Our country is returning to a feudalistic mentality due to the slave labor outlook of many corporations. That being, when you join a company that company owns you mind, body, and soul, 24 hours a day, 7 days a week, 365 days a year.
My questions are:
1. How will you overcome the push to return to a feudalistic society where the worker is beholden to their king/CEO in every way, shape, and form?
2. How will you rein in the corporate machines? How much money should they be allowed to make in a year? When should they be forced to split up so competition is maintained?
3. Our forefathers never foresaw companies which had billions of dollars laying around which could be used to influence all of the politicans and/or to buy whatever laws they wished to have pushed through. The two party system is flawed because it is like a single toggle switch. We need a better system or method to handle the needs of the few as well as the needs of the many. What type of system would you put in place to handle this problem?
4. When the WTAA met in Ontario last month, coverage in the news was minimal yet somewhere around 50,000 people protested the meeting. How can you ensure that our news coverage stops being candy coated and starts showing us what is really happening in the world?
5. Abu Ghraib was a shot in the arm to Americans. It showed us just what kind of people we were when it came to torture. The Pentagon's response to the photos was not "We will put a stop to this immediately," it was "You can not longer take pictures at this place." In other words - a cover-up. What will you do to ensure that America gets first hand, up close, knowledge of what our government is doing overseas? And how (not what) will you do to prevent cover-ups in the future?
1. If, as has been shown on TV, a container such as this bomb is - is dropped into the ocean. Then will it or will it not become the home to marine life?
1a. And will not sea water corrode something which was metallic in origin and never painted with any type of coating to protect it from sea water? (My father used to work at one of the paint warehouses which dealt in paints and the ones for oil rigs were made specially to resist sea water because it is so corrosive.)
2. If the marine life has settled there (as per #1 above), then will they not remain in the area unless something else chases them away?
3. If #1 and #2 are true and the radiation level is ten times its normal background levels, would it not, over a period of almost fifty years, contaminate the plant and marine life from this almost constant bath of radioactivity?
I understand it is not like we took a one ton block of uranium and just dumped it into the ocean. But if it is like a low level usage of an X-Ray machine (which actually uses quite a bit more if I remember correctly). Would it not, over the years, affect everything within a given radius from the location of the bomb?
If the above is true, then anything which comes in contact with or eats something from that area would, in turn, not only possibly become contaminated itself, but could bring that contamination to the surrounding area to a lesser extent.
I understand that the ocean is a big place. But if they can detect the additional radiation without actually going near the bomb itself (as per the original post - they detected the increased radiation either from shore or from the surface of the water) - then there might be a bigger problem here than some may think. Not to be alarmist, but I am glad I am not living in that area.
This is not to say where I live we don't have our own problems: The Brio site (one of the largest toxic waste dumps in the country) is within a few miles of where I live. Luckily I live upstream from the site and not downstream. I've talked to those who lived within about a 1/4 of a mile to the site. Some pretty terrible stories. Two entire subdivisions were bulldozered out of existence because of it. So yeah, I'm a bit leery when these things happen. But that's because I've seen what happens to people when this type of thing happens.
Funny thing about the Brio site - they more or less just paved it over. They are talking now of making it into a park - for kids to play in.
1. Eye strain. Did anyone else get eye strain trying to watch a movie which was partially out of focus?
2. A grab bag of graphics. There were excellent scenes, good scenes, bad scenes, and terrible ones. 2a. Excellent: The city and robots. 2b. Good: The landing field, land that time forgot, and others which; if you just quickly looked at them and then away looked ok but upon closer inspection seemed out of whack with the rest of the world. 2c. Bad: Some of the flaws just stuck out there like the generators which looked like a matte painting. 2d. Terrible: The worst was the doctor being zapped and his skeleton falling to the floor. Shadows? Anyone see any shadows? Lighting? Radiosity? It was as if the skeleton was done separately and then just dropped in. There were a couple of other areas where I was going "Why?"
Sorry, it was as if they were throwing everything including the kitchen sink in to try to make the entire thing work.
The effect of everything being just slightly out of focus made it hard many times to concentrate on the movie. After the film had ended and the credits were scrolling by I noticed that the projectionist kept trying out the lenses on the projector to make sure the movie was in focus - but his projector was functioning fine. As I told my wife going out to the car - "A little fuzziness is fine, like when Frodo woke up in bed after destroying the ring. But a whole movie of fuzziness just makes you tired."
Is this what they mean by Avante Garde? (I've never quite gotten that term down pat.)
Since the radiation levels are so high - why not use it as a test field on the surrounding fish. Oh yeah - that's already been done. Hasn't it?
Realistically though, how many people's lives are going to be lost because of the government leaving it there all of this time? Radioactive fish, shellfish, and others do not really glow in the dark just because they are radioactive. (ie:You could have eaten radioactive fish and not known it.) So what this means is that a lot of the people who may have died of cancer over the years in that area have just cause to file suit with the US Government over this. And just as surely, with tides, currents, and the like the radioactive material has spread over at least a portion of the coast line. I'd hate to be someone living in that area right now and know that your property just became a wasteland.
I believe that, what the book is trying to say isn't that the system, as it exists today, doesn't work in its entirity. (ie: Maybe 99.9999999% is broken but that fractional part is still managing to churn out people who are useful. This is because there will always be those who manage to go through horrendous experiences and yet rise above them. Our problem, though, is that the number of people who can do anything is in decline.)
I believe what the book is trying to say is that the current system is not what we should be using because no matter how hard you try to fix it you will not succeed in doing so. The reason the kids which come out of the US education system are rated so low isn't because we haven't thrown enough money at the problem. Isn't because we haven't gotten the smartest minds to try to correct the problem - but is because no matter what you try to do - the system itself is broken. So like a car's engine that has died - you can tinker with it and try to make it run again but at some point it is better to just chunk the vehicle and buy a new one.
Like the review of our country's security - our security model needs revision. Massive revision. But already you hear of committee's voicing their rejection of the need to revamp what and how they do what they do. You hear of different Congressmen and Senators contradicting each other. "He didn't really mean X - he meant Y." So on and so forth. It is government out of control and at its worse. Yes, we should consider things and not do knee jerk reactions (like the passage of the Patriot Act showed). But do you really think things are going to change? More likely we will see minimal changes to how security is handled and, like in the school system, the wave of change will be deluted into the void. This same affect is why our schools are like they are. As the author says - once set in motion control is taken out of the hands of those who started the whole mess. Resistance to change, inertia, has a greater affect than you think.
But do you remember why the WTO Buildings were attacked (according to what I heard on the news)? The attacks were to wake up Americans to what was going on in our own country. This book is the same thing - only talking about what is really going on in our schools.
From my personal experience I KNOW of someone who went through school and on into college. This person wound up being a teacher because he did not know how to take charge of a situation. He kept waiting for someone else to tell him what to do. It was impossible for him to initiate an action other than going out, buying food, clothes, and such. Being able to think for himself was out of the question. Being a teacher was the best thing for him. Because he did not have to think (Orwell's Unthink).
In my weekly think meeting with some friends of mine, one of them said that at the rate things are going, within another fifty years we are going to be a country of the humans and subhumans. A large mass of unthinking people who's ability to think won't be much higher than that of a dog or cat. I have been noticing that there are a lot of stupid people out there. People who were dumbed down by going through school. People who do not want to think for themselves. Let me tell you that it scares me to talk to people who are like this. I just want to scream at them "WHAT'S THE MATTER WITH YOU!? WAKE UP!" To slap them. To wake them up from their apathy. I think now - that if this guy is right - their spirit was crushed in school. Just like the way we break a horses' spirit so we can ride it, we've allowed the same thing to be done to ourselves.
I know that (from the calculations) a 2048 key making 128 bit encryptions is 1.36054607784341261505197379778e+5472 (courtesy of MS's sci-calc). But that is the number of permutations and not the number of combinations which, when groups of these are put to one machine, begins to drop to the possible well below 16 million machines.
So I do believe it will be cracked and most probably before six months are up. But let's wait and see. If you are completely correct and no one can get around it I will be more than happy to say so to whomever you wish me to do so. But if they do - then we will have to find out how they went about doing it. I believe they will use an algorithm to do so without the need for new hardware. But that remains to be seen.
In any event - that is it for me on this subject. Later!
Re:I've got mine on pre-order.
on
Port-A-Nuke
·
· Score: 1
Two things:
1. Get those green flourescent night lights. Then the room would never be truly dark.
2. Get a motion sensor for the flourescent lightbulb. You can buy a base with the motion sensor built into it. Then, as you approach the room, the light comes on automatically.
