The term isn't always 'bought'. Somtimes lobbying is enough.
For example, if you read his response, the argument for the bill sounds like the sort of dogmatic story you'd hear from the RIAA and MPAA - almost believable until someone reads off some research (for example, the way music sales haven't actually been effected by digital piracy in any way more significant than the effect of street bootlegs)
I'm all for having the Root-Mean-Square algorithm - or any algorithm (except Al Gore, of course) - for president. Hell, even a prime search algoritm would do a better job than Reagan, Bush, Clinton, W. Bush, or any of the 2008 nominatory candidates I've heard of so far.
Don't forget 'needs' us. The UN's got US troops performing all kinds of actions at the moment. Most of the world survives off our technical resources (though that's been changing).
They'll stop needing us soon enough; at which point war will break out.
Interesting info: armor piercing bullets are armor piercing becfause they're made of tungsten carbide - you'll note that the same stuff is used in the metal-cutting tools for your dremel. It's hard stuff.
Also great for naval engine rooms. A lack of penetrating power means it's not going to penetrate your pipes. Meanwhile, it will still wipe the smirk off any stowaway's face.
Just being made of the same thing doesn't matter. It's basically like this:
if (projectile.velocity*projectile.mass/projectile.im pact_surface_area/deceleration_time > armor.tensile_strength) die("We're fucked");
So the real question is: will this protect against steel jacketed depleted uranium slugs launched at relativistic velocities from a linear acceleration (gauss) gun?
Assuming no, the best defense would be to increase deceleration time, by allowing the material to stretch, and by making it very padded.
And what's to stop me from redirecting the chip's access to software? It's a relatively simple matter to trick a system's kernel into thinking it's reading a file it's not for verification. Point in fact: a program is almost never read completely into memory anymore; the reads to the processor are polled in chunks. That means that the verification read would be different than the processor read. Injecting kernel (or even interrupt code at BIOS level) so that it quickly makes a check to see where the fopen call is coming from and performs special actions if it's, for example, coming from the TPM's standard ROM address, would probably do the trick.
Anyway, my point isn't to figure out a way around it. My point is that someone will. I said the same thing about MacOSX for x86.
If a sufficient portion of the population doesn't want something on their computers, there's a good chance it will be hacked out. At that point, only the really savvy have a good level of control over their computers.
Ah. You seem to think that encryption is unbreakable and that keys aren't retrievable. It takes weeks and a lot of power, but it can be done.
And trust me, with this kind of privacy issue, it's a challenge to hackers - if, indeed intel bothers signing for trusted computing, or indeed, if authentication on your random site is not broken.
Weird, too. Nobody ever wants to shift the blame to the dead - which is where it bleongs in this case.
Seriously. Who plays a videogame for 20 days straight?? I've been a gamer since childhood, and the best I've done is 72 hours - and hell, that wasn't even gaming, it was programming.
But Knoppix isn't part of the "Trusted" model. If your computer can't "Trust" it, how can it bring itself to run it? I mean, Microsoft says Knoppix is bad, and Microsoft is always right, aren't they?
By the way: Fellow Knoppix user here, 4.0, HD-installed on an old 500MHz Dell. Flies past my 2.4Ghz WinXP work machine without even thinking about it. Funny, that.
Oh, also, I know a few good scripts to swap your wi-fi's mac address around if your neighbor ever catches on.
Lastly, his name is Klaus Knopper, not Nopper. Pay a fucking tention, will yeh?
*writes a modified linux network stack to allow for specifying your ID on a non-TPM computer, for compatibility*
*writes a shell-daemon that changes your ID every five minutes*
*yawns*
Yeah, I'm not anonymous. You know _exactly_ who I am.
Fucking morons. Since this is part of the "Trusted Computing" initiative, I suppose they're going to claim Linux isn't "trusted", and thus won't run on these computers, huh?
Last night, I was considering switching to Gnome. I realize that it would be a lot of work to transfer my K menu over, but I was willing to do the work to try out the alternative my buddy was touting.
Your post has changed that. There are many features of KDE that I've gotten used to - features that you'd have to pry from my cold, dead hands - that, after a little investigation, I find that Gnome is simply without.
Also, consistency is important. I like my windows to all have the same feel - it keeps me from accidentally hitting the wrong button when I go for an instinctive click.
Possibly. Me? I'd like to see KDE functionality with the _ability_ to simplify like gnome (maybe using something similar to xine's settings system.. beginner to master of the known..)
