Do you reckon? Or maybe the Green party is talking about business use of Vista. Most businesses aren't on a two-year upgrade cycle and your kit would be relatively modern for them. Most business used to use a five-year cycle, although snce hardware passed the point that it handled basic office tasks ok the cycle length has increased. I don't think that the average PC from 5-7 years ago is going to handle Vista without an upgrade.
While this works the output can look a little like OCR sometimes. In some places pdftotxt has to reconstruct the text from glyphs (or strokepaths I can't remember which) and the conversion isn't perfect. Ligatures are a bitch as well.
A similar way to go is pdftops followed by some pstops magic to cut out obxs (like text columns) and then reformat them onto a new page. To the OP I wuold say:
Many other people have replied to argue about why DRM is bad, and nasty, and how the world should be one big happy copyright free place. Maybe it should, but I'm too pragmatic to believe that it will ever happen. You go over one of the key issues there quite well; without copyright how do we replace the market mechanism? So lets ignore that argument.
What you skip over completely (and it is the central thrust of the article) is not DRM, but how DRM is being implemented. If a company wants to protect its products with DRM, then I say go ahead. It will be broken, it's not a battle that can be won - but a copyright owner has the right to try. What really pisses me off is the attempt to cripple all computers to appease the "copyright industry".
Yes, my computer is capable of manipulating digital data in any way that I instruct it. To have that ability removed just in order to prop up a dying business model is a tragedy. Maybe 99% of the market does not care that their "computing rights" are being limited, but I do. I am personally offended that there is an attempt to restrict the programs that I can execute, that every processor in the world should have excpetions built in that are demanded by one particular application. Forced through by so called "trusted computing", signed binaries and a legal fallback for those of us that are able to remove this bullshit.
So by all means, prop up a dying business model with a rickety house of cards - but do not force every machine in the world to be crippled in order to keep the house standing.
That's probably what people said when Gates proclaimed IPTV in 1990, 1995, 2000 and 2007. That's the great thing about predictions, if you make them often enough they must come true...
I am sure they considered the approach, but just saying it was due to "cost" doesn't even begin to describe it. Really, I don't think it would even be possible. Even a high resolution 10-foot wide plot of a digital chip looks like a jumbled mess. Those things are automatically synthesized and routed. I've seen them and it's not pretty -- even the designer probably couldn't find the key by looking at the layout. If you think you'll see anything useful with an electron microscope, you are deluding yourself.
From Huang's paper:
The direct approach of decapping the MCPX southbridge ASIC was rejected be-cause this ASIC appears to be manufactured in a 0.13 process with perhaps 6 or 7 metal layers (gure 2). Extracting the bootblock from this ASIC would require a de- layering facility and access to an electron microscope. While there are companies such as Chipworks that specialize in these kinds of services, it is a difcult, expensive, and time-consuming task
It is possible, so I am not the one who is deluded on the subject.
I fail to see the basis for your assumptions. There is no reason for anyone to crack satellite or cable receivers and not tell anyone about it.
My memory may be off on this. I was pretty sure that I recalled seeing a talk from a student at Cambridge who had scraped the key directly out of the chip. The only references that I can find on google are for the bus snooping attack - so maybe I've remembered it wrongly.
There is no compelling reason that a "tamper-proof" chip cannot be broken. The only limit is how much it costs. The bus-snooping paper about the xbox mentions that taking the key directly was one considered approach that they didn't go with due to cost. The 7-layer process takes some specialised equipment to decode.
As for whether or not keys have been compromised in the wild - I would assume that they have been, and I would assume that the information has not been released publically. There is no reason to assume that they are secure. If it can be done, and there is a motive for some to do it...
I'd try it twice, with two different but supposedly uniform surfaces. I'll bet that the fluctuations in pixel intensities aren't uniform across both surfaces as they're not caused by a systematic bias in the CCD. Rather they are caused by random noise in the circuit.
If it turns out that there is a systematic bias (ie one that you can correct in the GIMP with a static image) then you would be best off taking a picture of something as black as you can make it. The inside of a bad should do. And then as light as you can make it (not really sure about this one - lighbulbs maybe). From the two masks you can make the image that you want without needs to make a perfect surface first.
ASICs are not expensive if you're designing a high-priced piece of consumer electroncis where you can absorb the cost into your fat generous margins. If you're aiming at the disc player market then you're competing against cheap imports. DVD players are now so cheap here that you can't give them away (about £30 last time I looked).
