This does raise a lot of questions. I'd say it falls somewhere in the big grey area between unethical and illegal a lot closer towards the unethical, so long as there is no visible impact on the host system, but that's just me.
I don't think we'll be having to worry about it becoming endemic anytime soon, as it appears the type of problem that can be solved is somewhat limited.
it'd be pretty bogus to be trailed by security guards just because you look like someone who is a thief.
Oh, you mean like [blacks|hispanics|arabs|whatever]? The way I see it, we're just getting a taste of our own medicine. I support their right to do it, but you can bet they'll never catch me on their cameras because I don't plan on setting foot into a Borders any time soon again.
What scares the bejeezus out of me is the not-so-far-off day when this technology becomes more prevalent, and one database is subscribed to by many chain retailers. Think it won't happen? What do you think they do to authorize your check? Submit an ACH debit? That's why I use perhaps three checks a year. Just wait for the fun when the government gets their mitts into it. My guess is it will be billed as "helping catch fugitives by finding where they've been lately." Pair that off with customer affinity cards that many retailers offer, most notably grocery stores, and they'll have a face, a name, and an address, all available only because you look like someone believed to be a criminal.
Guess it's time to start thinking about wearing a ski mask when going shopping or visiting the bank.
There really should be a mechanism for automatically reviewing new legislation for Constitutional affronts, but there isn't.
As you alluded to, there are in fact groups that do it. Think about CDA or COPA. Those haven't seen the light of day because public interest groups got involved and had restraining orders put down before the laws became effective.
If refusing is helping catching bad guys, I'm all for it.
"Those who would trade their essential Liberty for a perceived temporary Security deserve neither Liberty nor Security" --Ben Franklin
If refusing is lopping the legs off the constitution, I'm against it. Right now, without answering questions, we can only assume that they're hiding something. If they thought it would stand on its own merit, they should've applied for the wiretap order. Of course, the judge would ask if they'd see him register for access to NY Times articles, or a Slashdot registration, or even a flame email that was typed but subsequently cancelled and thus never sent. My guess is that since the answer would be "Yes" to all those questions, they knew a wiretap order wouldn't be signed, as the information gathered would be beyond the boundaries of the order.
What they SHOULD have done was take the PGP source, write in a routine to either store or forward the passphrase, compile it, and tote that to the federal judge, and apply for the wiretap with THAT rather than something they bought from a spam mail about tracking your kid online. I would expect that they could get a judge to buy in on that since it would (and could) only intercept the information they were seeking.
Also, you're presupposing that all people they "catch" are "bad guys". Sadly, such is not the case, but we won't even begin to get into that.
Now, how do you use this in court without revealing that it was NSAs monster cracker that did all the work.
By never saying it was the NSA's that did it. If this were the case, then I'd have to expect that they'd sooner say it was their own systems that cracked it than come up with a red herring keylogger that hasn't the stump of an evidenciary leg to stand on.
Of course, when you and I use keyloggers, they're "technical violations of wiretap law". When it's the feds, all that's needed is a search warrant.
WAP uses its own encryption. When dealing with most web servers, it's SSL from the server to the WAP gateway, then it's WAP security from the gateway to your client. Oh, you too noticed that it exists unencrypted on the WAP gateway? And this is decent encryption how?
Funny you should bring that up... Just this morning I stumbled across a computer on Bryan's Rice-Boy Page that has a racing stripe, has a clock display that's higher than the processor, and even has a VTEC sticker.
Nyah, who needs karma anyway? It's funny, dammit. Laugh.
The industies in control are literally trying to change the entire way of the Internet right now, to make it fit a more "profitable" model without them trying to change their existing business models.
Not really... We already have a long-standing precedent for this type of electronic distribution: The software demo. If you like what you see, go out and buy the DVD of the movie.
But behind the guise of lots of these little things lurks the ominous monster of a global information infrastructure controlled by corporations, not by individuals
Naah. You can only control the content you own. If you don't like the way the current content is distributed, by all means, create your own and distribute it in any way that you like. Only at such time as they start making things available only through time-bombed channels, rather than in addition to, should we start becoming gravely concerned.
Look at the current proposition: Spend 7 hours (or more) downloading it, usually from sites that spend more time down than up, choosing from several different file sizes to give you the same product, not knowing whether they're complete or not, and have to watch it from a PC unless you convert it yourself to VCD.
Seems like an awful lot of work just to save yourself the rental fee, but a lot of people apparently are doing that. All in all, this isn't a bad first try.
Sweet. Then we can have edgy and innovative entertainment and software from the likes of phone companies, the USPS, and others who have zero incentive to innovate or compete, and possibly even a disincentive in that they may fall off the gravy train if they rock the boat.
