Cohen saw that one implication of this result is that virus detection is an endless arms race. Viruses are free to mutate into an infinite variety of functionally equivalent forms, whereas the process of establishing their equivalence is undecidable... It has always seemed bizarre to me that so much of our focus should therefore be on this futile exercise of closing the barn door after the horse has gone.
This is what anti-virus software vendors won't tell you. Anti-virus software, and (generalising) anti-malware software, is snake oil. Although it might be useful for detecting some well-known threats, provided that they haven't put much effort into hiding, its main contribution is a false sense of security. It's like a magic talisman to ward off evil: expensive, shiny, and useless.
Based on this, I think that one of the benefits of moving from Windows to Macintosh is actually an illusion! Windows users are used to running programs that do nothing but slow their systems down. (Norton being the classic example.) When they move to Mac, they chuck out all these lucky charms. Result: massive performance improvement. But you could get the same effect on Windows by (1) keeping your software up to date, (2) being careful what websites you visit and what programs you run, and (3) not installing any anti-malware software.
If you want to do something dangerous, reboot into Linux. Boot from a live CD if you are really paranoid. Don't do it on Windows, though. You can't expect your genuine amulet of magical virus protection (+1) to protect you from the Black Death!
And the desire to "censor the Internet" is not limited to Russia and China. In every country, you can find people who want to control the movement of information online.
You can't control what people use their PCs for, or what they send over their own private networks. But you can tightly control the information moving over the public network. I think that this could be done by requiring all packets to be digitally signed by the originator. Routers at your ISP and on the backbone would reject packets lacking a valid signature. As part of the requirements for getting a valid signing key, every user can be forced to run only approved software on their PC, which would make it difficult to use any application that lacked Government approval. So you can opt out, but if you do, you lose your network access.
Of course, this scheme destroys anonymity online, and allows the authority to kick you offline at any time by revoking your keys. If the US were the bastion of freedom and democracy that it claims to be, this would not be a problem, because Russia and China couldn't implement an effective scheme without also losing the ability to communicate with the US and Europe. However, the US is well positioned to lead the way, with software and hardware companies bending over backwards to implement the necessary "trusted computing" technology, media giants lobbying against "intellectual property theft", and telecom corporations offering no resistance to illegal Government activities. We have already seen how "peer to peer" poses a "threat to National Security"... well, forcing a licensing scheme on all Internet users would be one way to eliminate the threat while still permitting "peer to peer" for future legal applications such as distributing World of Questcrack patches.
I understand that reality may not be quite as tidy, but it still seems like a virtualized system would be much more secure that a non-virtualized system, if only because the increased level of knowledge involved means a smaller number of hackers capable of exploiting both layers. What am I missing?
I think you might be assuming that the security provided by the OS and the VM are multiplicative, that the result of having both is much stronger than the sum of the two parts. But that might not be true, because an attacker does not have to compromise both systems at the same time. He can attack the OS, get control of that, then use it as a launch pad to hit the VM.
Others have argued that the VM will be more secure than the OS because it is smaller and simpler, and in general I think that is a good argument. Less code = less bugs. But VMware was not designed as a security tool, and it is actually very large because it contains reverse drivers for virtual hardware (Ethernet and VGA, for example). Bugs in this code could be serious security problems (example). To take another example, the QEMU VM lets you use SLIRP as a quick and dirty way to get networking running. But SLIRP is notoriously filled with security bugs. It's useful, but it's not designed to be secure, and if you use it, QEMU can't stop malicious programs escaping the VM through SLIRP.
We'd need to know where the data is coming from, and how it is being mined. If we knew that, then it would be quite easy to generate false positives. After all, there is no judicial process going on here. It's completely arbitrary - you go on the list if your details match a secret heuristic function for detecting "terrorists", and then there is no appeal, no way to get off the list. Very much like the Nazi heuristic for detecting Jews (X had a Jewish grandparent => X is Jewish). Ideally, we would want to add everyone to the list - eventually we would reach someone with sufficient political power to scrap the whole thing once personally inconvenienced by it.
There is potential for some amusement as well: "I'm sorry, Mr President. I can't let you onto Air Force One. The computer says you're the world's number 1 terrorist."
They're going to throw Darl out of a plane, strapped to a large chunk of heavy metal?
Well, that's got to be worth $30 million.
