In TFA (yes, I'm a heretic, I read TFA) it says that you can see how it works by changing your country to "India" in the preferences. Maybe this censorship mechanism can be avoided just by cleverly setting the preferences.
Has anyone tried in India tried to change it to something else (like, belgium)? I'd like to know if it works.
The system works reasonably well. No one's network connection is disrupted except for those whose computer is infected. Innocent bystanders are mostly protected. Naive students learn quickly. Repeat offenders are very few and far between.
Except when the IDS has a flase positive, which is pretty common. Then the network connection is disrupted for an innocent bystander.
The Little Boy (Hiroshima bomb) was a functional, if primitive, design. If North Korea managed to get enough materials to build Little Boys, that would be bad news indeed. Maybe they cannot be launched via missile, but if I were an invading force, I wouldn't like to have one of those dropped on top of me. I'd say they have lots of deterrence value.
Some other things:
Being reported as close to the Hiroshima yield does not mean it's a gun type. Fat Man (the Nagasaki bomb) was also close to that yield (in fact, 20 Kt is just right for a Fat Man, while it's a bit high for a Little Boy)
Gun type bombs were the main South African type of A-Bomb, so they're not just a proof of concept (even if only 6 were made).
Little Boy weighs as much as Fat Man (about 4000 kilos) and is streamlined, unlike Fat Man
North Korea was working on the implosion mechanism that failed in 2006. What makes you think they would have not made any progress since then?
Citizen A introduces a bill. Citizen B votes yes. Citizen C votes no. Citizen D and E vote for C.
Now it gets ugly. Citizen F, G, H, I and J are employed by A. Citizen A is very rich and the owner of a big corporation. Citizen A tells F, G, H, I and J: "If you don't vote for me, you'll lose your jobs and you won't be able to work anywhere in this town". Citizens F, G, H, I and J vote for A and A can do anything he wants.
Lesson: The secrecy of the vote is not there because it's fun.
I decided to google "wayner data compression textbook" on google and I found some interesting results.
First, what you're talking about is no more. I could not find any links to pirated books in the top 5. Second and most interesting is what I did find:
#1 Some (unreadable due to javascript/flash colliding with noscript) "Hot news" about your book, but no link to it. #2 and #3 Blogs or similar about what we're talking about (not currently displayed or displaying some video I didn't care about) #4 An amazon entry for "Introduction to Data Compression" by Khalid Sayood #5 Kevin Wayne's Princeton homepage #6 This slashdot article
Nowhere to be found is an entry of your book, your homepage or anything related with you (except for #2 or #3, that was not useful at all).
How come no amazon entry for your book showed up? Or even a homepage? You've beaten to first place by lots of people talking about this, when it could have been your chance to take first place. Yet the book is not in the top 5 of the list. Then comes mininova, followed by TPB.
Even more interesting is that I accidentally searched for "wayner data compression book" and found lots of amazon entries....for a book by Mark Nelson. To be fair, there was a link to "Data compression algorithms for real programmers", authored by you (or so it seems).
I checked the entry on TPB. It is for a torrent that has hundreds of science books. Your "data compression for real programers" is just one of many, and the only one by you. It seems like somebody got it into a collection of books.
Basically "data compression textbook" (if that's the title of your book) is nowhere to be found. If the book you're talking about is "Data compression algorithms for real programmers", then if you search for that, you'll find the amazon entry at the top. But if that's the case, then it's not known as the data compression book. To get a nickname like that, the book will probably have to be really famous (as in "Dragon Book" famous). If it's not DCAFRP you're talking about, then it's not known at all, so don't expect it to appear on any searches. It is not being torrented, either. You get hits on TPB because google finds DCAFRP and another books that have the word "textbook" in the title.
Anyway, most of the people downloading the torrent are probably looking for some other book than yours, but they get the torrent for the whole collection. One download = one lost sale definitely DOES NOT apply here. On a more personal note, I tend to view these collections like public libraries. I think people seed these torrents because the contents are too valuable to lose. Most just get a reference or two from a few books at most. Please don't have them taken down.
