I'd be more worried about off-the-shelf adapters' firmware and even hardware. How long until a government makes it mandatory for all network adapter manufacturers to include a Trojan into their silicon and they want a license to sell their products in a specific country? Add to this a mandatory Trojan in the silicon of your SATA adapter, and both can communicate via DMA, maybe even circumventing the kernel altogether (oh, did I mention the mandatory BIOS changes to enable this DMA transfer?).
Then police will talk to your network adapter, which in turn will transmit its commands to the SATA adapter, and voila, life access to your hard drives, bypassing any kernel security layer.
Of course, that's a huge risk to security as well: as soon as the police master key is compromised (and it inevitably will, sooner or later), there'll be millions of freely accessible computers hard drives.
It may very well happen some day, if the paranoia continues. But nothing prevents you for setting up a nice little honeypot for outsiders to play with.
So, in short, here's just one more compelling argument for ditching Windows for Linux...
With more and more Linux users running proprietary binary blobs for convenience reasons or just out of pure laziness (video drivers, flash players and what not), it would be rather easy for $GOVERNMENT to remotely substitute one of those blobs with a "policeware"-augmented one with a classic man-in-the-middle attack. How could you check the code of those binary blobs to be sure that $THEY aren't already listening in when there is no source code to check?
That's interesting! I'm using the most recent BIOS version available though, so no chance for improvement here. What's puzzling, is that qemu-0.9.1_10 with kqemu-kmod-1.3.0.p11_9 actually don't BSOD XP as often when I run i386. On amd64, it does. Perhaps it's related to this? I don't know, but it's strange.
Coming to think of it, copyright (or more precisely copydeny) was a european idea in the first place. It's just funny that while attributed as having originated in the U.K., it's the French right now who act as its most rabid supporters (at least sarkoficcially).
Running qemu without kqemu here on FreeBSD/amd64 7.1-PRERELEASE with XP as guest (kqemu caused some BSODs in XP, interestingly more in 64-bit mode than in 32-bit mode), and even on a modest 2 GHz Phenom 9350e, I didn't have the feeling that the emulation was extra slow. Actually, I'm quite satisfied with its performance. Maybe because I'm not doing anything CPU intensive on XP like games etc, and merely using Visual Studio C++ and similar apps?
Reverse-engineering such drivers requires skilled people. But how many Linux hackers are actually familiar with Windows drivers? Perhaps a good collection of HOWTOs would help?
At least, a binary blob can be reverse-engineered and tweaked (think RPC1 modding of DVD writers), but there would be no way to do that with ROM, or at least, it would be MUCH more difficult. And who knows hat's hidden in there: what about a key logger on an Ethernet controller, even with a backdoor for your government and whoever knows the secret key (think Clipper chip)?
Step #1 doesn't work because most people don't understand the problem yet.
So let's continue our quest to educate people to avoid buying anything from those greedy bastards, because every time someone buys a CD, or a DVD, or a song online from a label that belongs to this conglomerate, that money is ultimately being diverted to sue defenseless people into bankruptcy.
As they said with drugs: just say NO (and don't buy their stuff). There are enough good Indy production studios who are not so rabid. Let's encourage them, and ignore the RIAA/MPAA/IPFI extortion cartel.
allofmp3.com used to cost 1c/MB at the beginning up to 3c/MB at the end (of course without any DRM nonsense). That was approx 10 cent per song @128kbps before they were choked off by the MasterCard and Visa cartels. Quite fair and reasonable. 99c/song (and to add insult to injury with a premium for non-DRM versions) is WAY too high to gain substantial market share.
Had the RIAA followed the pricing model of allofmp3.com, they could have survived, and even made a decent profit through sheer economy of scale. But, greed-driven, they preferred to drive people to free file sharing altogether. It's too late now: they can't undo the damage they've done to themselves.
Is it possible for a.de domain to be outside of German jurisdiction?
No, because the registry for.de domains, DENIC, remains within German jurisdiction. They can always be ordered by a judge to suspend a specific.de domain, no matter where its servers or admins may be.
Of course, DENIC could (in theory) relocate outside Germany and ICANN could decide to let them manage the.de ccTLD anyway; but how likely would that be?
BTW, the root of the DNS itself is under U.S. jurisdiction, since ICANN is controlled by the U.S. Department of Commerce.
Also this is yet another reason not to use RAID. I care about my data too much to use RAID. It's better just to do incremental backups. Daily if necessary.
To be more precise: you shouldn't rely on RAID alone as a backup. But for anything above the hobbyist level, RAID is crucial. It should just not be the only safety net you have.
