Re:This book is a walking DMCA violater's manual!
on
Hardware Hacking
·
· Score: 1
"Remember that it's illegal to connect pin 5 of the foobar chip with pin 9 of the whizbang microcontroller of your mobile phone, thus allowing you to snoop other conversations in your vicinity. This very simple modification, as shown in figure 5, is prohibited by law. Don't do this."
It's interesting that the most important rights are codified in Amendments, and not in the original Constitution. When will be the time, when judges will say: "Hey, that's just an Amendment Right, right? Forget about it."? Scary thought.
Re:New and Elegant "foreach" ?
on
A Taste of Qt 4
·
· Score: 1
Lisp has supported extending the language for about 40 years.
Wondering how Lisp or Scheme Qt bindings would look like...
If the i386 platform mutates into something that will enforce
DRM, other platforms will probably gain momentum. That's not as
bad as it might seem. As Unix (Linux, BSD, Mac OS X) community,
we can easily adapt to this scenario...
More interesting is the aspect of non-proprietary CPU
architectures. It would be great if the OSS community were
joined by a new ODH (open design hardware) community, so that
we could get a fully open, non-restrictable architecture for
our favorite OSes, apps, and playback devices to DRMed stuff.
Call me a lunatic if you wish, but I really believe that if
Intel/AMD and other mainstream chip makers are doing kotai
before the almightly RIAA/MPAA/... cartells, the developer
and hacker communities won't take it for granted and will
take appropriate counter-measures.
In the Real World(tm), most people won't even bother
updating their windows boxes (or their AV sigfiles);
so we'll have to live with those
spam sending zombies for a long time...
Are you sure that you're secure, just because
your router uses firmware? Most firmware is stored
in flash memory nowadays, and I've already seen
exploits upload their own code to some of those
nice NAT boxes. By doing a bit of research on
bugtraq
or other full-disclosure mailing lists, you'll quickly
dig up a few announcements... Now, how often do you
update your firmware?
... but let's resist nonetheless. Patents are not a
technological issue, it is a (relatively recent) sociologic
phenomenon. The only way to fight it is on a political
level. That's exactly why demonstrations, protests,
boycotts exist. They may seem futile, but that is
the same for every new political movement.
As more and more computer illeterate people switch to Linux, viruses will become a problem too:
A non-technical user won't update her linux box for a long time (perhaps because they are
afraid of breaking things they wouldn't know how to fix). If there is a vulnerability
in a popular program, it will be exploited for a long time.
The more non-technical users use Linux, the more commercial, binary-only software will
be available. How fast will vendors fix vulns in these programs? And even if they did,
how fast will the user population patch those programs?
Linux PCs tend to have much longer uptimes than Windows boxes. How many viruses could
install themselves as a cron job, update themselves in the background etc...? A virus
on a Unix box has much more leverage than on a Windows box: they have a pre-installed
compilers, interpreters,... and rock solid high-performance networking available.
And because it's so hard to crash a Linux box, the viruses won't interfere with each
other and could use the system cooperatively!
The point here is that your average Linux user is technically much more competent than the
average Windows user. Viruses on Linux are having a hard time, not only because of the
superior security model of Unix-like systems, but also because those systems are having
better admins and users!
It's only a matter of time until one of these is truly destructive...
If people don't patch their boxes, a destructive virus _will_ at least force
them to reinstall the (unpatched) OS. If the virus is widespread, it will soon
reinfect those boxes, again and again, and users will be wondering what's going on.
A truly destrutive virus may have the beneficial side-effect of educating
people to actually install released patches as soon as possible (or better yet
switch to a more secure OS). How comes that no such virus is currently in
the wild?
Hasn't Sun Microsystems licensed Unix code from SCO? Wouldn't a Solaris subscription funnel
even more money to SCO (even though that would only be an unintentional side effect)?
So change the rules to only let [...] the law see it.