And about the poor students, you might want them to buy the books, but if it's between buying a textbook and food and rent money, the choice is obvious. Maybe if your book is good enough, in five years a future engineer or programmer is going to buy it. Don't count on that if the book is crap, though.
Besides, if they decide to drop support, they will need to either refund the cost of vista the users have paid, or at least provide an upgrade to windows 7.
If they keep minimal support, people wanting to stop using vista will have to pay the upgrade themselves.
I remember that Elite 2: Frontier had that type of protection but it could be bypassed. You just had to save while docking and if you did it at the right time it would repeat the same question on restore. They you tried every possible letter and when you got it right, you'd have one of the copy protection answers. By doing that a few times I got the whole table in no time.
I was downloading Slackware on 1998 and had no broadband yet, so I used the university's sun server to download the 50 diskettes needed to install it with all bells and whistles. I left it downloading and went home, when I came back the next day I had filled the whole/tmp volume with the download.
(not that it did stop me, I just limited the amount of data to download at one time and kept firing the downloader)
And, yes. That was all the space they had for students at that time.
That's because, as you said, times have changed. Media wasn't as connected back then, and the formats for storing a product didn't last indefinitely. Now, people continue to make money off these works, and even after death, their families will also make a profit. Societies are willing to continue enjoying these things in new ways, in new formats, and so on. Nintendo will still be making money off of Super Mario Bros. decades from now, which is why the original concepts for copyright law don't apply in the modern era. Disney still makes profits from Mickey Mouse. As is their right, because it's their property, and people are still willing to pay money for it.
I've taken exception to that statement of yours.
As you say, times have changed. You therefore justify the actions of the media distributors, and claiming they have the right to subvert the original idea of copyright. However you deny the same effect for their clients, from your point of view, times have changed in favour of the RIAA, MPAA, etc, but is not to be changed in favour of the consumer.
Times have changed, now the corporations do as you are saying. Times keep changing, and the increase of piracy (as in copyright infringement) is also part of the change. Now piracy in firmly embedded in the society, in part due to the actions of the corporations as you were saying.
Which one is right and which one is wrong? The law says the corporations are right. They have the right to continue earning money from something published half a century ago. That doesn't mean it is legitimate, as law and legitimacy are not always in agreement. From the viewpoint of legitimacy, it is not as clear.
The fact that a law says we must keep paying does not mean the people like to pay, and the existence of TPB shows that there's a big segment of the population not willing to pay, refuting your last phrase and in fact reinforcing my point about illegitimacy.
With the society not willing to have "disney still make profits from Mickey Mouse. As is their right, because it's their property", there's little reason for that to happen, except that their "right" comes as a result of an oppresive yoke.
The TPB guys might go to jail, but that does not make the distributors' act legitimate, in fact, its illegitimacy is shown by the outrage in some segments of society and by the fact that still a lot of people keep pirating unrelented.
So, basically even though there is a book somewhere saying that they can keep charging me for things that are 50 years old, that doesn't mean that I have to agree that it's their god given right. In fact, I (and probably most of the/.ers) think it's a highly immoral act. You're free to try to make me think your way by force, but I warn you that revolutions start that way.
Just what I thought. Biometrics is just a fancy way of producing a password when used remotely. I'd rather use a password then. The reason I think biometrics are insecure when used remotely is that it is not that hard to take a sample for some types of systems, like face recognition and then replay it forever. It's harder when talking about fingerprints, so they might help.
I've been thinking of possible ways of using biometrics remotely, but it looks like unless you can make the user do something unexpected every time, it is open to replay attacks. Voice identification, provided the system makes the user say different things each time, might work.
I've just read that press release. It looks like they're using biometrics to unlock the fob. That's a good idea, mostly because it's not remote (the fob is not communicating via a network with the sensor, so you cannot have a fake sensor send replayed or fake data). And they keep the password, a very wise choice if you ask me.
So you were just talking about hardening after all.