Now, you say "But when I move at night (like turning over) it would set off the light." Not true. Most motion sensors can be set to look only in one direction. So you point it up and over the bed. In this way, if/when you sit up the light comes on but if you are just turning over - it stays off.
Also look into sound sensors. You can set the controls on it so the sound has to be loud (like how the clapper works). If you wake up and yell - the light automatically turns on.
The motion sensor should also be able to be adjusted so that sudden movement turns it on but slow movement doesn't. Again, the idea is to adjust your environment to accomodate you. This might help out quite a bit as the sensor would note your movement faster than you can hit the light switch and the light might even come on before you even think about needing it or reaching for it.
We use a motion sensor on a regular light for the front door of the house. Unfortunately, just recently I broke the frosted glass in front of the sensor and the once truly wonderful setting of the light now makes it come on and off all night long.:-( But once fixed - the light will (again) work wonderfully. I am thinking of putting a motion sensor light near the bathroom door since every now and then we have to get up to go. It would be nice not to have the light on in the bathroom all night long and just have it pop on when needed.
By combining a light sensor (inverted) the motion sensor can be turned off during the day to help keep the light from coming on when it shouldn't.
That was what I thought. The controls are about the same also. Looks like MS might be trying to sidestep its way into the Gameboy arena. A bit high on the price though.:-)
Actually - no. I know about public/private key encryption. But you do seem to ignore my saying I only need to figure out how to replicate what the DRM is doing on my system and then I stop using it.
The idea is not to go through the DRM, but around it.
Random: Nonsense. Nothing in the universe is random. It may seem random to you but it is not random. Even using Quantum Physics - it isn't random. It is though, algorithmic. Again, meaningless garbage is just that - meaningles. Both to DRM as well as to anyone else. And any algorithm they come up with can be broken. The question in security is not IF something can be broken but HOW LONG it takes to break it.
2048! This is the number of combinations/permutations available if you did 2048*2047*2046.... For each machine added, you can divide up the number. So if there are 2048*10^22 for one machine, it would be 1024*10^22 for two machines and so forth. Also, the machines used at the time of the test were (I believe) 800mhz system and not the 3GHz or better systems used today. So 100 3GHz system are (somewhat) equivalent to 400 1GHz systems. So yes - it would take a while but no - it isn't impossible to do. Also, there are short cuts you can take can help to decode something. I'm not saying it will take five minutes - but you can reduce the number of permutations needed to be tried. The test used brute force methods. That is why the recommendation was to go to 256 or 512 bit encryptions because the people felt that 128 bit encryption would soon be broken as well.
I believe the biggest problem we have (presently) is agreeing on random versus algorithm. Here is my argument:
Totally random would equate to not being able to use the information because each time it changes and you would have no basis to determine what the information was that was coming over to you. Thus, the information would be meaningless.
Algorithms can cause information to look as if it were random garbage but it isn't. By increasing the overall size of a key you can introduce more garbage to throw off someone but it is still an algorithm. Such examples are PGP, image information encoding, and the make believe DRM. All of these use algorithms to encrypt or encode important information (such as a public key). Public keys can be given out because, for the most part, the private key is needed in order to decrypt or decode the incoming message. Still, in order for the whole thing to work - there has to be an algorithmic method behind it. Whether that method has been embedded into a silicon wafer using electronic voltages or whether they are using Quantum Mechanics makes no difference. There has to be a way (ie:algorithm) to read this information so sense can be made of what the other person is trying to do.
Until we can get past this point there is no reason to continue the rest of the conversation.
0. I boot up my computer. 0a. I load in my OS. 0b. I load in my watchdog program. 0c. I log on to the network.
(1) You contact an RIAA music sales server and provide your system credentials. These credentials include secure signatures chaining back to the Trusted Computing Group's root key, and a public key. They also contain a signed hash bound to and identifying the currently running program.
1a. I do not use my system's credentials. I use my forged system credentials I got from my other system via my watchdog program. I do this by capturing all i/o over the network on another machine. Since cpus are fairly cheap - I will probably be able to buy one or two of them for this project. My system is never known to the RIAA. Please note: I am not trying to crack/decode the keys 1b. Please note also that there is at least one piece of hardware you can buy, right now, off the shelf, which will monitor all traffic on your network and store it for later processing. (So this isn't being made up. It is for real.) Also note that at least one of these devices has the capability to allow a person to modify incoming/outgoing messages. 1c. I am spoofing the RIAA's website with another computer's id as well as hash. I can do this because I've already captured what needs to be sent back over the internet. My computer's DRM hardware is never notified about anything. That is because I intercept any/all requests to the DRM via my watchdog program. I specify that if command X is ever attempted that my watchdog program instead issues an interrupt and passes command back to me. Since the command was never executed the DRM can not be activated and instead, I can then tell the watchdog to send a different set of commands instead (ie: the previously captured information).
(2) RIAA server verifies the chain of Trust for those keys. That chain effectively indicates that the public key you sent was generated inside a genuine Trust Module and that the matching private key is secure inside that module and bound to the hash bound to the DRM program they wrote.
2a. Actually, they THINK I am a trusted computer. Sadly, I'm not.:-(
(3) The RIAA generates a random 128 bit session key (different for every sale) and encrypts the music using that key.
3a. Ok. First, it can't be VERY random because the chips on my system have to be able to decrypt the thing. If it were totally random garbage no one would be able to decrypt it. Which would make it totally useless. So let's throw out the word "random" and instead stick in "algorithmically created". Ok - now an algorithm might be really hard to decipher - but it can be done. Just like the Beale Codes.
(4) The RIAA encrypts the session key using the public key you sent (the one bound to the hash of the currently running program they they wrote).
4a. Actually, they encrypt the session key using the public key I wanted to send. Making my job of breaking their encryption easier.
(5) RIAA sends the encrypted music and the encrypted session key.
5a. Great! Thanks for both of those!:-)
(6) Only the program with the EXACT hash can use the private key inside your Trust Module to decrypt the session key, so their DRM program decrypts the session key.
6a. Actually, no. Any program which does not even use the DRM calls can use the data. But you feel that someone would not be able to decode the DRM'd data. This just isn't true. The initial time to decode the music may take longer but it still can be done. And whoever said hackers wouldn't take the time to do the decoding? After all, didn't they just recently show that even using nobrainer techniques to just crunch the possibilities of a 128 bit encrypted message only took them three days to circumven
Ok. I'm going to start an outline so we can go through this together. This is just an outline we can expand upon.:-)
1. I put a CD into my CD reader 2. The OS detects the CD 3. The OS starts the CD reader 4. The CD reader talks to the CD Drive and gets the key. 5. The CD reader talks to the CPU and gets that key and does whatever it wants to with it. 6. The CD reader talks to the speaker and gets that key and does whatever it wants to with it. 7. The CD reader verifies everything and begins sucking in the file/music to play. 8. The music plays on the speakers
Can you agree that this is how the key system is going to work in this case? Or if you want to do music downloading make up a list like the above and then we can talk about each step.
Also, One of the ADVERTIZED features of Microsoft's Next Generation Secure Computing Base (Palladium) is "strong process isolation". Microsoft says a lot of things which aren't true. I'd take this with a large grain of salt. After all, the OS has to know where this is otherwise it would just reuse the memory and thus wipe it out.
And when you say The system is *INSANE*. - you are right. The blather they put out is just that - blather, PR, spin. Something meant to fool everyone into believing the system is impregnable so their sales go up. But it can never be. They can make it harder to break the system - but it is never going to be unbreakable. Ever. They are, basically, fighting against themselves. Because when they make the machine faster they try to make the codes harder which usually involves just making the codes bigger (as in going to a 2048 byte length) which slows everything down again.
I felt I had to make two responses. Mainly to try to show you where your logic is off (if possible). I'm going to include tag lines from your message and show you why it will not work like you think it is going to work (or they say it is going to work).
Blackouts are not a problem because of the built in battery. and I guess I assumed they would have the battery deal too, but packaging a battery on a CPU does seem awkward. I can't say for sure how they plan to handle this.
Answer: Batteries generate magnetic fields which would make a CPU useless or the CPU so clunky that it is highly unlikely that they will even bother with this. Further, if they build something in which destroys the DRM stuff there is always the chance that it might kill someone or harm them. One multi-million dollar lawsuit and Intel would abandon DRM.
Such a program is not possible.
Answer: Debuggers do this so why would it suddenly become impossible?
The chip is physically incapable of revealing the master encryption keys no matter what software you run.
Answer: I do not need to know the master keys in order to just get around them.
They are locked inside dedicated circuits with no instrictions or physical wiring to access, read, or directly use the master keys.