Which law? US law? Canadian law? French law?... or perhaps
add-you-favorite-rogue-state-of-the-day-here law?
We're talking about gTLDs. According to the UDRP, many
laws per domain can apply: the registrant's country,
the admin contact country, the litigator's country, the
DNS provider's country, the service hoster's contry, and
even third-party's country. That's a lot of laws to consider,
esp. when the contact informations are hidden!
Maintaining accurate public contact information
in the WHOIS database seems like a reasonable way to go.
Not the Web topples tyranny, it's the people who do.
Internet access is a scarce and expensive commodity in most countries ruled by tyranny. Therefore, only the upper class has access to the web (if at all), and upper class normally won't have serious problems with their governments. So expecting the web to topple tyranny is naive, to say the least.
However, the web is a great medium to propagate ideas; ideas which will also influence the few people out there with internet access. Some of these ideas will still sink in, and may eventually lead to gradual regime changes all over the world.
A Wi-Fi hard drive can also be a security nightmare! Anyone with the right equipment (a wifi card and a decent laptop) could eavesdrop, and even modify data on-the-fly. Using encrypted filesystems is a *must* in such a case, and even then, data integrity would still be in jeopardy.
It may be possible to turn the tranceiver off, but you must trust the manufacturer that no back-door can be remotely opened.
So how do you shield such drives? TEMPEST protection is already hard enough without this...
The biggest issue here is not to stay clear of such equipment (if you have security objections), but to ensure that vanilla (non-wifi) hardware doesn't have WiFi chips you don't know anything about!
It's a bad feeling to know that your computer could (passively, thus undetected) listen to RF, and behave in strange ways. We're on the brink of hardware that could be used as spyware. A scary thought!
The fine on Microsoft is extremely high (over 10% of cash reserves.)
The fine is not nearly as high as it should have been. The question is how much financial damage did Microsoft afflict on EU companies with their monopolistic behaviour. Actually, the EU is pretty lenient to Microsoft, despite this rather symbolic fine.
This appears to be an Anti-American fine.
Oh, is Microsoft == America? The EU couldn't know that, because we're still calling ourselves United States of America, and not MSUSA (1.0)!
This fine is absolutely not Anti-American, as you put it. It is trying to repair the damage caused by the incredible DoJ anti-trust settlement that Microsoft was able to buy from our current administration. By imposing sanctions against Microsoft, the EU is also protecting US consumers, who have been IMHO betrayed by that settlement. So it is a Pro-American fine, a fine which should have been imposed by our government in the first place.
In a few years, most search engines would probably not be free anymore. Even Google (our all-times favorite) is going commercial, and as this story shows, only companies with deep pockets will be able to pay for the bandwidth and computing resources of a serious search engine. Would you trust such engines from being bias-free?
All is not lost however. Let's roll our own search engine! A search engine from the users, for the users, and by the users. No, not for consumers, but for people interested in good results.
Obviously, a simple robot hooked up on a modem or adsl line will not be sufficient. There's simply not enough bandwidth to crawl the Net. But there is enough bandwidth if we take a few hundreds (thousands) of nodes. Just like seti@home, a distributed search engine would consist of two parts: a more-or-less-centralized-database which would maintain the index and work-units, and thousand of client machines, which would fetch a list of URLs to crawl from the DB, crawl a few levels, and return partial indexing results back to the DB. The DB would then generate an index just like google and others.
The beautiful part of this, is that it would scale very well: the more client machines participate, the faster will a new index be generated. The fewer participants, the longer the update intervals. That's all there is to it.
Another advantage is that we could tune the results (and work-units) dynamically, by analyzing the query strings, and other criteria. It may very well happen that this search engine adapts itself to the need of its users _and_ participating crawlers. We could even get results that are currently very hard (of not impossible) to get with closed-source and closed-index engines: How's about searching in DNS (a la whois.sc)? How's about analyzing the popularity of query strings? All this could be possible with an open index!
