I don't think it would be possible to extract keys from hardware, if said hardware is well-implemented. Granted, I wouldn't be surprised if the keys were stored in a poorly-encrypted external ROM, but hacking hardware is still orders of magnitude more difficult and expensive than hacking software, and well-protected hardware is pretty much impossible to crack. Any kid with an internet connection, a decent debugger, and a pirated copy of IDA can crack a software player, but hardware usually takes inside knowledge. Of course, the main problem with key revocation is that owners of the revoked players will be rather pissed off. Unless the AACS LA wants to buy them new players, there has to be some kind of update mechanism -- which is a security hole. So yeah, this scheme still has pretty decent sized holes.
Actually, there hasn't been an actual hack yet. These "hacks" are what the key revocation procedure is intended for. It isn't like DeCSS, where knowing the algorithm was enough to bruteforce thousands of keys. If the AACS LA wanted to, they could stop giving out new keys to software-only players and stop this type of hacking in its tracks.
If you have an asterisk box, just set it up to play back tt-monkeys.gsm (a hilarious sound file with 16 seconds of screaming monkeys that comes with the asterisk distribution).
OK, sure, 10.3 and 10.4 introduced some new features, and may be worth slightly more. But 10.1 and 10.2 were basically service packs that fixed the numerous bugs and performance problems in the original version. Many of the changes between versions are bugfixes or small improvements.
Besides, this isn't even my biggest complaint. How about the fact that the first 4 generations of the iPod had basically identical hardware, yet all of the new firmware features and improvements were only available when you bought a new iPod? How about the fact that the overpriced proprietary Macbook DVI pigtail intentionally omits the analog pins, making sure you buy a VGA cable too? The two cables add up to $60 or so. Seems to me like Apple likes being greedy.
They also like being litigious. Hell, they sued a blogger for talking to one of their employees. I don't remember Microsoft ever doing anything like that. In fact, I don't remember Microsoft suing anyone without a very good reason. Hell, they even hired the MIT student who hacked the original Xbox and made possible all the different mod chips.
Uh, how about charging people $129 for OS X point releases (roughly equivalent to Windows service packs)? Or charging $50 if you want to view video fullscreen on a computer you just bought? Or charging shitloads of money for proprietary connectors and adapters? Or making you buy a new iPod just to get a couple of firmware improvements?
I like Apple's products, but their marketshare needs to stay exactly where it is. It's the only thing that keeps them from being way more evil than Microsoft could ever hope to be.
OK, what happens when you get cancer, spend all your savings on medical bills, and become disabled? Have fun investing your $5.25 an hour wal-mart door greeter pay.
Especially since every other PC manufacturer advertises 6-bit LCDs as "16.2 million colors" to distinguish them from 8-bit LCDs which are "16.7 million colors". Either one certainly qualifies as "millions of colors". Not to mention, I sure hope nobody tells these dumbasses that so-called 24-bit soundcards typically use 1-bit DACs and get those 24 bits by dithering.
I don't think you get it. The problem is not the security of the.bank domain. The problem is getting people to recognize that the site they are visiting is not legitimate. Considering that it's already pretty obvious that a URL like http://wellsfargo.scammer.com/scam_me does not belong to a bank, I'd say the.bank extension won't help anything.
They could just as well print them on pulp paper, or at least on lower-quality paper, considering that most textbooks don't last longer than 4-5 years. I get tons of free 1000-page catalogs, some in full color, so I figure it can't cost too much to print. In China or India, you can buy many US textbooks in a cheap softcover version for like $5. So they can make them cheap if they want to.
OK, this is a pretty good approach if we are talking about K-8, although I really think your proposal to have a whitelist of allowed websites is idiotic. Just buy a copy of Websense and use that, it's restrictive enough as it is. I had to do plenty of research in 8th grade, and a whitelist would pretty much prevent you from doing that.