Probability Theory 101: the bigger the sample population, the more accuracy one can obtain. 1% is all too random for 1,000 people, but for 1,000,000 people, it tells a lot more. Of course, other factors are important too.
Yes, they are, like any other OTP system. Moreover, some banks also allow you to click in the numbers with a mouse by providing a keypad image. If you feel paranoid about key loggers, just use the mouse. But the real security is, of course, the one-time nature of those numbers.
It's all about accountability. German government is held accountable for its actions, while Google, as a foreign company, isn't. At least not from a German perspective.
That's exactly the same reason why CAPPS-II-like data transfer of airline passenger data to the US is very much frowned upon in Germany: people are afraid that those data won't be handled with the same care in the US (probably by some commercial contracted entity) than by their local government authorities.
France also had one of the worst anti-cryptography laws worldwide... until they gradually replaced them with saner laws in 1996 and 2004.
So is that a reason for the French to be optimistic? No. Relaxing the anti-crypto was done for the sake of equalizing laws with other countries, while tightening the screw on file sharers is just one way to kowtow before the almighty WIPO and their representatives like IFPI, RIAA et al. So things are probably going to worsen rather than improve. France have been dragging her feet in crypto matters, while nobody else was willing to go along; now she's running ahead of everybody else... and I'm afraid other countries will be all too eager to follow her lead.
I hope NASA will pay if any property is damaged by this experiment since it is deliberate. I would think they are legally responsible if anyone dies or any property is damaged.
What if it doesn't fall on US territory, yet still kills someone or damages property? Would NASA pay any damages? Would they need to at all?
I mean, I know many Americans like to believe the US invented absolutely everything and are ahead of everyone else technologically, but in fact they really didn't and aren't.
But this is surely a US invented technology... and IMHO nothing to be proud of, as it already caused famines in Africa and, worst of all, was actually designed to lead to just that consequence.
Maybe a few export bans of some US technology like this one wouldn't be so wrong, after all?
Slashdot Mirror
I'd be more worried about off-the-shelf adapters' firmware and even hardware. How long until a government makes it mandatory for all network adapter manufacturers to include a Trojan into their silicon and they want a license to sell their products in a specific country? Add to this a mandatory Trojan in the silicon of your SATA adapter, and both can communicate via DMA, maybe even circumventing the kernel altogether (oh, did I mention the mandatory BIOS changes to enable this DMA transfer?).
Then police will talk to your network adapter, which in turn will transmit its commands to the SATA adapter, and voila, life access to your hard drives, bypassing any kernel security layer.
Of course, that's a huge risk to security as well: as soon as the police master key is compromised (and it inevitably will, sooner or later), there'll be millions of freely accessible computers hard drives.
Will it be illegal to circumvent remote searches?
It may very well happen some day, if the paranoia continues. But nothing prevents you for setting up a nice little honeypot for outsiders to play with.
So, in short, here's just one more compelling argument for ditching Windows for Linux...
With more and more Linux users running proprietary binary blobs for convenience reasons or just out of pure laziness (video drivers, flash players and what not), it would be rather easy for $GOVERNMENT to remotely substitute one of those blobs with a "policeware"-augmented one with a classic man-in-the-middle attack. How could you check the code of those binary blobs to be sure that $THEY aren't already listening in when there is no source code to check?
That's interesting! I'm using the most recent BIOS version available though, so no chance for improvement here. What's puzzling, is that qemu-0.9.1_10 with kqemu-kmod-1.3.0.p11_9 actually don't BSOD XP as often when I run i386. On amd64, it does. Perhaps it's related to this? I don't know, but it's strange.
Coming to think of it, copyright (or more precisely copydeny) was a european idea in the first place. It's just funny that while attributed as having originated in the U.K., it's the French right now who act as its most rabid supporters (at least sarkoficcially).
Running qemu without kqemu here on FreeBSD/amd64 7.1-PRERELEASE with XP as guest (kqemu caused some BSODs in XP, interestingly more in 64-bit mode than in 32-bit mode), and even on a modest 2 GHz Phenom 9350e, I didn't have the feeling that the emulation was extra slow. Actually, I'm quite satisfied with its performance. Maybe because I'm not doing anything CPU intensive on XP like games etc, and merely using Visual Studio C++ and similar apps?
Reverse-engineering such drivers requires skilled people. But how many Linux hackers are actually familiar with Windows drivers? Perhaps a good collection of HOWTOs would help?
At least, a binary blob can be reverse-engineered and tweaked (think RPC1 modding of DVD writers), but there would be no way to do that with ROM, or at least, it would be MUCH more difficult. And who knows hat's hidden in there: what about a key logger on an Ethernet controller, even with a backdoor for your government and whoever knows the secret key (think Clipper chip)?