But we're not talking about a common ASIC for each player - you've twisted the GPs point. We're talking about a unique ASIC for each player, and making runs of 1 ASIC would be unimaginably expensive. Hence the FPGA route would need to be taken to avoid a single key across the players.
Reading keys off with a microscope has been done. That is how the 2048bit Xbox private key was compromised. Of course the gradstudent that did it couldn't tell anyone what it was, and had a Microsoft goon at each one of his seminars, but it still prooves that it can be done.
Nobody has ever made a tamper-proof device. There are many approximations on the market - things that will resist X amount of tampering before they fail, but any tamperproof box will fall to a determined adversary. When tamperproof casing are designed, the measure used is how much effort / cost can we force the adversary to use before they gain access.
The GPs point was that, by necessity, DRM requires unencrypted information to be hidden in plain sight. Furthermore, this "secret" is common. So there is a single point of attack in the system, which when breached compromises the entire system. This is his point with keys that yuo missed. DRM cannot work unless the the secret keys are available in plaintext. Hence the system is always screwed, by design.
For instance, "the simplest solution is usually the best" is vaguely similar to your "you shouldn't add more assumptions than you need", but not really the same thing at all.
After reading this a few times to check that I hadn't missed something I'm fairly sure that you're either wrong, or you're using some unstated, and uncommon assumptions about language.
However, Occam's Razor can be formalized. Bayesian Statistics allows us to do this, and furthermore the formalization tells us that one's definition of "simple" is not fixed, and the results of the use of the formal razor depend greatly on one's choice of "simple".
Anything can be formalised, but not every formalism has value. Everytime a program prefers a classifier or set of rules based on a size / performance tradeoff Occam's Razor is being invoked. It is only a "rule" in so much as it is a "rule of thumb", an ad-hoc heuristic for evaluating rival theories. As such a vague entity it could be modelled by many different formalisms, not all of which would have the same interpretations. To say that you can make conclusions about the meaning of "simple" as used is meaningless. Any formalism that creates a model describing the application of this rule of thumb could make different conclusions, so there is nothing to justify one particular conclusion as being valid.
Formalisms can only answer questions modulo the assumptions that we build into them. I always thought that the Bayesian approach and reality were very distant acquaintences. (Only my opinion, I don't mean any offence by that, as there are many different schools of thought on the subject).
You're assuming that the mail is being filtered at the client-end. I did state quite clearly that these spams are so easy to detect (ie the false positive rate is so low) that it can all be filtered upstream. Decent server-level spam detection should be able to identity the first message as spam, and then blacklist the sending ip address for a few hours.
I'd rather get one 200k message that I can identity with near 100% certainty as spam - than 200 1k messages with a 98% detection rate.
I don't see why image spam should be such a problem. While accurate OCR is difficult, detecting the presence of text in an image is quite easy. Given that 0% of images with text on them are genuine it shouldn't be hard for a spam filter to detect these messages and dump them. As long as the error-rate is low this can be done on the server, rather than the client and cut down on the bandwidth used.
The other problem is that while someone can learn how to think, it is very difficult to teach someone to think. A good engineer is one who understand why not to over-complicate the problem. People can be shown various sets of problems with a common theme, but it takes something from them to understand the connections.
As far as the NASA spacecraft goes... someone who understands the principles and applications of duct tape. Lots of duct tape...
I think the classic objection to string theory is not so much that it isn't true, but that it cannot be falsified.
That's incorrect. However, we do not know whether it can be falsified with experiments that we can perform in the foreseeable future.
You're not being very helpful there. If you mean that it's incorrect because it may be possible to falsify at some point in the future, then I already said that in a part of the reply that you didn't quote. If you meant something else then it would help if you explained yourself rather than just two words that say "you're wrong" without an explanation of why.
Sure, but science has avoided "truth" for a long time, and stuck to empiricism. What is falsifiable? It may not be a truth, in some deep sense, but it captures what we need to be pragmatic about describing reality. I think the classic objection to string theory is not so much that it isn't true, but that it cannot be falsified. Instead of making no predications about the universe it makes all possible predictions, and so it's always right and always wrong. In a very real sense it has become a religion in physics.
Of course, it may just be a passing phase, and at some point string theory may become refined enough to make falsifible predictions about reality, or not. The current state of things goes way beyond the standard pre-paradigmatic state of science. There are serious alarm bells ringing about whether or not string theory even is science.
In what sense is mini-ATX not targeted at the consumer PC market? Are you smoking real mellow crack over there? Do you think that media centers are aimed at the business market...