Thanks but no thanks. Count me out. I'd take to sucking corporate ass on a daily basis before having the government say what is good and not good in software and entertainment. Think back to the early nineties with the whole NEA thing, or Ed Meese and the pornography crusade before that. Just because we elect them doesn't mean they don't fsck up on a fairly regular basis (DMCA anyone?).
According to the rec.video.dvd FAQ, it is in fact a technical limitation. You're looking at four layers in one disc. Combine that with changers built to play only single sided DVD's, and you won't see many DVD-18's around.
Yeah, I'm sure the code to do nuclear simulations on the top (public) supercomputers in the world is laughably bad.
Actually, I was speaking of the DFAS accounting systems which, by the military's own admission, are bad at tracking things, and have caused the "loss" of billions of dollars worth of equipment. If the system allows that to happen, it's either poorly coded or poorly integrated.
Also I feel that it's the right of every citizen (or at least the knowledgeable ones) to know exactly what kind of system is used to gather their votes, this is a basic right.
You're one hundred percent correct, which is exactly why the day a federally-sponsored electronic voting system is announced, there will likely be several hundred FOIA requests fired off, mine included.
Speaking of which... Has anyone tried to do a FOIA request for mundane (ie, not carni^H^H^H^H^H DCS1000, Echelon, or nuclear simulation) government software? I'm sure some of it must be almost laughably bad. Taking it a step further... What about submitting a FOIA request for the source code to a government website, or network infrastructure, or anything else that while not "national security" may be potentially sensitive?
Gee, guess Dr. Felten should've just gone ahead and presented in his first go 'round, when the RIAA sent him a nastygram outlining the DMCA.
Vote counts are facts, which cannot be copyrighted.
And legal opinions are public record, which also can't be copyrighted, but damned if that doesn't stop Lexis/Nexis from going after anyone and everyone who looks like they might derail the gravy train.
It could also get Sklyarov off the hook if a significant number of classic (i.e. pre-1923) books are published in eBook form.
That would be BEAUTIFUL, but sadly, it's not the case. Amazon couldn't find enough people to con into buying encrypted ebooks for texts that Project Gutenberg makes available for free. Hell, not even AOL, with its seemingly bottomless well of cluebies could pull that one off.
I stand corrected. I had no idea they were as fast as they are. A google search says they're faster than I thought, but perhaps not as fast as you think either. Looks like they top out at around 90 MPH, which is still 50% faster than I'd have thought one of those behemoths could get up to.
I think we'll see zeppelins come back as commercial transport about the same time the telegraph becomes the primary means of long distance communication again. All the speed of a bus without the false sense of security versus flying. Combine that with the sheer size necessary to float any passenger cabin, let alone one supporting coach class, and you have something destined to be no more than a novelty.
do you really think, though, that an omnipotent God couldn't create this physical evidence that has you totally snowed?
And this is where Occam's razor comes in handy for us.. Let's see, in this corner, we have a god creating a geologic and cosmologic history that points to the earth being millions and the universe being billions of years old, and in this corner, we have a world created last weekend by god, complete down to the last minutae (except the missing link) to give the utterly convincing impression that it's millions of years old.
Naah. DMCA (as it pertains to encryption) only applies to controls to secure copyright holders' rights. PGP and its brethern, along with the algorithms behind them, are out of the reach of DMCA.
Regarding making it more secure, tough. It's not our job to make sure Intel's security is good. We were the ones doing them the favor by showing it's not secure before they throw it out to the world.
I don't know about you, but if it's my ass going to prison, I'm going to err on the side of caution. Sure, they might not go after you as long as you don't disseminate information in the US, but because of the fact Elcomsoft used a US server as part of the buying process, even though at no point did that server house any code, that was deemed sufficient to invoke jurisdiction.
Charming. Now foreign nationals who visit the US are afraid to release details of weaknesses.
Good, I say. Serves 'em right. Once something people want to steal is released with the format, then the details will come out, and people will steal it. By not quashing discussion, they might have been able to fix it while still in R&D, but by taking the I'm-putting-my-head-in-the-sand approach, they're shooting themselves in the foot.
I remember reading this article when it first came out in Wired. If you want something that'll make you recoil, check out the information about oosic, the material that makes the handle.
It's the same exact thing as Passport, just Netscape instead of Microsoft.
Only it's not "just" Netscape, it's actually AOL. Even if it's not integrated, I'd be very surprised if the next major rev of Netscape, assuming there is one outside of an AOL client, doesn't force you to sign up for AOL's SNS.
Slashdot Mirror
I believe it was Vint Cerf who once said that "Fiber to the home used to mean Raisin Bran."
This does raise a lot of questions. I'd say it falls somewhere in the big grey area between unethical and illegal a lot closer towards the unethical, so long as there is no visible impact on the host system, but that's just me.