Answer: It is possible to not be able to get to the master keys directly. But they still have to be accessible. So if you wanted to know what the master keys were all you have to do is to figure out how to make the CPU give you the same answer over and over. Then you build up an array of what you get when you send just "A", "B", "C", and so on.
For the most part the master keys are only used to encrypt/decrypt lower-level encryption keys and a handful of other operations.
Answer: Ok. So you can interoperate with the master keys - only in a second hand way. No problem so far. This "handful of other operations" wouldn't happen to include such things as sending the encrypter a code and being able to read what that value was are they? If so you've just opened the door for the hacker to get in and figure out the master key.
You send an instruction to the Trust circuitry to encrypt/decrypt something and *it* uses the master keys without revealing them to you or to the rest of the CPU.
Answer: Don't need to know the master keys. Just how to access them.
That program may then re-encrypt the video/sound inside the CPU and send it to the sound card/monitor. The sound card and monitor have their own chips and their own key, so you can't even access the data when it leaves the CPU. Only the sound card and monitor can decrypt it, and those keys never leave the sound card/monitor.
Answer: Ah! This is getting to the good stuff. Ok, somehow the sound card (which has its own, special master key) can understand what the master key encoded on the CPU has given it. (Even though the CPU's encryption is supposed to be secure and unreadable. Which is where the abiguities begin. After all if the CPU encrypted something and the encryption is unbreakable then how is the sound card/monitor going to break it to know what it says? Don't tell me - let me guess. It's got some kind of hardwired thing that makes it impossible to otherwise break the code. Right? Wrong. Hardware is just software given form when you are talking about computers. So if they can do it in hardware you can do it in software.) Ok, so forging ahead - they must have some way to communicate this information. But more importantly, the OS probably talks to the sound card/monitor, then to the CPU, and then back to the sound card/monitor. This gives us our opening to begin seeing how this is done. Which means our watchdog can gather up all of this code and give it to us. This is because the information doesn't just magically fly from one place to the other it has to follow a given route. Since there are no wires directly connecting
Flogging a dead horse
on
European DRM News
·
· Score: 2, Informative
Ok. I've read your entire post and here is what I have to say in response: I am not sure, if you have never done assembly language programming, system's programming, and worked on trying to implement security measures before that I can explain to you why DRM will never work no matter how hard they try to make it work.
I am not trying to talk down to you. This is not to say I am better than you or greater than you or god-like in my knowledge. Nor am I trying to make you mad/glad/happy/sad or anything else. I'm just trying to say that DRM will never work. Oh - it may work for a while. Maybe a few months - but then there will come workarounds and such at the least. And I've read up on DRM also and find it to be an interesting twist on older technology. But I will stand by my saying it won't keep the hackers out. I do not care how much they tout it to be impregnable, super collossus, made of Kryptonite, or whatever - it won't do it.
Now, by your very post you show that you do not get how a computer basically works. Sort of like how I understand how a car works but if my car breaks down I'd probably have to call a tow truck because I really don't want to actually DO the work (if you know what I mean) and probably do not have the right tools anyway. So I have some knowledge of cars (enough to be dangerous) but not a deep down knowledge of cars like a mechanic has.
Having said that, let me lay out some ground rules to go by and then look back at what you posted. You will (hopefully) see what I mean.
1. All computers run machine language. Zeros and ones. 2. All computers perform basically the same operations. 3. All compilers reduce instructions given to them to machine language eventually (either directly or through a linker or whatever). 4. On machines which have multitasking abilities, the CPU could care less what is going on. It is told to do X, then Y, then Z. It just executes the instructions given to it. (ie: It does not think per se and only does what it is told to do. Hardwired or otherwise.) If two programs are running it is the OS and not the CPU which makes the decisions on who gets to run when. 5. In order for there to be any semblance of normallacy between computers - all programs execute the same code. That is to say that the reason a JPEG image doesn't execute a program is only because as a program it contains meaningless garbage. Real programs, in order for them to run on your computer, must contain similar code which the CPU can recognize and execute. 5a. Thus, and therefore, you are doomed. Because you can not run an encrypted program unless the CPU recognizes this blob of meaningless garbage to actually be executable code. (Which is an oxymoronic statement because if the CPU recognizes encrypted programs as executable then people would only run encrypted programs which would make the encrpytion useless since everyone would know it.) Ever tried running a ZIP file without a ZIP decoder installed and without the auto-execute program as part of the ZIP file? It won't. The CPU goes "I don't know what kind of garbage you are trying to feed me, but I can't run it," and you get an error message from the OS (not the CPU). Thus, and therefore, all programs must follow a given path in order to be recognized as executable. 6. A debugger is a program which monitors all traffic from another program. The CPU could care less what the debugger is doing. The debugger catches all input and output as well as all other executions a program may perform. A watchdog is nothing more than a debugger with a different function. This means that a watchdog can, and will, catch all I/O that a program generates as well as all executions.
Ok - hopefully you have gotten this far. Now we just need to go one step further.
IF - we can run a watchdog program and capture the i/o and commands executed (Which: Why would Intel, the CPU, the OS, or anyone else care if we are running a program which acts like a debugger but really is catching all
I want to know why they don't make the spin wheel spit sparks! I mean hey! When I was a kid we had these neat little guns that shot sparks out when you pulled the trigger - why not make the wheel spit sparks! Scare someone half to death thinking their computer is about to blow or something!:)
Actually a receipt does not deny anonymity. If the receipt is one of the new bar codes (;-) Just joking!) (like used by UPS and FedEx with the square with the dots in it), then if someone goes into a booth, votes, and then gets a barcoded receipt the receipt could have all of their choices on it along with their number (if wanted) or not.
The thing is - no system is failure proof. In the matter of paper receipts someone could print up hundreds of invalid ballots and stuff the ballot box with them after they go into the booth. With electronics - you just need a way to muck up the program or hardware. And yes - people really do try to do these things.
Even systems where a paper receipt is printed and then the person has to drop the receipt into a box in front of someone else can be tampered with. If both people are in on doing this then the person dropping the ballot drops multiple ballots and the other person verifies that they only dropped one ballot into the box.
The only way I know of to stop people from trying to muck up an election is to have cameras broadcasting everyone doing their thing across the entire nation, at the same time, and the video be recorded at multiple locations. But even then someone could tamper with the broadcast and what about anonymity?
So, in the long run, you want something which can record things in two or three ways: Electronically, paper which is readable by a computer, and paper which is readable by a person.
That is to say: Have a voting booth which has a machine in it (whatever kind you want) which creates a paper ticket. The paper ticket has both a readable copy of the voting as well as a machine readable copy (ie: An itemized list and a barcode of the itemized list). The machine works by tallying the votes and printing the receipts (which can then be checked by the voter against what they wanted to vote for/against). The ballot is then taken over to a lock box and dropped in it by the voter. If there is a problem with the election or a recount must be done, then each ballot can be read into another machine which scans the ballot's barcode and displays that information onto a screen. The information displayed is reviewed against the printed itemized list and, if there is a problem (ie: Itemized List doesn't match the Barcoded List) - then you know there is a problem with the voting machine. If there are enough mistakes, then you have to have a re-election to deal with the problem and the machine's vendor.
The answer is that now that Google is a publicly traded company they have to make money for their shareholders. Thus, allowing third parties to integrate into your money making activity means that they get paid for doing that and you get nothing. To stop this, Google now has to play nasty instead of nice. Hmmmmmmmmm.....I wonder when they will start suing people or change their name to Microsoft?
1. If I ever have a power failure in my house or the battery dies in the computer the encryption key will explode. So I sue Intel over this in a class action suit and they have to fix everyone's cpu chip. Massive recalls, etc.... I can't see Intel doing that.
1a. Besides which - you can buy CPU chips by themselves and they don't have any power being applied to them. You think Intel would develop something that you can only plug in once? Not likely. Man! Would Tom's Hardware have a fit!
2. If I install a watchdog on my computer, install a program which has this technology on it and it shows me how to access the information on the chip my CPU will somehow know and blow itself up. I don't think so. You give too much credit to the PR guys. Either the information can be accessed or it can't. If it can't - then no one else can either. Which makes this technology moot. Use common sense and logic. It is either:
A. You can access this information (albeit in a specific manner).
B. Or you can not access this information.
A program which watches what another program does (Anti-Virus Software anyone?) interrupts whatever the other program is doing to check it. A watchdog program is just doing the same thing. It intercepts whatever the other program is going to do BEFORE it does it, checks it out, and can send that information to a file or the screen. Thus, BEFORE any request goes to the CPU for whatever reason, those commands are intercepted and stored so someone could hack (fairly easily) the command used to access the key information. Once you can do that - the key becomes meaningless because you can then forge the key (captured on output from the CPU by the same program) and make a new disk with this.