Can we also make him wear a T-shirt saying something like "I tried to fix my obsolete business model using litigation", then drop him near the RIAA headquarters?
...and suggest that to even connect to the Internet as a client in the future, you'll need a licence and an approved software stack. The licence will be in the form of an officially endorsed key pair, and your OS will (1) sign all your outgoing packets with this key pair, and (2) respond to remote attestation requests about the software running on your machine. You'll be able to opt out of this, of course, but if you do, you can't connect to the Internet, because routers at your ISP will refuse to carry traffic lacking a valid signature from the central authority.
One consequence of this is that you will lose anonymity, because everything you send will be traceable to your licence. It will also enable censorship and the destruction of information, because when licences are revoked, information sent using them will simply disappear. That's perfect for any organisation that wishes to control the movement of information, from Fascist governments to record companies.
The expense of this will be justified in the usual ways ("think of the children"/"the poor starving musicians"/"the dying film industry"/"OMG TERRORISTS!1!!!!1!"), and the technology that will be used to implement it already exists. It's funny to think that possession of an unlicensed computer might be a crime in the future, since an unlicensed computer might enable someone to copy information without restriction, and obviously only a criminal would want to do that. Will possession of Linux land you in jail?
Truly the present day is the best time to be alive, because we have all this advanced technology and it is not restricted yet.
It's not that he'll shoot you if you dress as a ninja and try to sneak up on him. It's just that his speech might exceed the bullshit threshold that you can tolerate.
2007. The problem with the current "untrusted" Internet is that anyone can join, make themselves effectively anonymous, and take part in terrible crimes that threaten to undermine the infrastructure of society. Such as piracy, child pornography, terrorism, money laundering, Linux, and spam.
2017. Clearly, this could not go on. The solution that has been legally mandated requires the network to be upgraded before 2025, so that all packets have to be digitally signed by the originator. In order to send information on this network, all participating computers must obtain a session key from the Digital Restrictions Ministry. This session key will only be provided to users who can authenticate themselves on the network using the chip in their identity card or forearm, and then only if their computer is running an officially approved set of Microsapple applications, complete with official spyware from the National Security Ministry.
By removing anonymity from the network, and ensuring central control of all information passing over it, the Government will ensure that no-one will be able to use the network for any criminal purpose. Finally, our children will be safe, terrorists will have no way to criticise the Government, and pirates won't be able to skip the adverts at the beginning of films.
Yes, there are certainly benefits. I changed my mind about TC when I needed my own machine to boot up in a trusted state, so that I could be sure that it was safe for me to unlock my encrypted filesystems without the keys being stolen by a trojan. Without a TPM, the only way to do this is to boot from removable media, since an unencrypted kernel on disk could be modified by an attacker. But a TPM could be used to store a key-unlocking-key that would only be available to kernels with my digital signature. Under the control of the owner, TC is useful.
It is a shame that TC almost certainly will be abused in various ways, enforcing DRM on media, games and applications, and creating new ways for major software vendors to lock users into their products. I don't like that possibility at all. Worse still is the possibility that remote attestation might eventually form part of the requirements for connecting to the Internet: that move would suit Apple and Microsoft (goodbye third-party OSs and web browsers), and it would suit organisations wishing to control the movement of information, such as oppressive Governments and record companies.
But fortunately TC was never designed to be secure against owner tampering, and I suspect it will always be possible to get the private key out of the TPM by using differential power analysis (DPA), if you are sufficiently motivated to do so. I have heard that it is actually impossible to prevent DPA entirely: the most a chip manufacturer can do is make it take more time. Laws like the DMCA would make this type of hacking illegal, but I doubt that would stop anyone, any more than the DMCA has stopped people using DeCSS.
Would you want to do the same with source code? Sure you could write both source and an "English" version that makes sense to non-techies but you're going to have a lot of ambiguity in the English version.
REM I see your point. /* In fact I have never understood why programming languages allow you to add comments. */ // Real programmers don't write comments. -- Real programmers figure out what code is supposed to do just by looking at the syntax. # Writing comments is a waste of everyone's time, and comments waste valuable disk space. % I hate well-commented code.
In that case, perhaps patents could be written in both English and legalese, so that they can be read both by lawyers and by techies. It seems to me that we ideally want both types of people to review patent applications. Experts in a particular field are more likely to be able to spot prior art, but they are also less likely to be able to actually understand the patent because of the legal jargon.
