This system seems to be UK based. In UK, the digital cellular systems is GSM/PCS. GSM base stations have a theoretical maximum diameter of 35km (15-20 miles?). Since the 1999/2000 boom in subscriber quantity, most cells top out at 2-3km and can be as small as 100m (300 foot) in town centers. Also, cells usually are segmented into 3 slices of 120 degrees each, to maximize channel re-usage ability.
Another GSM feature is the "timing advance", which roughly indicates the distance of a mobile from its base station. It is necessary, because GSM is time multiplexed. A mobile is assigned a "time slot" for transmission. To avoid interference between mobiles that are far away from the base stations and those that are near, the far mobile sends its packet a little bit too early. It then travels a the speed that radio waves use to have and arrives dead-on its time slot. While "timing advance" is originally used only for this purpose, it obviously also is a good indication of where the mobile is.
The mobile knows all these values - each base station has a unique identifiyer, and the timing advance is measured every N seconds (which btw is the reason why GSM mobiles are spec'ed for travel speeds of 250km/h max).
The trace system basically "phones-home" this information, where the base station ID is looked up in a database to find out where the mobile is.
This is not new. Former Viag Interkom in Germany offered such a service, too. Once registered, you could look up the position of a mobile through an internet page. There's also a travel assistance service of D1 Telekom Germany, where you call in, hang up, the system traces your position, and sends a text message with traffic jam information etc (for your current position) to your mobile.
All these systems base on the same method of locating you, but are marketed differently.
But back on-topic: there is no GPS. As simple as that.
Here's a company that sells all equipment necessary to autonomously fly a model plane. Obviously you can define several GPS coordinates, and the plane will go pass them all.
http://www.micropilot.com/
Here's an open-source effort to autonomously fly a helicopter. Heli's are more difficult to manouver than planes.
Well, as a long time internet participant, I recall quite good what AOL did to usenet: Aquire a hord of "Me too" follow-up posters. Actually, a quick google-groups research shows that of the 32,000 postings that contain "me too", a whopping 30,600 also contain the word "AOL".
So I question - what can Microsoft do to usenet? I suspect, nothing nice. Probably their efforts result in even more MIME/HTML postings, with binaries attached in non-binary groups (probably something like "My Signature.exe"). And certainly a lot of proprietarily encapsulated text, such as.DOC rich text attached to an otherwise empty posting.
On one hand, usenet is for everyone, including Microsoft users. On the other hand, I really hope that google-groups will filter them off so that usenet can stay the valuable source of accurate tech information that it is today.
Given that recent studies show how much private, business and government data is available for sale on Ebay as "2nd hand harddrive", this feature could prove useful -- even without key.
On the other hand, without (access to the) key, the drive is tied to the motherboard. That is, when the board fails, you won't be able to recover your data either.
I'd rather see an optional extension to the IDE standard. Adapters that support it, could have a key register for each IDE channel. The BIOS or OS could then load whatever key it prefers. A simple thing could be to load the CPU serial number to it, and providing a "recovery mode" in BIOS where the user can enter the serial number manually (after CPU replacement). More sophisticated setups could fetch a key from a USB token, or TCPA (urgs) or whatever other means.
> hardware support for scaling non-native resolutions
You're referring to techniques and tricks to make the image look better. However, it just doesn't work to perfection. It's a physical impossible.
When the display has 1280 pixels in a line, and is supposed to stretch 1024 pixels to the full width, every virtual pixel will cover 1.25 physical pixels (1024 * 1.25 equals 1280).
That is, the display can either duplicate every 4th pixel (map 4 input pixels to 5 output pixels). Older laptops use to do this (the first generation that didn't show black borders). This is acceptable for images, but gives very chunky results on text.
Or, it can interpolate the color value of the pixels, much like an anti-aliasing filter does. In the first order that means, the first physical pixel is covered to 100% by the color of the first virtual pixel. The 2nd physical pixel gets 25% of the 1st virtual pixel color, and 75% of its color are dominated by the 2nd virtual pixel. The 3rd receives 50% from virtual #2 and 50% from virtual #3. Etc.
