Elinks caches forms when being told so. It's fine for username and password, but it also remembers the subject line and fills it into the form, and when I forget to change it, it bites me.
At some point, they're going to start using tamper resistant hardware. Good luck mod-chipping that.
They can't possibly achieve that way. Nothing is 100% tamper-resistant. Doing this to the entire market will create rather huge demand for "tampered" devices, which is a decent incentive for black market. Tamper resistance is also rather expensive; consumer devices are unlikely to use that all - and look at the "I ported Linux on Gameboy" crowd, it's fairly likely at least some devices will be modifiable in the required way. You can make a decent computer from off-the-shelf chips, even "mere" microcontrollers have interesting power now, see eg. ATMega family; the market with general-purpose chips would have to be tightly controlled as well, at which point all the small and middle-sized development-doing companies (or dependent on custom development) start screaming bloody murder, and black market inevitably appears. (Or the "legal" systems will be flexible enough to fulfill any needs - then they are likely to be flexible enough to run just about anything on them - including an emulator of a non-TCPA computer.) The countries that deploy this measure effectively kill most of their R&D, which will cause mighty cheer in the "underdeveloped" nations.
The only hole you can actually count on, is digital-to-analogue-to-digital conversion, to get data out of your "trusted" box and into an ordinary computer. That might be fine for ebook pirates, but it's going to be one hell of a PITA for daily life.
Multiple options exist. The D/A-A/D conversion with audio coupling is a bit extreme, however many other possibilities exist; odd kinds of network protocols, serial link (if present), high-speed lab equipment. You can even bump the audio link speed up by using multiple channels and higher samplerates; I think the successor of AC'97 codec should go up to 192 kHz on 24 bits and 5+ channels, even a rather ineffective data encoding scheme could get quite fast here, presuming the setup is local and the cables are high-quality. Many people here derided it as an overkill - for audio maybe, for unintended purposes it may get pretty handy. Also don't forget various options for video - from digital cameras to DV camcorders to anything exotic the future may bring.
Rather than planning to spend tens or hundreds of hours on work-arounds when this happens, it would make sense to donate tens or hundreds of hours of your wages to the EFF or similar organisations which are working to prevent this problem from prevailing in the first place.
This presumes two things: a) the belief that the organizations will be effective and successful, preventing the problem instead of just slightly delaying it, b) that the money from the wages will have more worth in the global scheme than development of purely technical politics-independent countermeasures, and b.1) that the technician in question is so swamped with paid-for work that he can pick as he pleases between working for money to donate and working on a countermeasures project - which was maybe true in the US at the peak of the dot-com boom, but may not be always an available choice for an underemployed technician, a student, or somebody in a low-dollar-wage country (eg. East Europe or India/China, and the most of the world in general, if you look outside of US/EU/Japan).
Whatever approach you think is the best, do it. If we can survive, it's by diversity of approaches - being it donations or tinkering. Do what you believe will have the most effect, whatever it is.
You modify it by drilling into the wood and putting in some kind of screwdriver tip.... If the manufacture stops using to wood and switches to solid metal, your method of modifying it will no longer work.
Then it's the time for another version of the modification, this time using a drill bit designed for steel, and a more powerful power drill.
Your 'force people to use iTunes on all their machines' argument is a bit specious, since it's free...
"Free" in this meaning sadly doesn't mean "works on every machine and every OS". So modifications may be necessary, including but not limited to reverse-engineering the protocol.
Their are no legitimate reasons to hijack an iTunes stream, for any reason.
Compatibility. Ease of use. Streaming to an Ethernet-connected device just built for that purpose. With a bit of creativity, you can see a plenty of reasons on a glance.
If you don't agree with how iTunes works, use something else.
Or modify it. It's a tool. A hammer is a tool, and if I want to do something different with it, I have two choices: use a different tool, or modify the hammer. The choice depends on the situation.
There is always a workaround. It may be "chipping" the motherboard - possibly will be illegal, but who cares. It may be even running a pair of computers, using the TCPA one as an access device for the non-TCPA one. Even in the VERY worst case, we can return to the age of BBS systems, acoustically coupling non-TCPA computers with the TCPA ones, then communicating with audio-encoded data over VoIP phone clients. Would be rather slow, but even that would be enough for sharing an AES256 key and arranging sending an encrypted DVD-R by mail or by a courier.