I am surely not alone in thinking that the text of every patent seems to be deliberately obfuscated. Each patent seems to have been translated several times before being turned back into a form that is almost (but not quite) entirely unlike English. Surely it would help matters enormously if patents had to be written in English rather than impenetrable legalese? This would help the patent examiners, and it would also help anyone who wanted to reimplement an invention described by an expired patent - which is, after all, part of the deal! The nature of the invention is supposed to be patently obvious so that others can reuse it after it expires. Why isn't this a requirement?
He should have told the SWAT team to raid the White House, or a police station, or indeed any address that would never show up on the 911 system and would have been recognised as fake. That would have been an amusing prank rather than a potentially lethal one.
He's not the only one. Bioshock didn't work for me either. But I don't have any sort of moral problem with SecuROM. In my case, it's a technical problem. SecuROM simply does not work. No error message of any sort, no helpful information. The demo just won't start. It's because the SecuROM install failed. Silently.
Game developers are the people who should care about this, because they decide whether to include extra copy protection or not. The Steam copy protection was enough for Valve and their games, but not for Bioshock. To the Bioshock developers, and others like them, I ask: is SecuROM worth it? If it is, then the total benefit ($) must be greater than the total cost ($).
The benefit of SecuROM is said to be "more sales", because fewer people can pirate the game. The costs of SecuROM are incurred in (1) customer support, (2) lost sales due to people who pirated the game because SecuROM prevented it from working, (3) lost sales due to people who didn't buy the game because of SecuROM, (4) bad publicity because of SecuROM, and (5) the SecuROM licensing fee.
Unfortunately, not all of these are quantifiable. But you can take the support costs and the licensing fee, and compare them to the sales revenue. How much piracy would SecuROM need to have prevented in order to be worthwhile? Could it actually ever be successful in doing so, given that piracy is quite easy if you are so inclined? In particular, is it worth adding an extra copy protection layer on top of the existing one in Steam?
I am sure that Sony, the makers of SecuROM, have many answers to these questions and are somehow able to quantify the piracy that SecuROM is said to prevent. I am sure that they make no mention of bad publicity and lost sales due to SecuROM: they probably say that most people don't even know what copy protection is. And that's true, but those people will still be inconvenienced by it when it doesn't work, and they'll still hassle your customer support and tell their friends. Like any snake oil vendor, Sony won't tell you that their product doesn't work. So developers keep buying it, and games don't work properly.
One day, game copy protection will be standardised by Microsoft and all the third party vendors will be forced out of business. And that'll actually be a good thing, because Microsoft simply cannot do worse than SecuROM and Starforce and all the other half-assed hackers in the copy protection business. The only nice thing I can say about SecuROM is that it was included in the demo, so at least I found out that it didn't work before I paid for the game.
Or, they could alter a signed piece of code, keep the signature in tact,
Digital signatures are more powerful than you think. A signature on paper does not contain any information about the surrounding document (the payload), so the payload could be changed without affecting the apparent validity of the signature. However, a digital signature is the cryptographic hash of the payload, encrypted with a private key. To alter the payload without invalidating the signature, you'd either have to be able to encrypt another hash with the private key, or create a new payload with the same hash.
What I find annoying about that particular post is:
1. It lacks humility. He comes across as an arrogant loudmouth. Many people do not like this.
2. It tries to give the impression that ESR is someone of vital importance in the community, which is simply not true. His greatest contribution is probably "The Cathedral and the Bazaar", which is often cited, but is basically all derived from earlier work by the real heroes of our "revolution" - the people who actually contributed code. (ESR's actual code contributions are small).
In general, what I don't like about ESR is that he swaggers about like some sort of mixture of Linus Torvalds and Zaphod Beeblebrox, but he lacks the technical skill to carry off the first role, and the personality to carry off the second. He should quit trying to be both a nerd and a celebrity, because he just can't do it.
But will it be secure against our evil RIAA overlords? I hear their army of sharks is even more dangerous than their army of lawyers, thanks to the recent addition of fricking laser beams.
"Ah, Mr Wlad. I offer you a simple choice. Either die in my shark tank, or pay me... one trillion dollars per MP3 on your hard drive. Muhahahahaha..." Etc., etc.