I don't think we'll be having to worry about it becoming endemic anytime soon, as it appears the type of problem that can be solved is somewhat limited.
it'd be pretty bogus to be trailed by security guards just because you look like someone who is a thief.
Oh, you mean like [blacks|hispanics|arabs|whatever]? The way I see it, we're just getting a taste of our own medicine. I support their right to do it, but you can bet they'll never catch me on their cameras because I don't plan on setting foot into a Borders any time soon again.
What scares the bejeezus out of me is the not-so-far-off day when this technology becomes more prevalent, and one database is subscribed to by many chain retailers. Think it won't happen? What do you think they do to authorize your check? Submit an ACH debit? That's why I use perhaps three checks a year. Just wait for the fun when the government gets their mitts into it. My guess is it will be billed as "helping catch fugitives by finding where they've been lately." Pair that off with customer affinity cards that many retailers offer, most notably grocery stores, and they'll have a face, a name, and an address, all available only because you look like someone believed to be a criminal.
Guess it's time to start thinking about wearing a ski mask when going shopping or visiting the bank.
There really should be a mechanism for automatically reviewing new legislation for Constitutional affronts, but there isn't.
As you alluded to, there are in fact groups that do it. Think about CDA or COPA. Those haven't seen the light of day because public interest groups got involved and had restraining orders put down before the laws became effective.
If refusing is helping catching bad guys, I'm all for it.
"Those who would trade their essential Liberty for a perceived temporary Security deserve neither Liberty nor Security" --Ben Franklin
If refusing is lopping the legs off the constitution, I'm against it. Right now, without answering questions, we can only assume that they're hiding something. If they thought it would stand on its own merit, they should've applied for the wiretap order. Of course, the judge would ask if they'd see him register for access to NY Times articles, or a Slashdot registration, or even a flame email that was typed but subsequently cancelled and thus never sent. My guess is that since the answer would be "Yes" to all those questions, they knew a wiretap order wouldn't be signed, as the information gathered would be beyond the boundaries of the order.
What they SHOULD have done was take the PGP source, write in a routine to either store or forward the passphrase, compile it, and tote that to the federal judge, and apply for the wiretap with THAT rather than something they bought from a spam mail about tracking your kid online. I would expect that they could get a judge to buy in on that since it would (and could) only intercept the information they were seeking.
Also, you're presupposing that all people they "catch" are "bad guys". Sadly, such is not the case, but we won't even begin to get into that.
Now, how do you use this in court without revealing that it was NSAs monster cracker that did all the work.
By never saying it was the NSA's that did it. If this were the case, then I'd have to expect that they'd sooner say it was their own systems that cracked it than come up with a red herring keylogger that hasn't the stump of an evidenciary leg to stand on.
Of course, when you and I use keyloggers, they're "technical violations of wiretap law". When it's the feds, all that's needed is a search warrant.
WAP uses its own encryption. When dealing with most web servers, it's SSL from the server to the WAP gateway, then it's WAP security from the gateway to your client. Oh, you too noticed that it exists unencrypted on the WAP gateway? And this is decent encryption how?
Funny you should bring that up... Just this morning I stumbled across a computer on Bryan's Rice-Boy Page that has a racing stripe, has a clock display that's higher than the processor, and even has a VTEC sticker.
Nyah, who needs karma anyway? It's funny, dammit. Laugh.
The industies in control are literally trying to change the entire way of the Internet right now, to make it fit a more "profitable" model without them trying to change their existing business models.
Not really... We already have a long-standing precedent for this type of electronic distribution: The software demo. If you like what you see, go out and buy the DVD of the movie.
But behind the guise of lots of these little things lurks the ominous monster of a global information infrastructure controlled by corporations, not by individuals
Naah. You can only control the content you own. If you don't like the way the current content is distributed, by all means, create your own and distribute it in any way that you like. Only at such time as they start making things available only through time-bombed channels, rather than in addition to, should we start becoming gravely concerned.
Hmmm that's a tough one.
Look at the current proposition: Spend 7 hours (or more) downloading it, usually from sites that spend more time down than up, choosing from several different file sizes to give you the same product, not knowing whether they're complete or not, and have to watch it from a PC unless you convert it yourself to VCD.
Seems like an awful lot of work just to save yourself the rental fee, but a lot of people apparently are doing that. All in all, this isn't a bad first try.
It could happen...
Sweet. Then we can have edgy and innovative entertainment and software from the likes of phone companies, the USPS, and others who have zero incentive to innovate or compete, and possibly even a disincentive in that they may fall off the gravy train if they rock the boat.