I think, this is how most (all?) of todays displays work. The mapping is local to small blocks, and can be stored in the controller as lookup table. The color mixing can be done using shifters and adders (cheap logic). However, the result is not 100% optimal: Each first and 5th pixel (in the example of 1024->1280) is 100% at the color of the virtual counterpart, while the other 3 pixels are not. A perfect filter would distribute the error over all pixels, so that the 1st+5th would suffer a bit, while the other 3 pixels would be nearer to their original color. However, that would require real algorithms (rather then lookup tables), as used in radio and telecom transmissions (keyword: multirate digital signal processing).
But -- and that's why I'm writing this follow up -- while such an interpolation can be the best possible match, it still is not as good as the original picture. The output will always lack clarity and contrast, especially because most display use is text based. Windows uses bitmap fonts to have exact control over each pixel, and you give up on this as soon as you start to interpolate.
> you usually get a tiny little strip on the left side of your browser
Opera is able to scale the display of a web page, text and images and flash. Since a few minor revisions, it even inherits the zoom factor when you open links in new windows (a thing that I often do when google-ing).
Use the + and - keys on the numeric keypad, if you happen to have Opera installed. It's not perfect, but it's far better than the zoom support I've seen in Netscape.
1. Get a better display, "better" as in "suits your needs". I for one suffer of a similar problem, and my solution was to get a 17 1/2 inch display at 1280x1024 instead of those 16 1/2, 16 or even 15 inch panels that are on the market. The text is noticably better readable.
2. Forget about Linux on LCD. I've never seen anything worse. It provides nice options, and lets you choose between several rendering tricks - it even asks about the R,G,B pixel ordering on your panel. However, the text still looks blurry and is difficult to read. Using linux for more than 30 minutes gives me a headache. I prefer to login from the win32 machine (connected to the SAME display!) via ssh and do the work from there. I think this is related to the lack of bitmapped fonts on linux. But honestly, nobody could help me resolve this issue so far. As soon as I mention the (IMHO obivous) problem on irc or usenet, I'm drowned in the usual advocacy about how superiour scalable rendered fonts are.
Ok, I know that ZIP is known for notoriously weak security.
But is it worth a PATENT to now associate the "security" features of ZIP with "strong cryptography algorithms"?
That's like Microsoft filing a patent for a "not crashing OS", as reaction to market research reports that show how people are not happy anymore with traditional (crashing) MS products.
Probably most people with a pirate version of WinXP (and phone-home activation deactivated) also "don't send" crash reports to Microsoft.
I don't have a "private versus official installations" statistics at hand for WinXP, but this link suggests a 10:1 ratio for OfficeXP (4th line from bottom):
Online gaming is not very compatible with broadband, at least with DSL. The connection is interleaved to improve the robustness against burst errors. That is, on a typical DSL line the ping (latency or lag) is about 100ms.
For online gamers, it means that the shoot goes off only 1/10 sec AFTER hitting the fire button.
For those who consider changing their connection type for better online gaming experience, a better alternative is ISDN (RSDI). ISDN lines have ping times of 10-12ms, that's a magnitude faster than DSL broadband.
However, the online gamers will then have to wait quite a while when they plan to pirate their online games off the internet.. Probably this tade-off is why most of them stick with DSL instead of choosing the faster ISDN.
> Someone will write a virus that takes advantage of a security hole in the software > resulting in your cable box being a participant in a DDoS attack...
Don't laugh, this has happened already. There were some Microsoft set top boxes out in the field, which upon virus infection joined together and made a DDoS attack on the 911 emergency number.
Here's a link: http://www.techtv.com/news/security/story/0,24195, 3392631,00.html
What about this idea to increase the deniability: Imagine a trojan that installs Freenet on the infected machine and makes it part of the network, then erases all traces of itself. This trojan could be put up on a web site, with a notification to the usual anti-virus companies.
Later, when someone gets under legal pressure for running a Freenet node, he could claim that he didn't install it. He didn't know he was running that "Freenet thing". Most probably it was installed by a Trojan, and in fact there is one known to do just this (reference to anti-virus company press release).
That would be even more plausible deniability, wouldn't it?
