Seems like the feds are contradicting themselves (I guess that's not a huge surprise). In the Scarfo case, the FBI claimed they didn't need a wiretap approval to put a keystroke logger on Scarfo's computer because they were only monitoring internal communications between the keyboard and the computer. Thus it wasn't a wiretap.
Now the government is prosecuting someone for doing the exact same thing. Has anyone else noticed this contradiction, or am I missing some important distinction?
Gee, they rent around here for about $4 for an entire week. You'd have to have an awful lot of people returning them long before they were due to get even close to $15/week. I really can't see that happening at all.... (I can't remember the last time I kept one for less than 5 days)
There is a no advertising without written permission clause.
I don't get that out of the license at all. What I read is that you can't use the name "The XFree86 Project, Inc." in any advertising -- why is that a big deal?
I also don't see the problems with the rest of the license points highlighted in the mailing list exchange. Looks like if you put their copyright notice in/usr/share/doc/XFree86 or whatever you'd be in compliance.
Now the generation of yet another licensing scheme for open source software does confuse things unnecessarily, but I don't see any concrete problems with the license....
The notion that hiding the means of encryption will somehow make the data in question more secure is a notion that has been obsolete since World War II.
This is too conservative.... it was in the 19th century that this became accepted. It's known as "Kerckhoff's Principle." From Wikipedia:
In security engineering, Kerckhoffs' law (also called Kerckhoffs' assumption or Kerckhoffs' principle) was stated by Auguste Kerckhoffs in the 19th Century: A cryptosystem should be designed to be secure if everything is known about it except the key information. It was reformulated (perhaps independently) by Claude Shannon as "the enemy knows the system". In that form it is called Shannon's Maxim. Since the advent of open source software development, these principles have increasingly been used to ground arguments for it (and against "security through obscurity").
I think the guy's wacky, but I also think he fills an incredibly useful role. There are some people out there that take things to an extreme -- way across the boundaries of what most people would consider reasonable. Are we all going to be Steve Manns? No, but by pushing things to extremes he might (and probably will) stumble across some things that really are useful to people.
As another example (since this is Slashdot), think of Richard Stallman. Very few people completely buy into his extremist positions -- but there are excellent nuggets here and there that have evolved into some fantastic results. I don't think someone would have had near the same success pushing only the mainstream ideas that became "a hit."
Because elections in the U.S. are orders of magnitude more complex than Canadian elections. In the 2000 elections, there were 150 million votes cast in the U.S. In the 2000 Canadian elections there were 12 million votes cast.
My ballot had over 80 different things to vote on, from president to state and local offices, ballot initiatives, etc. How complex was the Canadian ballot?
So with 80 different things to vote on, and 150 million people, we're talking about tabulating 12 billion votes. Hopefully you can see the benefit of some automation here....
I simply don't understand this at all, and when I think of it then yes it is definitely an atrocity, and it pisses me off.
I can understand classified documents being edited, and sources being protected, but a review of a government agency that is edited for apparently no reason other than that it was critical of the agency? Hell no that's not ok! The idea in this country is that they (the DOJ) work for *US*, and they are accountable to us. Reviews of public agencies should be public, with the only reason for redacting something being legitimately classified info.
Not true. The DMCA makes circumventing any access control technique illegal. It doesn't matter if the technique is encryption, corruption, or some other technique.
many of them I can LEGALLY share on the internet as they are no longer copyrighted.
How do you figure this? Albums haven't been around long enough for the copyrights to expire, so for them to be "no longer copyrighted" they'd have to have been explicitly turned over to the public domain. Have they been?
The md5 hashing algorithm has been proven to contain flaws allowing two files to produce identical md5 sums.
Well of course. In fact, you might even say that's part of the entire point of hash functions (being that they map things into a smaller set). However, despite the "flaw" concern, it's really not a real-world issue. Notice that this warning was from 1996 --- 7 years ago. And yet, do date, no one has been able to find a single MD5 collision (two different files with the same hash value).
That aside, I'd recommend to anyone looking for a hash function now to use SHA1 or the longer 256-bit version. But I sure wouldn't lose any sleep of MD5 being used.
