Can't I Just Write an HTTP Client To Circumvent?
on
Breaking Google's DRM
·
· Score: 0, Redundant
Who cares what functionality browsers have if I can just code an http client or do some command line http request for content? If the code runs on an untrusted platform and is not decoded in a tamperproof video module, then I have access to it.
I used Rexx extensively on MVS for many years. Incorporated it into a couple of products I developed. Miles ahead of TSO CLISTs.
Later I had to develop a special-purpose language with easy syntax for non-programmers to understand. It was heavily influenced by Rexx and had, like Rexx, typeless vars, strong intuitive string manipulation and associative arrays. Also the equivalent of execio so you could read a file into an array with one simple line of code. Imitation is the sincerest form of flattery!
While the power of shell scripts and Perl cannot be denied (I've used them both), they are syntactic abominations and not easy to pick up if you only use them occasionally.
Long live Rexx and Mike Cowlishaw (a nice fellow whom I had the pleasure of meeting once).
Unfortunately, if the certificates are stored in DNS then the private keys must be available for validation. (And if a spammer has access to the private keys, then they can generate valid public keys.)
I don't understand this. Email users are given a cert containing their email address. The email address is thus bound to a key pair. Directories contain the certs which contain the public keys. Users sign mail using their private key. Mail servers/gateways verify the sig using the cert and public key. The private key never leaves the user's machine.
Hijacking a machine still doesn't give automatic access to the private key (although the password protecting it may be obtained in time - keystroke logger, etc.).
Certs and PKI still do not provide a rosy solution - the usual issues of cert revocation (CRL lists, OCSP), expiry and management still apply.
The other point is, I believe even if you have the private key, you cannot easily create the public key from it as the author says (that's one of the hard problems).
A terabyte is about 2**40 bytes. An MD5 hash is 16 or 2**4 bytes. Therefore this drive can store 2**36 MD5 hashes of (say) passwords. So you could launch a dictionary attack on a simple (non-salted) password very quickly and portably.
For systems with 6 char passwords mandated, even if you chose a truly random pswd value (e.g. about 2**6 or 64 choices per character), you can still cover the entire spectrum.
So, given a password hash like this, you could have everything precomputed ahead of time and potentially speed up your brute force attack significantly over one where hashes need to be computed on the fly.
X10 the company is valuable here in Canada because they ship their products from here hence avoiding customs crap and inflated shipping costs. Can't say the same about HomeControls.com who tried to scam me for a hidden extra $25 in shipping after the transactional fact.
X10 the protocol is very valuable for home automation and control. I use a lot of their devices to remotely control things that don't have on/off switches (old pinball machines). I can do this from my computer also, using provided canned software, or freeware Java or C++ code.
Outsourcing is a threat to us all. I would suggest that we modify a Chicken-catching machine (talked about in this thread) to gather up all of these outsourcers into a cage.
They can then be driven around for awhile causing them to becoming disoriented, then be safely and humanely released into the wild.
I am constantly being ribbed by a younger guy here about being an old ex-mainframe guy. He is always going on about how there were dinosaurs crawling about when I was programming on them. Now IBM comes out with a new model called "T-Rex". I can feel a new verbal assault coming on...
Couldn't IBM have call it something like Mainframe Extreme or something a bit more trendy?
Toronto's streetcar system used to consist of these old "PCC" cars. They ran them up into the 1980s before phasing them out. They were affectionately known as "Red Rockets", being painted red in Toronto Transit Copmmission (TTC) colors.
They sold the cars off back then. I wanted to get one but didn't have any place to put it (nor could I afford one at the time). You see them around the province in spots. They would make good diners.
If Radio Shack provides battery power and remote controls, then this one could be fun to play with.
Slashdot Mirror
Who cares what functionality browsers have if I can just code an http client or do some command line http request for content? If the code runs on an untrusted platform and is not decoded in a tamperproof video module, then I have access to it.
