And beyond that, the users that use Linux are likely far less interesting to the NSA than they like to tell themselves to be.
Every large financial institution in the country uses Linux on their servers.
Linux on the desktop? Mostly geeks. Linux on servers? Everywhere you look! Of course, that's also where the fun data that the NSA cares about also happens to be, on the servers...
Actually, while most people probably don't have a 'severe' gluten allergy, there is a theory that our bodies aren't particularly well adapted to process gluten in general. Given the millions of years of evolutionary development and the relatively short timeframe that we've been eating grains, it stands to reason that peanuts and gluten aren't particularly healthy for us.
Personally around 6 months ago I switched to a paleo diet and have noticed significant improvements in my health, including less gastric distress. I had been previously tested and confirmed to *not* have any allergies, but I can attest that going gluten free has still had very real quality of life health benefits.
It really depends on the industry you work in (no, IT is *not* an industry).
For example, the financial services industry is incredibly incestuous and there is an extensive network. Most people know several people at every other big shop on the street and it's extremely likely that when you are interviewing for a new role, there will be someone who knows someone at your prior company and will get an informal reference.
Staying on good terms with co-workers is essential in this industry as any reputation you get (especially bad) *will* get around and follow you till you switch industries.
There is a very valid reason for private citizens to possess automatic weapons. Read the second amendment:
"A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed."
How can we be considered a 'well regulated militia', capable of ensuring the security of a free state, if we don't have access to the same weapons that those who seek to deny our freedoms have?
The whole point to the second amendment is to ensure that we the people can overthrow the government if enough of us agree it needs to be done. Just like we did back during the revolutionary war.
I work in the financial industry, and this issue caused significant disruption to trading floors throughout Wall Street. Traders are generally quite upset with McAfee right now, so it makes sense that their stock is dropping:)
If you pre-order the special Digital Deluxe Edition (http://atari.com/games/startrek_online_digital_deluxe_ed/download) one of the bonus features is:
Exclusive “KHAAAN!” Emote (in-game item): An unforgettable moment from the second Star Trek Film. This exclusive emote allows players to relive Kirk’s unforgettable moment of fury, with the timeless cry “KHAAAN!”
True. A zero-day vulnerability is one that is found the same date the program is released. So unless these extensions are all brand new, these are not 0-day incidents.
Or maybe you're into medieval fantasy? Well, exactly which of WoW's (or EQ2's, or whatever) quests would be great fun to watch on TV? Using WoW as an example, I could see the whole Defias Brotherhood story-arc done as episodic TV. No, you don't just "put a camera" on a group of PC's doing the quests, but the storyline is fairly in-depth and complex enough to make a decent show.
Or, using EQ as an example, take the Cleric Epic quest (Epic 1.0). Again, the show would need to focus on the storyline, not the "omg, I sat in Sol-A killing goblins over and over for 72 hours straight before Lord Gimblax spawned" farm-factor.
Most MMOs have some fairly cool story-arcs in them. Some better than others, but my take on the article is that the TV show would focus on the story-arcs, and not just be a televised gaming session.
Done right (with in-game events dictating the ultimate outcome of various story-arcs) I could see this being a pretty big hit.
Except they aren't only looking at the physical location of the machines. They are basically merging both network and physical location to come up with a hybrid location mapping that provides the lowest latency route.
From the FAQ: Does this really work? In a paper pending publication, we show that our lightweight approach significantly reduces cross-ISP traffic and over 33% of the time it selects peers along paths that are within a single autonomous system (AS). Further, we find that our system locates peers along paths that have two orders of magnitude lower latency and 30% lower loss rates than those picked at random, and that these high-quality paths can lead to significant improvements in transfer rates.
Also, HD-DVD has an overlay layer so they can do some neat things with running special features in Picture in picture or sliding menus up on top of the movie so you can browse around without pausing the movie or having to go to a "root" menu.
Blu-Ray 1.0 spec (which every player supports) includes Sliding (pop-up) menus. Not all Blu-Ray discs include the functionality, but MOST do. PiP via dual streams is supported in 1.1 Spec, which all PS3s and several of the newer players support. Older players are mostly upgradable via firmware to 1.1 conformance. In the very few cases where an older player can't be upgraded to the 1.1 spec, the movies are still playable, you just don't get the PiP content.
