The CVS disposable digital camera - possibly the cheapest/meanest of such devices - has a plastic shutter that covers the light sensor at all times except during the split-second exposure.
Open source DRM gives you the cyphertext, the secret key, and the decryption algorithm. Oddly enough this is little different from classical DRM. The level of "security" is about that of a riddle answer printed upside-down at the bottom of a childrens' magazine.
Adjust your tinfoil hat to sit snugly, and you will see that comical announcements like this one are simply to distract you from the hardware DRM (uniquely keyed CPUs, public key encrypted individualized binaries) that will surely come soon.
AFAIK all published watermarking systems are not robust. As for non-published methods, the video pirates enthusiastically applaud the use of 'security through obscurity.'
Take two differently watermarked copies of the same item (pirated film, etc.) and average each respective byte together. The resulting file should be viewable and not visibly corrupt. Who shows up as the original purchaser now?
Just how long will it take to extract information from a drive that has been abruptly converted to the Melted Slag File System at the appropriate moment? Be creative with what to use for a trigger - a grenade-style pull ring, a dead man's switch (manual, or with an RF beacon hidden inside a wall that only transmits 1x hour, at random intervals), whatever. Perhaps there is no need to cook the entire drive - use 4096-bit RSA, store key and decryptor on a custom (FPGA) board connected between the drive and the computer, and deep-fry the board at the first sign of trouble.
The trouble with this entire genre of solutions, of course, is that you might be tortured to death in an effort to find the back-ups which you and your henchmen must surely have hid somewhere; or simply executed as an example (and/or out of frustration.) For cases where this outcome is likely, it is probably wiser to use a form of Rubber Hose Cryptography - a form of steganographic data storage where cryptoanalysis cannot reveal the number of different messages stored. Separate passphrases reveal separate plaintexts. The idea is to prepare something that will get the torturers off your back by revealing an incriminating and juicy yet not master-plan-foiling secret.
As for the possibility of "you're free to go, sir" with a bugged system returned to you, any competent terrorist will use non-standard or tamper-evident hardware (the latter need not involve anything fancy - say, a simple current usage sensor on the keyboard port's +5v line, network/ide/scsi controllers glued in place, etc.)
What is needed is an "RIAA insurance" company. It would not pay settlement costs under any circumstances, but would finance any subscriber who decides to fight it out in an actual trial. 10,000 trials would likely strain the budget of RIAA & co. if not bankrupt it outright. It is also worth noting that the cases would not all be certain wins for the RIAA, due to questionable evidence.
Just how difficult is it to set up a computer which will show evidence of tampering (particularly of the hardware kind)? Especially if your primary system is a laptop. Where exactly does one put a keyboard bug inside a laptop, with their famously non-interchangeable parts? It doesn't matter, really - glue the screwholes shut. Glue the hard drive in place. They can carry away your machine, but they cannot make it betray you and collect evidence. Use an open BIOS, with custom password prompt code. Now, none of this will stop the authorities from seizing your machine, and torturing the password out of you, etc.; but the undetectable planting of covert hardware/software bugs seems like a very preventable thing to me.
Publish your work anonymously, and use public key cryptography (signature) methods to mark the work as yours in a way that does not allow it to be traced to you until you decide to voluntarily claim ownership (say, after The Revolution (tm) and laws to protect freedom of thought.) So, people will know Some Day who it was that made the great invention.
The HardSid is painfully overpriced IMHO. See my site link for a "ghetto" solution to PC - SID connectivity. I will soon (hopefully) publish the plans for a USB version of the same gadget.
I don't think Bush is actually in league with bin Laden. It is possible. The point is that any time you see evidence of someone having Al-qaeda ties, compare it to hat for Bush. If it's weaker, and you don't suspect Bush, then you can't fairly suspect the other person either.
Political preferences (on a linear continuum, like this one seems to be) tend to be non-transitive. A politically-rational human would be a very different and interesting creature indeed.
what is needed to counter the drawbacks of purely flash-based drives is a system that resembles a machine I once saw. The box contained a large quantity of standard SDRAM, a correspondingly-sized harddisk, and a camcorder battery. A controller board allows the RAM to pretend to be a SCSI harddisk. The battery lasts long enough to record RAM contents to disk in the event of a power failure, automatically. A smaller version of this unit, with cheaper (perhaps slower, or writeable fewer times) flash ram instead of the harddisk, would allow for a modestly sized, low-powered solidstate storage unit. Perhaps it could even be miniaturized to fit in a 3.5" drive bay.