The whole teacher thing is not irrelevant. The usefulness of a computer lab is proportional to how well teachers can use it to teach. Teachers are very busy -- they can't spend time to figure things out, and they certainly won't be compiling lists of allowed websites. An unfamiliar environment and extreme restrictions will cause headaches for them. If they don't like the lab, they will never use it again. Students mainly use computers for either playing Flash games and surfing the Internet or for doing teacher-assigned tasks. If you prohibit the former and the teachers refuse to do the latter, the project will be a complete failure.
I don't know about that whole using old hardware thing, either. Linux distributions evolve very quickly, and they can be hard to get running on old, unsupported hardware. They also tend to demand increasing amounts of memory. As long as your computers all have at least 256 MB of RAM and a 1GHz+ processor, you should be all right, but don't expect it to run on anything slower.
In short, I think you shouldn't be such a nazi as to what is allowed. Lock the system down enough to ensure integrity, but don't remove things like games or implement a fascist internet access policy unless it really becomes a problem. Things like YouTube and Myspace probably shouldn't be permitted, but there is nothing wrong with, say, Wikipedia. As long as each student has their own home directory on a network drive, you can even permit things like access to the desktop preferences.
Yeah, because making 22 BILLION dollars EACH YEAR is not enough. You really think even 5% of that goes towards developing drugs? Merck's operating margin is 40% -- more than twice that of Apple or ExxonMobil, for example. This is a company that generates extreme profits, even compared to the other fat cats. All of this thanks to the American intellectual property system and a foreign policy that strong-arms everyone else into helping American companies make money, even if it ends up killing people.
If you have a drug that can save someone's life, it is completely unethical to withhold it just because they don't have enough money for your liking. That is an axiom, and should be completely obvious to any civilized person. It doesn't matter how much the drug cost to develop -- that is irrelevant. The fact is, human life should be placed WAAAY above corporate profits. Unfortunately, that is a concept that many morons (including you) fail to understand.
What I find funny is that while the US is extremely religious, ethical standards here are extremely low. So much for the whole "religion == ethics" argument. Brazil certainly did the right thing, and I hope more countries will grow some balls and join them.
No, first you need to learn to memorize things. THEN you can understand the concepts. Try to teach calculus to someone who doesn't remember how to expand (x+y)^2 or doesn't know trig identities, and you'll see what I mean. Hell, calculus is 98% memorization, algebra is 70% memorization, and arithmetic is 100% memorization. Other things build on that.
And what are the students going to say when they have to answer on a job application whether they are familiar with Microsoft Office? Like it or not, free software is not quite there yet.
4. Students only use free software products. Computers are for use as a tool, i.e. recording research results in DB/spreadsheet, writing papers, scheduling w/teachers, emails, doing research on white-listed sites through a proxy server (basically, a site must be listed by a teacher as a curriculum resource before being allowed. Easy since all online academic resources will be stored in a DB as part of the records system anyway) with the use of the proxy server enforced at the network level.
Sounds like your use of free software products is politically, rather than educationally, motivated. Also, sounds like these computers aren't going to be doing much other than collecting dust. Teachers won't want to use them because of technical hassles, and students won't be able to do anything useful with them.
Uh, a book costs maybe $2 to print if it's hardcover and maybe $0.50 if it's softcover. The $100-$150 you would pay for the textbook goes to the publisher. Electronic textbooks cost about the same as printed ones, and publishers love to sell them on a subscription basis (as in, the book evaporates after the semester is done). Not to mention, trying to read books on a display fucking blows.
Have you looked at all the data acquisition stuff National Instruments sells? They ought to have something that will work, although it will pretty much have to be PC-based. Definitely beats the hell out of trying to homebrew this, though. I'd say that if you have to ask, it'll be too much work -- microcontroller projects have a way of taking way more time than they should.
Each state has its own engineering licensing system. But basically, if you offer engineering services directly to the public (as in, working for an engineering firm), you need a license. This mainly applies to civil/architectural/industrial engineering.
You must have missed the "practical" and "insulator" parts of my post. Diamond is not exactly practical for potting boards, and silicon carbide is not much better (not to mention isn't much of an insulator).