Ideas? Comments? Perhaps there's already something similar in sourceforge? Something that we could improve?
Hmmm, this is unlikely. The NSA doesn't have an operative branch like the CIA (which itself isn't allowed to act within US borders). See James Bamford's "The Puzzle Palace" and "Body of Secrets."
The NSA specializes in codes, and communications. The following is more likely:
Darl (to lawyers): "Hey, let's sue the NSA. They have lots of SCO/Linux boxes!"
(NSA intercepts the communication and turns it into...)
NSA (with Darl's voice): "Hey, let's sue the President, Congress and the Senate, and while you're at it, DoJ, DoD and the IRS!"
Lawyer firm: "Are you sure Darl? You can't do that!"
Darl (fuming inside): "Of course I can. Never tell me I can't do something. Sue the bastards!"
Lawyer firm: "Okay, you're the boss."
Ca-tching! In the news: SCO (SCOX) sues the President and the Nation for multibillion damages in IP. IRS opens investigations. CEO arrested for fraud. Film at 11.
Let's assume for a moment that this 6000x faster-than-dsl technology is adopted by, say, 30% of the current dial-up population (a conservative estimation). This would mean, that the bandwidth of backbones would need to be upgraded to... how much exactly? 1000x-1500x? Wow!
It has been said many times before, but it's worth reiterating: [nearly] all of those wonderful runtime environments, and interpreters are written in C. Sometimes, language designers try to implement a self-hosting interpreter (like, say, scheme in scheme,...), but even here, it still has to be bootstrapped somehow. Unless you want to do this in (unportable) asm, you still need C.
Remember that the Baystar transaction was supposed to be kept secret. Microsoft openly funding SCO would have been harming the "credibility" of that FUD amongst both the courts and businesses. Going through Baystar was typical in many ways (and it comes to no surprise, should I add).
Without whistleblowers, SCO would still get most of the heat from the IT world. Now, Microsoft has a lot of explaining to do (though they won't really bother that much).
Slashdot Mirror
"Remember that it's illegal to connect pin 5 of the foobar chip with pin 9 of the whizbang microcontroller of your mobile phone, thus allowing you to snoop other conversations in your vicinity. This very simple modification, as shown in figure 5, is prohibited by law. Don't do this."
Should we really write books this way (again)?
It's interesting that the most important rights are codified in Amendments, and not in the original Constitution. When will be the time, when judges will say: "Hey, that's just an Amendment Right, right? Forget about it."? Scary thought.
Lisp has supported extending the language for about 40 years.
Wondering how Lisp or Scheme Qt bindings would look like...
If the i386 platform mutates into something that will enforce DRM, other platforms will probably gain momentum. That's not as bad as it might seem. As Unix (Linux, BSD, Mac OS X) community, we can easily adapt to this scenario...
More interesting is the aspect of non-proprietary CPU architectures. It would be great if the OSS community were joined by a new ODH (open design hardware) community, so that we could get a fully open, non-restrictable architecture for our favorite OSes, apps, and playback devices to DRMed stuff.
Call me a lunatic if you wish, but I really believe that if Intel/AMD and other mainstream chip makers are doing kotai before the almightly RIAA/MPAA/... cartells, the developer and hacker communities won't take it for granted and will take appropriate counter-measures.
In the Real World(tm), most people won't even bother updating their windows boxes (or their AV sigfiles); so we'll have to live with those spam sending zombies for a long time...
Are you sure that you're secure, just because your router uses firmware? Most firmware is stored in flash memory nowadays, and I've already seen exploits upload their own code to some of those nice NAT boxes. By doing a bit of research on bugtraq or other full-disclosure mailing lists, you'll quickly dig up a few announcements... Now, how often do you update your firmware?
Try "Smashing the Stack for Fun and Profit", Phrack 49, Art. 14. It's a nice introductory tutorial to the common class of buffer overruns.