And as for the subject line, MD5 can and does somewhat regularly stand up in court. It's a standard computer forensics technique for vouching for authenticity of data.
Yes, I'd pay a little extra, but $100 is way off the mark.
I have a portable CD/MP3 player (plays MP3s off CDs) by Panasonic. For under $60 it has a reasonable control and LCD display in addition to the CD reading mechanism and software to actually play the MP3s. The marginal cost for the actual control/display part of that system is probably $10, tops.
So yes, I sure as hell would pay $10 to have that kind of control on a component-style piece of equipment!
The biggest problem I see with this (or with using an X-box for similar things) is the lack of any display or controls on the box itself. I don't want to have to turn on the TV to listen to music, and I don't really want to have to search for a remote either. Why can't people put a very simple user interface on the front of the box??? Something as simple as the iPod interface would be great and very functional.
In the full description, you'll notice that they include the "strings" output from the netgear software, which includes hardcoded IP addresses. Netgear reported that the non-UW addresses were used for debugging by the developers.
Here's the interesting part: at least two of those are 12.* addresses --- cablemodems with attbi.com. So if you want to know who the developer responsible is, it might be a reasonable guess it's whoever lives at those IP addresses!:-)
Don't know where they're getting their numbers from, but they sure don't match any real numbers I've seen. In fact, the numbers from the OMB in the White House show a much more dismal picture of debt as a percentage of GDP. According to the chart in your link, the debt in 2002 looks like about 35% (eyeballing the chart). But according to the White House it's 60.0%
Furthermore, the White House's own projections show that the debt, as a percentage of GDP, will be 67.6% by 2007, which is the highest rate since 1955. The 1955 debt was the tail end of the WWII debt, which was high from 1943 to 1955.
Gee, thank you Mr. Bush -- I love having the highest debt since the last World War...
None of these figures are secret -- they're all public data available in the President's budget (look at the 'historical tables').
From Fiscal Year 1981 through Fiscal Year 1981, only once did the Reagan administration propose more spending than Congress approved; for the other eight years, Congress spent more money than Reagan proposed.
Nice comparison of apples to oranges there. Comparing the spending proposals of Reagan to the final spending amount, eh? Very honest....
It's always the case that more money gets spent than was planned for and/or proposed. If you want a fair comparison, compare the original budget proposals from Reagan and Congress each year. You'll see that in 7 of the 8 years, Reagan's proposed budget spent more than Congress's proposed budget.
Reagan was quite comfortable out-spending Tip O'Neil's Congress, and that's saying something! He was a big-spender extraordinaire....
>>Nobody gets jail time for copyright violations. >Under the DMCA you can get jail-time.
That's not really true. Under the DMCA you can get jail-time only if you profit from your actions. So if you make a free "copyright circumvention device" you can get civil judgements, but no jail-time. If you *sell* the same kind of thing, then you can get jail-time.
That's why there was no discussion of jail-time in the DeCSS case, but there was in the ElcomSoft case.
This is a horrible idea in my opinion. Spoofed IP addresses are a serious problem, and all ISPs *should* be doing egress filtering so that crap that uses spoofed IPs (including DDoS attacks) will be filtered out. So if ISPs do the right thing and stop spoofing, which is truly an abuse of the underlying protocol, then your method doesn't work at all any more.
Too bad it looks like ISPs are about to lose in a case just like this.
No, the ISP (Verizon) case is absolutely nothing like this one. The judge in this decision very clearly states that illegal copyright infringement is going on, just that it's not the responsibility of the software provider to police this. That's a good decision.
So whose responsibility is the illegal copying? The person doing the copying, of course! In other words, it's the ISP users who are being protected by Verizon that are really responsible for their actions, and should be responsible for their actions. This is also good.
So why is Verizon fighting this? The key issue in that case is that in order to compel the identity of the users, the RIAA is saying they can just say they need the info. No judicial oversight, no review, no nothing except RIAA saying "we need it." And that is fundamentally wrong. You're putting ISPs at the mercy of another private organization who can decide on whatever whim they want that they can violate the ISP users privacy.
