To avoid lawsuits (HA!) the creator of any software that lets non-HDCP machines use HDCP media would need to make double sure that they don't even breath a word about infringing uses.
I wonder how long it will take worm/virus/trojan writers to write payloads that attack, disable, or hide from monitoring applications such as these? I suspect that monitoring apps will need to use the same randomized signature tricks that viruses use to avoid easy detection. Perhaps, the ultimate solution is to go back to non-flash ROMs with unbypassable, built-in integrity checking features.
It seems like a short distance from voice to sound and from person-to-person to peer-to-peer. I wonder when people will use modified forms of VOIP to share music. Sure the QOS needs to be better and they'll need a way to do stereo (two data channels embedded on one VOIP transmission? sequential transmissions? parallel transmission on 2 VOIP calls?), but technical specs have a way of getting better with time.
Since telephony is a peer-to-peer network, using VOIP for file sharing seems inevitable.
Shouldn't corporations be required to use DRM?
on
Sun Spearheads Open DRM
·
· Score: 4, Insightful
With all the problems of lost computers, lost backup tapes, etc., I would think that corporations should be required to use DRM to reduce the risk of identity theft. It may not prevent a company from selling your data (for which they should be royally reamed), but it will reduce "accidental" leaks.
Social Security numbers, credit card numbers, etc. should never appear in plaintext and managing who has what rights to read/copy/write files with sensitive data seems like a job for DRM. For example DRM would also help when a company uses a 3rd-party provider (e.g., your employer hires another company handle payroll). DRM would let the 3rd-party access the data on a one-time use basis. Any attempt to copy the data or read the data outside the specified application would fail. This type fo DRM would help reduce the chance of a rogue employee trying to sell the data.
It seems like DRM could have valuable applications for helping maintain privacy.
I must be old. I remember the time where calculators were used to do calculations and even plotting a nice graphic of a function.
You're a young whipper snapper if you "remember" plotting a nice graphic. The true old coots will remember way back when punching in 710.77345 and turning the display upside down was about as much fun as a person could have on a calculator (this trick doesn't even work on the newer bit-mapped font-based calculators). Of course as technology improved, I wasted many an hour playing "Moon landing simulator" on an HP-25 (until I turned the calculator off and lost what was in RAM).
This type of "betting" has been going on for a while now at the Chicago Mercantile Exchange. Weather futures lets companies and traders buy and sell the risk of high or low temperatures For example a utility company might fear that it will incur high costs if the summer weather is too hot and a softdrink maker might fear that the summer weather will be too cold. These parties can agree to trade a weather future contract that profits the utility if the weather is hot (offsetting the extras costs) and pays the drink maker if the weather is cold (offseting the lost sales). Both sides reduce their own risks. Agriculture and energy traders can also use weather futures to hedge or correct for weather-related price changes in commodities to profit from non-weather-related effects.
Although government funded/designed/managed/operated space project have a place, I argue that the future is in private hands. What will make space cheap is competition and mass production. In that regard, I, personally, have more faith in Scaled Composites or Blue Origin than in hand-wringing risk-averse bureaucratic organizations. As much as I love NASA, it's high cost structure breeds risk aversion and that risk aversion breeds higher costs in a very vicious cycle. Moreover, the constant political pressure to cut costs perversely raises the per-unit cost of space travel. Unless we can break that cycle, space will only become more and more expensive and launches less and less frequent.
One key is mass production -- amortizing all that costly engineering over a greater number of vehicles. Current commercial ventures may only be suborbital today, but competition to reach orbit and provide tourist services will probably lead to the development of ever more capable private launch systems.
Uless we can drammatically reduce the cost of access to space,
Einstein's work showed that Newton's equations were a good approximation for low velocities, but not for velocities approaching c. What if Einstein's work is an approximation, too. Perhaps we will discover that the E deviates from mc^2 when temperatures are very high or very low or m is very large or magnetic fields are especially strong.
Newton's 3 laws survived 239 years, I wonder how long Einstein's will last?