Both formats have slow booting players right now though. When you turn on your HD or Blu-Ray player, it will be at around a minute and a half before you are watching the movie because of how slow the players are to first boot up, then to actually load the movie.
Actually, my PS3 is 'always on'. I reboot it whenever there is a firmware update, but thats it. It loads and launches Blu-Ray movies as fast as a standard DVD spins up. I've never experienced 2+ min load times (commonly reported for HD DVD players) with my PS3, period.
the cheapest blu-ray player is the PS3 at $400 and it doesn't have all of the same level of functionality as a high-end stand-alone player would.
Wrong. The PS3 actually is one of the best Blu-Ray players. It supports 1080p24, TrueHD etc. This is actually why stand-alone Blu-Ray player sales are so low. The PS3 is a better Blu-Ray player than most of them, and is also the least expensive. Even though studies show that only 20% of PS3 owners know it can play Blu-Ray movies, it still is true that many Blu-Ray supports use a PS3 as their primary Blu-Ray player.
Why isn't there a big uproar regarding the Sims 2 no censor patches that are available?
Hell, you can even get re-skins that add anatomically correct genetalia to the Sims and a nudity patch that can be used to make your Sims run around naked all the time.
The no-censor patch is pretty much the same as the Hot Coffee issue. ie: both patches simply unlock images already contained in the shipping game.
The re-skins are a different issue, since they actually replace the "barbie doll" style nudes that ship with the game with more graphic skins (however, the base nudes shipped with the Sims2 are much more detailed than the images in Hot Coffee)
The whole "Hot Coffee" debacle is a crock of shit. If Sims 2 was as popular as GTA:SA, I'm sure we'd be reading about suing Maxis over the decensor patch instead. But since it's not, there isn't an uproar.
"The device will help mobile phone users charge their phones while travelling in a bus, a car or a train. All they need to do is -- place the turbine against the wind flow. It will use wind energy to move the turbine thereby generating energy," he said.
Or, you could simply plug your phone into the cigarette lighter and charge it with electricty generated by the vehicle you are travelling in.
It sounded to me like this requires a relatively high volume of air movement to generate the electricity, certainly more than simply "blowing on the turbine" would produce.
For cyclists, it's probably better to use a wheel attached generator (such as those used to power bike headlights)
Games like Everquest, EQ2, WoW, Anarchy Online, etc do not require the CD to be in the drive during play.
What they do instead is use "one-time only" account keys. When you purchase a retail box (or an expansion) you are really buying the account key and thats it. The rest of the stuff in the box is fluff and unnecessary.
If I want to play EQ2, all I need is a copy of my buddie's EQ2 installation and an unused account key (say, one I copied down off the manual out of a box I opened in the store when no one was looking)
Thats the catch though. Account keys are only usable one time. You can create one, and only one, account with an account key. End of story.
SOE (Everquest, EQ2) at least makes this clear in their EULA and on the box.
This is the ultimate in copy protection, since they basically let you copy the game all you want. Want to install EQ on your dad's computer, your laptop, your work PC? Go right ahead. SOE won't care.
However, you can still only log in and use your account (linked to the account key) from one machine at any given time. Heck, SOE even takes advantage of this by encouraging people to install EQ2 on a friends PC, so they can use "Isle of Refuge" freebee demo account keys to gain trial access to the game (hopefully snaring such people into paying to upgrade to a full account later)
Account Keys are the only thing of actual value being sold when you purchase WoW, EQ2, EQ, etc.
These online games are worthless without an active account, and the gaming companies want to make sure they get their one-time purchase fee, plus recuring subscription charges, from everyone who plays the game. Subscription charges alone aren't good enough.
Really it's simply a service model with a sign-up fee in addition to the subscription fee. Heck, SOE has, in recent years, gone the route of entirely digital distribution of expansions (not sure why they didn't offer digital only versions of EQ2 itself, but they say that expansions for EQ2 will be available digital only, just like they have been for EQ1)
Don't pay for anything that doesn't include a "never before used" account key, otherwise, you aren't getting anything for your money.
From reading the article, it really just sounds like they are talking about ideas that Raster and co. have been long advocating (and developing) in Enlightenment DR17.