It seems like we have been here before: 1. Independent company (Valve) introduces a new type of product (Steam). 2. ??? (Many years pass as legions of Steam bugs are fixed, and Steam goes from being "the hated program that broke Counter Strike" to being pretty useful, even to people who hate DRM.) 3. Independent company makes a profit. 4. Microsoft is angry! (Ballmer throws a chair.) Microsoft clones the product and bundles it with Windows, ensuring that most users will never know about the original. 5. Microsoft profits. The independent company goes bankrupt.
But really I think that "Games for Windows" is a stopgap measure, introduced until the time that all PC gamers have been moved over to the XBox. You can't make Steam for XBox Live. In fact, you can't make anything without paying Microsoft. For Microsoft, that's an even better deal than Windows. It's not just platform lockin, it's platform lockin AND licensing fees AND central control of all product development through licensing.
Remote syslog also means that your servers are more secure: (a) because it is harder for crackers to falsify remote logs as they need to compromise two machines, not just one; and (b) because your visualisation program doesn't need access to SSH keys for all of the machines it monitors, so a compromise on the visualisation computer doesn't automatically mean that all of the servers can also be compromised. However, you could presumably adapt this tool to use syslog quite easily.
Indeed, the NSA rumours about DES have mostly proved false. I was trying to make a joke about paranoia, and how ultimately nothing can be trusted, rather than actually be informative!:)
When it comes to encryption it is exactly for this reason why I use the "clunky", "hard to configure", "no GUI" Open Source!
Ah, but that's not necessarily a defence against the NSA! Their backdoors might not be hidden in closed source binaries, or in obfuscated source code, or in your CPU hardware, or even injected covertly by your copy of GCC when it recognises encryption code. They might be mathematical backdoors, hidden inside well-known ciphers that are generally thought to be secure. There's the old story about DES, and how the NSA improved the cipher, but refused to say exactly why the new version was better... Don't trust anyone, especially if their name is a three letter acronym!:)
It's a matter of principle. I say that you should have a right to privacy, and your privacy shouldn't be violated by anyone unless you give explicit permission. Encryption gives you the ability to hide information from the authorities, and forces them to go through a legal process in order to gain access to the information. They can't read your messages without your help. The decision of whether to help them or not is up to you.
I regard the keys to my encrypted filesystems as being secret, but I would still produce them if I was forced to do so by the UK police. So the layer of encryption doesn't provide security against the Government, but it does protect the data from thieves and tampering, and it forces officials to ask me for the keys if they want to see what's on the disk. I think that's about as good as things can get.
Slashdot Mirror
Cohen saw that one implication of this result is that virus detection is an endless arms race. Viruses are free to mutate into an infinite variety of functionally equivalent forms, whereas the process of establishing their equivalence is undecidable... It has always seemed bizarre to me that so much of our focus should therefore be on this futile exercise of closing the barn door after the horse has gone.
This is what anti-virus software vendors won't tell you. Anti-virus software, and (generalising) anti-malware software, is snake oil. Although it might be useful for detecting some well-known threats, provided that they haven't put much effort into hiding, its main contribution is a false sense of security. It's like a magic talisman to ward off evil: expensive, shiny, and useless.
Based on this, I think that one of the benefits of moving from Windows to Macintosh is actually an illusion! Windows users are used to running programs that do nothing but slow their systems down. (Norton being the classic example.) When they move to Mac, they chuck out all these lucky charms. Result: massive performance improvement. But you could get the same effect on Windows by (1) keeping your software up to date, (2) being careful what websites you visit and what programs you run, and (3) not installing any anti-malware software.
If you want to do something dangerous, reboot into Linux. Boot from a live CD if you are really paranoid. Don't do it on Windows, though. You can't expect your genuine amulet of magical virus protection (+1) to protect you from the Black Death!
And the desire to "censor the Internet" is not limited to Russia and China. In every country, you can find people who want to control the movement of information online.
You can't control what people use their PCs for, or what they send over their own private networks. But you can tightly control the information moving over the public network. I think that this could be done by requiring all packets to be digitally signed by the originator. Routers at your ISP and on the backbone would reject packets lacking a valid signature. As part of the requirements for getting a valid signing key, every user can be forced to run only approved software on their PC, which would make it difficult to use any application that lacked Government approval. So you can opt out, but if you do, you lose your network access.
