See, I don't think they really understand the problem here. You can try to be "proactive" about this sort of stuff as much as you want, but holes will keep opening up, and USENET will keep getting spammed through the holes, and once the spam is out,... same old problem. Even if you cut off their news access immediately afterwards, which only serves to aggravate the customer, who won't understand why they're being cut off.
But I'm glad to see the PR department has taken its normal approach to things - put as much spin on the problem as possible in a press release, then stall and see if everyone quits looking.
@home: Just lock down your news servers already. There's no reason for them to be hanging out in the open like that...
It's New Year's Day. What sales did they think they were going to generate ANYWAY? Everyone will be recovering from their hangovers, watching TV, or doing something TOTALLY unproductive.
"normal" stores close on New Year's Day and don't seem to suffer any significant impact, right? I figure it like this: if one day per year is going to actually MATTER in your finances, it is time to quit using the company AMEX for those $1000-a-night strip club outings. Sheesh.
As several others have pointed out, Netrek solved this problem a LONG time ago. I'm responding where I am so that this post gets, hopefully, seen by everyone who hasn't read yet, so we don't get any more vague, unclueful debate on this.
The solution is very simple. ID compiles a 'vanilla blessed' server. ID compiles a 'vanilla blessed' client. They create an encrypted binary key for the 'blessed' client, based on the client binary itself. They distribute this key with the vanilla server. They allow server gods to add any additional compiled keys they want - and to turn off or on whether key checking is used.
Now, every single server will be able to be accessed by the vanilla blessed client, no matter what. It all works out of the box. Turn on key checking, and no hacked binaries or recompiled clients will work on your server. Want to make a mod? Compile your modified client binary and distribute a matching encrypted server key for it. Server gods add your key if they like your client. It's that simple. If you want to run a "chaos" server, turn off key checking. Anyone can come in and do what they want - and THAT is often pretty fun.
It works great. People have been trying, and failing, to make 'borg' clients for Netrek for quite a long time now. There are some very good borgs that used to play on the Chaos servers. But they don't and CAN'T get into the vanilla servers.
Anything that will make a child think, instead of glom onto the TV and watch more crap, is fine by me. If it comes in the form of a FPS, fine. If it comes in the form of a sim, fine. I wish the media moguls would wake up and realize that THINKING, contrary to popular belief, is GOOD, and TV doesn't make you think... especially not two-bit sitcoms.
Why don't these momos go after the WWF/WCW/whatever? I see more kids trying to bodyslam/armdrop/etc. each other than I see conducting authentic military maneuvers in their backyards... hmm... and worse, the kids aren't pros and don't know how to NOT get hurt.
If you go through the whole article, the bit at the bottom says "help remove the gag order from our Assistant Webmaster"... I'm thinking that there's perhaps a bit of reporting bias here?
The judge's decision is ridiculous as reported in that article, but I'm pretty sure we haven't seen the entire story here. (Not that I'd care to ever see the courts interfere on USENET...)
Hooey on THAT. A sufficiently strong algorithm with a 1024-bit key is not currently breakable by ANYTHING - the FBI has a much easier solution in this case, commonly referred to as "Rubber-Hose Cryptanalysis." It's a lot easier for them to beat your pass phrase out of you or your recipient, frankly. The spooks support encryption export controls because they want to retain the ability to spy on other countries - good ole nationalism at work, not because they want to scan your neighbor's e-mail. Terrorism is a relatively minimal factor in their interests.
Nevermind that other countries are perfectly capable of coming up with strong crypto on their own, and HAVE already done so, making the government look exactly like the farmer closing the gate after the goats are gone.
24-bit encryption isn't just as "bad" as none, it's WORSE than none, because the parties involved believe it's effective. Widespread use of token (40-bit) encryption would be nice...but if every software company out there with an E-mail product were able to, overnight, produce and auto-apply a 100% effective no-bugs patch that would add an "Encrypt this message?" option to EVERYTHING... people still wouldn't use it. Because it requires another password. And people are, when it comes down to it, LAZY! L-A-Z-Y. They just want to send a dirty joke to their brother Bob in Nevada. The average bear's skull simply is not equipped with the wetware to realize that when he encrypts his dirty joke to Bob, he is providing additional security for himself and everyone else down the line - he can't see beyond the here and now, and so he mashes "no" to that prompt and bitches about how paranoid people are becoming.
We could waste a lot of time evangelizing to Joe and Bob Schmuck about this kind of thing... but when you get right down to it, having everyone use breakable crypto is just another case of 'security through obscurity', which has been shown to fail. Miserably. Consistently. So all us l'il crypto-monkeys would rather talk to y'all out there who AREN'T lazy, in the hopes of actually accomplishing SOMETHING. It will spread more slowly... but where it spreads, it will take root and grow.
(I won't even address the fact that scanning digital communications encrypted with a 24-bit key poses no significant slowdown factor for the hardware you mention. Vastly compromised? Doubt it.)
the Discworld series is excellent. unfortunately, due to Pratchett's nature of including at least five or six hilarious cameos by previous characters (and at least five or six oblique references to other characters without even the cameo) it's almost totally necessary to inhale them in the right order. =) If you want an excellent experience, start from "The Colour of Magic" and work forwards - for example, Death shows up so often later that to get the full giggle from all his throw-away lines, you really MUST have read "Mort" (3rd in the series).
If you just can't stand the thought of reading them in order, or have trouble finding the early books (I know our local bookstores only have "Jingo", "Lords and Ladies", and a couple other of his newest - and forget finding them in the used bookstores), "Guards! Guards!" is probably a good one to randomly jump into.
Slashdot Mirror
for DCSS, how much tedious rewriting-every-single-instance-of-a-change BS did you have to wade through?