Granted, Enlightenment is a window manager that lives on top of the existing X protocol, but nearly every single piece of 'eye-candy' this guy mentions is already do-able in E17.
Since taking advantage of these new toys would require a new theme system, Havoc and I have been talking about how a very different theme / widget rendering system might work with this that allows for custom design of any window, widget, or anything in between. One of the things us designers have been experimenting with behind closed doors is what you can do with a window's design when its not drawn out of a bunch of stock widgets but you have a freer hand.
Don't get me wrong, the things Seth describes sound cool, but the way he describes it makes it sound like they're the only ones with these ideas, when in fact Enlightenment 17 is already enabling most of what he mentions in this article. Sure, it's not a "production" release yet, but DR17 is certainly usable today, and has most of the features he mentions.
Heck, some things Seth talks about (Live window thumbnails) have been available in Enlightenment for quite some time (I know DR16 has them, and maybe earlier versions as well)
> No game or hobby that requires dozens of hours per week to achieve and kind of success is ever very popular. Life is too full things to do.
I guess you've never heard of Everquest?
Five+ years and still going strong with over 400,000 subscribers.
To "achieve success" in EverQuest, the top guilds (ie: the successful guilds) raid ~5 hours a night, 5+ days a week (ie: avg 25 hours a week, which qualifies as "dozens")
But it's not very popular....
And thats just a game example, you included "hobby" as well.
I can think of many hobbies that are very popular, and also require dozens of hours a week to be "successful" at. Open Source software, anyone? Model Railroading? Quilting? Hell what about "Prime Time Television Watching"? Now there's a hobby that millions spend 40+ hours a week doing, but I guess it's not popular.
i.E. in Baldurs Gate 2 I activated the console to be able to teleport from one point on the map to another. I never used it for anything else and the only reason I use it is because it is boring, once you have explored a map, to wait for your characters to crossing it.
You answered your own question. Why spend hours sitting at my keyboard clicking my mouse to move two blocks of ore and a flask of water into the forge and hitting "combine" to make metal bits? I already have explored this recipe, and manualy doing it is boring after the first few attempts.
However, the only way to increase tradeskills in EQ is to repeat this boring process for hours on end.
Note: I am not advocating cheating or macro'ing. I am simply trying to help Lightweave understand the simelarities between his "acceptable" cheating, and those who may endulge in other forms of cheating.
Thing is, hackSDMI is holding all the eggs. The contest was rigged from the start, which is why I attacked Technology A and then stopped.
It's pretty funny actually. They give you some files, two are the "Same" one with watermark, one without, then a third with the watermark, and ya gotta remove the watermark from the third and send it in. So I did that. Pretty damn sure I removed the watermark... Sent it in. Ya know what I got... here you go:
--- Begin Quote ---
Dear hacksdmi@cyberdeck.org:
Thank you for taking part in the open public challenge of proposed Secure Digital Music Initiative (SDMI) technologies. We have received your submission, and we appreciate the enthusiasm with which you have responded.
However, we were unable to process this submission because:
Status message: N/A
Score: 0.889
Remark: The watermark was not completely removed.
Please refer to the guidelines at www.hacksdmi.org for details about the requirements.
You are invited to resubmit a new proposal prior to the closing date of this challenge.
Your participation in this historic challenge is appreciated, and even if you do not resubmit, please be assured that your enthusiasm and participation have helped us as we all work together to develop the digital music economy.
--- End Quote ---
That was in response to my first attempt...
So I got a score of 88.9% Does this mean I removed 88.9% of the watermark? or that I removed 11.1%? or is it even a percentage? Does it mean a damn thing at all? Hell no. Also, if SDMI devices are so picky that 11.1% of a "watermark" is enough to cause them to not play a song, dont you think that will cause a ton of "false positives" ??? Pretty lame sounding to me...
I got no less than 8... yes EIGHT copies of this letter from them. Talk about a spamfest.
Actually, I got 2 copies of the.889 letter, then six (6) copies of the following letter:
--- Begin Quote ---
Dear hacksdmi@cyberdeck.org:
Thank you for taking part in the open public challenge of proposed Secure Digital Music Initiative (SDMI) technologies. We appreciate your interest, the time you invested in this effort and the creativity you applied to this project.