Of course, this scheme destroys anonymity online, and allows the authority to kick you offline at any time by revoking your keys. If the US were the bastion of freedom and democracy that it claims to be, this would not be a problem, because Russia and China couldn't implement an effective scheme without also losing the ability to communicate with the US and Europe. However, the US is well positioned to lead the way, with software and hardware companies bending over backwards to implement the necessary "trusted computing" technology, media giants lobbying against "intellectual property theft", and telecom corporations offering no resistance to illegal Government activities. We have already seen how "peer to peer" poses a "threat to National Security"... well, forcing a licensing scheme on all Internet users would be one way to eliminate the threat while still permitting "peer to peer" for future legal applications such as distributing World of Questcrack patches.
I understand that reality may not be quite as tidy, but it still seems like a virtualized system would be much more secure that a non-virtualized system, if only because the increased level of knowledge involved means a smaller number of hackers capable of exploiting both layers. What am I missing?
I think you might be assuming that the security provided by the OS and the VM are multiplicative, that the result of having both is much stronger than the sum of the two parts. But that might not be true, because an attacker does not have to compromise both systems at the same time. He can attack the OS, get control of that, then use it as a launch pad to hit the VM.
Others have argued that the VM will be more secure than the OS because it is smaller and simpler, and in general I think that is a good argument. Less code = less bugs. But VMware was not designed as a security tool, and it is actually very large because it contains reverse drivers for virtual hardware (Ethernet and VGA, for example). Bugs in this code could be serious security problems (example). To take another example, the QEMU VM lets you use SLIRP as a quick and dirty way to get networking running. But SLIRP is notoriously filled with security bugs. It's useful, but it's not designed to be secure, and if you use it, QEMU can't stop malicious programs escaping the VM through SLIRP.
Here is one.
Beware of a false sense of security! VMware was not designed to be a security tool.
We'd need to know where the data is coming from, and how it is being mined. If we knew that, then it would be quite easy to generate false positives. After all, there is no judicial process going on here. It's completely arbitrary - you go on the list if your details match a secret heuristic function for detecting "terrorists", and then there is no appeal, no way to get off the list. Very much like the Nazi heuristic for detecting Jews (X had a Jewish grandparent => X is Jewish). Ideally, we would want to add everyone to the list - eventually we would reach someone with sufficient political power to scrap the whole thing once personally inconvenienced by it.
There is potential for some amusement as well: "I'm sorry, Mr President. I can't let you onto Air Force One. The computer says you're the world's number 1 terrorist."
They're going to throw Darl out of a plane, strapped to a large chunk of heavy metal?
Well, that's got to be worth $30 million.
Can we also make him wear a T-shirt saying something like "I tried to fix my obsolete business model using litigation", then drop him near the RIAA headquarters?
Do the probing from a dynamic IP address, like most home DSL connections. If you get DDOSed, reconnect.
:). I wouldn't want a static address on my home connection for a number of reasons.
There's a lot to be said for dynamic IP addresses
...and suggest that to even connect to the Internet as a client in the future, you'll need a licence and an approved software stack. The licence will be in the form of an officially endorsed key pair, and your OS will (1) sign all your outgoing packets with this key pair, and (2) respond to remote attestation requests about the software running on your machine. You'll be able to opt out of this, of course, but if you do, you can't connect to the Internet, because routers at your ISP will refuse to carry traffic lacking a valid signature from the central authority.
One consequence of this is that you will lose anonymity, because everything you send will be traceable to your licence. It will also enable censorship and the destruction of information, because when licences are revoked, information sent using them will simply disappear. That's perfect for any organisation that wishes to control the movement of information, from Fascist governments to record companies.
The expense of this will be justified in the usual ways ("think of the children"/"the poor starving musicians"/"the dying film industry"/"OMG TERRORISTS!1!!!!1!"), and the technology that will be used to implement it already exists. It's funny to think that possession of an unlicensed computer might be a crime in the future, since an unlicensed computer might enable someone to copy information without restriction, and obviously only a criminal would want to do that. Will possession of Linux land you in jail?
Truly the present day is the best time to be alive, because we have all this advanced technology and it is not restricted yet.
Unless you want to get killed.
It's not that he'll shoot you if you dress as a ninja and try to sneak up on him. It's just that his speech might exceed the bullshit threshold that you can tolerate.
Sounds pretty good to me!
