XOR doesn't immediately mean that it is a crappy form of encryption. One Time Pads can be a very good form of encryption, if the pad is generated correctly and used only once. But, that isn't very useful for encrypting a hard drive. It looks to me like the "encryption" in the box was just a 512 byte key used like a OTP for each sector, which is trivial to break, as the article says.
Stream Ciphers also use XOR, but are much more convenient to use and could very easily be used to encrypt a hard drive.
In that article, how on earth could they use "copyright law" to get him to remove that logo? His sausage thing is quite a bit different from the official logo.
Trademark law, or something else, maybe. Or maybe it is just a reporter who doesn't care to make his article factually correct.
Except that in the case of falling 300 feet causing death is a theory that has been tested. We know what kinds of forces will kill a human, so any impact that will create those forces will be lethal. Causation can be shown by a repeatable, verifiable experiment. Showing causation with a theory is hard, but if the theory is sufficiently descriptive of the situation, might be enough.
The environment and the atmosphere is incredibly complex, and we aren't even close to understanding what is going on. For example, how can we be sure that our global temperature measurements are even accurate to a degree over the last century.
I am not trying to say that I don't think global warming exists, just that we need tons more research into various things: measuring the global temperature accurately, getting the temperature from now to the distant past, to establish trends, the effect of our pollution on the temperature, the effect of changes we have made to the environment in other ways.
Certainly, reducing sources of smog near big cities is a very good thing, so there are things we should do to help the environment. That is one thing where correlation be expanded to show causation with some experimentation/data. For example, if you have enough data showing that dumping particulate matter into the air in a specific location creates smog.
Bittorrent clients already do a checksum verification on the parts of the files they download, so all that would need to be added is a congestion control part.
How do you know who has anything to hide, unless you search everyone? How do you know who is a terrorist, unless you search everyone?
You know after the fact, but it is impossible to preserve privacy and to know for sure "who has anything to hide". The people who wrote the constitution chose to err on the side of privacy. Now, we are choosing to err on the side of... no liberty.
What about a version of TCP that doesn't have any reset packets? And then instead of a FIN packet, rely on the timeout.
That isn't too big of a change, just comment out some code. It would mess with some routers, but the connections couldn't be stopped by a MitM attack.
Or something like TCP over UDP with those changes. SCTP sounds close, but that isn't encrypted at the transport layer, and is probably vulnerable to the same type of attack. It is different, so the Comcast forgery-throttling software doesn't attack it now, but it wouldn't be hard to attack SCTP, since there are the same kinds of flags in a SCTP packet. (It is Stream Control Transport Protocol, not Secure Transport Control Protocol.)
IPsec would be the best option that is currently implemented right now, right? The main trick would be key distribution to prevent a MitM attack. The problem with what Comcast is doing is that it is before the application layer, in the TCP connections, so you can't use TCP or anything above TCP.
Too bad we even have to fight this forgery by Comcast, but a technical option has its advantages, since a legislative option might get watered down by lobbyists and congress.
Encryption is always a good thing. The more people that use encryption, the less eavesdropping there will be.
How about, "if you have nothing to hide, hide it anyways"?
I know you are (kind of) joking, but there is one small flaw with that idea:
If your printer's serial # gets registered with the address on that tax return, and then you print some "illegal" stuff, it would come back to that person, but all they have to say is "I had ray-auch print my tax return", and then a single test-page from your printer would reveal that you printed both documents.
But, if the police don't care that much, then yeah, your plan would work.
At any rate, it would cause problems for the other person.
Even worse, what if you took a printer that doesn't print the codes, and got someone else's printer code, and printed that on the page? Good way to frame someone?
"This must have come from your printer, the serial number is embedded in the page"
Oh yeah, well my printer can print yellow even when it's in grayscale mode! *rolls eyes*
Hmm, yeah, I did phrase that badly. But, color/grayscale mode is relevant to the page printed, and the printer could put the yellow dots down on an otherwise grayscale page, just that for that specific model it would be much slower.
None of the printers that print the codes use any ink.
They are all color laser printers. In my color laser printer, even the "freebie" toner cartridges that came with the printer last for 1,500 pages, and then I replaced them after 2,000 pages with high-capacity cartridges that last for 4,500 pages each.
Also, I am pretty sure all of them use 4 colors: cyan, magenta, yellow, and black, so that your "order confirmation" printing would only use the color toner that was needed.
My color laser printer (Konica-Minolta 2530DL) only prints the yellow dots in color mode.