Government uses tax payers' money to purchase the computer equipment.
The German legislation requires, that government has to make a public call for offers, and then choose the cheapest offer. This was done for buildings etc, and recently it occurred to the Germans that this law also applies to computers and software. After all, it's quite a huge investment. Unless Microsoft lowers the price, or Linux increases the price, or Microsoft bends the numbers so that their offer appears cheaper than Linux, government HAS TO choose Linux.
I think, the German government is not keen on using Linux over Windows, and they will appreciate when someone comes along with a good-looking statistics that allows them to go Windows without risk of being held liable later.
The Microsoft numbers about total-cost-of-ownership obviously are still not good enough, otherwise the case would be closed already since long time.
> Even if you did, the RIAA could 'decrypt' (ROT13, whatever) the file > and if it isn't theirs, delete it. If it is theirs, they have broken > no law, even if they choose to share it on the network. Its theirs, > they can do with it what they please.
Do YOU break the law when you upload the music file to the original owner, upon his request? (given that your own copy is legit, that is)
> > install a WiFi card if you are in a wifi public access hotspot > > Why don't you call it what it really is, theft of services?
Well then, do it the other way round: Make yourself a public access hotspot. You earn plausible deniability for everything that passes through your internet uplink, because it might have been initiated by an anonymous WiFi guest. You might have only one shot though, as the authorities might prohibit you from running that node any further..
> Why is this unfortunate? People just want to send grandma some pictures, > surf the web, type a paper, whatever..
And the best thing is: it works! Even with 250 infected files, they can still surf the web and type a paper. Their computer might be suboptimal and sometimes exhibit strange side behaviour, but they won't even notice it. Only when the computer stops to perform the desired tasks, it needs service. Just like any other product.
> How ironic is it that third world nations could end up leading the way in voip adoption?
It's not ironic at all. And I think, it's also not too much related to competition, but rather to the history of the market.
Let me explain my view: I'm german, but live in Spain since a few years. Germans perceive Spain as "10 years" behind, when it comes to technology. This is definately not true. There's only little technological research and development going on in Spain (a lot less than in Germany). But on the other hand, Spain doesn't have the same legacy!
While Germany, as a first minute adopter, employs less-than-state-of-the-art system and keeps them running (because it was a huge financial investment), "2nd category" countries like Spain can directly head towards the refined essence of the technology. Until no more than 3 years ago, Germany still had a considerable market share of analog cellular phones, while Spain was practically 100% digital.
There are hundreds of similar examples. Because Spain doesn't invent all the stuff, they don't hurry to get stuck with expensive first generation prototypes. They just relax, lets stuff grow and madurate, and ignore comments about being "behind". As soon as the technology is ready and cheap, they employ it en gros within very little time. They overtake the leader, and with only a fraction of the financial investment.
Of course, without 1st generation adopters there wouldn't be and 2nd generation. So the germans aren't as stupid as it appears here. But in my opinion, this mechanism is definately involved when African countries use better technology than the USA or Europe...
> If this is true, it must mean that all countries except USA and Israel are muslim, > since those are almost exclusively the ones targeted by islamic terrorists.
The interesting thing is, that in Germany, Kenia, Spain, Iraq, and all the other countries where terror attacks recently have taken place or were planned, the attacks always were either against US facitilties (eg US embassy) or against US citizens or politicians, or took place when US officials were about to meet in that country on that day.
Please name 3 muslim terror attacks, that were not related to US/Israel in one way or another?
I tried to find out how much I (as an overseas customer) actually have to pay to get $3 worth of BitPass credits, but even after the 15th click through their pages and "FAQ" I couldn't find out. Do they accomodate for all charges, or do I end up with 15 EUR deducted from my VISA card, including charges, currency conversion fees, for 3 dollars of cyber currency?
> If I get spam for "Bobscomputers@mydomain.com", then Bobscomputers.biz is likely the culprit
If I were to do harm to Amazon's reputation, I could buy a spammers' email list and find all "amazon@", "Bobscomputers@", "whatever@" addresses, and create a new list with all the company names interchanged.