There is almost always a solution. In virtually all the other cases, there is at least a workaround.
...that non-conscious computational processes become conscious simply because there are "enough" of them to cross some threshold...
Is it possible to define consciousness in boolean terms (is there/isn't there), or is it an "analog" value ("full consciousness" of humans vs "traces of consciousness" of insect vs "no consciousness" of rocks)?
We need to be enforcing trivial violations because if we deported everyone who overstays their visa's expiration date, we would have deported enough hijackers to have caused problems with the plan.
Hey - it may work for other crimes too! If we'd arrest all the speeders and jaywalkers, we would inarguably get at least some future rapists and murderers out of the streets and into jail. But why to stay here? We can read the books and find out some obscure two laws that are mutually exclusive, and then just bust everyone. Then the crime rate would surely go down spectacularly.
Make an import/export filter set that will heavily depend on NetPBM. Then they can "outsource" all the JPEG-related functions to the NetPBM package, and be clear like a lily themselves. The infringement itself is then committed by the end-users themselves, who set the import filters to use the convertors in question - which is too many people with too low value and practically zero chance to be caught. Of course this shifts the heat to NetPBM, but due to the extreme modularity of the package and wide availability of the modules, getting it out of distribution is fairly impossible, even if all the US-based developers would give their hands away from the jpegtopnm program.
I don't see how. The only poisoning-prevention techniques I've heard of will also remove anonyminity.
I admit I am not familiar with the details of this problem, so I may be wrong. But can't be the "identity" of the file itself, eg. its SHA256 hash, used to authenticate it itself? Then spoofing the file would require finding collision in the hash, which is fairly nontrivial.
Furthermore, dissident propaganda is only illegal inside China, so he'd have no real need to run such a node inside FBI jurisdiction.
The need could be the desire to help the Chinese. The more systems run in the network, the more robust it is for all the users - including the dissidents.
(That damned elinks remembers forms, and pre-fills not only username and password, but also subject. Of course wrong way.)
Anonymity costs bandwidth. So you have to be patient. Not *that* big problem, especially with growing broadband availability.
Poisoning attacks should have a technical solution.
Regarding lawsuit, I want to see the EFF/Amnesty Intl./other organizations all in arms after the goons bust somebody who runs a Freenet node aimed solely for injecting "banned" information for Chinese dissidents.
There are networks with anonymization of endpoints. Freenet is one of them. The "tightly closed" warez cells then can serve to quickly populate the encrypted networks with new stuff as it comes. The users then have to run a network client to get some "stuff", a task that can be well-documented so even mouse users can understand it.
A possibility is to use m-of-n split of a secret and use the secret as a key. You have n pieces total, m of them you need to completely reconstruct the key. Holders of other pieces are online and offshore. The goons would have to get even the m-1 of others to cooperate - which they may not have legal jurisdiction over.
Or, for more operative use, you may have the m-of-n split as a backup copy of the key, which may be erased at the moment the machine is moved without authorization. Then you can fully cooperate, while they still get nothing.
The solution requires to be implemented on the level of the clients; wrap all the TCP connections to SSL. Passive wiretaps of this kind then become useless.
Seems I wasn't clear enough. Once more, and slower. Example: $100 VCR is virtually unaffordable for you if you're worrying about paying rent from an unemployment check or a fast-food wage. If you have a good job, $400 is relatively more affordable for you.
(Not talking about the other possible benefits, as with more expensive devices it becomes less tempting to save every stinkin' cent on material and engineering[1], resulting in an inevitable cheap-but-crap "consumer devices" we all know way too well.)
[1] Please don't extrapolate to infinity. This assumption doesn't behave linearly for the entire 0-inf range, assuming so would only make a fool from both you and me.
We may argue about the numeric costs and the purchasing powers for ages; it would be good if a computer model would exist so we could replace arguments with simulations.
But it's better to pay more for consumer-grade stuff you can afford, even if it requires a little more saving (though if the wages would go up because of the job market saturation, won't necessarily be that much in term of man-hours required to make enough money to buy it).
Then there is the outsourcing way. If the US workforce is so expensive, let's go elsewhere. Including the "knowledge workers" and the developers. Giving away your crown jewels, for some ephemeral profits.
Foreign-politics note: there is no need to fight USA. USA will defeat themselves in a neat and efficient way. Just hope they won't try to keep their vanishing power and/or mask their growing domestic problems with military expansion - it doesn't work.