So it's not an issue of copyrighted file sharing being "ok". These two cases address entirely separate issues, so shouldn't be confused! And in neither of the two cases does anyone claim that sharing copyrighted files is ok.
Exactly. My kids were watching cartoons too, and I let them keep watching. We only have one TV, so I watched some streaming video off the 'net. We talked to our 5 year old later -- she understands what happened, but not really the magnitude of it. She certainly didn't need to see lots of uncertain information unfolding live at the time.
There are some interesting connections: the shuttle blew up almost right over our house, and my daughter goes to kindergarten at Christa McAuliffe Elementary School... They had just been talking about the space shuttle in school a week or so ago.
OK, some people have said patent and license for free to non-commercial uses. There's a much safer approach that will save the inventor some money, although at the risk of some embarrassment:
1) Time stamp a document containing your results. There are lots of ways of doing this, with either automated services (such as "Stamper" at http://www.itconsult.co.uk/stamper.htm), or just posting the document on Usenet.
2) Tell someone else -- I'd suggest making a very public release on some forum. Incidentally, your write-up should say that you will apply for a patent. In the U.S. you have a year after publication to file for a patent.
3) Submit to a conference, like CRYPTO.
By publishing, you've established ownership so noone else can patent your technique later (because yours would now be "prior art"), and you can still patent if it holds up to scrutiny. But you also save yourself the patent fees if it doesn't.
I'd be willing to put a little bit of money on a bet that the result would be that a weakness would be discovered. If by "perfectly unbreakable" you mean an infinite unicity distance, there are only two ways you can do that: use a random key (i.e., a one-time pad), or encrypt completely random data (which would be pretty useless). Anything else (yes, *anything* else) will have a finite unicity distance, and so cannot be claimed to be completely unbreakable.
I'd love to get a copy of this if you've captured it. If you can send it to me, drop an email to drbluetoo@yahoo.com, and I'll send you my real email address....
Does anyone know if there is a site that archives viruses? Not virus alerts, and not virus cleaning tools, but the actual viruses themselves? There used to be an archive on hackz.com, but it seems to be shut down now.
It would be fun to get a copy of this new one to see how it works (I've got an isolated network just for this kind of stuff, and machines can get trashed without any real problems), but it hasn't made its way here yet. I know such an archive is pretty dangerous, but if they post exploits on Security Focus, why not an archive of viruses?
Slashdot Mirror
Seems like the feds are contradicting themselves (I guess that's not a huge surprise). In the Scarfo case, the FBI claimed they didn't need a wiretap approval to put a keystroke logger on Scarfo's computer because they were only monitoring internal communications between the keyboard and the computer. Thus it wasn't a wiretap.
Now the government is prosecuting someone for doing the exact same thing. Has anyone else noticed this contradiction, or am I missing some important distinction?
$15 per week?????
Gee, they rent around here for about $4 for an entire week. You'd have to have an awful lot of people returning them long before they were due to get even close to $15/week. I really can't see that happening at all.... (I can't remember the last time I kept one for less than 5 days)
There is a no advertising without written permission clause.
/usr/share/doc/XFree86 or whatever you'd be in compliance.
I don't get that out of the license at all. What I read is that you can't use the name "The XFree86 Project, Inc." in any advertising -- why is that a big deal?
I also don't see the problems with the rest of the license points highlighted in the mailing list exchange. Looks like if you put their copyright notice in
Now the generation of yet another licensing scheme for open source software does confuse things unnecessarily, but I don't see any concrete problems with the license....
This is too conservative.... it was in the 19th century that this became accepted. It's known as "Kerckhoff's Principle." From Wikipedia:
I think the guy's wacky, but I also think he fills an incredibly useful role. There are some people out there that take things to an extreme -- way across the boundaries of what most people would consider reasonable. Are we all going to be Steve Manns? No, but by pushing things to extremes he might (and probably will) stumble across some things that really are useful to people.