It can be done automatically, and bloat a list of 2 million email addresses to 2.5 million, to give a possible incentive for spammers to do just that.
> In this way the biometric data is never exposed directly to the outside world, so one > need not worry about it getting leaked to the "bad guys" even if your passport were stolen...except of course, when the JavaCard can be used as an oracle by the attacker. Note that in the article they did not use any reference to the original image or to the dataset that the face recognition software creates from it. They rather chose 30 different (visually not related) images and then evolutionary selected the best fit.
As soon as your JavaCard is going to be universal (and serve multiple purposes with varying degree of security) it has to return a "score" (rather than a yes/no decision). And nothing more than that very score is used by the attack, go figure.
To put this into a real world example: imagine you use an ATM JavaCard with face recognition. Insert card, present your face into the cam lens, and enter how much money you need. Now a computer nerd "finds" your card. He emulates an ATM terminal to the card and presents a random face to the card. Recursively, he optimizes it according to the article until he achieves a "good enough" score. He prints that out on paper, and travels to Mexico - slowly, by car, doing a stop at every damn biometrics-enabled ATM he can find. Heck, even the security cam recordings provide no more evidence than a fake (still image) phantom photo of YOU!
The algorithm they used is simple. They use the face recognition system as "oracle" and present different images until the match is achieved. The different images are not chosen at random, but rather evolutionary. That is, a selection of images is presented, and the best (highest score) is chosen. Recursively, new selections are derived from the best image, and again presented to the oracle.
According to the article 24,000 images are necessary to achieve convergence, when the initial images were specifically chosen to NOT be visually similar to the "target" image.
Some oracles can't be questionned 24,000 times - eg at an airport or an ATM machine. You might become arrested long before finished.
However, often press releases indicate which company designed the software for a particular implentation of face recognition. You can easily purchase other software of the same company (or find an OEM product) and thus have the same (or very similar) oracle on your desk at home. There you can do the 24,000 iterations to get ahold of the "good" image and then proceed to remodel your face or whatever way you intend to "present" the image to the real face recognition system.
In my opinion, biometrics just doesn't work for security. Because everyone is open to see the datasets.
Just look at those stupid press releases of Siemens/Infineon, who make high-payed security engineers invent ATM cards with finger print sensors. Owners finger print => money from ATM. Where does owner leave his finger print, when handling the card? Couldn't be on the very ATM card, possibly?
Acceptable security requires
a) something you have, and
b) something you know.
When the item you have is stolen, the thief lacks the information you know. And vice-versa, when the secret is learned (eg shoulder surfing at ATM), the item you have still misses to complete the electronic robbery.
Biometrics is something you have, not something you know. That is the key thing to learn here!
It can be copied, without your noticing, but that doesn't make it category b). It still is something you have, because everybody has access to it when he's physically near to you. You can't just shut up to make it stay secret.
Therefore, biometrics won't (ever) work as long as it's coupled with other category a) stuff. A biometric dataset can possibly replace a physical token, but it can NOT replace a PIN code.
I'm happy that this is once again demonstrated, with press coverage.
Since the RIAA drone searched for music that RIAA owns copyright of, you both now have a legitimate copy of it. Nobody should be sued.
It might have been different when the RIAA drone wasn't a RIAA employee but a 3rd party company instead. According to my understanding of law and moral, he (as a professional!) wouldn't be able to legitimately own your file. So he would have infringed on copyrights, and you helped him.
As soon as RIAA authorizes that 3rd party company to rightfully download music (in order to perform the task of finding music-sharers), the situation reverts back to the first scenario. You both own a legal copy, and nobody has done wrong.
Slashdot Mirror
This system seems to be UK based. In UK, the digital cellular systems is GSM/PCS. GSM base stations have a theoretical maximum diameter of 35km (15-20 miles?). Since the 1999/2000 boom in subscriber quantity, most cells top out at 2-3km and can be as small as 100m (300 foot) in town centers. Also, cells usually are segmented into 3 slices of 120 degrees each, to maximize channel re-usage ability.