Good comment. As a note aside, the world could benefit from a set of non-approved GNU-licenced designs for medical devices. (Personally, I prefer a 1:500 probability of complications because of a faulty unapproved gadget than a 1:50 probability the facility won't have it at all or 1:10 probability me or a friend won't be able to afford it.)
Are there any penalties for selling non-FDAed devices? For possessing them? For distributing construction blueprints?
If you pay enough of the people in the region significantly more, the ones that weren't so lucky get screwed: their income doesn't rise (or too little or too slowly or too late), but the costs of everything from food to housing skyrocket in the region. But these people don't get the headlines; nobody cares about the "losers".
Well... some products may be cheaper. However, the cost of living is not that much influenced by cheaper Taiwanese VCRs, Malaysian shirts, and Indian call-centers - the "cheaper products" crowd is forgetting about the cost of houses and rent, food, electricity, utilities... all those things that the now-unemployed workers still have to buy, instead of the cheaper stuff they are likely to be less able to afford than if it would be couple dollars more expensive but they would still have a job.
Seems your machines tend to shutdown/boot extremely slowly. In addition, for a basic check you don't need to disconnect all the cables, they may be still connected when you mess with the PS's internals (and even if not, that shouldn't take more than additional 5 minutes, unless you are somehow butterfingered. You can assemble an entire machine from scratch in under 15 minutes, practically tested couple years ago in order to win a bet - you need some practice though.
Then the system is too brittle. (Well, there is always some risk, but as long as it is more likely to say be killed by a lightning than to be killed because of a virus, it's still something I am willing to live with.) What ever went wrong with the idea of building things reliably? The network can go down because many more reasons than a worm; no electronic parts have unlimited lifetime, semiconductor junctions tend to degrade and electromigration is a bitch too.
One of my coworkers nearly died in a car accident in the middle of the night because we had to come in and make sure the systems had the latest virus signatures to protect against the outbreak of a new virus.
You don't disallow the executable content in emails and neuter javascripts in HTML messages? Why? What is it needed for? Why your application requires addressing the symptom (virus signatures) instead of the cause (allowing executable content in email, or allowing executing executable content from untrusted source)?
Maybe if we treated these people more like criminals and less like children it would send a message to others who might write a virus or even videotape a movie.
Don't forget those pesky jaywalkers. Somebody could get killed in an attempt to evade collision with them. They are the danger for the very foundation of the society. Lock'em up!
As a nice addition, you can use a cluster of ultra-bright IR LEDs, and blink them in pattern that confuses the AGC circuits in the night vision device. The result should be similar to how AGC in VCRs reacts to Macrovision. Would need to be tested, but could theoretically work against cheaper equipment.
...the theater was using night-vision goggles (which someone will probably have the audacity to argue is a privacy invasion--yuk yuk),...
Considering the theatres are traditional places for nibbling one's girlfriend, employing teenager "supervisors" with night vision technology should raise concerns.
Maybe a small projector with an infrared LED that would show something like "You pervert!" would be an interesting thing to do. Or a powerful infrared pulse generator that would confuse the night vision device's AGC circuits the way Macrovision works with VCRs...
Slashdot Mirror
A good idea could be putting a decent UPS into the assembly.
Fine. Suggest a better alternative. It has to be short and easy to remember once you understand what's it about.
Elinks caches forms when being told so. It's fine for username and password, but it also remembers the subject line and fills it into the form, and when I forget to change it, it bites me.
They can't possibly achieve that way. Nothing is 100% tamper-resistant. Doing this to the entire market will create rather huge demand for "tampered" devices, which is a decent incentive for black market. Tamper resistance is also rather expensive; consumer devices are unlikely to use that all - and look at the "I ported Linux on Gameboy" crowd, it's fairly likely at least some devices will be modifiable in the required way. You can make a decent computer from off-the-shelf chips, even "mere" microcontrollers have interesting power now, see eg. ATMega family; the market with general-purpose chips would have to be tightly controlled as well, at which point all the small and middle-sized development-doing companies (or dependent on custom development) start screaming bloody murder, and black market inevitably appears. (Or the "legal" systems will be flexible enough to fulfill any needs - then they are likely to be flexible enough to run just about anything on them - including an emulator of a non-TCPA computer.) The countries that deploy this measure effectively kill most of their R&D, which will cause mighty cheer in the "underdeveloped" nations.