Hmm... not every machine is an Intel box running a Microsoft O/S
True, but that's not a reason to use pure java. Compare with setiathome, which is available in binary for a lot of processors and operating systems.
There's also the new BOINC architecture...
Why stone tablets? The law of the jungle is older, and much simpler: If you can't eat me, I'll eat you.
Resistance is futile. You will be patented...
... but let's resist nonetheless. Patents are not a technological issue, it is a (relatively recent) sociologic phenomenon. The only way to fight it is on a political level. That's exactly why demonstrations, protests, boycotts exist. They may seem futile, but that is the same for every new political movement.
As more and more computer illeterate people switch to Linux, viruses will become a problem too:
The point here is that your average Linux user is technically much more competent than the average Windows user. Viruses on Linux are having a hard time, not only because of the superior security model of Unix-like systems, but also because those systems are having better admins and users!
It's only a matter of time until one of these is truly destructive...
If people don't patch their boxes, a destructive virus _will_ at least force them to reinstall the (unpatched) OS. If the virus is widespread, it will soon reinfect those boxes, again and again, and users will be wondering what's going on.
A truly destrutive virus may have the beneficial side-effect of educating people to actually install released patches as soon as possible (or better yet switch to a more secure OS). How comes that no such virus is currently in the wild?
Hasn't Sun Microsystems licensed Unix code from SCO? Wouldn't a Solaris subscription funnel even more money to SCO (even though that would only be an unintentional side effect)?
So change the rules to only let [...] the law see it.
Which law? US law? Canadian law? French law?... or perhaps add-you-favorite-rogue-state-of-the-day-here law?
We're talking about gTLDs. According to the UDRP, many laws per domain can apply: the registrant's country, the admin contact country, the litigator's country, the DNS provider's country, the service hoster's contry, and even third-party's country. That's a lot of laws to consider, esp. when the contact informations are hidden!
Maintaining accurate public contact information in the WHOIS database seems like a reasonable way to go.
Not the Web topples tyranny, it's the people who do.
Internet access is a scarce and expensive commodity in most countries ruled by tyranny. Therefore, only the upper class has access to the web (if at all), and upper class normally won't have serious problems with their governments. So expecting the web to topple tyranny is naive, to say the least.
However, the web is a great medium to propagate ideas; ideas which will also influence the few people out there with internet access. Some of these ideas will still sink in, and may eventually lead to gradual regime changes all over the world.
A Wi-Fi hard drive can also be a security nightmare! Anyone with the right equipment (a wifi card and a decent laptop) could eavesdrop, and even modify data on-the-fly. Using encrypted filesystems is a *must* in such a case, and even then, data integrity would still be in jeopardy.
It may be possible to turn the tranceiver off, but you must trust the manufacturer that no back-door can be remotely opened.
So how do you shield such drives? TEMPEST protection is already hard enough without this...
The biggest issue here is not to stay clear of such equipment (if you have security objections), but to ensure that vanilla (non-wifi) hardware doesn't have WiFi chips you don't know anything about!
It's a bad feeling to know that your computer could (passively, thus undetected) listen to RF, and behave in strange ways. We're on the brink of hardware that could be used as spyware. A scary thought!
The fine on Microsoft is extremely high (over 10% of cash reserves.)
The fine is not nearly as high as it should have been. The question is how much financial damage did Microsoft afflict on EU companies with their monopolistic behaviour. Actually, the EU is pretty lenient to Microsoft, despite this rather symbolic fine.
This appears to be an Anti-American fine.
Oh, is Microsoft == America? The EU couldn't know that, because we're still calling ourselves United States of America, and not MSUSA (1.0)!
This fine is absolutely not Anti-American, as you put it. It is trying to repair the damage caused by the incredible DoJ anti-trust settlement that Microsoft was able to buy from our current administration. By imposing sanctions against Microsoft, the EU is also protecting US consumers, who have been IMHO betrayed by that settlement. So it is a Pro-American fine, a fine which should have been imposed by our government in the first place.