The Witty worm spread much faster despite the very small base of susceptible hosts (only about 12,000 total that had some old version of some firewall software). Witty had a doubling time of only a couple minutes and nearly saturated (infected all susceptible hosts) in less than one hour.
A modern worm should be able to spread extremely quickly -- sending out hundreds of infectious packets per second if the payload is small (Witty's was only 637 bytes). If only 1 in 10,000 machine is susceptible, then a worm spewing 100 randomly addressed packets per second should double the number of infected machines every 100 seconds. I'd wager that the number of zotob-susceptible machines was much greater than only 1 in 10,000, so zotob should have spread faster. If anyone ever creates a worm that can infect even 1% of IP addys, it would double every second and saturate the net within the first minute or so.
Before adding to the North American wildlife, they might want to read Best in the Garden. Sure, they might try to contain these creatures in parks, but they will escape and learn to live with (or on) humans.
When the eye moves, it temporarily shuts off the flow of visual data to the brain. That is why you don't experience the world swirling around as your eye darts from detail to detail. Experiments using an eye tracker found that one could change parts of the scene in the middle of the eye movement and the subject wouldn't notice the change. The tests looked at how severe a change was needed to make people notice that the scene was different -- colors of objects could change, people could be added to pictures, etc.
The coolest experiment used an eye tracker that painted words on the screen only where the fovea (the high resolution central portion of the retina) was looking and painted "X"s on the screen everywhere else (the low resolution bulk of the eye). Every time the subject's eye moved, the screen was redrawn to show the words where they were now looking and hide the words were they weren't looking. Subjects could read documents normally and were totally unaware that the screen was, in reality, full of "x"s except where their central field of vision happened to be pointing.
The point is that the eye & brain is not a simple pixel-based camera.
Yes, I can think of two creatures with multiple fixed focal length optics (no zoom lenses to my knowledge).
The first is the dragonfly. The configuration of this insect's compound lens is such that the upward facing facets operate like a telephoto lens and the bulk of the rest of the eye is wide-angle. This gives the dragonfly near 360 vision but with a high resolution zoom on the airspace above to enable seeing (and catching) small flying insects.
The second are spiders which have 4 pairs of eyes of differing sizes. These eyes, especially in ambush hunters such as a jumping spider, have different effective focal lengths to provide wide angle vision for an overview and narrow field vision for catching stuff.
If they can do this, why not GMO the cell line to add seasonings. Genes for the synthesis of various flavor molecules, sugars, acids, and capsaicins could make the meat any flavor you want.
The company could sell a range of preflavored cell line starter kits for ChiliBeef(tm), CurryLamb(tm), and LemonPepperChicken(tm). No more unsightly spice racks in the kitchen, no more crying over cut onions, no more confusion over how much seasoning to add.
If they want a successful launch then they really need this thing out well before Thanksgiving. And they'd better have the retail channel well stocked for Black Friday (the day after Thanksgiving). Any production snafus or delays are going to kill holiday sales and create a bunch of unhappy customers.
With a proposed cabin the diameter of a Gulfstream V (about 6ft in height and 7ft in width), I fear they will design this thing for 3-across seating with 3 rows of passengers.
Otherwise, I call shotgun! If they do 5 rows of 2 seats, I want the seat next to the pilot.
I was proposing a limited UI that could ask the question without any help from the rest of the OS. Basically, what happens in BIOS today on Intel architectures: there's enough for a text-based UI right on the chip.
OK, I see that as a possibility -- the first Macintoshes managed to stuff a GUI into a few hundred kB. But I fear it would still be only safe during a hard reboot as a rootkit could easily fake screens of BIOS UI, and ask the user to do something that exposes the password for changing the microkernel ("Danger, virus detected." "Clean"/"Ignore"...... "Please enter admin password"). To be safe, the unrootable software needs to have its own private, direct access to the I/O channels (or contain read-only code for the core APIs for the UI).
Or do it the way some routers do, with a web-based UI, again right on the chip. That would enable remote upgrades. Authentication would be tricky, but not impossible.