Further, what a lot of hackers used to do (and probably still do) is just to find the JSR to the function which does the check and negate it by either putting in their own routine at the end of the program and JSR'ing to it so it can return the key or just NOP'ing it so it is never called. If the function is supposed to return TRUE or FALSE depending upon whether or not the key passed verification, then you just JSR to a function which pushes a TRUE value onto the stack and return.
What's so hard about that? Then you just load the program in, disassemble it, and do a global replace on that JSR CheckKey function.
After all, why try to disable something when you can just go around it? This is a lot like those dongle things. The people who sold the dongles would also include a set of functions which would check the dongle and the dongle would send back the "special" id. (Sound familiar?) The problem is the same with this Trusted Computing PR BS. Remember that rule #1 says:
"You have to start somewhere."
It is no different with them. Somewhere, somehow, you have to be able to access the key. You find that and the rest is as easy as eating a donut.
The truth about copy protection is that there IS no copy protection.
The first rule of computer programming states:
1. You must start somewhere.
The first rule of computer hacking is:
1. Since you have to start somewhere, then that "somewhere" is where you start hacking.
To put that in English: In order for your program/music/movie/whatever to be readable you have to provide some mechanism so the information becomes usable by the computer. Whereever that location is - that is where you start from to pick apart what they are doing and how they are doing it. Thus:
A. If you encode the information into a machine's prom you just desolder the prom and dump the code (or use hooks to latch onto each of the pin's legs and watch what it does as it does it).
B. If you release software to be able to read a disk (CD/DVD/Floppy/etc...) then you just get a disassembler to regenerate the original code.
So no matter what you do - so long as you have to let the user have the hardware/software, then you've just made it available to a hacker who will break the code.
SO! Knowing this, what are the companies really doing? If only a tiny fraction of the entire population of the earth (8 Billion people) are working against you why are the rest of us being discriminated against? Wouldn't it be better to just not do any kind of protection at all and put your money towards finding those who are doing this and prosecuting them?
Seems to me that these idiots are doing both. Which is why I have stopped having anything to do with movies and music. Let them keep their movies and music. I'll just read books instead, play the games I've written (or that are given away for free) and have a great time without them!:-)
Ok, first - the shuttle only flies because there is an enormous amount of propulsion going on behind it. So if rocks can fly - so can pigs!:-)
Also, it's not that you will never get a date it's that while you are in the backseat doing your thing - what's the car doing?
Second - joke:
Once upon a time there was a farmer who wanted to win the State Fair's Pig Contest. So he thought and thought and finally decided the best way was to get a butt plug and put it in a pig and then feed the pig. So he did and day by day the pig just kept getting bigger and bigger. He finally took the pig to the State Fair and won. Then he came home. Well, he decided that something had to be done about the pig but he didn't want to do the removal of the plug. So he bought a monkey and went about teaching it to pull things out of holes.
Finally he decided the monkey knew what to do and he brought the monkey around to the pig, showed it the plug and took off running. The farmer made it around the barn when there was a big explosion. The pig went skyrocketing off into the distance.
"Well, so much for the pig," the farmer said. "But I wonder what happened to the monkey?" So he went back around the barn to find the monkey, all covered in you-know-what, hand over his face, nose pinched, still trying to pull something out of nothing.
The End
There is no morale here and the joke is only mildly funny, but it sprang to mind when I saw that quote. I do not know who originally made it up even. It just seemed appropriate.:-)
Group think (or unthink if you use George Orwell's terminology) is something many people do practice on a daily basis. Otherwise, why do you hear "I didn't think...." so often?
The second link's comments I do not (IMHO) believe is debunking "The Third Wave". He is shocked by what went on in the school - but he doesn't debunk it. He even provides a link to a possibly original writing of "The Third Wave". He even experienced group think himself in the Sanskrit encounter.
For my own part - group think is ok if used to help everyone work together better. It is not ok if it is used to subvert. Or to put it another way: It is ok to help, it is not ok to hurt. The problem is - a lot of people do things to hurt others and call it helping others. The test being: Did it improve THE OTHER PERON'S LIFE or did it improve yours? If you can be honest and open with yourself, then you will see that there are many times when it looks like it may be helping, but in truth - it is hurting.
Like in The Third Wave. It was helpful to the students to learn good posture, sit better, and to show respect for your elders. That is not all that bad of a thing to teach. But where the hurting starts to come into play is when one student is used to influence another by either threats, physical attacks, or intimidation. Help and Hurt. Take away the window dressings and look at the quality of the wood underneath. Is the wood solid or rotted. Free of vermin? Or infested?
You may now say "I don't even like the sitting part." That is fine. Not everyone can sit properly anyway due to physical problems. I'm not saying it is right to force someone to sit properly. That is hurting. I'm saying it probably would help some people be able to concentrate better if they sat properly. Not that they MUST sit properly - as in The Third Wave.
The problem is - there is always a tendency to continue to ask for more from someone if they are just willing to do one thing for you. Don't ask me why - it just happens. Stopping at the good posture probably would have been enouh. After all, at least the students were becoming more involved in the course. The continuing on down that trail though is what caused all of the problems later on. Which ultimately hurt everyone involved in the experiment. Even the teacher.
(Remember that in the book 1984, war was a continuous, nonstop, 24 hour a day, way of life. Sounds a lot like the War on Terroism. Doesn't it?)
Yes! That was it!:-) People think it couldn't happen here but it can happen easily. That is why it is better to remember than forget what went on in the past. Because otherwise - we will repeat those same mistakes. The BSA is (IMHO) acting on this premise. That it has been so long since WWII and all of the terrible things which happened during WWII that they can enact practices from that era, under the guise of just trying to help, and get away with what, during a previous time, were considered attrocities. (Such as invasion of privacy, using children's innocence to make them spy on their own families and friends, and other such unsavory things.)
The children were taught to snitch on their parents. Even rewarded for having done so. As made famous by the movie (which I can not find presently!) where the teacher inducts the teen kids into a new code of conduct which turns out to be Nazism. The kids in the movie actually do become more and more brutal in their treatment of others.
The BSA may mean well (although I doubt it) - but just like their doing things which only the law enforcement people should be doing - this is an attempt by them to overreach the boundaries of what some organization should be doing. I take it that the BSA is just like the church or any other organization. They'd like to control everything and have everyone bow down to them. The only way this will not come to fruition is if (and I know lots of people are tired of hearing this) everyone writes their congressman. Both state and federal. Mainly because these people probably do not even know this is happening. After all, they are only human too and only have so much time in the day to devote to each problem. So as long as the BSA can sneak it by them; then they will. And only if enough people put up a fuss will some legislator somewhere do something about it.
"It's a war. A war without bodies. Confined within the heads of everyone who participates. Laws are nothing more than words on paper. Rules by which we play grown-up games. If you don't like the rules - work to change them. Killing or maiming your opponent is outside of the boundaries of the rules and punishable by making you sit on the sidelines while everyone else takes their turn. And saying you don't want to participate only means that you are willing to suffer the consequences of your inaction. You now know how the game is played - go play it." - Me.
Yes it does! But the lady already had the scanning program (mmmmm something pro. Not Textbridge but the one most everyone uses now - whatever it is callled) up and running and had done three or four of the pages. I started off with that handicap and wound up having to grab the pages before she could put them into the scanner. It was fun but a mad house at the same time. Lots of fun!:-)
BTW: I checked out the T9 address the other person posted - really interesting.:-) Thanks to them!:-)
That is VERY interesting. I will have to look up more information on this.
One last thing. Try this test of your typing skills. Put a sheet of full text into a scanner and have the same page sitting next to you. Then let the scanner scan in the page and convert it to text while you type the page. See who finishes first.:-)
When I first went to work at NASA there was this secretary sitting there scanning page after page of text into the computer and then converting it to a document. I told her I could type the document up for her as quickly as the scanner could scan it or maybe even faster. So we made a lunch bet. I managed to beat the scanner and have fewer errors than the scanner had. She was impressed and I got a free lunch.:-) "All you have to do is try," I told her. She went on to become a department manager at NASA. I like to think I had something to do with it - but more than most likely not. Still - ya just never know.:-)
(Gack! I can tell I'm getting old. I'm telling war stories!):-O
Slashdot Mirror
Our country is returning to a feudalistic mentality due to the slave labor outlook of many corporations. That being, when you join a company that company owns you mind, body, and soul, 24 hours a day, 7 days a week, 365 days a year.