Shame you got moderated troll for this post. I disagree with what you've said, but you've made some interesting and thoughful points. Typical abuse of the slashdot moderation system.
Sadly the parent was right. I've been running Gentoo long enough to have to go through several forced profile changes (because every couple of years they become obsolete). At that point the config frosting needs some hand care to become compatible with the new kind. It's not terrible, but it's not automated either, and you need to poke a few things to be in the right place. Most distros don't have this problem because... when something that big changes they expect you to reinstall from scratch.
The first forced change was upgrading the 2.4 series kernel to 2.6, I can't remember when the second was but it was the same time that the portage tree got wedged by the Xorg upgrade (6.9->7.0). Both required a lot of low-level surgery to fix properly.
Like most things, when portage works correctly it is a dream. I don't do it, but I imagine that a crontab with emerge -u system would work pretty well. But on occasion it does blow, and you need to get your hands dirty fixing it. I guess the sick twisted part of me thinks that just makes Gentoo more fun...
OT Sidenote: Has anyone come across the SBA hack in the nvidia wodging itself to be on? It's supposed to be off by default, but I can't switch it off in my configuration, even after hacking the GPL wrapper for the driver.
They've gone about this entirely the wrong way. There is something to be said for limiting the sale of violent games to kids - but it's the same thing that needs to be said about violent movies, music and other forms of media. If they'd had the balls to go for consistent censorship of content according to violence... then it would still have been thrown out. But at least they would have had some moral authority when they lost, rather than their dubious claims that games require special treatment, and as a market side-effect they want to censor the games available to adults.
OK, I am a big fan of Gentoo and use it on all my boxes.... but this article is trash. It's not just the summary that is flamebait. The "reasons" for why Gentoo is superior to Fedora in the article are laughable. But the worst point, truely one of the worst tips that I've ever heard, is the idea that when the installation is too hard for a newbie they get can an "expert" to remotely install it for them on irc. Sure, tell people who don't know better than getting owned by a script-kiddie on irc is a reason to use Gentoo...
You've really missed the point here - as explained in the article, in the summary and in the post that you're replying to. The researchers pointed out when Chip'n'pin was introduced that what you've described is impossible. What you've posted is exactly their gripe with the system. The only difference is that they've sensibly suggested that this is a reason that we shouldn't use an authentication system where we give away information, whereas you've concluded that we're just stuffed and people should quit bitching.
If I type my PIN into a terminal everytime then the terminal knows my bank details and my PIN. The banks insisted that the boxes were tamperproof. As this article shows they are clearly not. The solution is not to build a tamper-proof box - it's to use a challenge-response protocol where you don't leak private information on every transation.
The ethic issues remain: can a foetus be taken in consideration separately from his/her amiotic fluid and umbilical cord? Well, once one is born and the other is on the delivery room floor I'd say that they can be taken separately...
The ironic part is that when I went to click on the link, the Geocities account was already dead. And yet I didn't need to read the page to understand that the author was a crank. That's the thing about intelligence that nobody has ever managed to capture to in a formal system.
Slashdot Mirror
Do you reckon? Or maybe the Green party is talking about business use of Vista. Most businesses aren't on a two-year upgrade cycle and your kit would be relatively modern for them. Most business used to use a five-year cycle, although snce hardware passed the point that it handled basic office tasks ok the cycle length has increased. I don't think that the average PC from 5-7 years ago is going to handle Vista without an upgrade.
Why would you need to burn an install image onto CD-R? Is this a windows things that nobody has told us poor linux users amount?
Wouldn't you prefer a nice game of chess?
While this works the output can look a little like OCR sometimes. In some places pdftotxt has to reconstruct the text from glyphs (or strokepaths I can't remember which) and the conversion isn't perfect. Ligatures are a bitch as well.
A similar way to go is pdftops followed by some pstops magic to cut out obxs (like text columns) and then reformat them onto a new page. To the OP I wuold say:
man pdftops
man pstops
As these tools are magic, and you will love them.
Many other people have replied to argue about why DRM is bad, and nasty, and how the world should be one big happy copyright free place. Maybe it should, but I'm too pragmatic to believe that it will ever happen. You go over one of the key issues there quite well; without copyright how do we replace the market mechanism? So lets ignore that argument.
What you skip over completely (and it is the central thrust of the article) is not DRM, but how DRM is being implemented. If a company wants to protect its products with DRM, then I say go ahead. It will be broken, it's not a battle that can be won - but a copyright owner has the right to try. What really pisses me off is the attempt to cripple all computers to appease the "copyright industry".