Good point! I'm willing to be proven wrong, but I'm very skeptical of anything network-based as the rootkit could easily be a man-in-the-middle. Unless the ROM implements its own secure networking stack it could never be sure that the incoming or outgoing packets weren't being tampered with by the rootkit. The threat is the a rootkit could inject its own packets asking to modify the microkernel or replace valid microkernel modification packets with rooted ones.
It's a real tinfoil hat situation. The only way to securely modify the microkernel is to ensure that every connection in the modification process is unmodifiable by a rootkit.
There is a middle path, where perhaps the ROM can be modified only with very particular acknowledgement from the user. Say, the mod has to be burned onto a CD and booted, and before overwriting itself the existing ROM asks, "Are you 100% sure you got this from a reliable source?" It could even check the Net to check the signature, if it had sufficient IP stack built in.
How can the ROM know that it got a valid user response (or that the user even saw the ROM's request) unless 100% of the UI is in ROM? All the rootkit needs to do is fake the user's acknowledgment or subvert the user into saying yes to something seemingly innocuous. To create a truely secure system, some part of it must be 100% secure from social engineering.
This works best with microkernel architecture, which lets out Linux and Windows but OS X could conceivably go there. (And Windows actually could do it as well, since it is built around a kind of overblown microkernel.)
Either a microkernal or a compact bootstrap OS could do the job.
But still, the protected kernel isn't really the problem. You can't really hard-code detection software into it because there are always new rootkits that would require mods to the protected kernel. I just showed that it could be done, but it would be deliberately awkward, and so there's plenty of time for a new flaw to be exploited.
Although new rootkits can emerge, they all share a key characteristic of modifying the OS in some way. The ROM detector does not need to know about the latest "Rootd00dWormoxor.Z" infection, it only needs to be able to detect that key routines of the OS (in RAM or on media) have been compromised. Your suggestion of signature checking is an excellent one and should suffice to detect the presence of a rootkit. Once alerted, the user would reboot their machine from a more up-to-date secured-media OS copy and work to clean the infection.
It would make it easier to clean the infection off your system without reinstalling, but if you're wiping out everything above the microkernel, you're effectively reinstalling anyway. During a regular reinstall, the BIOS acts as the micro-microkernel. So it's all the same.
Yes, the BIOS could serve as the micro-microkernel if it were in ROM, not Flash memory as seems to be the current fashion. Flash makes the BIOS vulnerable to rootkit corruption. A truly secure system would not be modifiable in any way (other than replacing the ROM chip).
The core problem with detecting a rootkit is that the detection software would seem to need to run inside the infected codespace. Unless the detector is 100% self-contained (e.g., involves NO calls to OS API during the detection process) the detector is itself detectable and defeatable by a skilled rootkit. Since invoking any software on a running system means calling APIs of that system (to read the executable, spawn a new process, etc.) and those APIs are not trustworthy on a rooted system, detection seems like a tricky problem.
The solution is either to boot the detector from its own media (inconvenient if you want to scan your system for rootkits on any regular basis) or to create a ROM core to the OS that is totally incorruptible. To be safe, this core needs to be not patchable or modifiable by any software running outside the ROM.
The point is that no computer can trust code fragments stored of writable media. The only way to really secure a system is with hardware (i.e., functionality embedded in a chip) or ROM-based software.
Moving to ROM isn't without its challenges. The writers of the code will actually need to be very good at their jobs because they won't be able to fix the problem later with a simple patch. But maybe the core of an OS should be this way -- based on very well-written code that does not need patching.
I've often wondered what kind of havoc would occur from editing cookies. I'd bet that most websites don't have input validation for read cookies because they assume they are just reading back the well-formed string they wrote to your machine.
I'm surprised there aren't more news stories of exploits based on mal-formed/overflowed cookie strings. But maybe there are exploits out there and the sites are too embarrassed to admit they were hacked with their own cookies.
Kill profits by consuming resources
on
Spammers on the Run
·
· Score: 4, Insightful
Blue Frog is effective because it consumes spammer's resources -- it raises the costs of being a spammer. Spam filtering does not reduce spammer's profits in that the same people that filter spam were never likely to visit the spam site and purchase. Filtering doesn't change spammer's revenues or costs.