My questions are:
1. How will you overcome the push to return to a feudalistic society where the worker is beholden to their king/CEO in every way, shape, and form?
2. How will you rein in the corporate machines? How much money should they be allowed to make in a year? When should they be forced to split up so competition is maintained?
3. Our forefathers never foresaw companies which had billions of dollars laying around which could be used to influence all of the politicans and/or to buy whatever laws they wished to have pushed through. The two party system is flawed because it is like a single toggle switch. We need a better system or method to handle the needs of the few as well as the needs of the many. What type of system would you put in place to handle this problem?
4. When the WTAA met in Ontario last month, coverage in the news was minimal yet somewhere around 50,000 people protested the meeting. How can you ensure that our news coverage stops being candy coated and starts showing us what is really happening in the world?
5. Abu Ghraib was a shot in the arm to Americans. It showed us just what kind of people we were when it came to torture. The Pentagon's response to the photos was not "We will put a stop to this immediately," it was "You can not longer take pictures at this place." In other words - a cover-up. What will you do to ensure that America gets first hand, up close, knowledge of what our government is doing overseas? And how (not what) will you do to prevent cover-ups in the future?
A Q&A for those more in the know than I:
1. If, as has been shown on TV, a container such as this bomb is - is dropped into the ocean. Then will it or will it not become the home to marine life?
1a. And will not sea water corrode something which was metallic in origin and never painted with any type of coating to protect it from sea water? (My father used to work at one of the paint warehouses which dealt in paints and the ones for oil rigs were made specially to resist sea water because it is so corrosive.)
2. If the marine life has settled there (as per #1 above), then will they not remain in the area unless something else chases them away?
3. If #1 and #2 are true and the radiation level is ten times its normal background levels, would it not, over a period of almost fifty years, contaminate the plant and marine life from this almost constant bath of radioactivity?
I understand it is not like we took a one ton block of uranium and just dumped it into the ocean. But if it is like a low level usage of an X-Ray machine (which actually uses quite a bit more if I remember correctly). Would it not, over the years, affect everything within a given radius from the location of the bomb?
If the above is true, then anything which comes in contact with or eats something from that area would, in turn, not only possibly become contaminated itself, but could bring that contamination to the surrounding area to a lesser extent.
I understand that the ocean is a big place. But if they can detect the additional radiation without actually going near the bomb itself (as per the original post - they detected the increased radiation either from shore or from the surface of the water) - then there might be a bigger problem here than some may think. Not to be alarmist, but I am glad I am not living in that area.
This is not to say where I live we don't have our own problems: The Brio site (one of the largest toxic waste dumps in the country) is within a few miles of where I live. Luckily I live upstream from the site and not downstream. I've talked to those who lived within about a 1/4 of a mile to the site. Some pretty terrible stories. Two entire subdivisions were bulldozered out of existence because of it. So yeah, I'm a bit leery when these things happen. But that's because I've seen what happens to people when this type of thing happens.
Funny thing about the Brio site - they more or less just paved it over. They are talking now of making it into a park - for kids to play in.
I also have to agree on several counts:
1. Eye strain. Did anyone else get eye strain trying to watch a movie which was partially out of focus?
2. A grab bag of graphics. There were excellent scenes, good scenes, bad scenes, and terrible ones.
2a. Excellent: The city and robots.
2b. Good: The landing field, land that time forgot, and others which; if you just quickly looked at them and then away looked ok but upon closer inspection seemed out of whack with the rest of the world.
2c. Bad: Some of the flaws just stuck out there like the generators which looked like a matte painting.
2d. Terrible: The worst was the doctor being zapped and his skeleton falling to the floor. Shadows? Anyone see any shadows? Lighting? Radiosity? It was as if the skeleton was done separately and then just dropped in. There were a couple of other areas where I was going "Why?"
Sorry, it was as if they were throwing everything including the kitchen sink in to try to make the entire thing work.
The effect of everything being just slightly out of focus made it hard many times to concentrate on the movie. After the film had ended and the credits were scrolling by I noticed that the projectionist kept trying out the lenses on the projector to make sure the movie was in focus - but his projector was functioning fine. As I told my wife going out to the car - "A little fuzziness is fine, like when Frodo woke up in bed after destroying the ring. But a whole movie of fuzziness just makes you tired."
Is this what they mean by Avante Garde? (I've never quite gotten that term down pat.)
Since the radiation levels are so high - why not use it as a test field on the surrounding fish. Oh yeah - that's already been done. Hasn't it?
Realistically though, how many people's lives are going to be lost because of the government leaving it there all of this time? Radioactive fish, shellfish, and others do not really glow in the dark just because they are radioactive. (ie:You could have eaten radioactive fish and not known it.) So what this means is that a lot of the people who may have died of cancer over the years in that area have just cause to file suit with the US Government over this. And just as surely, with tides, currents, and the like the radioactive material has spread over at least a portion of the coast line. I'd hate to be someone living in that area right now and know that your property just became a wasteland.
I believe that, what the book is trying to say isn't that the system, as it exists today, doesn't work in its entirity. (ie: Maybe 99.9999999% is broken but that fractional part is still managing to churn out people who are useful. This is because there will always be those who manage to go through horrendous experiences and yet rise above them. Our problem, though, is that the number of people who can do anything is in decline.)
I believe what the book is trying to say is that the current system is not what we should be using because no matter how hard you try to fix it you will not succeed in doing so. The reason the kids which come out of the US education system are rated so low isn't because we haven't thrown enough money at the problem. Isn't because we haven't gotten the smartest minds to try to correct the problem - but is because no matter what you try to do - the system itself is broken. So like a car's engine that has died - you can tinker with it and try to make it run again but at some point it is better to just chunk the vehicle and buy a new one.
Like the review of our country's security - our security model needs revision. Massive revision. But already you hear of committee's voicing their rejection of the need to revamp what and how they do what they do. You hear of different Congressmen and Senators contradicting each other. "He didn't really mean X - he meant Y." So on and so forth. It is government out of control and at its worse. Yes, we should consider things and not do knee jerk reactions (like the passage of the Patriot Act showed). But do you really think things are going to change? More likely we will see minimal changes to how security is handled and, like in the school system, the wave of change will be deluted into the void. This same affect is why our schools are like they are. As the author says - once set in motion control is taken out of the hands of those who started the whole mess. Resistance to change, inertia, has a greater affect than you think.
But do you remember why the WTO Buildings were attacked (according to what I heard on the news)? The attacks were to wake up Americans to what was going on in our own country. This book is the same thing - only talking about what is really going on in our schools.
From my personal experience I KNOW of someone who went through school and on into college. This person wound up being a teacher because he did not know how to take charge of a situation. He kept waiting for someone else to tell him what to do. It was impossible for him to initiate an action other than going out, buying food, clothes, and such. Being able to think for himself was out of the question. Being a teacher was the best thing for him. Because he did not have to think (Orwell's Unthink).
In my weekly think meeting with some friends of mine, one of them said that at the rate things are going, within another fifty years we are going to be a country of the humans and subhumans. A large mass of unthinking people who's ability to think won't be much higher than that of a dog or cat. I have been noticing that there are a lot of stupid people out there. People who were dumbed down by going through school. People who do not want to think for themselves. Let me tell you that it scares me to talk to people who are like this. I just want to scream at them "WHAT'S THE MATTER WITH YOU!? WAKE UP!" To slap them. To wake them up from their apathy. I think now - that if this guy is right - their spirit was crushed in school. Just like the way we break a horses' spirit so we can ride it, we've allowed the same thing to be done to ourselves.
Ok. I give up! :-)
I know that (from the calculations) a 2048 key making 128 bit encryptions is 1.36054607784341261505197379778e+5472 (courtesy of MS's sci-calc). But that is the number of permutations and not the number of combinations which, when groups of these are put to one machine, begins to drop to the possible well below 16 million machines.
So I do believe it will be cracked and most probably before six months are up. But let's wait and see. If you are completely correct and no one can get around it I will be more than happy to say so to whomever you wish me to do so. But if they do - then we will have to find out how they went about doing it. I believe they will use an algorithm to do so without the need for new hardware. But that remains to be seen.
In any event - that is it for me on this subject. Later!
Two things:
:-( But once fixed - the light will (again) work wonderfully. I am thinking of putting a motion sensor light near the bathroom door since every now and then we have to get up to go. It would be nice not to have the light on in the bathroom all night long and just have it pop on when needed.
1. Get those green flourescent night lights. Then the room would never be truly dark.
2. Get a motion sensor for the flourescent lightbulb. You can buy a base with the motion sensor built into it. Then, as you approach the room, the light comes on automatically.