Yes, my computer is capable of manipulating digital data in any way that I instruct it. To have that ability removed just in order to prop up a dying business model is a tragedy. Maybe 99% of the market does not care that their "computing rights" are being limited, but I do. I am personally offended that there is an attempt to restrict the programs that I can execute, that every processor in the world should have excpetions built in that are demanded by one particular application. Forced through by so called "trusted computing", signed binaries and a legal fallback for those of us that are able to remove this bullshit.
So by all means, prop up a dying business model with a rickety house of cards - but do not force every machine in the world to be crippled in order to keep the house standing.
That's probably what people said when Gates proclaimed IPTV in 1990, 1995, 2000 and 2007. That's the great thing about predictions, if you make them often enough they must come true...
My memory may be off on this. I was pretty sure that I recalled seeing a talk from a student at Cambridge who had scraped the key directly out of the chip. The only references that I can find on google are for the bus snooping attack - so maybe I've remembered it wrongly.
There is no compelling reason that a "tamper-proof" chip cannot be broken. The only limit is how much it costs. The bus-snooping paper about the xbox mentions that taking the key directly was one considered approach that they didn't go with due to cost. The 7-layer process takes some specialised equipment to decode.
As for whether or not keys have been compromised in the wild - I would assume that they have been, and I would assume that the information has not been released publically. There is no reason to assume that they are secure. If it can be done, and there is a motive for some to do it...
I'd try it twice, with two different but supposedly uniform surfaces. I'll bet that the fluctuations in pixel intensities aren't uniform across both surfaces as they're not caused by a systematic bias in the CCD. Rather they are caused by random noise in the circuit.
If it turns out that there is a systematic bias (ie one that you can correct in the GIMP with a static image) then you would be best off taking a picture of something as black as you can make it. The inside of a bad should do. And then as light as you can make it (not really sure about this one - lighbulbs maybe). From the two masks you can make the image that you want without needs to make a perfect surface first.
ASICs are not expensive if you're designing a high-priced piece of consumer electroncis where you can absorb the cost into your fat generous margins. If you're aiming at the disc player market then you're competing against cheap imports. DVD players are now so cheap here that you can't give them away (about £30 last time I looked).
But we're not talking about a common ASIC for each player - you've twisted the GPs point. We're talking about a unique ASIC for each player, and making runs of 1 ASIC would be unimaginably expensive. Hence the FPGA route would need to be taken to avoid a single key across the players.
Reading keys off with a microscope has been done. That is how the 2048bit Xbox private key was compromised. Of course the gradstudent that did it couldn't tell anyone what it was, and had a Microsoft goon at each one of his seminars, but it still prooves that it can be done.
Nobody has ever made a tamper-proof device. There are many approximations on the market - things that will resist X amount of tampering before they fail, but any tamperproof box will fall to a determined adversary. When tamperproof casing are designed, the measure used is how much effort / cost can we force the adversary to use before they gain access.
The GPs point was that, by necessity, DRM requires unencrypted information to be hidden in plain sight. Furthermore, this "secret" is common. So there is a single point of attack in the system, which when breached compromises the entire system. This is his point with keys that yuo missed. DRM cannot work unless the the secret keys are available in plaintext. Hence the system is always screwed, by design.
After reading this a few times to check that I hadn't missed something I'm fairly sure that you're either wrong, or you're using some unstated, and uncommon assumptions about language.
Anything can be formalised, but not every formalism has value. Everytime a program prefers a classifier or set of rules based on a size / performance tradeoff Occam's Razor is being invoked. It is only a "rule" in so much as it is a "rule of thumb", an ad-hoc heuristic for evaluating rival theories. As such a vague entity it could be modelled by many different formalisms, not all of which would have the same interpretations. To say that you can make conclusions about the meaning of "simple" as used is meaningless. Any formalism that creates a model describing the application of this rule of thumb could make different conclusions, so there is nothing to justify one particular conclusion as being valid.
Formalisms can only answer questions modulo the assumptions that we build into them. I always thought that the Bayesian approach and reality were very distant acquaintences. (Only my opinion, I don't mean any offence by that, as there are many different schools of thought on the subject).
You're assuming that the mail is being filtered at the client-end. I did state quite clearly that these spams are so easy to detect (ie the false positive rate is so low) that it can all be filtered upstream. Decent server-level spam detection should be able to identity the first message as spam, and then blacklist the sending ip address for a few hours.
I'd rather get one 200k message that I can identity with near 100% certainty as spam - than 200 1k messages with a 98% detection rate.