In contrast, a bot that visits a spammer's site consumes the spammer's valuable resources in far greater amounts that is consumed by the original spam e-mail (spam emails often being under 10kB and sent via low-cost zombies vs. 50kB or 100kB for most web pages begin hosted on the spammer's e-commerce site).
I don't understand why people ridicule online life and view it as some trivial sideshow to "real" life. The history of human existence shows that people have a penchant for taking many things seriously. Many of these activities reside far outside the realm of pragmatic, utilitarian life. Whether it's being a sports fan, a serious gardener, a breeder of dogs, an avid golfer, a sailboat owner, or any of a thousand other activities, people can become quite immersed. If online gaming "doesn't count," then so many other activities that people invest time in do not count either.
Without these "hobbies," people would be little more than animals -- eating, sleeping, reproducing in the endless cycle of life that we share with even the lowliest bacteria. What distinguishes humans from animals (perhaps only quantitatively) is the extent that we can move beyond the mundane activities of "real" life and explore such a wide range of alternatives.
For the record, I, personally am not into online gaming or sports -- this post is not a personal rant -- but I can see how these activities can become a major part of a person's identity and daily life. As such, it is important to understand and respect (in a love-of-freedom sense, not a politically correct sense) the fact that different people value different things. Its not that some people go overboard on online life vs. real life, its that some people become immersed in a life that is different from the utilitarian vision of a standard life.
Octafluoropropane is NOT a toxic gas in the sense that it directly damages the health of people, animals, etc when breathed/ingested (its a class 2.2 hazard: non-toxic, non-flammable gas). Like most fluorocarbons (refrigerants, Halons etc.), it is a very inert gas which presents a hazard only in that it can displace oxygen and lead to asphyxiation. But a mixture of 20% O2 and 80% octafluoropropane would probably be quite breathable, although it might feel uncomfortably dense to breath (this mix being about 6 times denser than normal air).
The only real danger of these gases in the atmosphere is that they can breakdown under UV bombardment in the upper atmosphere and generate ozone-destroying chemicals (not a big issue on Mars as it lacks appreciable ozone in the first place). Also, high temperature combustion of fluorocarbons can produce some nasty byproducts, but the inertness of the chemicals makes this very hard to do.
I've always wanted to make a computer into a typewriter. By sending characters and control commands to an old dot matrix printer, one should be able to make a passable typewriter application that outputs dot matrix characters in real time. It would use carriage control logic such as that used in the old DecWriter dumb terminal to scoot the print head away from the active printing area to show the user what's being typed and then reposition the print head when they start typing again.
Sometimes you just need to type words into some odious government form and a hacked typewriter made from some leftover computer junk would be just the thing. I've got an old Mac LC II and an Imagewriter that would be just perfect for this hack, but any old computer and dot matrix printer should work. With a custom application that autoruns during boot, the thing wouldn't even need a monitor.
On the one hand we espouse the notion that "all people are created equal." It's an excellent core belief for the basis for civilization, government, law, etc. Yet science makes a mockery of this belief because we are not geneticaly equal and those differences impact outcomes that have legal, governmental, and social implications.
For example, the U.S. EPA generally uses a 1-in-a-million threshold for carcinogens. A sufficiently low chance of cancer defines the threshold for safety. Yet this guideline assumes that we all share an chance or equal burden. What happens when genetic testing proves that 999,999 of every million of us have no chance of getting cancer from the substance, but that 1 identifiable person in million has a 100% chance of cancer at the "safe" threshold level of exposure. Lowering exposure to make it safe for the most sensitive individual may not be feasible.
I suspect that this will become one of the thornier issues facing future decision makers.
Cisco's float is virtually 100%, they don't have any treasury stock they can issue. That is, Cisco doesn't own any Cisco shares to play with. Unless they dilute the current shareholder's stock -- by creating new shares in the joint company to be given to Nokia shareholders -- Cisco doesn't have that many options other than an LBO.