Now, you say "But when I move at night (like turning over) it would set off the light." Not true. Most motion sensors can be set to look only in one direction. So you point it up and over the bed. In this way, if/when you sit up the light comes on but if you are just turning over - it stays off.
Also look into sound sensors. You can set the controls on it so the sound has to be loud (like how the clapper works). If you wake up and yell - the light automatically turns on.
The motion sensor should also be able to be adjusted so that sudden movement turns it on but slow movement doesn't. Again, the idea is to adjust your environment to accomodate you. This might help out quite a bit as the sensor would note your movement faster than you can hit the light switch and the light might even come on before you even think about needing it or reaching for it.
We use a motion sensor on a regular light for the front door of the house. Unfortunately, just recently I broke the frosted glass in front of the sensor and the once truly wonderful setting of the light now makes it come on and off all night long.
By combining a light sensor (inverted) the motion sensor can be turned off during the day to help keep the light from coming on when it shouldn't.
That was what I thought. The controls are about the same also. Looks like MS might be trying to sidestep its way into the Gameboy arena. A bit high on the price though. :-)
Actually - no. I know about public/private key encryption. But you do seem to ignore my saying I only need to figure out how to replicate what the DRM is doing on my system and then I stop using it.
The idea is not to go through the DRM, but around it.
Random: Nonsense. Nothing in the universe is random. It may seem random to you but it is not random. Even using Quantum Physics - it isn't random. It is though, algorithmic. Again, meaningless garbage is just that - meaningles. Both to DRM as well as to anyone else. And any algorithm they come up with can be broken. The question in security is not IF something can be broken but HOW LONG it takes to break it.
2048! This is the number of combinations/permutations available if you did 2048*2047*2046.... For each machine added, you can divide up the number. So if there are 2048*10^22 for one machine, it would be 1024*10^22 for two machines and so forth. Also, the machines used at the time of the test were (I believe) 800mhz system and not the 3GHz or better systems used today. So 100 3GHz system are (somewhat) equivalent to 400 1GHz systems. So yes - it would take a while but no - it isn't impossible to do. Also, there are short cuts you can take can help to decode something. I'm not saying it will take five minutes - but you can reduce the number of permutations needed to be tried. The test used brute force methods. That is why the recommendation was to go to 256 or 512 bit encryptions because the people felt that 128 bit encryption would soon be broken as well.
I believe the biggest problem we have (presently) is agreeing on random versus algorithm. Here is my argument:
Totally random would equate to not being able to use the information because each time it changes and you would have no basis to determine what the information was that was coming over to you. Thus, the information would be meaningless.
Algorithms can cause information to look as if it were random garbage but it isn't. By increasing the overall size of a key you can introduce more garbage to throw off someone but it is still an algorithm. Such examples are PGP, image information encoding, and the make believe DRM. All of these use algorithms to encrypt or encode important information (such as a public key). Public keys can be given out because, for the most part, the private key is needed in order to decrypt or decode the incoming message. Still, in order for the whole thing to work - there has to be an algorithmic method behind it. Whether that method has been embedded into a silicon wafer using electronic voltages or whether they are using Quantum Mechanics makes no difference. There has to be a way (ie:algorithm) to read this information so sense can be made of what the other person is trying to do.
Until we can get past this point there is no reason to continue the rest of the conversation.
Ok. Finished reading everything. Here goes:
:-(
:-)
I am inserting the following:
0. I boot up my computer.
0a. I load in my OS.
0b. I load in my watchdog program.
0c. I log on to the network.
(1) You contact an RIAA music sales server and provide your system credentials. These credentials include secure signatures chaining back to the Trusted Computing Group's root key, and a public key. They also contain a signed hash bound to and identifying the currently running program.
1a. I do not use my system's credentials. I use my forged system credentials I got from my other system via my watchdog program. I do this by capturing all i/o over the network on another machine. Since cpus are fairly cheap - I will probably be able to buy one or two of them for this project. My system is never known to the RIAA. Please note: I am not trying to crack/decode the keys
1b. Please note also that there is at least one piece of hardware you can buy, right now, off the shelf, which will monitor all traffic on your network and store it for later processing. (So this isn't being made up. It is for real.) Also note that at least one of these devices has the capability to allow a person to modify incoming/outgoing messages.
1c. I am spoofing the RIAA's website with another computer's id as well as hash. I can do this because I've already captured what needs to be sent back over the internet. My computer's DRM hardware is never notified about anything. That is because I intercept any/all requests to the DRM via my watchdog program. I specify that if command X is ever attempted that my watchdog program instead issues an interrupt and passes command back to me. Since the command was never executed the DRM can not be activated and instead, I can then tell the watchdog to send a different set of commands instead (ie: the previously captured information).
(2) RIAA server verifies the chain of Trust for those keys. That chain effectively indicates that the public key you sent was generated inside a genuine Trust Module and that the matching private key is secure inside that module and bound to the hash bound to the DRM program they wrote.
2a. Actually, they THINK I am a trusted computer. Sadly, I'm not.
(3) The RIAA generates a random 128 bit session key (different for every sale) and encrypts the music using that key.
3a. Ok. First, it can't be VERY random because the chips on my system have to be able to decrypt the thing. If it were totally random garbage no one would be able to decrypt it. Which would make it totally useless. So let's throw out the word "random" and instead stick in "algorithmically created". Ok - now an algorithm might be really hard to decipher - but it can be done. Just like the Beale Codes.
(4) The RIAA encrypts the session key using the public key you sent (the one bound to the hash of the currently running program they they wrote).
4a. Actually, they encrypt the session key using the public key I wanted to send. Making my job of breaking their encryption easier.
(5) RIAA sends the encrypted music and the encrypted session key.
5a. Great! Thanks for both of those!
(6) Only the program with the EXACT hash can use the private key inside your Trust Module to decrypt the session key, so their DRM program decrypts the session key.
6a. Actually, no. Any program which does not even use the DRM calls can use the data. But you feel that someone would not be able to decode the DRM'd data. This just isn't true. The initial time to decode the music may take longer but it still can be done. And whoever said hackers wouldn't take the time to do the decoding? After all, didn't they just recently show that even using nobrainer techniques to just crunch the possibilities of a 128 bit encrypted message only took them three days to circumven
Ok. I'm going to start an outline so we can go through this together. This is just an outline we can expand upon. :-)
:-)
1. I put a CD into my CD reader
2. The OS detects the CD
3. The OS starts the CD reader
4. The CD reader talks to the CD Drive and gets the key.
5. The CD reader talks to the CPU and gets that key and does whatever it wants to with it.
6. The CD reader talks to the speaker and gets that key and does whatever it wants to with it.
7. The CD reader verifies everything and begins sucking in the file/music to play.
8. The music plays on the speakers
Can you agree that this is how the key system is going to work in this case? Or if you want to do music downloading make up a list like the above and then we can talk about each step.
Also, One of the ADVERTIZED features of Microsoft's Next Generation Secure Computing Base (Palladium) is "strong process isolation". Microsoft says a lot of things which aren't true. I'd take this with a large grain of salt. After all, the OS has to know where this is otherwise it would just reuse the memory and thus wipe it out.
And when you say The system is *INSANE*. - you are right. The blather they put out is just that - blather, PR, spin. Something meant to fool everyone into believing the system is impregnable so their sales go up. But it can never be. They can make it harder to break the system - but it is never going to be unbreakable. Ever. They are, basically, fighting against themselves. Because when they make the machine faster they try to make the codes harder which usually involves just making the codes bigger (as in going to a 2048 byte length) which slows everything down again.
Anyway, check out the list above and let me know.
Later!
I felt I had to make two responses. Mainly to try to show you where your logic is off (if possible). I'm going to include tag lines from your message and show you why it will not work like you think it is going to work (or they say it is going to work).
Blackouts are not a problem because of the built in battery. and I guess I assumed they would have the battery deal too, but packaging a battery on a CPU does seem awkward. I can't say for sure how they plan to handle this.
Answer: Batteries generate magnetic fields which would make a CPU useless or the CPU so clunky that it is highly unlikely that they will even bother with this. Further, if they build something in which destroys the DRM stuff there is always the chance that it might kill someone or harm them. One multi-million dollar lawsuit and Intel would abandon DRM.
Such a program is not possible.
Answer: Debuggers do this so why would it suddenly become impossible?
The chip is physically incapable of revealing the master encryption keys no matter what software you run.
Answer: I do not need to know the master keys in order to just get around them.