I think it will take more than a few hours, even if you have access to a full wafer probing/imaging facility. Modern VLSI chips are incredibly dense. With 65 nm feature sizes and a die that is 5mm on a side, you can have 76,000 features horizontally. If you print that out on paper, you'll need about 2 football fields of paper to see each layer of the chip. There are usually something like 10-15 layers with that interconnect with each other. You have hundreds of millions of transistors forming a large, complicated circuit that is generated by software tools from a high-level hardware description language. It's like trying to reverse engineer large, complicated pieces of software without ever running it. In addition, the firmware could be stored in some kind of tamperproof flash which may be completely impossible to read out without damaging its contents.
The only reason we still have relatively hackable hardware is because of cost. It would cost significantly more to do what I described (like embedding flash into VLSI chips). You need to have a different, more expensive process. Fortunately for us, most of the consumer electronics companies care far more about making things cheap than they do about making them secure. They care about security only to the extent that the AACS spec requires them to. Not to mention, a format which costs too much can never be successful.
There is no practical insulating material that is also a good conductor of heat. Electrical insulators are always pretty good thermal insulators. Of course, nobody says you couldn't embed a metal slug into the epoxy -- that's how we cool chips. There is also no good reason to encase the whole board. A much simpler solution would be to integrate the decryption hardware into one chip, and encrypt the firmware or put it inside the chip. Not much of a chance of anyone cracking that.
I wonder why the HD-DVD people don't get together with the satellite people? Satellite TV is extremely secure and has never really been cracked successfully. Most cracks involve emulating a smartcard, which is easy since the smartcards still use early 80s technology. Even then, nobody has really done a crack that wasn't fixed within a week.
It's not an assertion, it's a definition. That's what software is: Encoding mathematical operations in a computer-readable format.
Actually, it's circular reasoning. And just because the software is used to automatically operate a 4-function calculator instead of, say, a player piano doesn't make it mathematical.
The human-readable source code is also nothing but an encoding of math, and even borrows much syntax from traditional math literature, modulo the limitations of standard computer character sets. If you'd ever looked at software before this should be clear.
Just because something USES math doesn't mean it IS math. Math can be used to analyze computer programs, just like it can be used to analyze aircraft frames. Computer science is a branch of mathematics and uses math to analyze algorithms. The algorithms themselves are not any more mathematical than chunks of aluminum or assemblies of gears.
Prove that software isn't math through counter-example, by showing me a single instruction or line of code whose semantic meaning is not directly translatable into simple statements of boolean logic or, rarely, analog (real number) math?
Here's another counterexample. I can translate any electrical circuit into a matrix of differential equations. The two are equivalent. However, electrical engineering is not math. Just because you can express a program using mathematical symbols doesn't mean it's mathematics. Just how many lemmas did Microsoft have to prove to write Windows?
Also, there is no such thing as "proof by lack of counterexample". You have to either prove that it is true, or prove that it is not false. Just because nobody comes up with a counterexample doesn't mean you can say it's true, unless you can PROVE that a counterexample does not exist. If you used that kind of reasoning in a math class, you would have flunked.
Please stop using the word logic if this is how you are going to abuse it.
You are the one who is abusing words here. Prime example: mathematical.
Note that running software involves a device for executing encoded mathematical representations, aka a computer, which is a piece of hardware and patentable.
This is actually exactly how software patents are formulated. A computer loaded with certain software. A software patent doesn't keep you from publishing an algorithm in a book, printing T-shirts with it, or thinking about it. You just can't run it on a computer.
This is not a problem with software patents. This is a problem with patents in general. Many of them are too damn obvious. This is exactly my point. Nothing wrong with software patents. Everything wrong with how we grant them.