As another example (since this is Slashdot), think of Richard Stallman. Very few people completely buy into his extremist positions -- but there are excellent nuggets here and there that have evolved into some fantastic results. I don't think someone would have had near the same success pushing only the mainstream ideas that became "a hit."
Because elections in the U.S. are orders of magnitude more complex than Canadian elections. In the 2000 elections, there were 150 million votes cast in the U.S. In the 2000 Canadian elections there were 12 million votes cast.
My ballot had over 80 different things to vote on, from president to state and local offices, ballot initiatives, etc. How complex was the Canadian ballot?
So with 80 different things to vote on, and 150 million people, we're talking about tabulating 12 billion votes. Hopefully you can see the benefit of some automation here....
I simply don't understand this at all, and when I think of it then yes it is definitely an atrocity, and it pisses me off.
I can understand classified documents being edited, and sources being protected, but a review of a government agency that is edited for apparently no reason other than that it was critical of the agency? Hell no that's not ok! The idea in this country is that they (the DOJ) work for *US*, and they are accountable to us. Reviews of public agencies should be public, with the only reason for redacting something being legitimately classified info.
Not true. The DMCA makes circumventing any access control technique illegal. It doesn't matter if the technique is encryption, corruption, or some other technique.
How do you figure this? Albums haven't been around long enough for the copyrights to expire, so for them to be "no longer copyrighted" they'd have to have been explicitly turned over to the public domain. Have they been?
Well of course. In fact, you might even say that's part of the entire point of hash functions (being that they map things into a smaller set). However, despite the "flaw" concern, it's really not a real-world issue. Notice that this warning was from 1996 --- 7 years ago. And yet, do date, no one has been able to find a single MD5 collision (two different files with the same hash value).
That aside, I'd recommend to anyone looking for a hash function now to use SHA1 or the longer 256-bit version. But I sure wouldn't lose any sleep of MD5 being used.
And as for the subject line, MD5 can and does somewhat regularly stand up in court. It's a standard computer forensics technique for vouching for authenticity of data.
Yes, I'd pay a little extra, but $100 is way off the mark.
I have a portable CD/MP3 player (plays MP3s off CDs) by Panasonic. For under $60 it has a reasonable control and LCD display in addition to the CD reading mechanism and software to actually play the MP3s. The marginal cost for the actual control/display part of that system is probably $10, tops.
So yes, I sure as hell would pay $10 to have that kind of control on a component-style piece of equipment!
The biggest problem I see with this (or with using an X-box for similar things) is the lack of any display or controls on the box itself. I don't want to have to turn on the TV to listen to music, and I don't really want to have to search for a remote either. Why can't people put a very simple user interface on the front of the box??? Something as simple as the iPod interface would be great and very functional.
In the full description, you'll notice that they include the "strings" output from the netgear software, which includes hardcoded IP addresses.
:-)
Netgear reported that the non-UW addresses were used for debugging by the developers.
Here's the interesting part: at least two of those are 12.* addresses --- cablemodems with attbi.com. So if you want to know who the developer responsible is, it might be a reasonable guess it's whoever lives at those IP addresses!
Don't know where they're getting their numbers from, but they sure don't match any real numbers I've seen. In fact, the numbers from the OMB in the White House show a much more dismal picture of debt as a percentage of GDP. According to the chart in your link, the debt in 2002 looks like about 35% (eyeballing the chart). But according to the White House it's 60.0%
Furthermore, the White House's own projections show that the debt, as a percentage of GDP, will be 67.6% by 2007, which is the highest rate since 1955. The 1955 debt was the tail end of the WWII debt, which was high from 1943 to 1955.
Gee, thank you Mr. Bush -- I love having the highest debt since the last World War...
None of these figures are secret -- they're all public data available in the President's budget (look at the 'historical tables').
Nice comparison of apples to oranges there. Comparing the spending proposals of Reagan to the final spending amount, eh? Very honest....
It's always the case that more money gets spent than was planned for and/or proposed. If you want a fair comparison, compare the original budget proposals from Reagan and Congress each year. You'll see that in 7 of the 8 years, Reagan's proposed budget spent more than Congress's proposed budget.