I'd also like to see the Starterbar gDesklet handle KDE's quicklauncher. But dreams are dreams. I'll have to code the damn thing myself.
No, no I didn't. The point is that individuals keep information secure, not laws. Data like security codes and instructions for dangerous items, when open to the public, become quickly useless - as the individuals charged with keeping the information secret either change the information, or make the information only a peripheral requirement.
Laws won't help. They're way too nonfluid to be able to adapt to the number of situations needed to handle security issues. The only thing that does help is an alert administrator - in this case, Microsoft.
Information should not be surrpessed. Not by law at least. It's something that each person has to decide for each piece of information he posesses. Whether to spread it.
If I am told someone's home security number, it is my choice as to whether to release it. Social pressure should be enough to stop me from spreading it, but lets say it doesn't.
I spread the information. The second it gets back to the homeowner, he changes his code and never tells me again, meanwhile, doesn't trust me with anything ever again.
Skip over to the exploit, a different topic entirely. The issue here is not whether the information should be public - the continued presence of Security Focus is evidence enough that it is, and that it's going to stay that way. The issue here is whether the hacker in question should be able to profit from his work.
I say yes. He performed a valuable piece of user-end debugging for microsoft, and even told them first. The eventual price of the auction is considerably less than the potential price of a freely available code exploit would be. Viruses are bad, if you recall.
Additionally, he did it in a way that got Microsoft's _immediate_ attention, which is more than you can say about SecurityFocus bulletins or emailing Microsoft.
I say that microsoft should have payed the pittance ($56 from a multi-billion dollar company?), giving the man his due - rather than pulling his bargaining position out from under him.
"So is it OK for me to provide a detailed description of how to make a suitcase nuclear weapon, including people to contact to get the materials used in its production? How about the nuclear launch codes and how to use them? How about some top secret security codes used for encryption of data regarding national security? How about the security codes to your house alarm?"
Yes. Again, yes. If you can obtain it, yes. Sure.
Truth is, you couldn't do any of that if you tried. I could do the first and second, but could use neither. The trick with the is that you need to not only know who to contact, but have to verify that you're not just some punk off the street or someone who actually intends to use the materials. They're all controlled. Truth be told, you probably COULD do #1 with a little patience and research; a nuclear bomb is little more than a carefully uncontrolled nuclear reactor, and I'm pretty sure most people know how those work.
The second; well, you'd have to get to a place where the launch codes can be entered. And if you think that means 'the internet', you've been watching too many movies. Even if you distributed them, how long do you think it would take before they were changed?
"Top Secret Security Codes used for encryption of data regarding national security?" This question PROVES you watch too many movies. I mean, for one, US Military intelligence protects their data the old fashioned way - servers with no bridge to the outside world, locked up in a room behind groups of marines. They may encrypt, they may not. Truth be told, you'll never know. The marines won't let you in.
You can have the code to my house alarm. It's 1234. And I give 75% odds that so is yours.
1) Actually, not irresponsible at all. It was BRILLIANT. Look at how quickly Microsoft responded when they found out the amount of interest (as in actual dollars) in the exploit! Meanwhile, it opens up a new concept: error markets. Call it an economic model of closed-source debugging. Those who ferret out and learn an exploit for a piece of software put it on an open market.
The software companies responsible compete at the small-fee level with various others to determine how much that error has cost them (determined by the market's demand for the exploit, rather than the potential damage it could do). The exploit's posting, say a minimum of seven days, is enough notice to demand a company do something about it. If they're too apathetic to pay something like $100 for a serious risk, they face the consequences of their inaction - as the buyer would likely place it in the public domain, use it surreptitiously (say, as spyware), etc. Give a mandatory final-price discount to the owner of the affected software, and you're set.
Meanwhile, it gives a very good incentive for the less-scrupled end of the hacker community to be responsible - as there is a reward for their trouble.
Slashdot Mirror
The term isn't always 'bought'. Somtimes lobbying is enough.
For example, if you read his response, the argument for the bill sounds like the sort of dogmatic story you'd hear from the RIAA and MPAA - almost believable until someone reads off some research (for example, the way music sales haven't actually been effected by digital piracy in any way more significant than the effect of street bootlegs)
"RMS"?
I'm all for having the Root-Mean-Square algorithm - or any algorithm (except Al Gore, of course) - for president. Hell, even a prime search algoritm would do a better job than Reagan, Bush, Clinton, W. Bush, or any of the 2008 nominatory candidates I've heard of so far.