Slashdot Mirror
I don't think it would be possible to extract keys from hardware, if said hardware is well-implemented. Granted, I wouldn't be surprised if the keys were stored in a poorly-encrypted external ROM, but hacking hardware is still orders of magnitude more difficult and expensive than hacking software, and well-protected hardware is pretty much impossible to crack. Any kid with an internet connection, a decent debugger, and a pirated copy of IDA can crack a software player, but hardware usually takes inside knowledge. Of course, the main problem with key revocation is that owners of the revoked players will be rather pissed off. Unless the AACS LA wants to buy them new players, there has to be some kind of update mechanism -- which is a security hole. So yeah, this scheme still has pretty decent sized holes.
Actually, there hasn't been an actual hack yet. These "hacks" are what the key revocation procedure is intended for. It isn't like DeCSS, where knowing the algorithm was enough to bruteforce thousands of keys. If the AACS LA wanted to, they could stop giving out new keys to software-only players and stop this type of hacking in its tracks.
If you have an asterisk box, just set it up to play back tt-monkeys.gsm (a hilarious sound file with 16 seconds of screaming monkeys that comes with the asterisk distribution).
OK, sure, 10.3 and 10.4 introduced some new features, and may be worth slightly more. But 10.1 and 10.2 were basically service packs that fixed the numerous bugs and performance problems in the original version. Many of the changes between versions are bugfixes or small improvements.
Besides, this isn't even my biggest complaint. How about the fact that the first 4 generations of the iPod had basically identical hardware, yet all of the new firmware features and improvements were only available when you bought a new iPod? How about the fact that the overpriced proprietary Macbook DVI pigtail intentionally omits the analog pins, making sure you buy a VGA cable too? The two cables add up to $60 or so. Seems to me like Apple likes being greedy.
They also like being litigious. Hell, they sued a blogger for talking to one of their employees. I don't remember Microsoft ever doing anything like that. In fact, I don't remember Microsoft suing anyone without a very good reason. Hell, they even hired the MIT student who hacked the original Xbox and made possible all the different mod chips.
Uh, how about charging people $129 for OS X point releases (roughly equivalent to Windows service packs)? Or charging $50 if you want to view video fullscreen on a computer you just bought? Or charging shitloads of money for proprietary connectors and adapters? Or making you buy a new iPod just to get a couple of firmware improvements?
I like Apple's products, but their marketshare needs to stay exactly where it is. It's the only thing that keeps them from being way more evil than Microsoft could ever hope to be.
OK, what happens when you get cancer, spend all your savings on medical bills, and become disabled? Have fun investing your $5.25 an hour wal-mart door greeter pay.
Only if you don't know what you are doing. Reboot, go into single user mode, voila. Or just use a boot floppy/rescue CD.
Especially since every other PC manufacturer advertises 6-bit LCDs as "16.2 million colors" to distinguish them from 8-bit LCDs which are "16.7 million colors". Either one certainly qualifies as "millions of colors". Not to mention, I sure hope nobody tells these dumbasses that so-called 24-bit soundcards typically use 1-bit DACs and get those 24 bits by dithering.
You STILL don't get it. The phishing guys wouldn't USE a .bank domain, thereby rendering all the extra security completely useless.
I don't think you get it. The problem is not the security of the .bank domain. The problem is getting people to recognize that the site they are visiting is not legitimate. Considering that it's already pretty obvious that a URL like http://wellsfargo.scammer.com/scam_me does not belong to a bank, I'd say the .bank extension won't help anything.
They could just as well print them on pulp paper, or at least on lower-quality paper, considering that most textbooks don't last longer than 4-5 years. I get tons of free 1000-page catalogs, some in full color, so I figure it can't cost too much to print. In China or India, you can buy many US textbooks in a cheap softcover version for like $5. So they can make them cheap if they want to.
OK, this is a pretty good approach if we are talking about K-8, although I really think your proposal to have a whitelist of allowed websites is idiotic. Just buy a copy of Websense and use that, it's restrictive enough as it is. I had to do plenty of research in 8th grade, and a whitelist would pretty much prevent you from doing that.