Thanks but no thanks. Count me out. I'd take to sucking corporate ass on a daily basis before having the government say what is good and not good in software and entertainment. Think back to the early nineties with the whole NEA thing, or Ed Meese and the pornography crusade before that. Just because we elect them doesn't mean they don't fsck up on a fairly regular basis (DMCA anyone?).
According to the rec.video.dvd FAQ, it is in fact a technical limitation. You're looking at four layers in one disc. Combine that with changers built to play only single sided DVD's, and you won't see many DVD-18's around.
Yeah, I'm sure the code to do nuclear simulations on the top (public) supercomputers in the world is laughably bad.
Actually, I was speaking of the DFAS accounting systems which, by the military's own admission, are bad at tracking things, and have caused the "loss" of billions of dollars worth of equipment. If the system allows that to happen, it's either poorly coded or poorly integrated.
Also I feel that it's the right of every citizen (or at least the knowledgeable ones) to know exactly what kind of system is used to gather their votes, this is a basic right.
You're one hundred percent correct, which is exactly why the day a federally-sponsored electronic voting system is announced, there will likely be several hundred FOIA requests fired off, mine included.
Speaking of which... Has anyone tried to do a FOIA request for mundane (ie, not carni^H^H^H^H^H DCS1000, Echelon, or nuclear simulation) government software? I'm sure some of it must be almost laughably bad. Taking it a step further... What about submitting a FOIA request for the source code to a government website, or network infrastructure, or anything else that while not "national security" may be potentially sensitive?
The circumvention must be unauthorized.
Gee, guess Dr. Felten should've just gone ahead and presented in his first go 'round, when the RIAA sent him a nastygram outlining the DMCA.
Vote counts are facts, which cannot be copyrighted.
And legal opinions are public record, which also can't be copyrighted, but damned if that doesn't stop Lexis/Nexis from going after anyone and everyone who looks like they might derail the gravy train.
It could also get Sklyarov off the hook if a significant number of classic (i.e. pre-1923) books are published in eBook form.
That would be BEAUTIFUL, but sadly, it's not the case. Amazon couldn't find enough people to con into buying encrypted ebooks for texts that Project Gutenberg makes available for free. Hell, not even AOL, with its seemingly bottomless well of cluebies could pull that one off.
Only problem is that DMCA applies to copyrighted works. Unless you're Katherine Harris and authoring your own election results, DMCA doesn't apply.
I stand corrected. I had no idea they were as fast as they are. A google search says they're faster than I thought, but perhaps not as fast as you think either. Looks like they top out at around 90 MPH, which is still 50% faster than I'd have thought one of those behemoths could get up to.
I think we'll see zeppelins come back as commercial transport about the same time the telegraph becomes the primary means of long distance communication again. All the speed of a bus without the false sense of security versus flying. Combine that with the sheer size necessary to float any passenger cabin, let alone one supporting coach class, and you have something destined to be no more than a novelty.
do you really think, though, that an omnipotent God couldn't create this physical evidence that has you totally snowed?
And this is where Occam's razor comes in handy for us.. Let's see, in this corner, we have a god creating a geologic and cosmologic history that points to the earth being millions and the universe being billions of years old, and in this corner, we have a world created last weekend by god, complete down to the last minutae (except the missing link) to give the utterly convincing impression that it's millions of years old.
Naah. DMCA (as it pertains to encryption) only applies to controls to secure copyright holders' rights. PGP and its brethern, along with the algorithms behind them, are out of the reach of DMCA.
Regarding making it more secure, tough. It's not our job to make sure Intel's security is good. We were the ones doing them the favor by showing it's not secure before they throw it out to the world.
I don't know about you, but if it's my ass going to prison, I'm going to err on the side of caution. Sure, they might not go after you as long as you don't disseminate information in the US, but because of the fact Elcomsoft used a US server as part of the buying process, even though at no point did that server house any code, that was deemed sufficient to invoke jurisdiction.
Charming. Now foreign nationals who visit the US are afraid to release details of weaknesses.
Good, I say. Serves 'em right. Once something people want to steal is released with the format, then the details will come out, and people will steal it. By not quashing discussion, they might have been able to fix it while still in R&D, but by taking the I'm-putting-my-head-in-the-sand approach, they're shooting themselves in the foot.
connected to a shinyhappy ad-laden corporate network through ATM-like dumb terminals.
/. now?
Larry Ellison? You're posting to
Seriously though, I thought we had pretty much squashed the idea of network computers circa. 1998.
I remember reading this article when it first came out in Wired. If you want something that'll make you recoil, check out the information about oosic, the material that makes the handle.
It's the same exact thing as Passport, just Netscape instead of Microsoft.
Only it's not "just" Netscape, it's actually AOL. Even if it's not integrated, I'd be very surprised if the next major rev of Netscape, assuming there is one outside of an AOL client, doesn't force you to sign up for AOL's SNS.