This card shouuld be able to store some data and perform computations. Smartcards for crypto tend to have a regular chip and another one dedicated to specific task (like modular exponentiation), so they can perform complex operations such as digital signatures. Hence, one possible use, (which by the way), as already been started by VISA, is to plug a little reader in your computer, then when a query for paiement is made, the reader displays it, you are then asked to type your pin, which unlocks your private key, with which you can actually _sign_ the paiement. And no more credit card fraud.. Cool, isn't it :)
Oh well, I'm french, live in France, but think that France is a very nice place to live in, but NOT a nice country with respect to privacy. A few examples: a friend of mine works in a big bank and he told me not to send any bullshit in my email because they were all scanned.
Also, what about the 5000 illegal tappings performed by former president Mitterand himself?
And what about the recent discovery that Paris mayor Tiberi allegedly installed microphones in the offices of all his political opponents?
Why do you think that France waited so long before allowing strong encryption? Well, they waited until the economic loss due lack of encryption would be significant with respect to the fact that communications can't be tapped anymore.
I think that most of the comments are rather rude (although I tend to agree with most of them :) ). ./ community won't convince the others that the show sucks and that the world average IQ would certainly increase a lot if we got rid of all the TVs on Earth, but at least ./ is not a vector for the success of a MTV show... Goooood...
What amuses me is that this story seems to be the result of an attempt to focus attention on Abe and on the MTV show itself... Who submitted it? Abe? MTV? Somenone else? Anyway, the slashdot community doesn't seem to be interested at all by this, and I believe there is at most a couple of questions so far (well maybe not that much).
So well, once again, I'm sure that the
I think it's a little bit surprising that the considered distros were Debian 2.1, Caldera 2.2, Mandrake 6.0, Red Hat 6.0, Slackware 4.0, and TurboLinux 3.6 Workstation, and that Suse was not even considered. I believe they make more money then RH (well, not counting the IPO)...
Also, it believe it's quite pointless to give opinions on religious wars subject (like KDE/GNOME) or (EMACS/VI). Whatever they say, they will end up having about half of the Linux community disagreeing with them.
The only to find out (in one way or another) what is the prefered distro or the prefered product (and I use the word prefered instead of best) is through a big vote...
I wanted to have a table that would take 80% of a page but with fixed length columns.
If only the first columns are fixed, you can do several tables, what if a middle one is? Is there any way to fix the length (in pixels) of a middle column, and have the other share the rest of the page in a specified way?
I totally agree with you that for many artists, the solution of giving away mp3 for free is just fine. But this is not the case for all artists.
Public Enemy makes (AFAIK) most of its money by touring. Giving away free music for them is just a great way of getting more popular. If you generalize the distribution of unprotected (free) mp3 music, this will force ALL artists to embrace this business model. For most of them, this will be desastrous (in particular for classical music or jazz). What the SDMI group is trying to do is to define a framework that would allow artists to choose the policy they like, similar to existing software policies (e.g.: free, "shareware", commercial).