The whole teacher thing is not irrelevant. The usefulness of a computer lab is proportional to how well teachers can use it to teach. Teachers are very busy -- they can't spend time to figure things out, and they certainly won't be compiling lists of allowed websites. An unfamiliar environment and extreme restrictions will cause headaches for them. If they don't like the lab, they will never use it again. Students mainly use computers for either playing Flash games and surfing the Internet or for doing teacher-assigned tasks. If you prohibit the former and the teachers refuse to do the latter, the project will be a complete failure.
I don't know about that whole using old hardware thing, either. Linux distributions evolve very quickly, and they can be hard to get running on old, unsupported hardware. They also tend to demand increasing amounts of memory. As long as your computers all have at least 256 MB of RAM and a 1GHz+ processor, you should be all right, but don't expect it to run on anything slower.
In short, I think you shouldn't be such a nazi as to what is allowed. Lock the system down enough to ensure integrity, but don't remove things like games or implement a fascist internet access policy unless it really becomes a problem. Things like YouTube and Myspace probably shouldn't be permitted, but there is nothing wrong with, say, Wikipedia. As long as each student has their own home directory on a network drive, you can even permit things like access to the desktop preferences.
Yeah, because making 22 BILLION dollars EACH YEAR is not enough. You really think even 5% of that goes towards developing drugs? Merck's operating margin is 40% -- more than twice that of Apple or ExxonMobil, for example. This is a company that generates extreme profits, even compared to the other fat cats. All of this thanks to the American intellectual property system and a foreign policy that strong-arms everyone else into helping American companies make money, even if it ends up killing people.
If you have a drug that can save someone's life, it is completely unethical to withhold it just because they don't have enough money for your liking. That is an axiom, and should be completely obvious to any civilized person. It doesn't matter how much the drug cost to develop -- that is irrelevant. The fact is, human life should be placed WAAAY above corporate profits. Unfortunately, that is a concept that many morons (including you) fail to understand.
What I find funny is that while the US is extremely religious, ethical standards here are extremely low. So much for the whole "religion == ethics" argument. Brazil certainly did the right thing, and I hope more countries will grow some balls and join them.
No, first you need to learn to memorize things. THEN you can understand the concepts. Try to teach calculus to someone who doesn't remember how to expand (x+y)^2 or doesn't know trig identities, and you'll see what I mean. Hell, calculus is 98% memorization, algebra is 70% memorization, and arithmetic is 100% memorization. Other things build on that.
No Microsoft products in use, including OSes.
And what are the students going to say when they have to answer on a job application whether they are familiar with Microsoft Office? Like it or not, free software is not quite there yet.
4. Students only use free software products. Computers are for use as a tool, i.e. recording research results in DB/spreadsheet, writing papers, scheduling w/teachers, emails, doing research on white-listed sites through a proxy server (basically, a site must be listed by a teacher as a curriculum resource before being allowed. Easy since all online academic resources will be stored in a DB as part of the records system anyway) with the use of the proxy server enforced at the network level.
Sounds like your use of free software products is politically, rather than educationally, motivated. Also, sounds like these computers aren't going to be doing much other than collecting dust. Teachers won't want to use them because of technical hassles, and students won't be able to do anything useful with them.
Uh, a book costs maybe $2 to print if it's hardcover and maybe $0.50 if it's softcover. The $100-$150 you would pay for the textbook goes to the publisher. Electronic textbooks cost about the same as printed ones, and publishers love to sell them on a subscription basis (as in, the book evaporates after the semester is done). Not to mention, trying to read books on a display fucking blows.
Have you looked at all the data acquisition stuff National Instruments sells? They ought to have something that will work, although it will pretty much have to be PC-based. Definitely beats the hell out of trying to homebrew this, though. I'd say that if you have to ask, it'll be too much work -- microcontroller projects have a way of taking way more time than they should.
Each state has its own engineering licensing system. But basically, if you offer engineering services directly to the public (as in, working for an engineering firm), you need a license. This mainly applies to civil/architectural/industrial engineering.
You must have missed the "practical" and "insulator" parts of my post. Diamond is not exactly practical for potting boards, and silicon carbide is not much better (not to mention isn't much of an insulator).