Slashdot Mirror
IANAL, but Section 117 of the U.S. Copyright code would seem to permit circumvention if its needed to use some software on a particular machine.
To avoid lawsuits (HA!) the creator of any software that lets non-HDCP machines use HDCP media would need to make double sure that they don't even breath a word about infringing uses.
I wonder how long it will take worm/virus/trojan writers to write payloads that attack, disable, or hide from monitoring applications such as these? I suspect that monitoring apps will need to use the same randomized signature tricks that viruses use to avoid easy detection. Perhaps, the ultimate solution is to go back to non-flash ROMs with unbypassable, built-in integrity checking features.
It seems like a short distance from voice to sound and from person-to-person to peer-to-peer. I wonder when people will use modified forms of VOIP to share music. Sure the QOS needs to be better and they'll need a way to do stereo (two data channels embedded on one VOIP transmission? sequential transmissions? parallel transmission on 2 VOIP calls?), but technical specs have a way of getting better with time.
Since telephony is a peer-to-peer network, using VOIP for file sharing seems inevitable.
With all the problems of lost computers, lost backup tapes, etc., I would think that corporations should be required to use DRM to reduce the risk of identity theft. It may not prevent a company from selling your data (for which they should be royally reamed), but it will reduce "accidental" leaks.
Social Security numbers, credit card numbers, etc. should never appear in plaintext and managing who has what rights to read/copy/write files with sensitive data seems like a job for DRM. For example DRM would also help when a company uses a 3rd-party provider (e.g., your employer hires another company handle payroll). DRM would let the 3rd-party access the data on a one-time use basis. Any attempt to copy the data or read the data outside the specified application would fail. This type fo DRM would help reduce the chance of a rogue employee trying to sell the data.
It seems like DRM could have valuable applications for helping maintain privacy.
I must be old. I remember the time where calculators were used to do calculations and even plotting a nice graphic of a function.
You're a young whipper snapper if you "remember" plotting a nice graphic. The true old coots will remember way back when punching in 710.77345 and turning the display upside down was about as much fun as a person could have on a calculator (this trick doesn't even work on the newer bit-mapped font-based calculators). Of course as technology improved, I wasted many an hour playing "Moon landing simulator" on an HP-25 (until I turned the calculator off and lost what was in RAM).
This type of "betting" has been going on for a while now at the Chicago Mercantile Exchange. Weather futures lets companies and traders buy and sell the risk of high or low temperatures For example a utility company might fear that it will incur high costs if the summer weather is too hot and a softdrink maker might fear that the summer weather will be too cold. These parties can agree to trade a weather future contract that profits the utility if the weather is hot (offsetting the extras costs) and pays the drink maker if the weather is cold (offseting the lost sales). Both sides reduce their own risks. Agriculture and energy traders can also use weather futures to hedge or correct for weather-related price changes in commodities to profit from non-weather-related effects.
Although government funded/designed/managed/operated space project have a place, I argue that the future is in private hands. What will make space cheap is competition and mass production. In that regard, I, personally, have more faith in Scaled Composites or Blue Origin than in hand-wringing risk-averse bureaucratic organizations. As much as I love NASA, it's high cost structure breeds risk aversion and that risk aversion breeds higher costs in a very vicious cycle. Moreover, the constant political pressure to cut costs perversely raises the per-unit cost of space travel. Unless we can break that cycle, space will only become more and more expensive and launches less and less frequent.
One key is mass production -- amortizing all that costly engineering over a greater number of vehicles. Current commercial ventures may only be suborbital today, but competition to reach orbit and provide tourist services will probably lead to the development of ever more capable private launch systems.
Uless we can drammatically reduce the cost of access to space,
Einstein's work showed that Newton's equations were a good approximation for low velocities, but not for velocities approaching c. What if Einstein's work is an approximation, too. Perhaps we will discover that the E deviates from mc^2 when temperatures are very high or very low or m is very large or magnetic fields are especially strong.
Newton's 3 laws survived 239 years, I wonder how long Einstein's will last?