They are locked inside dedicated circuits with no instrictions or physical wiring to access, read, or directly use the master keys.
Answer: It is possible to not be able to get to the master keys directly. But they still have to be accessible. So if you wanted to know what the master keys were all you have to do is to figure out how to make the CPU give you the same answer over and over. Then you build up an array of what you get when you send just "A", "B", "C", and so on.
For the most part the master keys are only used to encrypt/decrypt lower-level encryption keys and a handful of other operations.
Answer: Ok. So you can interoperate with the master keys - only in a second hand way. No problem so far. This "handful of other operations" wouldn't happen to include such things as sending the encrypter a code and being able to read what that value was are they? If so you've just opened the door for the hacker to get in and figure out the master key.
You send an instruction to the Trust circuitry to encrypt/decrypt something and *it* uses the master keys without revealing them to you or to the rest of the CPU.
Answer: Don't need to know the master keys. Just how to access them.
That program may then re-encrypt the video/sound inside the CPU and send it to the sound card/monitor. The sound card and monitor have their own chips and their own key, so you can't even access the data when it leaves the CPU. Only the sound card and monitor can decrypt it, and those keys never leave the sound card/monitor.
Answer: Ah! This is getting to the good stuff. Ok, somehow the sound card (which has its own, special master key) can understand what the master key encoded on the CPU has given it. (Even though the CPU's encryption is supposed to be secure and unreadable. Which is where the abiguities begin. After all if the CPU encrypted something and the encryption is unbreakable then how is the sound card/monitor going to break it to know what it says? Don't tell me - let me guess. It's got some kind of hardwired thing that makes it impossible to otherwise break the code. Right? Wrong. Hardware is just software given form when you are talking about computers. So if they can do it in hardware you can do it in software.) Ok, so forging ahead - they must have some way to communicate this information. But more importantly, the OS probably talks to the sound card/monitor, then to the CPU, and then back to the sound card/monitor. This gives us our opening to begin seeing how this is done. Which means our watchdog can gather up all of this code and give it to us. This is because the information doesn't just magically fly from one place to the other it has to follow a given route. Since there are no wires directly connecting
Ok. I've read your entire post and here is what I have to say in response: I am not sure, if you have never done assembly language programming, system's programming, and worked on trying to implement security measures before that I can explain to you why DRM will never work no matter how hard they try to make it work.
I am not trying to talk down to you. This is not to say I am better than you or greater than you or god-like in my knowledge. Nor am I trying to make you mad/glad/happy/sad or anything else. I'm just trying to say that DRM will never work. Oh - it may work for a while. Maybe a few months - but then there will come workarounds and such at the least. And I've read up on DRM also and find it to be an interesting twist on older technology. But I will stand by my saying it won't keep the hackers out. I do not care how much they tout it to be impregnable, super collossus, made of Kryptonite, or whatever - it won't do it.
Now, by your very post you show that you do not get how a computer basically works. Sort of like how I understand how a car works but if my car breaks down I'd probably have to call a tow truck because I really don't want to actually DO the work (if you know what I mean) and probably do not have the right tools anyway. So I have some knowledge of cars (enough to be dangerous) but not a deep down knowledge of cars like a mechanic has.
Having said that, let me lay out some ground rules to go by and then look back at what you posted. You will (hopefully) see what I mean.
1. All computers run machine language. Zeros and ones.
2. All computers perform basically the same operations.
3. All compilers reduce instructions given to them to machine language eventually (either directly or through a linker or whatever).
4. On machines which have multitasking abilities, the CPU could care less what is going on. It is told to do X, then Y, then Z. It just executes the instructions given to it. (ie: It does not think per se and only does what it is told to do. Hardwired or otherwise.) If two programs are running it is the OS and not the CPU which makes the decisions on who gets to run when.
5. In order for there to be any semblance of normallacy between computers - all programs execute the same code. That is to say that the reason a JPEG image doesn't execute a program is only because as a program it contains meaningless garbage. Real programs, in order for them to run on your computer, must contain similar code which the CPU can recognize and execute.
5a. Thus, and therefore, you are doomed. Because you can not run an encrypted program unless the CPU recognizes this blob of meaningless garbage to actually be executable code. (Which is an oxymoronic statement because if the CPU recognizes encrypted programs as executable then people would only run encrypted programs which would make the encrpytion useless since everyone would know it.) Ever tried running a ZIP file without a ZIP decoder installed and without the auto-execute program as part of the ZIP file? It won't. The CPU goes "I don't know what kind of garbage you are trying to feed me, but I can't run it," and you get an error message from the OS (not the CPU). Thus, and therefore, all programs must follow a given path in order to be recognized as executable.
6. A debugger is a program which monitors all traffic from another program. The CPU could care less what the debugger is doing. The debugger catches all input and output as well as all other executions a program may perform. A watchdog is nothing more than a debugger with a different function. This means that a watchdog can, and will, catch all I/O that a program generates as well as all executions.
Ok - hopefully you have gotten this far. Now we just need to go one step further.
IF - we can run a watchdog program and capture the i/o and commands executed (Which: Why would Intel, the CPU, the OS, or anyone else care if we are running a program which acts like a debugger but really is catching all
I want to know why they don't make the spin wheel spit sparks! I mean hey! When I was a kid we had these neat little guns that shot sparks out when you pulled the trigger - why not make the wheel spit sparks! Scare someone half to death thinking their computer is about to blow or something! :)
Actually a receipt does not deny anonymity. If the receipt is one of the new bar codes (;-) Just joking!) (like used by UPS and FedEx with the square with the dots in it), then if someone goes into a booth, votes, and then gets a barcoded receipt the receipt could have all of their choices on it along with their number (if wanted) or not.
The thing is - no system is failure proof. In the matter of paper receipts someone could print up hundreds of invalid ballots and stuff the ballot box with them after they go into the booth. With electronics - you just need a way to muck up the program or hardware. And yes - people really do try to do these things.
Even systems where a paper receipt is printed and then the person has to drop the receipt into a box in front of someone else can be tampered with. If both people are in on doing this then the person dropping the ballot drops multiple ballots and the other person verifies that they only dropped one ballot into the box.
The only way I know of to stop people from trying to muck up an election is to have cameras broadcasting everyone doing their thing across the entire nation, at the same time, and the video be recorded at multiple locations. But even then someone could tamper with the broadcast and what about anonymity?
So, in the long run, you want something which can record things in two or three ways: Electronically, paper which is readable by a computer, and paper which is readable by a person.
That is to say: Have a voting booth which has a machine in it (whatever kind you want) which creates a paper ticket. The paper ticket has both a readable copy of the voting as well as a machine readable copy (ie: An itemized list and a barcode of the itemized list). The machine works by tallying the votes and printing the receipts (which can then be checked by the voter against what they wanted to vote for/against). The ballot is then taken over to a lock box and dropped in it by the voter. If there is a problem with the election or a recount must be done, then each ballot can be read into another machine which scans the ballot's barcode and displays that information onto a screen. The information displayed is reviewed against the printed itemized list and, if there is a problem (ie: Itemized List doesn't match the Barcoded List) - then you know there is a problem with the voting machine. If there are enough mistakes, then you have to have a re-election to deal with the problem and the machine's vendor.
That's my $0.02 worth.
The answer is that now that Google is a publicly traded company they have to make money for their shareholders. Thus, allowing third parties to integrate into your money making activity means that they get paid for doing that and you get nothing. To stop this, Google now has to play nasty instead of nice. Hmmmmmmmmm.....I wonder when they will start suing people or change their name to Microsoft?
Ok, so let me get this straight:
.
.
.
1. If I ever have a power failure in my house or the battery dies in the computer the encryption key will explode. So I sue Intel over this in a class action suit and they have to fix everyone's cpu chip. Massive recalls, etc.... I can't see Intel doing that.
1a. Besides which - you can buy CPU chips by themselves and they don't have any power being applied to them. You think Intel would develop something that you can only plug in once? Not likely. Man! Would Tom's Hardware have a fit!
2. If I install a watchdog on my computer, install a program which has this technology on it and it shows me how to access the information on the chip my CPU will somehow know and blow itself up. I don't think so. You give too much credit to the PR guys. Either the information can be accessed or it can't. If it can't - then no one else can either. Which makes this technology moot. Use common sense and logic. It is either:
A. You can access this information (albeit in a specific manner).
B. Or you can not access this information.
A program which watches what another program does (Anti-Virus Software anyone?) interrupts whatever the other program is doing to check it. A watchdog program is just doing the same thing. It intercepts whatever the other program is going to do BEFORE it does it, checks it out, and can send that information to a file or the screen. Thus, BEFORE any request goes to the CPU for whatever reason, those commands are intercepted and stored so someone could hack (fairly easily) the command used to access the key information. Once you can do that - the key becomes meaningless because you can then forge the key (captured on output from the CPU by the same program) and make a new disk with this.