Um, you mean, nullroute the entire Internet?
Start with Spamhaus' DROP-List...
Step #1 doesn't work because most people don't understand the problem yet.
So let's continue our quest to educate people to avoid buying anything from those greedy bastards, because every time someone buys a CD, or a DVD, or a song online from a label that belongs to this conglomerate, that money is ultimately being diverted to sue defenseless people into bankruptcy.
As they said with drugs: just say NO (and don't buy their stuff). There are enough good Indy production studios who are not so rabid. Let's encourage them, and ignore the RIAA/MPAA/IPFI extortion cartel.
allofmp3.com used to cost 1c/MB at the beginning up to 3c/MB at the end (of course without any DRM nonsense). That was approx 10 cent per song @128kbps before they were choked off by the MasterCard and Visa cartels. Quite fair and reasonable. 99c/song (and to add insult to injury with a premium for non-DRM versions) is WAY too high to gain substantial market share. Had the RIAA followed the pricing model of allofmp3.com, they could have survived, and even made a decent profit through sheer economy of scale. But, greed-driven, they preferred to drive people to free file sharing altogether. It's too late now: they can't undo the damage they've done to themselves.
Adobe flash is the way forward. Its ubiquitous. Its well specified. Its fairly well supported.
What?! Tell that to FreeBSD users... Adobe's Flash support is dismal or rather totally inexistant, if you don't happen to run a mainstream OS...
... but at least, Flash's specs are more or less open now, so there's at least a little bit of hope. What about Silverlight?
What about us FreeBSD users, you (Adobe) insensitive clods?
Is it possible for a .de domain to be outside of German jurisdiction?
No, because the registry for .de domains, DENIC, remains within German jurisdiction. They can always be ordered by a judge to suspend a specific .de domain, no matter where its servers or admins may be.
Of course, DENIC could (in theory) relocate outside Germany and ICANN could decide to let them manage the .de ccTLD anyway; but how likely would that be?
BTW, the root of the DNS itself is under U.S. jurisdiction, since ICANN is controlled by the U.S. Department of Commerce.
Also this is yet another reason not to use RAID. I care about my data too much to use RAID. It's better just to do incremental backups. Daily if necessary.
To be more precise: you shouldn't rely on RAID alone as a backup. But for anything above the hobbyist level, RAID is crucial. It should just not be the only safety net you have.
Probability Theory 101: the bigger the sample population, the more accuracy one can obtain. 1% is all too random for 1,000 people, but for 1,000,000 people, it tells a lot more. Of course, other factors are important too.
Yes, they are, like any other OTP system. Moreover, some banks also allow you to click in the numbers with a mouse by providing a keypad image. If you feel paranoid about key loggers, just use the mouse. But the real security is, of course, the one-time nature of those numbers.
I'm missing a tool to scan for brain/attention decay...
dvdiaster has a utility to check for back sectors.
It's all about accountability. German government is held accountable for its actions, while Google, as a foreign company, isn't. At least not from a German perspective.
That's exactly the same reason why CAPPS-II-like data transfer of airline passenger data to the US is very much frowned upon in Germany: people are afraid that those data won't be handled with the same care in the US (probably by some commercial contracted entity) than by their local government authorities.
France also had one of the worst anti-cryptography laws worldwide... until they gradually replaced them with saner laws in 1996 and 2004.
So is that a reason for the French to be optimistic? No. Relaxing the anti-crypto was done for the sake of equalizing laws with other countries, while tightening the screw on file sharers is just one way to kowtow before the almighty WIPO and their representatives like IFPI, RIAA et al. So things are probably going to worsen rather than improve. France have been dragging her feet in crypto matters, while nobody else was willing to go along; now she's running ahead of everybody else... and I'm afraid other countries will be all too eager to follow her lead.
I hope NASA will pay if any property is damaged by this experiment since it is deliberate. I would think they are legally responsible if anyone dies or any property is damaged.
What if it doesn't fall on US territory, yet still kills someone or damages property? Would NASA pay any damages? Would they need to at all?
Seriously, after Mattel, VW and Sony, how many examples do managers need to figure out that low-cost labor can be very costly?
It's not necessarily low-cost labor as it is low-cost materials used in those batteries.
I mean, I know many Americans like to believe the US invented absolutely everything and are ahead of everyone else technologically, but in fact they really didn't and aren't.
But this is surely a US invented technology... and IMHO nothing to be proud of, as it already caused famines in Africa and, worst of all, was actually designed to lead to just that consequence.
Maybe a few export bans of some US technology like this one wouldn't be so wrong, after all?
Where, oh where is the DoC and DoJ when it comes to forbidding the export of this abomination called DRM?