Another GSM feature is the "timing advance", which roughly indicates the distance of a mobile from its base station. It is necessary, because GSM is time multiplexed. A mobile is assigned a "time slot" for transmission. To avoid interference between mobiles that are far away from the base stations and those that are near, the far mobile sends its packet a little bit too early. It then travels a the speed that radio waves use to have and arrives dead-on its time slot. While "timing advance" is originally used only for this purpose, it obviously also is a good indication of where the mobile is.
The mobile knows all these values - each base station has a unique identifiyer, and the timing advance is measured every N seconds (which btw is the reason why GSM mobiles are spec'ed for travel speeds of 250km/h max).
The trace system basically "phones-home" this information, where the base station ID is looked up in a database to find out where the mobile is.
This is not new. Former Viag Interkom in Germany offered such a service, too. Once registered, you could look up the position of a mobile through an internet page. There's also a travel assistance service of D1 Telekom Germany, where you call in, hang up, the system traces your position, and sends a text message with traffic jam information etc (for your current position) to your mobile.
All these systems base on the same method of locating you, but are marketed differently.
But back on-topic: there is no GPS. As simple as that.
Here's a company that sells all equipment necessary to autonomously fly a model plane. Obviously you can define several GPS coordinates, and the plane will go pass them all.
http://www.micropilot.com/
Here's an open-source effort to autonomously fly a helicopter. Heli's are more difficult to manouver than planes.
http://autopilot.sourceforge.net/
Well, as a long time internet participant, I recall quite good what
.DOC rich text attached to an otherwise empty posting.
AOL did to usenet: Aquire a hord of "Me too" follow-up posters.
Actually, a quick google-groups research shows that of the 32,000
postings that contain "me too", a whopping 30,600 also contain the
word "AOL".
So I question - what can Microsoft do to usenet? I suspect, nothing
nice. Probably their efforts result in even more MIME/HTML postings,
with binaries attached in non-binary groups (probably something like
"My Signature.exe"). And certainly a lot of proprietarily encapsulated
text, such as
On one hand, usenet is for everyone, including Microsoft users. On
the other hand, I really hope that google-groups will filter them off
so that usenet can stay the valuable source of accurate tech information
that it is today.
Marc
Given that recent studies show how much private, business and government
data is available for sale on Ebay as "2nd hand harddrive", this feature
could prove useful -- even without key.
On the other hand, without (access to the) key, the drive is tied to the
motherboard. That is, when the board fails, you won't be able to recover
your data either.
I'd rather see an optional extension to the IDE standard. Adapters that
support it, could have a key register for each IDE channel. The BIOS or
OS could then load whatever key it prefers. A simple thing could be to
load the CPU serial number to it, and providing a "recovery mode" in BIOS
where the user can enter the serial number manually (after CPU replacement).
More sophisticated setups could fetch a key from a USB token, or TCPA (urgs)
or whatever other means.
THAT would be a useful extension.
Marc
> hardware support for scaling non-native resolutions
You're referring to techniques and tricks to make the image look better. However,
it just doesn't work to perfection. It's a physical impossible.
When the display has 1280 pixels in a line, and is supposed to stretch 1024 pixels
to the full width, every virtual pixel will cover 1.25 physical pixels (1024 * 1.25
equals 1280).
That is, the display can either duplicate every 4th pixel (map 4 input pixels to 5
output pixels). Older laptops use to do this (the first generation that didn't show
black borders). This is acceptable for images, but gives very chunky results on text.
Or, it can interpolate the color value of the pixels, much like an anti-aliasing
filter does. In the first order that means, the first physical pixel is covered
to 100% by the color of the first virtual pixel. The 2nd physical pixel gets 25%
of the 1st virtual pixel color, and 75% of its color are dominated by the 2nd
virtual pixel. The 3rd receives 50% from virtual #2 and 50% from virtual #3. Etc.
I think, this is how most (all?) of todays displays work. The mapping is local to
small blocks, and can be stored in the controller as lookup table. The color mixing
can be done using shifters and adders (cheap logic). However, the result is not
100% optimal: Each first and 5th pixel (in the example of 1024->1280) is 100% at
the color of the virtual counterpart, while the other 3 pixels are not. A perfect
filter would distribute the error over all pixels, so that the 1st+5th would suffer
a bit, while the other 3 pixels would be nearer to their original color. However,
that would require real algorithms (rather then lookup tables), as used in radio
and telecom transmissions (keyword: multirate digital signal processing).