George Costanza on Seinfeld was an early adopter, wanting to name his child "7". Unfortunately their friends stole it and George was upset.
I used Rexx extensively on MVS for many years. Incorporated it into a couple of products I developed. Miles ahead of TSO CLISTs.
Later I had to develop a special-purpose language with easy syntax for non-programmers to understand. It was heavily influenced by Rexx and had, like Rexx, typeless vars, strong intuitive string manipulation and associative arrays. Also the equivalent of execio so you could read a file into an array with one simple line of code. Imitation is the sincerest form of flattery!
While the power of shell scripts and Perl cannot be denied (I've used them both), they are syntactic abominations and not easy to pick up if you only use them occasionally.
Long live Rexx and Mike Cowlishaw (a nice fellow whom I had the pleasure of meeting once).
Unfortunately, if the certificates are stored in DNS then the private keys must be available for validation. (And if a spammer has access to the private keys, then they can generate valid public keys.)
I don't understand this. Email users are given a cert containing their email address. The email address is thus bound to a key pair. Directories contain the certs which contain the public keys. Users sign mail using their private key. Mail servers/gateways verify the sig using the cert and public key. The private key never leaves the user's machine.
Hijacking a machine still doesn't give automatic access to the private key (although the password protecting it may be obtained in time - keystroke logger, etc.).
Certs and PKI still do not provide a rosy solution - the usual issues of cert revocation (CRL lists, OCSP), expiry and management still apply.
The other point is, I believe even if you have the private key, you cannot easily create the public key from it as the author says (that's one of the hard problems).
RSA Labs is working on Blocker Tags that would provide privacy by effectively jammming RFID readers via some algorithm.
A terabyte is about 2**40 bytes. An MD5 hash is 16 or 2**4 bytes. Therefore this drive can store 2**36 MD5 hashes of (say) passwords. So you could launch a dictionary attack on a simple (non-salted) password very quickly and portably.
For systems with 6 char passwords mandated, even if you chose a truly random pswd value (e.g. about 2**6 or 64 choices per character), you can still cover the entire spectrum.
So, given a password hash like this, you could have everything precomputed ahead of time and potentially speed up your brute force attack significantly over one where hashes need to be computed on the fly.
X10 the company is valuable here in Canada because they ship their products from here hence avoiding customs crap and inflated shipping costs. Can't say the same about HomeControls.com who tried to scam me for a hidden extra $25 in shipping after the transactional fact.
X10 the protocol is very valuable for home automation and control. I use a lot of their devices to remotely control things that don't have on/off switches (old pinball machines). I can do this from my computer also, using provided canned software, or freeware Java or C++ code.
Long live the X10 protocol and the X10 company.
Outsourcing is a threat to us all. I would suggest that we modify a Chicken-catching machine (talked about in this thread) to gather up all of these outsourcers into a cage.
They can then be driven around for awhile causing them to becoming disoriented, then be safely and humanely released into the wild.
Bock bock bockI am constantly being ribbed by a younger guy here about being an old ex-mainframe guy. He is always going on about how there were dinosaurs crawling about when I was programming on them. Now IBM comes out with a new model called "T-Rex". I can feel a new verbal assault coming on ...
Couldn't IBM have call it something like Mainframe Extreme or something a bit more trendy?
Toronto's streetcar system used to consist of these old "PCC" cars. They ran them up into the 1980s before phasing them out. They were affectionately known as "Red Rockets", being painted red in Toronto Transit Copmmission (TTC) colors.
They sold the cars off back then. I wanted to get one but didn't have any place to put it (nor could I afford one at the time). You see them around the province in spots. They would make good diners.
If Radio Shack provides battery power and remote controls, then this one could be fun to play with.
Mr. Skinnarland was mentioned several times in Leo Marks book "Between Silk and Cyanide". One of the many heroes just recently getting their due.
He trained in England with the SOE, crossing paths with Mr Marks who trained operatives in the use of codes.
Marks died in the last year or two also.