Unfortunately, our analysis indicates that your challenge did not succeed. As you may recall, in order to be successful an effort had to disable the proposed copyright protection system without adversely affecting the underlying music. Your effort was not able to meet these tests.
Nonetheless, we appreciate your interest in this challenge. Your efforts as well as the efforts of other potential challengers have helped us tremendously, and we thank you very much for your hard work.
--- End Quote ---
Herm, they say that they have analysed my submission. So, what are these 450 submissions that are still being analysed? Those must be the ones that really DID "hack" SDMI... hehe Someone somewhere is lying...
Now, talk about "plausible deniability" They simply send out the same form letter to EVERYONE who submits anything. Then they NEVER admit that anyone "hacked" it. Of course, I bet they where ALL cracked. Will HackSDMI ever admit it? NO of course not, then they have no product to sell. And then, when SDMI compliant devices come out, and they are worthless, cause all the hacks DO work, the joke will be on them.
"how do you encrypt likely passphrases to compare them with/etc/passwd?"
run them through crypt()...
crypt() takes two parameters, a plaintext string, and a two character "salt".. the salt is used to initialize the encryption routines. The output of crypt is the salt, plus the encrypted text. When you start encrypting your keys to match them, you must use the same salt... So if your password is:
NH2NmP/9Jd6IM
Then what you have is "NH" as a salt, and "2NmP/9Jd6IM" as the encrypted password. So if you have a list of keys, you run them through crypt() like: crypt("keyone", "NH"); which will generate something like "NHJxbV4QivKyE" (which doesn't match... so you try a new key.. etc)
For example, if all the passwords are in a file called "passwords" and all the likely passphrases are in a file called "keys" the following perl script will run what is called a "dictionary" attack on them...
open (KEYS, ") {
chomp($key);
$salt = $l[rand(0)*52] . $l[rand(0)*52];
print (crypt($key, $salt), "\n");
}
close (KEYS);
#---End Perl Code---#
run it like:
crypt.pl > passwords
now you will have a keyfile "keys" and a password file "passwords" then you can run decrypt.pl and see that it finds all the keys... then delete some files from keys, etc, to see how it only finds the true matches...
Slashdot Mirror
And beyond that, the users that use Linux are likely far less interesting to the NSA than they like to tell themselves to be.
Every large financial institution in the country uses Linux on their servers.
Linux on the desktop? Mostly geeks. Linux on servers? Everywhere you look! Of course, that's also where the fun data that the NSA cares about also happens to be, on the servers...
Actually, while most people probably don't have a 'severe' gluten allergy, there is a theory that our bodies aren't particularly well adapted to process gluten in general. Given the millions of years of evolutionary development and the relatively short timeframe that we've been eating grains, it stands to reason that peanuts and gluten aren't particularly healthy for us.
Personally around 6 months ago I switched to a paleo diet and have noticed significant improvements in my health, including less gastric distress. I had been previously tested and confirmed to *not* have any allergies, but I can attest that going gluten free has still had very real quality of life health benefits.
It really depends on the industry you work in (no, IT is *not* an industry).
For example, the financial services industry is incredibly incestuous and there is an extensive network. Most people know several people at every other big shop on the street and it's extremely likely that when you are interviewing for a new role, there will be someone who knows someone at your prior company and will get an informal reference.
Staying on good terms with co-workers is essential in this industry as any reputation you get (especially bad) *will* get around and follow you till you switch industries.
You don't have to use iTunes to transfer music from your computer to the device, for any apple device including the iPhone 5.
Personally I use MediaMonkey and it is vastly superior to iTunes in every way.
Because there isn't a vary large overlap between 'space tourist' and 'author'?
There is a very valid reason for private citizens to possess automatic weapons. Read the second amendment:
"A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed."
How can we be considered a 'well regulated militia', capable of ensuring the security of a free state, if we don't have access to the same weapons that those who seek to deny our freedoms have?
The whole point to the second amendment is to ensure that we the people can overthrow the government if enough of us agree it needs to be done. Just like we did back during the revolutionary war.
MediaMonkey works significantly better than iTunes, strongly recommended.
I work in the financial industry, and this issue caused significant disruption to trading floors throughout Wall Street. Traders are generally quite upset with McAfee right now, so it makes sense that their stock is dropping :)
This is just EA creating an Evony clone and trying to cash in on the Ultima franchise. Pathetic really.