But -- and that's why I'm writing this follow up -- while such an interpolation can
be the best possible match, it still is not as good as the original picture. The
output will always lack clarity and contrast, especially because most display use
is text based. Windows uses bitmap fonts to have exact control over each pixel,
and you give up on this as soon as you start to interpolate.
Marc
> you usually get a tiny little strip on the left side of your browser
Opera is able to scale the display of a web page, text and images and flash. Since
a few minor revisions, it even inherits the zoom factor when you open links in new
windows (a thing that I often do when google-ing).
Use the + and - keys on the numeric keypad, if you happen to have Opera installed.
It's not perfect, but it's far better than the zoom support I've seen in Netscape.
Marc
My opinion:
1. Get a better display, "better" as in "suits your needs". I for one suffer of a similar problem,
and my solution was to get a 17 1/2 inch display at 1280x1024 instead of those 16 1/2, 16 or even
15 inch panels that are on the market. The text is noticably better readable.
2. Forget about Linux on LCD. I've never seen anything worse. It provides nice options, and lets
you choose between several rendering tricks - it even asks about the R,G,B pixel ordering on your
panel. However, the text still looks blurry and is difficult to read. Using linux for more than
30 minutes gives me a headache. I prefer to login from the win32 machine (connected to the SAME
display!) via ssh and do the work from there. I think this is related to the lack of bitmapped
fonts on linux. But honestly, nobody could help me resolve this issue so far. As soon as I
mention the (IMHO obivous) problem on irc or usenet, I'm drowned in the usual advocacy about how
superiour scalable rendered fonts are.
Marc
Ok, I know that ZIP is known for notoriously weak security.
But is it worth a PATENT to now associate the "security" features of ZIP
with "strong cryptography algorithms"?
That's like Microsoft filing a patent for a "not crashing OS", as reaction
to market research reports that show how people are not happy anymore with
traditional (crashing) MS products.
Probably most people with a pirate version of WinXP (and phone-home
activation deactivated) also "don't send" crash reports to Microsoft.
I don't have a "private versus official installations" statistics at
hand for WinXP, but this link suggests a 10:1 ratio for OfficeXP (4th
line from bottom):
http://www.iriscom.co.uk/Iris/access2k.htm
Now do the math and remove the skew.
> The only other reason is online gaming
Online gaming is not very compatible with broadband, at least with DSL. The
connection is interleaved to improve the robustness against burst errors.
That is, on a typical DSL line the ping (latency or lag) is about 100ms.
For online gamers, it means that the shoot goes off only 1/10 sec AFTER
hitting the fire button.
For those who consider changing their connection type for better online
gaming experience, a better alternative is ISDN (RSDI). ISDN lines have
ping times of 10-12ms, that's a magnitude faster than DSL broadband.
However, the online gamers will then have to wait quite a while when they
plan to pirate their online games off the internet.. Probably this tade-off
is why most of them stick with DSL instead of choosing the faster ISDN.
Marc
> Someone will write a virus that takes advantage of a security hole in the software
, 3392631,00.html
> resulting in your cable box being a participant in a DDoS attack...
Don't laugh, this has happened already. There were some Microsoft set top
boxes out in the field, which upon virus infection joined together and made
a DDoS attack on the 911 emergency number.
Here's a link: http://www.techtv.com/news/security/story/0,24195
Marc
> Freenet's about PLAUSIBLE DENIABILITY
What about this idea to increase the deniability: Imagine a trojan
that installs Freenet on the infected machine and makes it part of
the network, then erases all traces of itself. This trojan could be
put up on a web site, with a notification to the usual anti-virus
companies.
Later, when someone gets under legal pressure for running a Freenet
node, he could claim that he didn't install it. He didn't know he
was running that "Freenet thing". Most probably it was installed by
a Trojan, and in fact there is one known to do just this (reference
to anti-virus company press release).
That would be even more plausible deniability, wouldn't it?