The Witty worm spread much faster despite the very small base of susceptible hosts (only about 12,000 total that had some old version of some firewall software). Witty had a doubling time of only a couple minutes and nearly saturated (infected all susceptible hosts) in less than one hour.
A modern worm should be able to spread extremely quickly -- sending out hundreds of infectious packets per second if the payload is small (Witty's was only 637 bytes). If only 1 in 10,000 machine is susceptible, then a worm spewing 100 randomly addressed packets per second should double the number of infected machines every 100 seconds. I'd wager that the number of zotob-susceptible machines was much greater than only 1 in 10,000, so zotob should have spread faster. If anyone ever creates a worm that can infect even 1% of IP addys, it would double every second and saturate the net within the first minute or so.
Why didn't zotob spread faster?
Before adding to the North American wildlife, they might want to read Best in the Garden. Sure, they might try to contain these creatures in parks, but they will escape and learn to live with (or on) humans.
When the eye moves, it temporarily shuts off the flow of visual data to the brain. That is why you don't experience the world swirling around as your eye darts from detail to detail. Experiments using an eye tracker found that one could change parts of the scene in the middle of the eye movement and the subject wouldn't notice the change. The tests looked at how severe a change was needed to make people notice that the scene was different -- colors of objects could change, people could be added to pictures, etc.
The coolest experiment used an eye tracker that painted words on the screen only where the fovea (the high resolution central portion of the retina) was looking and painted "X"s on the screen everywhere else (the low resolution bulk of the eye). Every time the subject's eye moved, the screen was redrawn to show the words where they were now looking and hide the words were they weren't looking. Subjects could read documents normally and were totally unaware that the screen was, in reality, full of "x"s except where their central field of vision happened to be pointing.
The point is that the eye & brain is not a simple pixel-based camera.
Yes, I can think of two creatures with multiple fixed focal length optics (no zoom lenses to my knowledge).
The first is the dragonfly. The configuration of this insect's compound lens is such that the upward facing facets operate like a telephoto lens and the bulk of the rest of the eye is wide-angle. This gives the dragonfly near 360 vision but with a high resolution zoom on the airspace above to enable seeing (and catching) small flying insects.
The second are spiders which have 4 pairs of eyes of differing sizes. These eyes, especially in ambush hunters such as a jumping spider, have different effective focal lengths to provide wide angle vision for an overview and narrow field vision for catching stuff.
If they can do this, why not GMO the cell line to add seasonings. Genes for the synthesis of various flavor molecules, sugars, acids, and capsaicins could make the meat any flavor you want.
The company could sell a range of preflavored cell line starter kits for ChiliBeef(tm), CurryLamb(tm), and LemonPepperChicken(tm). No more unsightly spice racks in the kitchen, no more crying over cut onions, no more confusion over how much seasoning to add.
If they want a successful launch then they really need this thing out well before Thanksgiving. And they'd better have the retail channel well stocked for Black Friday (the day after Thanksgiving). Any production snafus or delays are going to kill holiday sales and create a bunch of unhappy customers.
With a proposed cabin the diameter of a Gulfstream V (about 6ft in height and 7ft in width), I fear they will design this thing for 3-across seating with 3 rows of passengers.
Otherwise, I call shotgun! If they do 5 rows of 2 seats, I want the seat next to the pilot.
I was proposing a limited UI that could ask the question without any help from the rest of the OS. Basically, what happens in BIOS today on Intel architectures: there's enough for a text-based UI right on the chip.
OK, I see that as a possibility -- the first Macintoshes managed to stuff a GUI into a few hundred kB. But I fear it would still be only safe during a hard reboot as a rootkit could easily fake screens of BIOS UI, and ask the user to do something that exposes the password for changing the microkernel ("Danger, virus detected." "Clean"/"Ignore"...... "Please enter admin password"). To be safe, the unrootable software needs to have its own private, direct access to the I/O channels (or contain read-only code for the core APIs for the UI).
Or do it the way some routers do, with a web-based UI, again right on the chip. That would enable remote upgrades. Authentication would be tricky, but not impossible.