But that printer is a bit different in that it rotates the toner cartridges into place for every color that is going to go on each page, so a color page has to wait for all 4(CMYK) cartridges to rotate into place, but in black-only mode doesn't rotate anything to be about 5-6x faster.
The reason I chose that printer? Konica-Minolta supplies open-source printer drivers that compiled on my AMD64-Ubuntu box.
You want every single ISP to be able to lay lines down?
A better solution is to have the company/government department that owns the lines be very regulated, with guarantees about service quality, etc. The main issue is to make sure that the lines get upgraded, like now with fiber, and whatever we use in the future. And then have the ISP(which has to be a separate company, open to competition) lease the lines from the connection provider for each person that is subscribed to that ISP.
Anything that involves cables going to a house/building is going to be a monopoly/oligarchy simply because people will not put up with every company laying their own wires. But, once you have a connection from a house to a central point, the monopoly can end, and competition can take over.
Except in this case it is much more than just blocking connections. Comcast was making forged reset packets, and sending it to both parties. Forgery != Blocking. These reset packets were also targeted at VPN connections.
WRT-54Gl with suitable firmware. $60 per unit. (My favorite firmware is Tomato Firmware) Have them flashed and set up at a central point, and there would be no configuration at the deployment point.
I am not talking about boobies, but that is another issue.
Just try to say the words "shit" or "fuck" on the radio. No images, movies, or pictures there, but somehow you can get fined for that. That is very specifically a free speech issue. Maybe someone who is about to get a bunch of negative publicity could change their name to "Mr. Shit Fuck", and then you couldn't be featured in the radio/TV at all.
Slashdot Mirror
An easy way to summarize that:
Apple (might) have $1b unrealized gains.
Apple didn't have $1b in losses.
(If I buy a lotto ticket for a $1M pot, I don't suddenly have $1M in losses when I don't win, I have $1M in unrealized gains.)
XOR doesn't immediately mean that it is a crappy form of encryption. One Time Pads can be a very good form of encryption, if the pad is generated correctly and used only once. But, that isn't very useful for encrypting a hard drive. It looks to me like the "encryption" in the box was just a 512 byte key used like a OTP for each sector, which is trivial to break, as the article says.
Stream Ciphers also use XOR, but are much more convenient to use and could very easily be used to encrypt a hard drive.
Wouldn't copyright law already cover that?
You can't take a copy of my website, insert a little bit, and then serve that. Couldn't google sue any ISP that alters their pages in any way?
In that article, how on earth could they use "copyright law" to get him to remove that logo? His sausage thing is quite a bit different from the official logo.
Trademark law, or something else, maybe. Or maybe it is just a reporter who doesn't care to make his article factually correct.
You mean water, which causes most of the greenhouse gas effect on earth?
Percent of the greenhouse gas effect on earth caused by the following gases:
Water: 36-70%
CO2: 9-26%
Methane: 4-9%
Ozone: 3-7%
(oh gheez, ozone is a greenhouse gas? Quick dump some CFCs into the atmosphere)
Except that in the case of falling 300 feet causing death is a theory that has been tested. We know what kinds of forces will kill a human, so any impact that will create those forces will be lethal.
Causation can be shown by a repeatable, verifiable experiment.
Showing causation with a theory is hard, but if the theory is sufficiently descriptive of the situation, might be enough.
The environment and the atmosphere is incredibly complex, and we aren't even close to understanding what is going on.
For example, how can we be sure that our global temperature measurements are even accurate to a degree over the last century.
I am not trying to say that I don't think global warming exists, just that we need tons more research into various things: measuring the global temperature accurately, getting the temperature from now to the distant past, to establish trends, the effect of our pollution on the temperature, the effect of changes we have made to the environment in other ways.
Certainly, reducing sources of smog near big cities is a very good thing, so there are things we should do to help the environment. That is one thing where correlation be expanded to show causation with some experimentation/data. For example, if you have enough data showing that dumping particulate matter into the air in a specific location creates smog.
Too bad they will probably not bother to get to the point where we don't know specifically what is causing the climate change.
Or, in general:
Correlation != Causation.
Oh, right.
Bittorrent clients already do a checksum verification on the parts of the files they download, so all that would need to be added is a congestion control part.
And that is the entirety of the problem.
How do you know who has anything to hide, unless you search everyone?
How do you know who is a terrorist, unless you search everyone?
You know after the fact, but it is impossible to preserve privacy and to know for sure "who has anything to hide". The people who wrote the constitution chose to err on the side of privacy. Now, we are choosing to err on the side of... no liberty.