Marc
Government uses tax payers' money to purchase the computer equipment.
The German legislation requires, that government has to make a public
call for offers, and then choose the cheapest offer. This was done
for buildings etc, and recently it occurred to the Germans that this
law also applies to computers and software. After all, it's quite a
huge investment. Unless Microsoft lowers the price, or Linux increases
the price, or Microsoft bends the numbers so that their offer appears
cheaper than Linux, government HAS TO choose Linux.
I think, the German government is not keen on using Linux over Windows,
and they will appreciate when someone comes along with a good-looking
statistics that allows them to go Windows without risk of being held
liable later.
The Microsoft numbers about total-cost-of-ownership obviously are still
not good enough, otherwise the case would be closed already since long
time.
Marc
> Even if you did, the RIAA could 'decrypt' (ROT13, whatever) the file
> and if it isn't theirs, delete it. If it is theirs, they have broken
> no law, even if they choose to share it on the network. Its theirs,
> they can do with it what they please.
Do YOU break the law when you upload the music file to the original owner,
upon his request? (given that your own copy is legit, that is)
> > install a WiFi card if you are in a wifi public access hotspot
>
> Why don't you call it what it really is, theft of services?
Well then, do it the other way round: Make yourself a public access hotspot.
You earn plausible deniability for everything that passes through your internet
uplink, because it might have been initiated by an anonymous WiFi guest. You
might have only one shot though, as the authorities might prohibit you from
running that node any further..
> Why is this unfortunate? People just want to send grandma some pictures,
> surf the web, type a paper, whatever..
And the best thing is: it works! Even with 250 infected files, they can
still surf the web and type a paper. Their computer might be suboptimal
and sometimes exhibit strange side behaviour, but they won't even notice
it. Only when the computer stops to perform the desired tasks, it needs
service. Just like any other product.
> How ironic is it that third world nations could end up leading the way in voip adoption?
It's not ironic at all. And I think, it's also not too much related to
competition, but rather to the history of the market.
Let me explain my view: I'm german, but live in Spain since a few years.
Germans perceive Spain as "10 years" behind, when it comes to technology.
This is definately not true. There's only little technological research
and development going on in Spain (a lot less than in Germany). But on the
other hand, Spain doesn't have the same legacy!
While Germany, as a first minute adopter, employs less-than-state-of-the-art
system and keeps them running (because it was a huge financial investment),
"2nd category" countries like Spain can directly head towards the refined
essence of the technology. Until no more than 3 years ago, Germany still had
a considerable market share of analog cellular phones, while Spain was
practically 100% digital.
There are hundreds of similar examples. Because Spain doesn't invent all
the stuff, they don't hurry to get stuck with expensive first generation
prototypes. They just relax, lets stuff grow and madurate, and ignore
comments about being "behind". As soon as the technology is ready and
cheap, they employ it en gros within very little time. They overtake
the leader, and with only a fraction of the financial investment.
Of course, without 1st generation adopters there wouldn't be and 2nd
generation. So the germans aren't as stupid as it appears here. But in
my opinion, this mechanism is definately involved when African countries
use better technology than the USA or Europe...
Marc
> If this is true, it must mean that all countries except USA and Israel are muslim,
> since those are almost exclusively the ones targeted by islamic terrorists.
The interesting thing is, that in Germany, Kenia, Spain, Iraq, and all the other
countries where terror attacks recently have taken place or were planned, the
attacks always were either against US facitilties (eg US embassy) or against US
citizens or politicians, or took place when US officials were about to meet in
that country on that day.
Please name 3 muslim terror attacks, that were not related to US/Israel in one
way or another?
I tried to find out how much I (as an overseas customer) actually
have to pay to get $3 worth of BitPass credits, but even after the
15th click through their pages and "FAQ" I couldn't find out. Do
they accomodate for all charges, or do I end up with 15 EUR deducted
from my VISA card, including charges, currency conversion fees, for
3 dollars of cyber currency?
> The "L" bubble is worn through on mine, so I can't load programs anymore!