Good point! I'm willing to be proven wrong, but I'm very skeptical of anything network-based as the rootkit could easily be a man-in-the-middle. Unless the ROM implements its own secure networking stack it could never be sure that the incoming or outgoing packets weren't being tampered with by the rootkit. The threat is the a rootkit could inject its own packets asking to modify the microkernel or replace valid microkernel modification packets with rooted ones.
It's a real tinfoil hat situation. The only way to securely modify the microkernel is to ensure that every connection in the modification process is unmodifiable by a rootkit.
There is a middle path, where perhaps the ROM can be modified only with very particular acknowledgement from the user. Say, the mod has to be burned onto a CD and booted, and before overwriting itself the existing ROM asks, "Are you 100% sure you got this from a reliable source?" It could even check the Net to check the signature, if it had sufficient IP stack built in.
How can the ROM know that it got a valid user response (or that the user even saw the ROM's request) unless 100% of the UI is in ROM? All the rootkit needs to do is fake the user's acknowledgment or subvert the user into saying yes to something seemingly innocuous. To create a truely secure system, some part of it must be 100% secure from social engineering.
This works best with microkernel architecture, which lets out Linux and Windows but OS X could conceivably go there. (And Windows actually could do it as well, since it is built around a kind of overblown microkernel.)
Either a microkernal or a compact bootstrap OS could do the job.
But still, the protected kernel isn't really the problem. You can't really hard-code detection software into it because there are always new rootkits that would require mods to the protected kernel. I just showed that it could be done, but it would be deliberately awkward, and so there's plenty of time for a new flaw to be exploited.
Although new rootkits can emerge, they all share a key characteristic of modifying the OS in some way. The ROM detector does not need to know about the latest "Rootd00dWormoxor.Z" infection, it only needs to be able to detect that key routines of the OS (in RAM or on media) have been compromised. Your suggestion of signature checking is an excellent one and should suffice to detect the presence of a rootkit. Once alerted, the user would reboot their machine from a more up-to-date secured-media OS copy and work to clean the infection.
It would make it easier to clean the infection off your system without reinstalling, but if you're wiping out everything above the microkernel, you're effectively reinstalling anyway. During a regular reinstall, the BIOS acts as the micro-microkernel. So it's all the same.
Yes, the BIOS could serve as the micro-microkernel if it were in ROM, not Flash memory as seems to be the current fashion. Flash makes the BIOS vulnerable to rootkit corruption. A truly secure system would not be modifiable in any way (other than replacing the ROM chip).
The core problem with detecting a rootkit is that the detection software would seem to need to run inside the infected codespace. Unless the detector is 100% self-contained (e.g., involves NO calls to OS API during the detection process) the detector is itself detectable and defeatable by a skilled rootkit. Since invoking any software on a running system means calling APIs of that system (to read the executable, spawn a new process, etc.) and those APIs are not trustworthy on a rooted system, detection seems like a tricky problem.
The solution is either to boot the detector from its own media (inconvenient if you want to scan your system for rootkits on any regular basis) or to create a ROM core to the OS that is totally incorruptible. To be safe, this core needs to be not patchable or modifiable by any software running outside the ROM.
The point is that no computer can trust code fragments stored of writable media. The only way to really secure a system is with hardware (i.e., functionality embedded in a chip) or ROM-based software.
Moving to ROM isn't without its challenges. The writers of the code will actually need to be very good at their jobs because they won't be able to fix the problem later with a simple patch. But maybe the core of an OS should be this way -- based on very well-written code that does not need patching.
I've often wondered what kind of havoc would occur from editing cookies. I'd bet that most websites don't have input validation for read cookies because they assume they are just reading back the well-formed string they wrote to your machine.
I'm surprised there aren't more news stories of exploits based on mal-formed/overflowed cookie strings. But maybe there are exploits out there and the sites are too embarrassed to admit they were hacked with their own cookies.
Blue Frog is effective because it consumes spammer's resources -- it raises the costs of being a spammer. Spam filtering does not reduce spammer's profits in that the same people that filter spam were never likely to visit the spam site and purchase. Filtering doesn't change spammer's revenues or costs.