The widespread use of inkjet printers for black&white text output is, IMHO, severely misguided and is a result of heavy advertising campaigns as opposed to technical superiority. Anyone who has owned a modern inkjet is familiar with the scam - cheap printer, ruinously expensive cartridges. The per-page cost of a dot-matrix printer is negligible. An affordable, efficient, and mostly acceptable image-quality (for everyday work) printer has been declared obsolete with very little reason.
the 78xx are linear regulators; using them to power anything nontrivial will waste unbelievable amounts of wattage; a thermal nightmare as well. There are guides to the construction of serious switching power supplies; google is your friend.
"deniable cryptography" systems allow multiple keys or passwords, each producing different decrypted data; when you are tortured or otherwise coerced, give out the "innocent" key. Obviously, the "innocent" data must be set up with plausibility in mind. One such system: http://www.rubberhose.org/
It seems to me that (for this, as well as for similar projects) it would be convenient to build a "shadow source" development network - something that would resemble the mutant hybrid child of Freenet and Sourceforge. If the system includes anonymous relaying/distributed storage, combined with some means of trust verification (to keep saboteurs out of codebases), it would become essentially impossible for anyone to squelch a development effort (such as "Kazaa Lite" or "Freecraft".)
In the hypothetical "worst case" scenario - all currently useful P2P ports blocked, traffic monitored, suspicious packets reported to the music Gestapo - there remains the possibility of routing the traffic of a P2P network solely through encrypted email. I can hardly envision POP not getting on the allowed protocol list. The limitation on bandwidth would be horrific, especially if hard-core censorship of the net leads to steganography becoming a must.
I suspect that in places such as Australia, where there is no legal protection of the right to use strong encryption, steganography may become an absolute necessity. Let them try to prove that the Bible passage has an MP3 encoded by means of whitespace variation, or that the photo of your dog you just sent is hiding a few kilobytes of the latest film.
The fundamental problem is then designing a medium of steganographic transmission that defies analysis by determined Polizei. If the stream of "contraband" packets becomes mathematically indistinguishable from the flow of "innocent" packets, even the most corrupt politician would have no choice but to relieve ISPs of the responsibility of trying to distinguish them - lest the nation lose its connectivity entirely, for the lack of censorship-specific supercomputing iron at most ISP facilities. Of course, this is rather fanciful speculation; other, possibly more extravagant things (i.e. nationwide covert P2P wireless) have been proposed. It just seems to me that steganography is a rarely discussed subject when methods of resisting hardcore censorship are discussed - which is a shame, because it may well become necessary - sooner than expected.
I am morbidly fascinated by the history of various forms of "crippleware" (as some call it) - products that are in some way designed to deliberately work against their owner's personal interests in some way. Ordinary "shoddy goods" have been around since before the industrial revolution; I do wonder, however, when the first _deliberately_ crippled products appeared. Aside from DRM, one can name many examples today - cars that record their owner's driving history, cell phones that broadcast their GPS coordinates, etc. These things are abundant today. You can go to any electronics shop and deposit hard-earned cash in exchange for a product that is _designed_ to betray you in some very deliberate way - and what's more interesting, most people don't seem to oppose this trend.
Does anyone with a "history of technology"-type background know when this trend began? Namely, when/where was conceivably the first instance of people buying a deliberately traitorous product (something designed to malfunction in some way, or rat out the owner's misbehavior, etc.)?
1) A contract signed under duress is generally not considered valid. I argue that the threat of homelessness and starvation constitutes duress.
2) At least in the US, there exist rights that cannot be signed away in a contract - i.e. it would not be legal for a company to enforce a contract permitting them to kill you if you work for a competitor, no matter how many signatures you put on it and under what circumstances. I think that one's claim to one's own time and the creative products thereof is as basic as one's right to life. If they want those hours, they can offer to pay you for them, at a reasonable rate.
If a small country contains a source of DDOS attacks, wouldn't it make sense for whoever is upstream to pull their plug? Perhaps the corporate-controlled US government will eventually use threats of sanctions/conquest to bring this about...
Slashdot Mirror
I read her very entertaining posts for many years, until she suddenly quit killing time on Usenet.
The CVS disposable digital camera - possibly the cheapest/meanest of such devices - has a plastic shutter that covers the light sensor at all times except during the split-second exposure.