Yes, there are certainly benefits. I changed my mind about TC when I needed my own machine to boot up in a trusted state, so that I could be sure that it was safe for me to unlock my encrypted filesystems without the keys being stolen by a trojan. Without a TPM, the only way to do this is to boot from removable media, since an unencrypted kernel on disk could be modified by an attacker. But a TPM could be used to store a key-unlocking-key that would only be available to kernels with my digital signature. Under the control of the owner, TC is useful.
It is a shame that TC almost certainly will be abused in various ways, enforcing DRM on media, games and applications, and creating new ways for major software vendors to lock users into their products. I don't like that possibility at all. Worse still is the possibility that remote attestation might eventually form part of the requirements for connecting to the Internet: that move would suit Apple and Microsoft (goodbye third-party OSs and web browsers), and it would suit organisations wishing to control the movement of information, such as oppressive Governments and record companies.
But fortunately TC was never designed to be secure against owner tampering, and I suspect it will always be possible to get the private key out of the TPM by using differential power analysis (DPA), if you are sufficiently motivated to do so. I have heard that it is actually impossible to prevent DPA entirely: the most a chip manufacturer can do is make it take more time. Laws like the DMCA would make this type of hacking illegal, but I doubt that would stop anyone, any more than the DMCA has stopped people using DeCSS.
Would you want to do the same with source code? Sure you could write both source and an "English" version that makes sense to non-techies but you're going to have a lot of ambiguity in the English version.
REM I see your point.
/* In fact I have never understood why programming languages allow you to add comments. */
// Real programmers don't write comments.
-- Real programmers figure out what code is supposed to do just by looking at the syntax.
# Writing comments is a waste of everyone's time, and comments waste valuable disk space.
% I hate well-commented code.
In that case, perhaps patents could be written in both English and legalese, so that they can be read both by lawyers and by techies. It seems to me that we ideally want both types of people to review patent applications. Experts in a particular field are more likely to be able to spot prior art, but they are also less likely to be able to actually understand the patent because of the legal jargon.
I am surely not alone in thinking that the text of every patent seems to be deliberately obfuscated. Each patent seems to have been translated several times before being turned back into a form that is almost (but not quite) entirely unlike English. Surely it would help matters enormously if patents had to be written in English rather than impenetrable legalese? This would help the patent examiners, and it would also help anyone who wanted to reimplement an invention described by an expired patent - which is, after all, part of the deal! The nature of the invention is supposed to be patently obvious so that others can reuse it after it expires. Why isn't this a requirement?
He should have told the SWAT team to raid the White House, or a police station, or indeed any address that would never show up on the 911 system and would have been recognised as fake. That would have been an amusing prank rather than a potentially lethal one.
He's not the only one. Bioshock didn't work for me either. But I don't have any sort of moral problem with SecuROM. In my case, it's a technical problem. SecuROM simply does not work. No error message of any sort, no helpful information. The demo just won't start. It's because the SecuROM install failed. Silently.
Game developers are the people who should care about this, because they decide whether to include extra copy protection or not. The Steam copy protection was enough for Valve and their games, but not for Bioshock. To the Bioshock developers, and others like them, I ask: is SecuROM worth it? If it is, then the total benefit ($) must be greater than the total cost ($).
The benefit of SecuROM is said to be "more sales", because fewer people can pirate the game. The costs of SecuROM are incurred in (1) customer support, (2) lost sales due to people who pirated the game because SecuROM prevented it from working, (3) lost sales due to people who didn't buy the game because of SecuROM, (4) bad publicity because of SecuROM, and (5) the SecuROM licensing fee.
Unfortunately, not all of these are quantifiable. But you can take the support costs and the licensing fee, and compare them to the sales revenue. How much piracy would SecuROM need to have prevented in order to be worthwhile? Could it actually ever be successful in doing so, given that piracy is quite easy if you are so inclined? In particular, is it worth adding an extra copy protection layer on top of the existing one in Steam?
I am sure that Sony, the makers of SecuROM, have many answers to these questions and are somehow able to quantify the piracy that SecuROM is said to prevent. I am sure that they make no mention of bad publicity and lost sales due to SecuROM: they probably say that most people don't even know what copy protection is. And that's true, but those people will still be inconvenienced by it when it doesn't work, and they'll still hassle your customer support and tell their friends. Like any snake oil vendor, Sony won't tell you that their product doesn't work. So developers keep buying it, and games don't work properly.