The only hole you can actually count on, is digital-to-analogue-to-digital conversion, to get data out of your "trusted" box and into an ordinary computer. That might be fine for ebook pirates, but it's going to be one hell of a PITA for daily life.
Multiple options exist. The D/A-A/D conversion with audio coupling is a bit extreme, however many other possibilities exist; odd kinds of network protocols, serial link (if present), high-speed lab equipment. You can even bump the audio link speed up by using multiple channels and higher samplerates; I think the successor of AC'97 codec should go up to 192 kHz on 24 bits and 5+ channels, even a rather ineffective data encoding scheme could get quite fast here, presuming the setup is local and the cables are high-quality. Many people here derided it as an overkill - for audio maybe, for unintended purposes it may get pretty handy. Also don't forget various options for video - from digital cameras to DV camcorders to anything exotic the future may bring.
Rather than planning to spend tens or hundreds of hours on work-arounds when this happens, it would make sense to donate tens or hundreds of hours of your wages to the EFF or similar organisations which are working to prevent this problem from prevailing in the first place.
This presumes two things: a) the belief that the organizations will be effective and successful, preventing the problem instead of just slightly delaying it, b) that the money from the wages will have more worth in the global scheme than development of purely technical politics-independent countermeasures, and b.1) that the technician in question is so swamped with paid-for work that he can pick as he pleases between working for money to donate and working on a countermeasures project - which was maybe true in the US at the peak of the dot-com boom, but may not be always an available choice for an underemployed technician, a student, or somebody in a low-dollar-wage country (eg. East Europe or India/China, and the most of the world in general, if you look outside of US/EU/Japan).
Whatever approach you think is the best, do it. If we can survive, it's by diversity of approaches - being it donations or tinkering. Do what you believe will have the most effect, whatever it is.
Then it's the time for another version of the modification, this time using a drill bit designed for steel, and a more powerful power drill.
Which is exactly what the auth crack was. :)
"Free" in this meaning sadly doesn't mean "works on every machine and every OS". So modifications may be necessary, including but not limited to reverse-engineering the protocol.
Their are no legitimate reasons to hijack an iTunes stream, for any reason.
Compatibility. Ease of use. Streaming to an Ethernet-connected device just built for that purpose. With a bit of creativity, you can see a plenty of reasons on a glance.
If you don't agree with how iTunes works, use something else.
Or modify it. It's a tool. A hammer is a tool, and if I want to do something different with it, I have two choices: use a different tool, or modify the hammer. The choice depends on the situation.
There is almost always a solution. In virtually all the other cases, there is at least a workaround.
As long as we won't have a clear definition of what consciousness is, such arguments would be ultimately pointless anyway. But at least they are fun.
Is it possible to define consciousness in boolean terms (is there/isn't there), or is it an "analog" value ("full consciousness" of humans vs "traces of consciousness" of insect vs "no consciousness" of rocks)?
Hey - it may work for other crimes too! If we'd arrest all the speeders and jaywalkers, we would inarguably get at least some future rapists and murderers out of the streets and into jail. But why to stay here? We can read the books and find out some obscure two laws that are mutually exclusive, and then just bust everyone. Then the crime rate would surely go down spectacularly.
Make an import/export filter set that will heavily depend on NetPBM. Then they can "outsource" all the JPEG-related functions to the NetPBM package, and be clear like a lily themselves. The infringement itself is then committed by the end-users themselves, who set the import filters to use the convertors in question - which is too many people with too low value and practically zero chance to be caught. Of course this shifts the heat to NetPBM, but due to the extreme modularity of the package and wide availability of the modules, getting it out of distribution is fairly impossible, even if all the US-based developers would give their hands away from the jpegtopnm program.
I admit I am not familiar with the details of this problem, so I may be wrong. But can't be the "identity" of the file itself, eg. its SHA256 hash, used to authenticate it itself? Then spoofing the file would require finding collision in the hash, which is fairly nontrivial.
Furthermore, dissident propaganda is only illegal inside China, so he'd have no real need to run such a node inside FBI jurisdiction.
The need could be the desire to help the Chinese. The more systems run in the network, the more robust it is for all the users - including the dissidents.
Anonymity costs bandwidth. So you have to be patient. Not *that* big problem, especially with growing broadband availability.
Poisoning attacks should have a technical solution.