Actually, a No. 2 pencil would do a better job.
Fucking useless human presidents.
You give respect for obvious opportunistic political territorial pissings?
Damn. Have some standards, man.
Don't forget 'needs' us. The UN's got US troops performing all kinds of actions at the moment. Most of the world survives off our technical resources (though that's been changing).
They'll stop needing us soon enough; at which point war will break out.
The trick to war is getting the other guy to die for his country.
-----
Balls. Got a slow down cowboy. Now I gotta think of something else to say.
Glerbelwerbelwitz.
In response to your sig - I think your trouble is determining the difference between 'naieve, idealistic' and 'harsh, realistic'.
Interesting info: armor piercing bullets are armor piercing becfause they're made of tungsten carbide - you'll note that the same stuff is used in the metal-cutting tools for your dremel. It's hard stuff.
Nope. It's a tungsten carbide core what does the dirty work. The teflon coat is just for keeping your gun clean.
Also great for naval engine rooms. A lack of penetrating power means it's not going to penetrate your pipes. Meanwhile, it will still wipe the smirk off any stowaway's face.
Just being made of the same thing doesn't matter. It's basically like this:
m pact_surface_area/deceleration_time > armor.tensile_strength) die("We're fucked");
if (projectile.velocity*projectile.mass/projectile.i
So the real question is: will this protect against steel jacketed depleted uranium slugs launched at relativistic velocities from a linear acceleration (gauss) gun?
Assuming no, the best defense would be to increase deceleration time, by allowing the material to stretch, and by making it very padded.
It'd still probably rape you; railguns rawk.
And what's to stop me from redirecting the chip's access to software? It's a relatively simple matter to trick a system's kernel into thinking it's reading a file it's not for verification. Point in fact: a program is almost never read completely into memory anymore; the reads to the processor are polled in chunks. That means that the verification read would be different than the processor read. Injecting kernel (or even interrupt code at BIOS level) so that it quickly makes a check to see where the fopen call is coming from and performs special actions if it's, for example, coming from the TPM's standard ROM address, would probably do the trick.
Anyway, my point isn't to figure out a way around it. My point is that someone will. I said the same thing about MacOSX for x86.
If a sufficient portion of the population doesn't want something on their computers, there's a good chance it will be hacked out. At that point, only the really savvy have a good level of control over their computers.
Ah. You seem to think that encryption is unbreakable and that keys aren't retrievable. It takes weeks and a lot of power, but it can be done.
And trust me, with this kind of privacy issue, it's a challenge to hackers - if, indeed intel bothers signing for trusted computing, or indeed, if authentication on your random site is not broken.
Weird, too. Nobody ever wants to shift the blame to the dead - which is where it bleongs in this case.
Seriously. Who plays a videogame for 20 days straight?? I've been a gamer since childhood, and the best I've done is 72 hours - and hell, that wasn't even gaming, it was programming.
But Knoppix isn't part of the "Trusted" model. If your computer can't "Trust" it, how can it bring itself to run it? I mean, Microsoft says Knoppix is bad, and Microsoft is always right, aren't they?
By the way: Fellow Knoppix user here, 4.0, HD-installed on an old 500MHz Dell. Flies past my 2.4Ghz WinXP work machine without even thinking about it. Funny, that.
Oh, also, I know a few good scripts to swap your wi-fi's mac address around if your neighbor ever catches on.
Lastly, his name is Klaus Knopper, not Nopper. Pay a fucking tention, will yeh?
*switches to C3-based computers*
*writes a modified linux network stack to allow for specifying your ID on a non-TPM computer, for compatibility*
*writes a shell-daemon that changes your ID every five minutes*
*yawns*
Yeah, I'm not anonymous. You know _exactly_ who I am.
Fucking morons. Since this is part of the "Trusted Computing" initiative, I suppose they're going to claim Linux isn't "trusted", and thus won't run on these computers, huh?
*starts using via c3's exclusively*
There, now that that's been sussed...
Yeah, yeah. I'll use FireMyID (potential future firefox extension that spoofs your outgoing TPM ID to a random number).
Last night, I was considering switching to Gnome. I realize that it would be a lot of work to transfer my K menu over, but I was willing to do the work to try out the alternative my buddy was touting.
Your post has changed that. There are many features of KDE that I've gotten used to - features that you'd have to pry from my cold, dead hands - that, after a little investigation, I find that Gnome is simply without.