In a few years, most search engines would probably not be free anymore. Even Google (our all-times favorite) is going commercial, and as this story shows, only companies with deep pockets will be able to pay for the bandwidth and computing resources of a serious search engine. Would you trust such engines from being bias-free?
All is not lost however. Let's roll our own search engine! A search engine from the users, for the users, and by the users. No, not for consumers, but for people interested in good results.
Obviously, a simple robot hooked up on a modem or adsl line will not be sufficient. There's simply not enough bandwidth to crawl the Net. But there is enough bandwidth if we take a few hundreds (thousands) of nodes. Just like seti@home, a distributed search engine would consist of two parts: a more-or-less-centralized-database which would maintain the index and work-units, and thousand of client machines, which would fetch a list of URLs to crawl from the DB, crawl a few levels, and return partial indexing results back to the DB. The DB would then generate an index just like google and others.
The beautiful part of this, is that it would scale very well: the more client machines participate, the faster will a new index be generated. The fewer participants, the longer the update intervals. That's all there is to it.
Another advantage is that we could tune the results (and work-units) dynamically, by analyzing the query strings, and other criteria. It may very well happen that this search engine adapts itself to the need of its users _and_ participating crawlers. We could even get results that are currently very hard (of not impossible) to get with closed-source and closed-index engines: How's about searching in DNS (a la whois.sc)? How's about analyzing the popularity of query strings? All this could be possible with an open index!
Ideas? Comments? Perhaps there's already something similar in sourceforge? Something that we could improve?
Hmmm, this is unlikely. The NSA doesn't have an operative branch like the CIA (which itself isn't allowed to act within US borders). See James Bamford's "The Puzzle Palace" and "Body of Secrets."
The NSA specializes in codes, and communications. The following is more likely:
Darl (to lawyers): "Hey, let's sue the NSA. They have lots of SCO/Linux boxes!"
(NSA intercepts the communication and turns it into...)
NSA (with Darl's voice): "Hey, let's sue the President, Congress and the Senate, and while you're at it, DoJ, DoD and the IRS!"
Lawyer firm: "Are you sure Darl? You can't do that!"
Darl (fuming inside): "Of course I can. Never tell me I can't do something. Sue the bastards!"
Lawyer firm: "Okay, you're the boss."
Ca-tching! In the news: SCO (SCOX) sues the President and the Nation for multibillion damages in IP. IRS opens investigations. CEO arrested for fraud. Film at 11.
Let's assume for a moment that this 6000x faster-than-dsl technology is adopted by, say, 30% of the current dial-up population (a conservative estimation). This would mean, that the bandwidth of backbones would need to be upgraded to... how much exactly? 1000x-1500x? Wow!
Of course, it runs NetBSD...
Computer can and do run without Microsoft.
For how long?
It has been said many times before, but it's worth reiterating: [nearly] all of those wonderful runtime environments, and interpreters are written in C. Sometimes, language designers try to implement a self-hosting interpreter (like, say, scheme in scheme, ...), but even here, it still has to be bootstrapped somehow. Unless you want to do this in (unportable) asm, you still need C.
Remember that the Baystar transaction was supposed to be kept secret. Microsoft openly funding SCO would have been harming the "credibility" of that FUD amongst both the courts and businesses. Going through Baystar was typical in many ways (and it comes to no surprise, should I add).
Without whistleblowers, SCO would still get most of the heat from the IT world. Now, Microsoft has a lot of explaining to do (though they won't really bother that much).
Microsoft: Close, but no cigar!
Microsoft warns the Army to back off:
Surrender all your computers to us. Resistance is futile. You will be assimilated.
Or else... our spyware will autodetect DoD users and subsequently refuse to start. All your computers are belong to us.
Bill Gates of Borg.