Regarding lawsuit, I want to see the EFF/Amnesty Intl./other organizations all in arms after the goons bust somebody who runs a Freenet node aimed solely for injecting "banned" information for Chinese dissidents.
There are networks with anonymization of endpoints. Freenet is one of them. The "tightly closed" warez cells then can serve to quickly populate the encrypted networks with new stuff as it comes. The users then have to run a network client to get some "stuff", a task that can be well-documented so even mouse users can understand it.
Or, for more operative use, you may have the m-of-n split as a backup copy of the key, which may be erased at the moment the machine is moved without authorization. Then you can fully cooperate, while they still get nothing.
The solution requires to be implemented on the level of the clients; wrap all the TCP connections to SSL. Passive wiretaps of this kind then become useless.
(Not talking about the other possible benefits, as with more expensive devices it becomes less tempting to save every stinkin' cent on material and engineering[1], resulting in an inevitable cheap-but-crap "consumer devices" we all know way too well.)
[1] Please don't extrapolate to infinity. This assumption doesn't behave linearly for the entire 0-inf range, assuming so would only make a fool from both you and me.
But it's better to pay more for consumer-grade stuff you can afford, even if it requires a little more saving (though if the wages would go up because of the job market saturation, won't necessarily be that much in term of man-hours required to make enough money to buy it).
Then there is the outsourcing way. If the US workforce is so expensive, let's go elsewhere. Including the "knowledge workers" and the developers. Giving away your crown jewels, for some ephemeral profits.
Foreign-politics note: there is no need to fight USA. USA will defeat themselves in a neat and efficient way. Just hope they won't try to keep their vanishing power and/or mask their growing domestic problems with military expansion - it doesn't work.
Are there any penalties for selling non-FDAed devices? For possessing them? For distributing construction blueprints?
If you pay enough of the people in the region significantly more, the ones that weren't so lucky get screwed: their income doesn't rise (or too little or too slowly or too late), but the costs of everything from food to housing skyrocket in the region. But these people don't get the headlines; nobody cares about the "losers".
Well... some products may be cheaper. However, the cost of living is not that much influenced by cheaper Taiwanese VCRs, Malaysian shirts, and Indian call-centers - the "cheaper products" crowd is forgetting about the cost of houses and rent, food, electricity, utilities... all those things that the now-unemployed workers still have to buy, instead of the cheaper stuff they are likely to be less able to afford than if it would be couple dollars more expensive but they would still have a job.
Seems your machines tend to shutdown/boot extremely slowly. In addition, for a basic check you don't need to disconnect all the cables, they may be still connected when you mess with the PS's internals (and even if not, that shouldn't take more than additional 5 minutes, unless you are somehow butterfingered. You can assemble an entire machine from scratch in under 15 minutes, practically tested couple years ago in order to win a bet - you need some practice though.
Then the system is too brittle. (Well, there is always some risk, but as long as it is more likely to say be killed by a lightning than to be killed because of a virus, it's still something I am willing to live with.) What ever went wrong with the idea of building things reliably? The network can go down because many more reasons than a worm; no electronic parts have unlimited lifetime, semiconductor junctions tend to degrade and electromigration is a bitch too.
One of my coworkers nearly died in a car accident in the middle of the night because we had to come in and make sure the systems had the latest virus signatures to protect against the outbreak of a new virus.
You don't disallow the executable content in emails and neuter javascripts in HTML messages? Why? What is it needed for? Why your application requires addressing the symptom (virus signatures) instead of the cause (allowing executable content in email, or allowing executing executable content from untrusted source)?
Maybe if we treated these people more like criminals and less like children it would send a message to others who might write a virus or even videotape a movie.
Don't forget those pesky jaywalkers. Somebody could get killed in an attempt to evade collision with them. They are the danger for the very foundation of the society. Lock'em up!
As a nice addition, you can use a cluster of ultra-bright IR LEDs, and blink them in pattern that confuses the AGC circuits in the night vision device. The result should be similar to how AGC in VCRs reacts to Macrovision. Would need to be tested, but could theoretically work against cheaper equipment.
Considering the theatres are traditional places for nibbling one's girlfriend, employing teenager "supervisors" with night vision technology should raise concerns.
Maybe a small projector with an infrared LED that would show something like "You pervert!" would be an interesting thing to do. Or a powerful infrared pulse generator that would confuse the night vision device's AGC circuits the way Macrovision works with VCRs...