You can....
If you pre-order the special Digital Deluxe Edition (http://atari.com/games/startrek_online_digital_deluxe_ed/download) one of the bonus features is:
Exclusive “KHAAAN!” Emote (in-game item): An unforgettable moment from the second Star Trek Film. This exclusive emote allows players to relive Kirk’s unforgettable moment of fury, with the timeless cry “KHAAAN!”
True. A zero-day vulnerability is one that is found the same date the program is released. So unless these extensions are all brand new, these are not 0-day incidents.
Neil Stephenson's Anatham spends quite a bit of time examining exactly this question.
Highly recommended reading, reminiscent of Cryptonomicon rather than the Baroque Cycle.
Or, using EQ as an example, take the Cleric Epic quest (Epic 1.0). Again, the show would need to focus on the storyline, not the "omg, I sat in Sol-A killing goblins over and over for 72 hours straight before Lord Gimblax spawned" farm-factor.
Most MMOs have some fairly cool story-arcs in them. Some better than others, but my take on the article is that the TV show would focus on the story-arcs, and not just be a televised gaming session.
Done right (with in-game events dictating the ultimate outcome of various story-arcs) I could see this being a pretty big hit.
Except they aren't only looking at the physical location of the machines. They are basically merging both network and physical location to come up with a hybrid location mapping that provides the lowest latency route.
From the FAQ:
Does this really work? In a paper pending publication, we show that our lightweight approach significantly reduces cross-ISP traffic and over 33% of the time it selects peers along paths that are within a single autonomous system (AS). Further, we find that our system locates peers along paths that have two orders of magnitude lower latency and 30% lower loss rates than those picked at random, and that these high-quality paths can lead to significant improvements in transfer rates.
There is nothing for the ISP to install (RTFM?)
Blu-Ray 1.0 spec (which every player supports) includes Sliding (pop-up) menus. Not all Blu-Ray discs include the functionality, but MOST do. PiP via dual streams is supported in 1.1 Spec, which all PS3s and several of the newer players support. Older players are mostly upgradable via firmware to 1.1 conformance. In the very few cases where an older player can't be upgraded to the 1.1 spec, the movies are still playable, you just don't get the PiP content.
Actually, my PS3 is 'always on'. I reboot it whenever there is a firmware update, but thats it. It loads and launches Blu-Ray movies as fast as a standard DVD spins up. I've never experienced 2+ min load times (commonly reported for HD DVD players) with my PS3, period.
Wrong. The PS3 actually is one of the best Blu-Ray players. It supports 1080p24, TrueHD etc. This is actually why stand-alone Blu-Ray player sales are so low. The PS3 is a better Blu-Ray player than most of them, and is also the least expensive. Even though studies show that only 20% of PS3 owners know it can play Blu-Ray movies, it still is true that many Blu-Ray supports use a PS3 as their primary Blu-Ray player.
Why isn't there a big uproar regarding the Sims 2 no censor patches that are available?
Hell, you can even get re-skins that add anatomically correct genetalia to the Sims and a nudity patch that can be used to make your Sims run around naked all the time.
The no-censor patch is pretty much the same as the Hot Coffee issue. ie: both patches simply unlock images already contained in the shipping game.
The re-skins are a different issue, since they actually replace the "barbie doll" style nudes that ship with the game with more graphic skins (however, the base nudes shipped with the Sims2 are much more detailed than the images in Hot Coffee)
The whole "Hot Coffee" debacle is a crock of shit. If Sims 2 was as popular as GTA:SA, I'm sure we'd be reading about suing Maxis over the decensor patch instead. But since it's not, there isn't an uproar.
Or, you could simply plug your phone into the cigarette lighter and charge it with electricty generated by the vehicle you are travelling in.
It sounded to me like this requires a relatively high volume of air movement to generate the electricity, certainly more than simply "blowing on the turbine" would produce.
For cyclists, it's probably better to use a wheel attached generator (such as those used to power bike headlights)
Games like Everquest, EQ2, WoW, Anarchy Online, etc do not require the CD to be in the drive during play.
What they do instead is use "one-time only" account keys. When you purchase a retail box (or an expansion) you are really buying the account key and thats it. The rest of the stuff in the box is fluff and unnecessary.