Also, consistency is important. I like my windows to all have the same feel - it keeps me from accidentally hitting the wrong button when I go for an instinctive click.
Possibly. Me? I'd like to see KDE functionality with the _ability_ to simplify like gnome (maybe using something similar to xine's settings system.. beginner to master of the known..)
I'd also like to see the Starterbar gDesklet handle KDE's quicklauncher. But dreams are dreams. I'll have to code the damn thing myself.
No, no I didn't. The point is that individuals keep information secure, not laws. Data like security codes and instructions for dangerous items, when open to the public, become quickly useless - as the individuals charged with keeping the information secret either change the information, or make the information only a peripheral requirement.
Laws won't help. They're way too nonfluid to be able to adapt to the number of situations needed to handle security issues. The only thing that does help is an alert administrator - in this case, Microsoft.
Information should not be surrpessed. Not by law at least. It's something that each person has to decide for each piece of information he posesses. Whether to spread it.
If I am told someone's home security number, it is my choice as to whether to release it. Social pressure should be enough to stop me from spreading it, but lets say it doesn't.
I spread the information. The second it gets back to the homeowner, he changes his code and never tells me again, meanwhile, doesn't trust me with anything ever again.
Skip over to the exploit, a different topic entirely. The issue here is not whether the information should be public - the continued presence of Security Focus is evidence enough that it is, and that it's going to stay that way. The issue here is whether the hacker in question should be able to profit from his work.
I say yes. He performed a valuable piece of user-end debugging for microsoft, and even told them first. The eventual price of the auction is considerably less than the potential price of a freely available code exploit would be. Viruses are bad, if you recall.
Additionally, he did it in a way that got Microsoft's _immediate_ attention, which is more than you can say about SecurityFocus bulletins or emailing Microsoft.
I say that microsoft should have payed the pittance ($56 from a multi-billion dollar company?), giving the man his due - rather than pulling his bargaining position out from under him.
"So is it OK for me to provide a detailed description of how to make a suitcase nuclear weapon, including people to contact to get the materials used in its production? How about the nuclear launch codes and how to use them? How about some top secret security codes used for encryption of data regarding national security? How about the security codes to your house alarm?"
Yes. Again, yes. If you can obtain it, yes. Sure.
Truth is, you couldn't do any of that if you tried. I could do the first and second, but could use neither. The trick with the is that you need to not only know who to contact, but have to verify that you're not just some punk off the street or someone who actually intends to use the materials. They're all controlled. Truth be told, you probably COULD do #1 with a little patience and research; a nuclear bomb is little more than a carefully uncontrolled nuclear reactor, and I'm pretty sure most people know how those work.
The second; well, you'd have to get to a place where the launch codes can be entered. And if you think that means 'the internet', you've been watching too many movies. Even if you distributed them, how long do you think it would take before they were changed?
"Top Secret Security Codes used for encryption of data regarding national security?"
This question PROVES you watch too many movies. I mean, for one, US Military intelligence protects their data the old fashioned way - servers with no bridge to the outside world, locked up in a room behind groups of marines. They may encrypt, they may not. Truth be told, you'll never know. The marines won't let you in.
You can have the code to my house alarm. It's 1234. And I give 75% odds that so is yours.
Or moreover, you mean a 'legitimate' spyware, adware, or other intrusive software company coundn't use something like this?
I mean, those such companies haven't been shut down yet, how illigitimate could they be?
1) Actually, not irresponsible at all. It was BRILLIANT. Look at how quickly Microsoft responded when they found out the amount of interest (as in actual dollars) in the exploit! Meanwhile, it opens up a new concept: error markets. Call it an economic model of closed-source debugging. Those who ferret out and learn an exploit for a piece of software put it on an open market.
The software companies responsible compete at the small-fee level with various others to determine how much that error has cost them (determined by the market's demand for the exploit, rather than the potential damage it could do). The exploit's posting, say a minimum of seven days, is enough notice to demand a company do something about it. If they're too apathetic to pay something like $100 for a serious risk, they face the consequences of their inaction - as the buyer would likely place it in the public domain, use it surreptitiously (say, as spyware), etc. Give a mandatory final-price discount to the owner of the affected software, and you're set.
Meanwhile, it gives a very good incentive for the less-scrupled end of the hacker community to be responsible - as there is a reward for their trouble.
I think it's brilliant, seriously.
Not if you inject the myostatin blocker into a normal cow, neatly avoiding the invitro problems with a myostatin-deficient breed.