One day, game copy protection will be standardised by Microsoft and all the third party vendors will be forced out of business. And that'll actually be a good thing, because Microsoft simply cannot do worse than SecuROM and Starforce and all the other half-assed hackers in the copy protection business. The only nice thing I can say about SecuROM is that it was included in the demo, so at least I found out that it didn't work before I paid for the game.
Or, they could alter a signed piece of code, keep the signature in tact,
Digital signatures are more powerful than you think. A signature on paper does not contain any information about the surrounding document (the payload), so the payload could be changed without affecting the apparent validity of the signature. However, a digital signature is the cryptographic hash of the payload, encrypted with a private key. To alter the payload without invalidating the signature, you'd either have to be able to encrypt another hash with the private key, or create a new payload with the same hash.
What I find annoying about that particular post is:
1. It lacks humility. He comes across as an arrogant loudmouth. Many people do not like this.
2. It tries to give the impression that ESR is someone of vital importance in the community, which is simply not true. His greatest contribution is probably "The Cathedral and the Bazaar", which is often cited, but is basically all derived from earlier work by the real heroes of our "revolution" - the people who actually contributed code. (ESR's actual code contributions are small).
In general, what I don't like about ESR is that he swaggers about like some sort of mixture of Linus Torvalds and Zaphod Beeblebrox, but he lacks the technical skill to carry off the first role, and the personality to carry off the second. He should quit trying to be both a nerd and a celebrity, because he just can't do it.
But will it be secure against our evil RIAA overlords? I hear their army of sharks is even more dangerous than their army of lawyers, thanks to the recent addition of fricking laser beams.
"Ah, Mr Wlad. I offer you a simple choice. Either die in my shark tank, or pay me... one trillion dollars per MP3 on your hard drive. Muhahahahaha..." Etc., etc.
It seems like we have been here before:
1. Independent company (Valve) introduces a new type of product (Steam).
2. ??? (Many years pass as legions of Steam bugs are fixed, and Steam goes from being "the hated program that broke Counter Strike" to being pretty useful, even to people who hate DRM.)
3. Independent company makes a profit.
4. Microsoft is angry! (Ballmer throws a chair.) Microsoft clones the product and bundles it with Windows, ensuring that most users will never know about the original.
5. Microsoft profits. The independent company goes bankrupt.
But really I think that "Games for Windows" is a stopgap measure, introduced until the time that all PC gamers have been moved over to the XBox. You can't make Steam for XBox Live. In fact, you can't make anything without paying Microsoft. For Microsoft, that's an even better deal than Windows. It's not just platform lockin, it's platform lockin AND licensing fees AND central control of all product development through licensing.
Remote syslog also means that your servers are more secure: (a) because it is harder for crackers to falsify remote logs as they need to compromise two machines, not just one; and (b) because your visualisation program doesn't need access to SSH keys for all of the machines it monitors, so a compromise on the visualisation computer doesn't automatically mean that all of the servers can also be compromised. However, you could presumably adapt this tool to use syslog quite easily.
Indeed, the NSA rumours about DES have mostly proved false. I was trying to make a joke about paranoia, and how ultimately nothing can be trusted, rather than actually be informative! :)
When it comes to encryption it is exactly for this reason why I use the "clunky", "hard to configure", "no GUI" Open Source!
:)
Ah, but that's not necessarily a defence against the NSA! Their backdoors might not be hidden in closed source binaries, or in obfuscated source code, or in your CPU hardware, or even injected covertly by your copy of GCC when it recognises encryption code. They might be mathematical backdoors, hidden inside well-known ciphers that are generally thought to be secure. There's the old story about DES, and how the NSA improved the cipher, but refused to say exactly why the new version was better... Don't trust anyone, especially if their name is a three letter acronym!
It's a matter of principle. I say that you should have a right to privacy, and your privacy shouldn't be violated by anyone unless you give explicit permission. Encryption gives you the ability to hide information from the authorities, and forces them to go through a legal process in order to gain access to the information. They can't read your messages without your help. The decision of whether to help them or not is up to you.
Indeed, that is another problem.
I regard the keys to my encrypted filesystems as being secret, but I would still produce them if I was forced to do so by the UK police. So the layer of encryption doesn't provide security against the Government, but it does protect the data from thieves and tampering, and it forces officials to ask me for the keys if they want to see what's on the disk. I think that's about as good as things can get.