If I want to play EQ2, all I need is a copy of my buddie's EQ2 installation and an unused account key (say, one I copied down off the manual out of a box I opened in the store when no one was looking)
Thats the catch though. Account keys are only usable one time. You can create one, and only one, account with an account key. End of story.
SOE (Everquest, EQ2) at least makes this clear in their EULA and on the box.
This is the ultimate in copy protection, since they basically let you copy the game all you want. Want to install EQ on your dad's computer, your laptop, your work PC? Go right ahead. SOE won't care.
However, you can still only log in and use your account (linked to the account key) from one machine at any given time. Heck, SOE even takes advantage of this by encouraging people to install EQ2 on a friends PC, so they can use "Isle of Refuge" freebee demo account keys to gain trial access to the game (hopefully snaring such people into paying to upgrade to a full account later)
Account Keys are the only thing of actual value being sold when you purchase WoW, EQ2, EQ, etc.
These online games are worthless without an active account, and the gaming companies want to make sure they get their one-time purchase fee, plus recuring subscription charges, from everyone who plays the game. Subscription charges alone aren't good enough.
Really it's simply a service model with a sign-up fee in addition to the subscription fee. Heck, SOE has, in recent years, gone the route of entirely digital distribution of expansions (not sure why they didn't offer digital only versions of EQ2 itself, but they say that expansions for EQ2 will be available digital only, just like they have been for EQ1)
Don't pay for anything that doesn't include a "never before used" account key, otherwise, you aren't getting anything for your money.
Granted, Enlightenment is a window manager that lives on top of the existing X protocol, but nearly every single piece of 'eye-candy' this guy mentions is already do-able in E17.
Sounds just like the themeing system in E17 to me... http://enlightenment.org/pages/systems.html
Don't get me wrong, the things Seth describes sound cool, but the way he describes it makes it sound like they're the only ones with these ideas, when in fact Enlightenment 17 is already enabling most of what he mentions in this article. Sure, it's not a "production" release yet, but DR17 is certainly usable today, and has most of the features he mentions.
Heck, some things Seth talks about (Live window thumbnails) have been available in Enlightenment for quite some time (I know DR16 has them, and maybe earlier versions as well)
> No game or hobby that requires dozens of hours per week to achieve and kind of success is ever very popular. Life is too full things to do.
I guess you've never heard of Everquest?
Five+ years and still going strong with over 400,000 subscribers.
To "achieve success" in EverQuest, the top guilds (ie: the successful guilds) raid ~5 hours a night, 5+ days a week (ie: avg 25 hours a week, which qualifies as "dozens")
But it's not very popular....
And thats just a game example, you included "hobby" as well.
I can think of many hobbies that are very popular, and also require dozens of hours a week to be "successful" at. Open Source software, anyone? Model Railroading? Quilting? Hell what about "Prime Time Television Watching"? Now there's a hobby that millions spend 40+ hours a week doing, but I guess it's not popular.
You answered your own question. Why spend hours sitting at my keyboard clicking my mouse to move two blocks of ore and a flask of water into the forge and hitting "combine" to make metal bits? I already have explored this recipe, and manualy doing it is boring after the first few attempts.
However, the only way to increase tradeskills in EQ is to repeat this boring process for hours on end.
Note: I am not advocating cheating or macro'ing. I am simply trying to help Lightweave understand the simelarities between his "acceptable" cheating, and those who may endulge in other forms of cheating.
One question: Can it run mpeg123 from a console and stream MP3's from my http server via the add-on network adaptor, or is it too slow for even that?
If so, I'm there! I've been looking for a nice, easy, no-soldering required, streaming MP3 player in my living room... This might just fit the bill!
Thing is, hackSDMI is holding all the eggs. The contest was rigged from the start, which is why I attacked Technology A and then stopped.
.889 letter, then six (6) copies of the following letter:
It's pretty funny actually. They give you some files, two are the "Same" one with watermark, one without, then a third with the watermark, and ya gotta remove the watermark from the third and send it in. So I did that. Pretty damn sure I removed the watermark... Sent it in. Ya know what I got... here you go:
--- Begin Quote ---
Dear hacksdmi@cyberdeck.org:
Thank you for taking part in the open public challenge of proposed Secure Digital Music Initiative (SDMI) technologies. We have received your submission, and we appreciate the enthusiasm with which you have responded.