Reagan was quite comfortable out-spending Tip O'Neil's Congress, and that's saying something! He was a big-spender extraordinaire....
>>Nobody gets jail time for copyright violations.
>Under the DMCA you can get jail-time.
That's not really true. Under the DMCA you can get jail-time only if you profit from your actions. So if you make a free "copyright circumvention device" you can get civil judgements, but no jail-time. If you *sell* the same kind of thing, then you can get jail-time.
That's why there was no discussion of jail-time in the DeCSS case, but there was in the ElcomSoft case.
This is a horrible idea in my opinion. Spoofed IP addresses are a serious problem, and all ISPs *should* be doing egress filtering so that crap that uses spoofed IPs (including DDoS attacks) will be filtered out. So if ISPs do the right thing and stop spoofing, which is truly an abuse of the underlying protocol, then your method doesn't work at all any more.
No, the ISP (Verizon) case is absolutely nothing like this one. The judge in this decision very clearly states that illegal copyright infringement is going on, just that it's not the responsibility of the software provider to police this. That's a good decision.
So whose responsibility is the illegal copying? The person doing the copying, of course! In other words, it's the ISP users who are being protected by Verizon that are really responsible for their actions, and should be responsible for their actions. This is also good.
So why is Verizon fighting this? The key issue in that case is that in order to compel the identity of the users, the RIAA is saying they can just say they need the info. No judicial oversight, no review, no nothing except RIAA saying "we need it." And that is fundamentally wrong. You're putting ISPs at the mercy of another private organization who can decide on whatever whim they want that they can violate the ISP users privacy.
So it's not an issue of copyrighted file sharing being "ok". These two cases address entirely separate issues, so shouldn't be confused!
And in neither of the two cases does anyone claim that sharing copyrighted files is ok.
Exactly. My kids were watching cartoons too, and I let them keep watching. We only have one TV, so I watched some streaming video off the 'net. We talked to our 5 year old later -- she understands what happened, but not really the magnitude of it. She certainly didn't need to see lots of uncertain information unfolding live at the time.
There are some interesting connections: the shuttle blew up almost right over our house, and my daughter goes to kindergarten at Christa McAuliffe Elementary School... They had just been talking about the space shuttle in school a week or so ago.
It's called the "LARC", for "Laboratory for Recreational Computing", and was started in 1993. Check it out here.
The lab is run by a professor (Ian Parberry) who has published a few books on game programming.
Has RMS requested that they call it GNU/Gene/L yet?
OK, some people have said patent and license for free to non-commercial uses. There's a much safer approach that will save the inventor some money, although at the risk of some embarrassment:
1) Time stamp a document containing your results. There are lots of ways of doing this, with either automated services (such as "Stamper" at http://www.itconsult.co.uk/stamper.htm), or just posting the document on Usenet.
2) Tell someone else -- I'd suggest making a very public release on some forum. Incidentally, your write-up should say that you will apply for a patent. In the U.S. you have a year after publication to file for a patent.
3) Submit to a conference, like CRYPTO.
By publishing, you've established ownership so noone else can patent your technique later (because yours would now be "prior art"), and you can still patent if it holds up to scrutiny. But you also save yourself the patent fees if it doesn't.
I'd be willing to put a little bit of money on a bet that the result would be that a weakness would be discovered. If by "perfectly unbreakable" you mean an infinite unicity distance, there are only two ways you can do that: use a random key (i.e., a one-time pad), or encrypt completely random data (which would be pretty useless). Anything else (yes, *anything* else) will have a finite unicity distance, and so cannot be claimed to be completely unbreakable.
Fantastic -- thanks!
I'd love to get a copy of this if you've captured it. If you can send it to me, drop an email to drbluetoo@yahoo.com, and I'll send you my real email address....
It would be fun to get a copy of this new one to see how it works (I've got an isolated network just for this kind of stuff, and machines can get trashed without any real problems), but it hasn't made its way here yet. I know such an archive is pretty dangerous, but if they post exploits on Security Focus, why not an archive of viruses?