It's a nice setup, but I was talking about people that only allow access to SSH from a few addresses and then undo the restriction by placing a VPN accessible from anywhere. You, on the other hand, know that if you need to access your system from outside comcast you won't be able to. You're not deceiving yourself.
Microscope or a magnifying glass. And if it's unreadable, you still have the analog copy next to it.
You're forgetting about storage density. With punchcards, even A4 (or letter) sized ones you'd need a stack of them, and that means they can get mixed.
A4 paper has a surface of 1/16 m^2, assuming one of the holes is 5mm x 5mm, a hole's surface would be 25mm^2. 1 m^2 = 1000 mm x 1000 mm = 1 000 000 mm ^ 2. So an A4 piece of paper is 62500 mm^2. That means that on an A4 piece of paper you can punch 2500 holes. That's 2500 bits. Assuming one of those pictures takes 100 MB, that means you need 40000 A4 sheets to store it. Not very practical.
PS: All those calculations above, I did them without any external tables (and they weren't difficult at all), metric system ROCKS, and so does the A series of paper.
Good point the one about the VPN server being a hardened device (although it is not always that way). I'm not talking directly about hardening, though. I was talking about being honest about having access from a limited set of addresses. I'm assuming that your post is about more than mere hardening.
You're explaining the reason why you prefer to trade one set of vulnrabilities for another. But you are still following my line of thought: you have access from everywhere, and you've traded SSH's bug set for your VPN's (or your VPN's and SSH's if that's the only thing accessible once you authenticate).
It's a great hardening measure, but you're still having access from anywhere on the Internet. Why not be honest to yourself?
As for fobs, have you used the ssh-agent? It is essentially a software implementation of a fob. There's nothing preventing someone from using a hardware token instead (I've heard rumors about using SSH with a PKCS#11 token, I've thought of it myself but decided not to because of driver issues).
As for biometrics, I don't know what kind of VPN you're using and if you were talking of biometrics as a thought exercise, but I honestly recomend you don't use it, and if you do, not as the only means of authentication. You're connecting remotely to a VPN server, so that server has no way of knowing if it's really communicating with a computer with a sensor or if it's communicating with an imposter replaying a fingerprint, iris scan, etc intercepted from a previous session or somehow captured from the user. Nothing short of trusted computing can (and you'd be relying on some sort of public/private key, anyway).
When they're finished, why don't they make a torrent of the data and post it to TPB? This data is supposed to be in the public domain, so there should be no reason not to do it, and P2P might turn out to be a good failsafe, in case this happens again with whatever medium they use this time.
Piracy saved lots of BBC content once, why not try to do it for NASA?
Why not encode it digitally on microfilm then? With a printed negative on the next slide, so we have the best of both worlds. That should last longer than punchcards.
Is there any difference with respect to a PKCS#11 token? I've been thinking of using one of these tokens as a "road warrior" SSH key, but then realised that since they need drivers to be useable, that wouldn't be practical to use on machines not owned by me.
Also, why not S/KEY instead of one of those yubikeys (or at least the random password)?
While there might be good reasons to allow root access with a restricted key, that's hardly wise and there usually there is no need to do so.
As for the pointlessness of keys AND password, I think you're rather uncreative. There are a few uses of that scheme, the first one to come to my mind is a random password tightly controlled by the IT staff and periodically changed (and the user can do nothing about that) plus a key, under user control. The password allows enforcement of the security rules and insures that a stolen key is useless after a certain amount of time, even if the user chooses a guessable passphrase or leaves it unprotected, while having the security of a public/private key.
Slashdot Mirror
In TFA (yes, I'm a heretic, I read TFA) it says that you can see how it works by changing your country to "India" in the preferences. Maybe this censorship mechanism can be avoided just by cleverly setting the preferences.
Has anyone tried in India tried to change it to something else (like, belgium)? I'd like to know if it works.
Except when the IDS has a flase positive, which is pretty common. Then the network connection is disrupted for an innocent bystander.