However, we were unable to process this submission because:
Status message: N/A
Score: 0.889
Remark: The watermark was not completely removed.
Please refer to the guidelines at www.hacksdmi.org for details about the requirements.
You are invited to resubmit a new proposal prior to the closing date of this challenge.
Your participation in this historic challenge is appreciated, and even if you do not resubmit, please be assured that your enthusiasm and participation have helped us as we all work together to develop the digital music economy.
--- End Quote ---
That was in response to my first attempt...
So I got a score of 88.9% Does this mean I removed 88.9% of the watermark? or that I removed 11.1%? or is it even a percentage? Does it mean a damn thing at all? Hell no. Also, if SDMI devices are so picky that 11.1% of a "watermark" is enough to cause them to not play a song, dont you think that will cause a ton of "false positives" ??? Pretty lame sounding to me...
I got no less than 8... yes EIGHT copies of this letter from them. Talk about a spamfest.
Actually, I got 2 copies of the
--- Begin Quote ---
Dear hacksdmi@cyberdeck.org:
Thank you for taking part in the open public challenge of proposed Secure Digital Music Initiative (SDMI) technologies. We appreciate your interest, the time you invested in this effort and the creativity you applied to this project.
Unfortunately, our analysis indicates that your challenge did not succeed. As you may recall, in order to be successful an effort had to disable the proposed copyright protection system without adversely affecting the underlying music. Your effort was not able to meet these tests.
Nonetheless, we appreciate your interest in this challenge. Your efforts as well as the efforts of other potential challengers have helped us tremendously, and we thank you very much for your hard work.
--- End Quote ---
Herm, they say that they have analysed my submission. So, what are these 450 submissions that are still being analysed? Those must be the ones that really DID "hack" SDMI... hehe Someone somewhere is lying...
Now, talk about "plausible deniability" They simply send out the same form letter to EVERYONE who submits anything. Then they NEVER admit that anyone "hacked" it. Of course, I bet they where ALL cracked. Will HackSDMI ever admit it? NO of course not, then they have no product to sell. And then, when SDMI compliant devices come out, and they are worthless, cause all the hacks DO work, the joke will be on them.
"how do you encrypt likely passphrases to compare them with /etc/passwd?"
.. the salt is used to initialize the encryption routines. The output of crypt is the salt, plus the encrypted text. When you start encrypting your keys to match them, you must use the same salt... So if your password is:
/^(\S\S)/ and $salt = $1;
run them through crypt()...
crypt() takes two parameters, a plaintext string, and a two character "salt"
NH2NmP/9Jd6IM
Then what you have is "NH" as a salt, and "2NmP/9Jd6IM" as the encrypted password. So if you have a list of keys, you run them through crypt() like: crypt("keyone", "NH"); which will generate something like "NHJxbV4QivKyE" (which doesn't match... so you try a new key.. etc)
For example, if all the passwords are in a file called "passwords" and all the likely passphrases are in a file called "keys" the following perl script will run what is called a "dictionary" attack on them...
#---Begin Perl Code---#
#decrypt.pl
#!/usr/local/bin/perl
open(PASS,") {
chomp($pswd);
open (KEYS, ") {
chomp($key);
$pswd =~
if (crypt($key, $salt) eq $pswd) {
print ("Found one!\n$key encrypted is $pswd\n");
}
}
close(KEYS);
}
close(PASS);
#---End Perl Code---#
If you wanna test this with known passwords/keys, do the following:
make a file called "keys"
put a bunch of words in it, one to a line, like so:
mother
god
MySecUr3PassWord
3l337
yougettheidea
then run this script:
#---Begin Perl Code---#
#crypt.pl
#!/usr/local/bin/perl
@l = (A..Z, a..z);
open (KEYS, ") {
chomp($key);
$salt = $l[rand(0)*52] . $l[rand(0)*52];
print (crypt($key, $salt), "\n");
}
close (KEYS);
#---End Perl Code---#
run it like:
crypt.pl > passwords
now you will have a keyfile "keys" and a password file "passwords" then you can run decrypt.pl and see that it finds all the keys... then delete some files from keys, etc, to see how it only finds the true matches...
-Count Zero