:-)
Hm, you should try to _r_un them instead
> If I get spam for "Bobscomputers@mydomain.com", then Bobscomputers.biz is likely the culprit
If I were to do harm to Amazon's reputation, I could buy a spammers' email
list and find all "amazon@", "Bobscomputers@", "whatever@" addresses, and
create a new list with all the company names interchanged.
It can be done automatically, and bloat a list of 2 million email addresses
to 2.5 million, to give a possible incentive for spammers to do just that.
> In this way the biometric data is never exposed directly to the outside world, so one ..except of course, when the JavaCard can be used as an oracle by the attacker.
> need not worry about it getting leaked to the "bad guys" even if your passport were stolen.
Note that in the article they did not use any reference to the original image
or to the dataset that the face recognition software creates from it. They rather
chose 30 different (visually not related) images and then evolutionary selected
the best fit.
As soon as your JavaCard is going to be universal (and serve multiple purposes
with varying degree of security) it has to return a "score" (rather than a yes/no
decision). And nothing more than that very score is used by the attack, go figure.
To put this into a real world example: imagine you use an ATM JavaCard with face
recognition. Insert card, present your face into the cam lens, and enter how
much money you need. Now a computer nerd "finds" your card. He emulates an ATM
terminal to the card and presents a random face to the card. Recursively, he
optimizes it according to the article until he achieves a "good enough" score.
He prints that out on paper, and travels to Mexico - slowly, by car, doing a stop
at every damn biometrics-enabled ATM he can find. Heck, even the security cam
recordings provide no more evidence than a fake (still image) phantom photo of
YOU!
Marc
The algorithm they used is simple. They use the face recognition
system as "oracle" and present different images until the match
is achieved. The different images are not chosen at random, but
rather evolutionary. That is, a selection of images is presented,
and the best (highest score) is chosen. Recursively, new selections
are derived from the best image, and again presented to the oracle.
According to the article 24,000 images are necessary to achieve
convergence, when the initial images were specifically chosen to
NOT be visually similar to the "target" image.
Some oracles can't be questionned 24,000 times - eg at an airport
or an ATM machine. You might become arrested long before finished.
However, often press releases indicate which company designed the
software for a particular implentation of face recognition. You
can easily purchase other software of the same company (or find
an OEM product) and thus have the same (or very similar) oracle
on your desk at home. There you can do the 24,000 iterations to
get ahold of the "good" image and then proceed to remodel your
face or whatever way you intend to "present" the image to the
real face recognition system.
In my opinion, biometrics just doesn't work for security. Because
everyone is open to see the datasets.
Just look at those stupid press releases of Siemens/Infineon, who
make high-payed security engineers invent ATM cards with finger
print sensors. Owners finger print => money from ATM. Where does
owner leave his finger print, when handling the card? Couldn't be
on the very ATM card, possibly?
Acceptable security requires
a) something you have, and
b) something you know.
When the item you have is stolen, the thief lacks the information
you know. And vice-versa, when the secret is learned (eg shoulder
surfing at ATM), the item you have still misses to complete the
electronic robbery.
Biometrics is something you have, not something you know. That is
the key thing to learn here!
It can be copied, without your noticing, but that doesn't make it
category b). It still is something you have, because everybody has
access to it when he's physically near to you. You can't just shut
up to make it stay secret.
Therefore, biometrics won't (ever) work as long as it's coupled with
other category a) stuff. A biometric dataset can possibly replace a
physical token, but it can NOT replace a PIN code.
I'm happy that this is once again demonstrated, with press coverage.
Marc
> Who has done wrong? Who should be sued?
Since the RIAA drone searched for music that RIAA owns copyright of, you
both now have a legitimate copy of it. Nobody should be sued.
It might have been different when the RIAA drone wasn't a RIAA employee
but a 3rd party company instead. According to my understanding of law
and moral, he (as a professional!) wouldn't be able to legitimately own
your file. So he would have infringed on copyrights, and you helped him.
As soon as RIAA authorizes that 3rd party company to rightfully download
music (in order to perform the task of finding music-sharers), the situation
reverts back to the first scenario. You both own a legal copy, and nobody
has done wrong.
Marc (music consumer, not a lawyer)
Obviously your internet provider got 100% of what you spent.