I don't see why image spam should be such a problem. While accurate OCR is difficult, detecting the presence of text in an image is quite easy. Given that 0% of images with text on them are genuine it shouldn't be hard for a spam filter to detect these messages and dump them. As long as the error-rate is low this can be done on the server, rather than the client and cut down on the bandwidth used.
The other problem is that while someone can learn how to think, it is very difficult to teach someone to think. A good engineer is one who understand why not to over-complicate the problem. People can be shown various sets of problems with a common theme, but it takes something from them to understand the connections.
... someone who understands the principles and applications of duct tape. Lots of duct tape...
As far as the NASA spacecraft goes
Thanks, that makes a lot more sense.
You're not being very helpful there. If you mean that it's incorrect because it may be possible to falsify at some point in the future, then I already said that in a part of the reply that you didn't quote. If you meant something else then it would help if you explained yourself rather than just two words that say "you're wrong" without an explanation of why.
Sure, but science has avoided "truth" for a long time, and stuck to empiricism. What is falsifiable? It may not be a truth, in some deep sense, but it captures what we need to be pragmatic about describing reality. I think the classic objection to string theory is not so much that it isn't true, but that it cannot be falsified. Instead of making no predications about the universe it makes all possible predictions, and so it's always right and always wrong. In a very real sense it has become a religion in physics.
Of course, it may just be a passing phase, and at some point string theory may become refined enough to make falsifible predictions about reality, or not. The current state of things goes way beyond the standard pre-paradigmatic state of science. There are serious alarm bells ringing about whether or not string theory even is science.
In what sense is mini-ATX not targeted at the consumer PC market? Are you smoking real mellow crack over there? Do you think that media centers are aimed at the business market...
Shame you got moderated troll for this post. I disagree with what you've said, but you've made some interesting and thoughful points. Typical abuse of the slashdot moderation system.
Sadly the parent was right. I've been running Gentoo long enough to have to go through several forced profile changes (because every couple of years they become obsolete). At that point the config frosting needs some hand care to become compatible with the new kind. It's not terrible, but it's not automated either, and you need to poke a few things to be in the right place. Most distros don't have this problem because ... when something that big changes they expect you to reinstall from scratch.
The first forced change was upgrading the 2.4 series kernel to 2.6, I can't remember when the second was but it was the same time that the portage tree got wedged by the Xorg upgrade (6.9->7.0). Both required a lot of low-level surgery to fix properly.
Like most things, when portage works correctly it is a dream. I don't do it, but I imagine that a crontab with emerge -u system would work pretty well. But on occasion it does blow, and you need to get your hands dirty fixing it. I guess the sick twisted part of me thinks that just makes Gentoo more fun...
OT Sidenote: Has anyone come across the SBA hack in the nvidia wodging itself to be on? It's supposed to be off by default, but I can't switch it off in my configuration, even after hacking the GPL wrapper for the driver.
They've gone about this entirely the wrong way. There is something to be said for limiting the sale of violent games to kids - but it's the same thing that needs to be said about violent movies, music and other forms of media. If they'd had the balls to go for consistent censorship of content according to violence ... then it would still have been thrown out. But at least they would have had some moral authority when they lost, rather than their dubious claims that games require special treatment, and as a market side-effect they want to censor the games available to adults.
OK, I am a big fan of Gentoo and use it on all my boxes .... but this article is trash. It's not just the summary that is flamebait. The "reasons" for why Gentoo is superior to Fedora in the article are laughable. But the worst point, truely one of the worst tips that I've ever heard, is the idea that when the installation is too hard for a newbie they get can an "expert" to remotely install it for them on irc. Sure, tell people who don't know better than getting owned by a script-kiddie on irc is a reason to use Gentoo...
You've really missed the point here - as explained in the article, in the summary and in the post that you're replying to. The researchers pointed out when Chip'n'pin was introduced that what you've described is impossible. What you've posted is exactly their gripe with the system. The only difference is that they've sensibly suggested that this is a reason that we shouldn't use an authentication system where we give away information, whereas you've concluded that we're just stuffed and people should quit bitching.
If I type my PIN into a terminal everytime then the terminal knows my bank details and my PIN. The banks insisted that the boxes were tamperproof. As this article shows they are clearly not. The solution is not to build a tamper-proof box - it's to use a challenge-response protocol where you don't leak private information on every transation.
The ironic part is that when I went to click on the link, the Geocities account was already dead. And yet I didn't need to read the page to understand that the author was a crank. That's the thing about intelligence that nobody has ever managed to capture to in a formal system.