Open source DRM gives you the cyphertext, the secret key, and the decryption algorithm. Oddly enough this is little different from classical DRM. The level of "security" is about that of a riddle answer printed upside-down at the bottom of a childrens' magazine. Adjust your tinfoil hat to sit snugly, and you will see that comical announcements like this one are simply to distract you from the hardware DRM (uniquely keyed CPUs, public key encrypted individualized binaries) that will surely come soon.
If this goes through, prepare for a federally mandated "plannedparenthood.xxx" and so forth...
AFAIK all published image watermarking systems are not robust.
AFAIK all published watermarking systems are not robust. As for non-published methods, the video pirates enthusiastically applaud the use of 'security through obscurity.'
Take two differently watermarked copies of the same item (pirated film, etc.) and average each respective byte together. The resulting file should be viewable and not visibly corrupt. Who shows up as the original purchaser now?
Just how long will it take to extract information from a drive that has been abruptly converted to the Melted Slag File System at the appropriate moment? Be creative with what to use for a trigger - a grenade-style pull ring, a dead man's switch (manual, or with an RF beacon hidden inside a wall that only transmits 1x hour, at random intervals), whatever. Perhaps there is no need to cook the entire drive - use 4096-bit RSA, store key and decryptor on a custom (FPGA) board connected between the drive and the computer, and deep-fry the board at the first sign of trouble.
The trouble with this entire genre of solutions, of course, is that you might be tortured to death in an effort to find the back-ups which you and your henchmen must surely have hid somewhere; or simply executed as an example (and/or out of frustration.) For cases where this outcome is likely, it is probably wiser to use a form of Rubber Hose Cryptography - a form of steganographic data storage where cryptoanalysis cannot reveal the number of different messages stored. Separate passphrases reveal separate plaintexts. The idea is to prepare something that will get the torturers off your back by revealing an incriminating and juicy yet not master-plan-foiling secret. As for the possibility of "you're free to go, sir" with a bugged system returned to you, any competent terrorist will use non-standard or tamper-evident hardware (the latter need not involve anything fancy - say, a simple current usage sensor on the keyboard port's +5v line, network/ide/scsi controllers glued in place, etc.)
What is needed is an "RIAA insurance" company. It would not pay settlement costs under any circumstances, but would finance any subscriber who decides to fight it out in an actual trial. 10,000 trials would likely strain the budget of RIAA & co. if not bankrupt it outright. It is also worth noting that the cases would not all be certain wins for the RIAA, due to questionable evidence.
Just how difficult is it to set up a computer which will show evidence of tampering (particularly of the hardware kind)? Especially if your primary system is a laptop. Where exactly does one put a keyboard bug inside a laptop, with their famously non-interchangeable parts? It doesn't matter, really - glue the screwholes shut. Glue the hard drive in place. They can carry away your machine, but they cannot make it betray you and collect evidence. Use an open BIOS, with custom password prompt code. Now, none of this will stop the authorities from seizing your machine, and torturing the password out of you, etc.; but the undetectable planting of covert hardware/software bugs seems like a very preventable thing to me.
I built a nearly identical setup ~2.5 years ago (except with a 1997 Corolla radiator.) I am sure countless other people have done so before.
Publish your work anonymously, and use public key cryptography (signature) methods to mark the work as yours in a way that does not allow it to be traced to you until you decide to voluntarily claim ownership (say, after The Revolution (tm) and laws to protect freedom of thought.) So, people will know Some Day who it was that made the great invention.
The HardSid is painfully overpriced IMHO. See my site link for a "ghetto" solution to PC - SID connectivity. I will soon (hopefully) publish the plans for a USB version of the same gadget.
I don't think Bush is actually in league with bin Laden. It is possible. The point is that any time you see evidence of someone having Al-qaeda ties, compare it to hat for Bush. If it's weaker, and you don't suspect Bush, then you can't fairly suspect the other person either.
Political preferences (on a linear continuum, like this one seems to be) tend to be non-transitive. A politically-rational human would be a very different and interesting creature indeed.
what is needed to counter the drawbacks of purely flash-based drives is a system that resembles a machine I once saw. The box contained a large quantity of standard SDRAM, a correspondingly-sized harddisk, and a camcorder battery. A controller board allows the RAM to pretend to be a SCSI harddisk. The battery lasts long enough to record RAM contents to disk in the event of a power failure, automatically. A smaller version of this unit, with cheaper (perhaps slower, or writeable fewer times) flash ram instead of the harddisk, would allow for a modestly sized, low-powered solidstate storage unit. Perhaps it could even be miniaturized to fit in a 3.5" drive bay.