Further, what a lot of hackers used to do (and probably still do) is just to find the JSR to the function which does the check and negate it by either putting in their own routine at the end of the program and JSR'ing to it so it can return the key or just NOP'ing it so it is never called. If the function is supposed to return TRUE or FALSE depending upon whether or not the key passed verification, then you just JSR to a function which pushes a TRUE value onto the stack and return.
JSR myFunction
myFunction:
lda a1,1;
push;
return;
What's so hard about that? Then you just load the program in, disassemble it, and do a global replace on that JSR CheckKey function.
After all, why try to disable something when you can just go around it? This is a lot like those dongle things. The people who sold the dongles would also include a set of functions which would check the dongle and the dongle would send back the "special" id. (Sound familiar?) The problem is the same with this Trusted Computing PR BS. Remember that rule #1 says:
"You have to start somewhere."
It is no different with them. Somewhere, somehow, you have to be able to access the key. You find that and the rest is as easy as eating a donut.
The truth about copy protection is that there IS no copy protection.
:-)
The first rule of computer programming states:
1. You must start somewhere.
The first rule of computer hacking is:
1. Since you have to start somewhere, then that "somewhere" is where you start hacking.
To put that in English: In order for your program/music/movie/whatever to be readable you have to provide some mechanism so the information becomes usable by the computer. Whereever that location is - that is where you start from to pick apart what they are doing and how they are doing it. Thus:
A. If you encode the information into a machine's prom you just desolder the prom and dump the code (or use hooks to latch onto each of the pin's legs and watch what it does as it does it).
B. If you release software to be able to read a disk (CD/DVD/Floppy/etc...) then you just get a disassembler to regenerate the original code.
So no matter what you do - so long as you have to let the user have the hardware/software, then you've just made it available to a hacker who will break the code.
SO! Knowing this, what are the companies really doing? If only a tiny fraction of the entire population of the earth (8 Billion people) are working against you why are the rest of us being discriminated against? Wouldn't it be better to just not do any kind of protection at all and put your money towards finding those who are doing this and prosecuting them?
Seems to me that these idiots are doing both. Which is why I have stopped having anything to do with movies and music. Let them keep their movies and music. I'll just read books instead, play the games I've written (or that are given away for free) and have a great time without them!
Ok, first - the shuttle only flies because there is an enormous amount of propulsion going on behind it. So if rocks can fly - so can pigs! :-)
:-)
Also, it's not that you will never get a date it's that while you are in the backseat doing your thing - what's the car doing?
Second - joke:
Once upon a time there was a farmer who wanted to win the State Fair's Pig Contest. So he thought and thought and finally decided the best way was to get a butt plug and put it in a pig and then feed the pig. So he did and day by day the pig just kept getting bigger and bigger. He finally took the pig to the State Fair and won. Then he came home. Well, he decided that something had to be done about the pig but he didn't want to do the removal of the plug. So he bought a monkey and went about teaching it to pull things out of holes.
Finally he decided the monkey knew what to do and he brought the monkey around to the pig, showed it the plug and took off running. The farmer made it around the barn when there was a big explosion. The pig went skyrocketing off into the distance.
"Well, so much for the pig," the farmer said. "But I wonder what happened to the monkey?" So he went back around the barn to find the monkey, all covered in you-know-what, hand over his face, nose pinched, still trying to pull something out of nothing.
The End
There is no morale here and the joke is only mildly funny, but it sprang to mind when I saw that quote. I do not know who originally made it up even. It just seemed appropriate.
Group think (or unthink if you use George Orwell's terminology) is something many people do practice on a daily basis. Otherwise, why do you hear "I didn't think...." so often?
The second link's comments I do not (IMHO) believe is debunking "The Third Wave". He is shocked by what went on in the school - but he doesn't debunk it. He even provides a link to a possibly original writing of "The Third Wave". He even experienced group think himself in the Sanskrit encounter.
For my own part - group think is ok if used to help everyone work together better. It is not ok if it is used to subvert. Or to put it another way: It is ok to help, it is not ok to hurt. The problem is - a lot of people do things to hurt others and call it helping others. The test being: Did it improve THE OTHER PERON'S LIFE or did it improve yours? If you can be honest and open with yourself, then you will see that there are many times when it looks like it may be helping, but in truth - it is hurting.
Like in The Third Wave. It was helpful to the students to learn good posture, sit better, and to show respect for your elders. That is not all that bad of a thing to teach. But where the hurting starts to come into play is when one student is used to influence another by either threats, physical attacks, or intimidation. Help and Hurt. Take away the window dressings and look at the quality of the wood underneath. Is the wood solid or rotted. Free of vermin? Or infested?
You may now say "I don't even like the sitting part." That is fine. Not everyone can sit properly anyway due to physical problems. I'm not saying it is right to force someone to sit properly. That is hurting. I'm saying it probably would help some people be able to concentrate better if they sat properly. Not that they MUST sit properly - as in The Third Wave.
The problem is - there is always a tendency to continue to ask for more from someone if they are just willing to do one thing for you. Don't ask me why - it just happens. Stopping at the good posture probably would have been enouh. After all, at least the students were becoming more involved in the course. The continuing on down that trail though is what caused all of the problems later on. Which ultimately hurt everyone involved in the experiment. Even the teacher.
(Remember that in the book 1984, war was a continuous, nonstop, 24 hour a day, way of life. Sounds a lot like the War on Terroism. Doesn't it?)
Like this place. ;-)
Or this instead of snail mail!
Yes! That was it! :-) People think it couldn't happen here but it can happen easily. That is why it is better to remember than forget what went on in the past. Because otherwise - we will repeat those same mistakes. The BSA is (IMHO) acting on this premise. That it has been so long since WWII and all of the terrible things which happened during WWII that they can enact practices from that era, under the guise of just trying to help, and get away with what, during a previous time, were considered attrocities. (Such as invasion of privacy, using children's innocence to make them spy on their own families and friends, and other such unsavory things.)
The children were taught to snitch on their parents. Even rewarded for having done so. As made famous by the movie (which I can not find presently!) where the teacher inducts the teen kids into a new code of conduct which turns out to be Nazism. The kids in the movie actually do become more and more brutal in their treatment of others.
The BSA may mean well (although I doubt it) - but just like their doing things which only the law enforcement people should be doing - this is an attempt by them to overreach the boundaries of what some organization should be doing. I take it that the BSA is just like the church or any other organization. They'd like to control everything and have everyone bow down to them. The only way this will not come to fruition is if (and I know lots of people are tired of hearing this) everyone writes their congressman. Both state and federal. Mainly because these people probably do not even know this is happening. After all, they are only human too and only have so much time in the day to devote to each problem. So as long as the BSA can sneak it by them; then they will. And only if enough people put up a fuss will some legislator somewhere do something about it.
"It's a war. A war without bodies. Confined within the heads of everyone who participates. Laws are nothing more than words on paper. Rules by which we play grown-up games. If you don't like the rules - work to change them. Killing or maiming your opponent is outside of the boundaries of the rules and punishable by making you sit on the sidelines while everyone else takes their turn. And saying you don't want to participate only means that you are willing to suffer the consequences of your inaction. You now know how the game is played - go play it." - Me.
Yes it does! But the lady already had the scanning program (mmmmm something pro. Not Textbridge but the one most everyone uses now - whatever it is callled) up and running and had done three or four of the pages. I started off with that handicap and wound up having to grab the pages before she could put them into the scanner. It was fun but a mad house at the same time. Lots of fun! :-)
:-) Thanks to them! :-)
BTW: I checked out the T9 address the other person posted - really interesting.
That is VERY interesting. I will have to look up more information on this.
:-)
:-) "All you have to do is try," I told her. She went on to become a department manager at NASA. I like to think I had something to do with it - but more than most likely not. Still - ya just never know. :-)
:-O
One last thing. Try this test of your typing skills. Put a sheet of full text into a scanner and have the same page sitting next to you. Then let the scanner scan in the page and convert it to text while you type the page. See who finishes first.
When I first went to work at NASA there was this secretary sitting there scanning page after page of text into the computer and then converting it to a document. I told her I could type the document up for her as quickly as the scanner could scan it or maybe even faster. So we made a lunch bet. I managed to beat the scanner and have fewer errors than the scanner had. She was impressed and I got a free lunch.
(Gack! I can tell I'm getting old. I'm telling war stories!)