What's wrong with AVG? I actually prefer it over McAfee or Norton. Faster, less memory usage, very reliable.
I think it will take more than a few hours, even if you have access to a full wafer probing/imaging facility. Modern VLSI chips are incredibly dense. With 65 nm feature sizes and a die that is 5mm on a side, you can have 76,000 features horizontally. If you print that out on paper, you'll need about 2 football fields of paper to see each layer of the chip. There are usually something like 10-15 layers with that interconnect with each other. You have hundreds of millions of transistors forming a large, complicated circuit that is generated by software tools from a high-level hardware description language. It's like trying to reverse engineer large, complicated pieces of software without ever running it. In addition, the firmware could be stored in some kind of tamperproof flash which may be completely impossible to read out without damaging its contents.
The only reason we still have relatively hackable hardware is because of cost. It would cost significantly more to do what I described (like embedding flash into VLSI chips). You need to have a different, more expensive process. Fortunately for us, most of the consumer electronics companies care far more about making things cheap than they do about making them secure. They care about security only to the extent that the AACS spec requires them to. Not to mention, a format which costs too much can never be successful.
There is no practical insulating material that is also a good conductor of heat. Electrical insulators are always pretty good thermal insulators. Of course, nobody says you couldn't embed a metal slug into the epoxy -- that's how we cool chips. There is also no good reason to encase the whole board. A much simpler solution would be to integrate the decryption hardware into one chip, and encrypt the firmware or put it inside the chip. Not much of a chance of anyone cracking that.
I wonder why the HD-DVD people don't get together with the satellite people? Satellite TV is extremely secure and has never really been cracked successfully. Most cracks involve emulating a smartcard, which is easy since the smartcards still use early 80s technology. Even then, nobody has really done a crack that wasn't fixed within a week.
It's not an assertion, it's a definition. That's what software is: Encoding mathematical operations in a computer-readable format.
Actually, it's circular reasoning. And just because the software is used to automatically operate a 4-function calculator instead of, say, a player piano doesn't make it mathematical.
The human-readable source code is also nothing but an encoding of math, and even borrows much syntax from traditional math literature, modulo the limitations of standard computer character sets. If you'd ever looked at software before this should be clear.
Just because something USES math doesn't mean it IS math. Math can be used to analyze computer programs, just like it can be used to analyze aircraft frames. Computer science is a branch of mathematics and uses math to analyze algorithms. The algorithms themselves are not any more mathematical than chunks of aluminum or assemblies of gears.
Prove that software isn't math through counter-example, by showing me a single instruction or line of code whose semantic meaning is not directly translatable into simple statements of boolean logic or, rarely, analog (real number) math?
Here's another counterexample. I can translate any electrical circuit into a matrix of differential equations. The two are equivalent. However, electrical engineering is not math. Just because you can express a program using mathematical symbols doesn't mean it's mathematics. Just how many lemmas did Microsoft have to prove to write Windows?
Also, there is no such thing as "proof by lack of counterexample". You have to either prove that it is true, or prove that it is not false. Just because nobody comes up with a counterexample doesn't mean you can say it's true, unless you can PROVE that a counterexample does not exist. If you used that kind of reasoning in a math class, you would have flunked.
Please stop using the word logic if this is how you are going to abuse it.
You are the one who is abusing words here. Prime example: mathematical.
Note that running software involves a device for executing encoded mathematical representations, aka a computer, which is a piece of hardware and patentable.
This is actually exactly how software patents are formulated. A computer loaded with certain software. A software patent doesn't keep you from publishing an algorithm in a book, printing T-shirts with it, or thinking about it. You just can't run it on a computer.
This is not a problem with software patents. This is a problem with patents in general. Many of them are too damn obvious. This is exactly my point. Nothing wrong with software patents. Everything wrong with how we grant them.
How about you go to the library and pick up a book about copyright? Your lack of literacy about this topic prevents any intelligent discussion.