The widespread use of inkjet printers for black&white text output is, IMHO, severely misguided and is a result of heavy advertising campaigns as opposed to technical superiority. Anyone who has owned a modern inkjet is familiar with the scam - cheap printer, ruinously expensive cartridges. The per-page cost of a dot-matrix printer is negligible. An affordable, efficient, and mostly acceptable image-quality (for everyday work) printer has been declared obsolete with very little reason.
the 78xx are linear regulators; using them to power anything nontrivial will waste unbelievable amounts of wattage; a thermal nightmare as well. There are guides to the construction of serious switching power supplies; google is your friend.
"deniable cryptography" systems allow multiple keys or passwords, each producing different decrypted data; when you are tortured or otherwise coerced, give out the "innocent" key. Obviously, the "innocent" data must be set up with plausibility in mind. One such system: http://www.rubberhose.org/
Ummmm, all 802.11 cards I've encountered have software-adjustable MAC addresses.
It seems to me that (for this, as well as for similar projects) it would be convenient to build a "shadow source" development network - something that would resemble the mutant hybrid child of Freenet and Sourceforge. If the system includes anonymous relaying/distributed storage, combined with some means of trust verification (to keep saboteurs out of codebases), it would become essentially impossible for anyone to squelch a development effort (such as "Kazaa Lite" or "Freecraft".)
Faraday Cage. Steel case around "magic radio DRM" camera. Problem solved.
In the hypothetical "worst case" scenario - all currently useful P2P ports blocked, traffic monitored, suspicious packets reported to the music Gestapo - there remains the possibility of routing the traffic of a P2P network solely through encrypted email. I can hardly envision POP not getting on the allowed protocol list. The limitation on bandwidth would be horrific, especially if hard-core censorship of the net leads to steganography becoming a must.
I suspect that in places such as Australia, where there is no legal protection of the right to use strong encryption, steganography may become an absolute necessity. Let them try to prove that the Bible passage has an MP3 encoded by means of whitespace variation, or that the photo of your dog you just sent is hiding a few kilobytes of the latest film.
The fundamental problem is then designing a medium of steganographic transmission that defies analysis by determined Polizei. If the stream of "contraband" packets becomes mathematically indistinguishable from the flow of "innocent" packets, even the most corrupt politician would have no choice but to relieve ISPs of the responsibility of trying to distinguish them - lest the nation lose its connectivity entirely, for the lack of censorship-specific supercomputing iron at most ISP facilities. Of course, this is rather fanciful speculation; other, possibly more extravagant things (i.e. nationwide covert P2P wireless) have been proposed. It just seems to me that steganography is a rarely discussed subject when methods of resisting hardcore censorship are discussed - which is a shame, because it may well become necessary - sooner than expected.
I am morbidly fascinated by the history of various forms of "crippleware" (as some call it) - products that are in some way designed to deliberately work against their owner's personal interests in some way. Ordinary "shoddy goods" have been around since before the industrial revolution; I do wonder, however, when the first _deliberately_ crippled products appeared. Aside from DRM, one can name many examples today - cars that record their owner's driving history, cell phones that broadcast their GPS coordinates, etc. These things are abundant today. You can go to any electronics shop and deposit hard-earned cash in exchange for a product that is _designed_ to betray you in some very deliberate way - and what's more interesting, most people don't seem to oppose this trend. Does anyone with a "history of technology"-type background know when this trend began? Namely, when/where was conceivably the first instance of people buying a deliberately traitorous product (something designed to malfunction in some way, or rat out the owner's misbehavior, etc.)?
1) A contract signed under duress is generally not considered valid. I argue that the threat of homelessness and starvation constitutes duress. 2) At least in the US, there exist rights that cannot be signed away in a contract - i.e. it would not be legal for a company to enforce a contract permitting them to kill you if you work for a competitor, no matter how many signatures you put on it and under what circumstances. I think that one's claim to one's own time and the creative products thereof is as basic as one's right to life. If they want those hours, they can offer to pay you for them, at a reasonable rate.
If a small country contains a source of DDOS attacks, wouldn't it make sense for whoever is upstream to pull their plug? Perhaps the corporate-controlled US government will eventually use threats of sanctions/conquest to bring this about...