What about a version of TCP that doesn't have any reset packets?
And then instead of a FIN packet, rely on the timeout.
That isn't too big of a change, just comment out some code. It would mess with some routers, but the connections couldn't be stopped by a MitM attack.
Or something like TCP over UDP with those changes. SCTP sounds close, but that isn't encrypted at the transport layer, and is probably vulnerable to the same type of attack. It is different, so the Comcast forgery-throttling software doesn't attack it now, but it wouldn't be hard to attack SCTP, since there are the same kinds of flags in a SCTP packet. (It is Stream Control Transport Protocol, not Secure Transport Control Protocol.)
IPsec would be the best option that is currently implemented right now, right? The main trick would be key distribution to prevent a MitM attack. The problem with what Comcast is doing is that it is before the application layer, in the TCP connections, so you can't use TCP or anything above TCP.
"If I have nothing to hide, you have no reason to search me"
Beautiful. New signature.
Too bad we even have to fight this forgery by Comcast, but a technical option has its advantages, since a legislative option might get watered down by lobbyists and congress.
Encryption is always a good thing. The more people that use encryption, the less eavesdropping there will be.
How about, "if you have nothing to hide, hide it anyways"?
You think a game that came with Windows 3.1 and up is less popular than Bejeweled, a flash game?
I bet the 2 most popular games, in terms of man-hours spent playing it, are minesweeper and solitaire.
I know you are (kind of) joking, but there is one small flaw with that idea:
If your printer's serial # gets registered with the address on that tax return, and then you print some "illegal" stuff, it would come back to that person, but all they have to say is "I had ray-auch print my tax return", and then a single test-page from your printer would reveal that you printed both documents.
But, if the police don't care that much, then yeah, your plan would work.
At any rate, it would cause problems for the other person.
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
Benjamin Franklin
Even worse, what if you took a printer that doesn't print the codes, and got someone else's printer code, and printed that on the page?
Good way to frame someone?
"This must have come from your printer, the serial number is embedded in the page"
Oh yeah, well my printer can print yellow even when it's in grayscale mode! *rolls eyes*
Hmm, yeah, I did phrase that badly. But, color/grayscale mode is relevant to the page printed, and the printer could put the yellow dots down on an otherwise grayscale page, just that for that specific model it would be much slower.
None of the printers that print the codes use any ink.
They are all color laser printers. In my color laser printer, even the "freebie" toner cartridges that came with the printer last for 1,500 pages, and then I replaced them after 2,000 pages with high-capacity cartridges that last for 4,500 pages each.
Also, I am pretty sure all of them use 4 colors: cyan, magenta, yellow, and black, so that your "order confirmation" printing would only use the color toner that was needed.
And you need to make sure you never print anything that can be tied to to if you send it to the government, like a tax return.
My color laser printer (Konica-Minolta 2530DL) only prints the yellow dots in color mode.
But that printer is a bit different in that it rotates the toner cartridges into place for every color that is going to go on each page, so a color page has to wait for all 4(CMYK) cartridges to rotate into place, but in black-only mode doesn't rotate anything to be about 5-6x faster.
The reason I chose that printer? Konica-Minolta supplies open-source printer drivers that compiled on my AMD64-Ubuntu box.
You want every single ISP to be able to lay lines down?
A better solution is to have the company/government department that owns the lines be very regulated, with guarantees about service quality, etc. The main issue is to make sure that the lines get upgraded, like now with fiber, and whatever we use in the future. And then have the ISP(which has to be a separate company, open to competition) lease the lines from the connection provider for each person that is subscribed to that ISP.
Anything that involves cables going to a house/building is going to be a monopoly/oligarchy simply because people will not put up with every company laying their own wires. But, once you have a connection from a house to a central point, the monopoly can end, and competition can take over.
Except in this case it is much more than just blocking connections. Comcast was making forged reset packets, and sending it to both parties. Forgery != Blocking.
These reset packets were also targeted at VPN connections.
WRT-54Gl with suitable firmware. $60 per unit.
(My favorite firmware is Tomato Firmware)
Have them flashed and set up at a central point, and there would be no configuration at the deployment point.
Yep, so I would have to change my name to "Prince" before changing it to "Mr. Fuck".
I am not talking about boobies, but that is another issue.
Just try to say the words "shit" or "fuck" on the radio. No images, movies, or pictures there, but somehow you can get fined for that. That is very specifically a free speech issue. Maybe someone who is about to get a bunch of negative publicity could change their name to "Mr. Shit Fuck", and then you couldn't be featured in the radio/TV at all.