In contrast, a bot that visits a spammer's site consumes the spammer's valuable resources in far greater amounts that is consumed by the original spam e-mail (spam emails often being under 10kB and sent via low-cost zombies vs. 50kB or 100kB for most web pages begin hosted on the spammer's e-commerce site).
I don't understand why people ridicule online life and view it as some trivial sideshow to "real" life. The history of human existence shows that people have a penchant for taking many things seriously. Many of these activities reside far outside the realm of pragmatic, utilitarian life. Whether it's being a sports fan, a serious gardener, a breeder of dogs, an avid golfer, a sailboat owner, or any of a thousand other activities, people can become quite immersed. If online gaming "doesn't count," then so many other activities that people invest time in do not count either.
Without these "hobbies," people would be little more than animals -- eating, sleeping, reproducing in the endless cycle of life that we share with even the lowliest bacteria. What distinguishes humans from animals (perhaps only quantitatively) is the extent that we can move beyond the mundane activities of "real" life and explore such a wide range of alternatives.
For the record, I, personally am not into online gaming or sports -- this post is not a personal rant -- but I can see how these activities can become a major part of a person's identity and daily life. As such, it is important to understand and respect (in a love-of-freedom sense, not a politically correct sense) the fact that different people value different things. Its not that some people go overboard on online life vs. real life, its that some people become immersed in a life that is different from the utilitarian vision of a standard life.
Octafluoropropane is NOT a toxic gas in the sense that it directly damages the health of people, animals, etc when breathed/ingested (its a class 2.2 hazard: non-toxic, non-flammable gas). Like most fluorocarbons (refrigerants, Halons etc.), it is a very inert gas which presents a hazard only in that it can displace oxygen and lead to asphyxiation. But a mixture of 20% O2 and 80% octafluoropropane would probably be quite breathable, although it might feel uncomfortably dense to breath (this mix being about 6 times denser than normal air).
The only real danger of these gases in the atmosphere is that they can breakdown under UV bombardment in the upper atmosphere and generate ozone-destroying chemicals (not a big issue on Mars as it lacks appreciable ozone in the first place). Also, high temperature combustion of fluorocarbons can produce some nasty byproducts, but the inertness of the chemicals makes this very hard to do.
I've always wanted to make a computer into a typewriter. By sending characters and control commands to an old dot matrix printer, one should be able to make a passable typewriter application that outputs dot matrix characters in real time. It would use carriage control logic such as that used in the old DecWriter dumb terminal to scoot the print head away from the active printing area to show the user what's being typed and then reposition the print head when they start typing again.
Sometimes you just need to type words into some odious government form and a hacked typewriter made from some leftover computer junk would be just the thing. I've got an old Mac LC II and an Imagewriter that would be just perfect for this hack, but any old computer and dot matrix printer should work. With a custom application that autoruns during boot, the thing wouldn't even need a monitor.
On the one hand we espouse the notion that "all people are created equal." It's an excellent core belief for the basis for civilization, government, law, etc. Yet science makes a mockery of this belief because we are not geneticaly equal and those differences impact outcomes that have legal, governmental, and social implications.
For example, the U.S. EPA generally uses a 1-in-a-million threshold for carcinogens. A sufficiently low chance of cancer defines the threshold for safety. Yet this guideline assumes that we all share an chance or equal burden. What happens when genetic testing proves that 999,999 of every million of us have no chance of getting cancer from the substance, but that 1 identifiable person in million has a 100% chance of cancer at the "safe" threshold level of exposure. Lowering exposure to make it safe for the most sensitive individual may not be feasible.
I suspect that this will become one of the thornier issues facing future decision makers.
They'll just offer Cisco stock or something.
Cisco's float is virtually 100%, they don't have any treasury stock they can issue. That is, Cisco doesn't own any Cisco shares to play with. Unless they dilute the current shareholder's stock -- by creating new shares in the joint company to be given to Nokia shareholders -- Cisco doesn't have that many options other than an LBO.