Link you meant to use is probably SporkHack, or telnet here for the public beta server. :)
See, I don't think they really understand the problem here. You can try to be "proactive" about this sort of stuff as much as you want, but holes will keep opening up, and USENET will keep getting spammed through the holes, and once the spam is out,... same old problem. Even if you cut off their news access immediately afterwards, which only serves to aggravate the customer, who won't understand why they're being cut off.
But I'm glad to see the PR department has taken its normal approach to things - put as much spin on the problem as possible in a press release, then stall and see if everyone quits looking.
@home: Just lock down your news servers already. There's no reason for them to be hanging out in the open like that...
It's New Year's Day. What sales did they think they were going to generate ANYWAY? Everyone will be recovering from their hangovers, watching TV, or doing something TOTALLY unproductive.
"normal" stores close on New Year's Day and don't seem to suffer any significant impact, right? I figure it like this: if one day per year is going to actually MATTER in your finances, it is time to quit using the company AMEX for those $1000-a-night strip club outings. Sheesh.
http://www.netrek.org
As several others have pointed out, Netrek solved this problem a LONG time ago. I'm responding where I am so that this post gets, hopefully, seen by everyone who hasn't read yet, so we don't get any more vague, unclueful debate on this.
The solution is very simple. ID compiles a 'vanilla blessed' server. ID compiles a 'vanilla blessed' client. They create an encrypted binary key for the 'blessed' client, based on the client binary itself. They distribute this key with the vanilla server. They allow server gods to add any additional compiled keys they want - and to turn off or on whether key checking is used.
Now, every single server will be able to be accessed by the vanilla blessed client, no matter what. It all works out of the box. Turn on key checking, and no hacked binaries or recompiled clients will work on your server. Want to make a mod? Compile your modified client binary and distribute a matching encrypted server key for it. Server gods add your key if they like your client. It's that simple. If you want to run a "chaos" server, turn off key checking. Anyone can come in and do what they want - and THAT is often pretty fun.
It works great. People have been trying, and failing, to make 'borg' clients for Netrek for quite a long time now. There are some very good borgs that used to play on the Chaos servers. But they don't and CAN'T get into the vanilla servers.
Anything that will make a child think, instead of glom onto the TV and watch more crap, is fine by me. If it comes in the form of a FPS, fine. If it comes in the form of a sim, fine. I wish the media moguls would wake up and realize that THINKING, contrary to popular belief, is GOOD, and TV doesn't make you think... especially not two-bit sitcoms.
:/
Why don't these momos go after the WWF/WCW/whatever? I see more kids trying to bodyslam/armdrop/etc. each other than I see conducting authentic military maneuvers in their backyards... hmm... and worse, the kids aren't pros and don't know how to NOT get hurt.
Sheesh.
...and 20% "First Post!"
If you go through the whole article, the bit at the bottom says "help remove the gag order from our Assistant Webmaster"... I'm thinking that there's perhaps a bit of reporting bias here?
The judge's decision is ridiculous as reported in that article, but I'm pretty sure we haven't seen the entire story here. (Not that I'd care to ever see the courts interfere on USENET...)
Hooey on THAT. A sufficiently strong algorithm with a 1024-bit key is not currently breakable by ANYTHING - the FBI has a much easier solution in this case, commonly referred to as "Rubber-Hose Cryptanalysis." It's a lot easier for them to beat your pass phrase out of you or your recipient, frankly. The spooks support encryption export controls because they want to retain the ability to spy on other countries - good ole nationalism at work, not because they want to scan your neighbor's e-mail. Terrorism is a relatively minimal factor in their interests.
... people still wouldn't use it. Because it requires another password. And people are, when it comes down to it, LAZY! L-A-Z-Y. They just want to send a dirty joke to their brother Bob in Nevada. The average bear's skull simply is not equipped with the wetware to realize that when he encrypts his dirty joke to Bob, he is providing additional security for himself and everyone else down the line - he can't see beyond the here and now, and so he mashes "no" to that prompt and bitches about how paranoid people are becoming.
Nevermind that other countries are perfectly capable of coming up with strong crypto on their own, and HAVE already done so, making the government look exactly like the farmer closing the gate after the goats are gone.
24-bit encryption isn't just as "bad" as none, it's WORSE than none, because the parties involved believe it's effective. Widespread use of token (40-bit) encryption would be nice...but if every software company out there with an E-mail product were able to, overnight, produce and auto-apply a 100% effective no-bugs patch that would add an "Encrypt this message?" option to EVERYTHING
We could waste a lot of time evangelizing to Joe and Bob Schmuck about this kind of thing... but when you get right down to it, having everyone use breakable crypto is just another case of 'security through obscurity', which has been shown to fail. Miserably. Consistently. So all us l'il crypto-monkeys would rather talk to y'all out there who AREN'T lazy, in the hopes of actually accomplishing SOMETHING. It will spread more slowly... but where it spreads, it will take root and grow.
(I won't even address the fact that scanning digital communications encrypted with a 24-bit key poses no significant slowdown factor for the hardware you mention. Vastly compromised? Doubt it.)
the Discworld series is excellent. unfortunately, due to Pratchett's nature of including at least five or six hilarious cameos by previous characters (and at least five or six oblique references to other characters without even the cameo) it's almost totally necessary to inhale them in the right order. =) If you want an excellent experience, start from "The Colour of Magic" and work forwards - for example, Death shows up so often later that to get the full giggle from all his throw-away lines, you really MUST have read "Mort" (3rd in the series).
:P
If you just can't stand the thought of reading them in order, or have trouble finding the early books (I know our local bookstores only have "Jingo", "Lords and Ladies", and a couple other of his newest - and forget finding them in the used bookstores), "Guards! Guards!" is probably a good one to randomly jump into.
Oh, just go read them.