The Little Boy (Hiroshima bomb) was a functional, if primitive, design. If North Korea managed to get enough materials to build Little Boys, that would be bad news indeed. Maybe they cannot be launched via missile, but if I were an invading force, I wouldn't like to have one of those dropped on top of me. I'd say they have lots of deterrence value.
Some other things:
Now, here's an scenario for you:
Citizen A introduces a bill. Citizen B votes yes. Citizen C votes no. Citizen D and E vote for C.
Now it gets ugly. Citizen F, G, H, I and J are employed by A. Citizen A is very rich and the owner of a big corporation.
Citizen A tells F, G, H, I and J: "If you don't vote for me, you'll lose your jobs and you won't be able to work anywhere in this town".
Citizens F, G, H, I and J vote for A and A can do anything he wants.
Lesson: The secrecy of the vote is not there because it's fun.
To The Pirate Bay?
I decided to google "wayner data compression textbook" on google and I found some interesting results.
First, what you're talking about is no more. I could not find any links to pirated books in the top 5.
Second and most interesting is what I did find:
#1 Some (unreadable due to javascript/flash colliding with noscript) "Hot news" about your book, but no link to it.
#2 and #3 Blogs or similar about what we're talking about (not currently displayed or displaying some video I didn't care about)
#4 An amazon entry for "Introduction to Data Compression" by Khalid Sayood
#5 Kevin Wayne's Princeton homepage
#6 This slashdot article
Nowhere to be found is an entry of your book, your homepage or anything related with you (except for #2 or #3, that was not useful at all).
How come no amazon entry for your book showed up? Or even a homepage? You've beaten to first place by lots of people talking about this, when it could have been your chance to take first place. Yet the book is not in the top 5 of the list. Then comes mininova, followed by TPB.
Even more interesting is that I accidentally searched for "wayner data compression book" and found lots of amazon entries....for a book by Mark Nelson. To be fair, there was a link to "Data compression algorithms for real programmers", authored by you (or so it seems).
I checked the entry on TPB. It is for a torrent that has hundreds of science books. Your "data compression for real programers" is just one of many, and the only one by you. It seems like somebody got it into a collection of books.
Basically "data compression textbook" (if that's the title of your book) is nowhere to be found. If the book you're talking about is "Data compression algorithms for real programmers", then if you search for that, you'll find the amazon entry at the top. But if that's the case, then it's not known as the data compression book. To get a nickname like that, the book will probably have to be really famous (as in "Dragon Book" famous). If it's not DCAFRP you're talking about, then it's not known at all, so don't expect it to appear on any searches. It is not being torrented, either. You get hits on TPB because google finds DCAFRP and another books that have the word "textbook" in the title.
Anyway, most of the people downloading the torrent are probably looking for some other book than yours, but they get the torrent for the whole collection. One download = one lost sale definitely DOES NOT apply here. On a more personal note, I tend to view these collections like public libraries. I think people seed these torrents because the contents are too valuable to lose. Most just get a reference or two from a few books at most. Please don't have them taken down.
And about the poor students, you might want them to buy the books, but if it's between buying a textbook and food and rent money, the choice is obvious. Maybe if your book is good enough, in five years a future engineer or programmer is going to buy it. Don't count on that if the book is crap, though.
And the ironic thing is that shuttle Buran did an unmanned automated landing in 1988. And that feature was part of the original design.
Besides, if they decide to drop support, they will need to either refund the cost of vista the users have paid, or at least provide an upgrade to windows 7.
If they keep minimal support, people wanting to stop using vista will have to pay the upgrade themselves.
There are elections for the EU parliament soon.
This might be a good time to vote for the Pirate Party, if you've got one in your country.
Does anyone know how to register if you're a spaniard living abroad?
With the magnet thing that was used to disable the force field protecting the star generator.
But the GP has a point. In LSL1 you're supposed to play slots or blackjack in the casino, too.
I remember that Elite 2: Frontier had that type of protection but it could be bypassed. You just had to save while docking and if you did it at the right time it would repeat the same question on restore. They you tried every possible letter and when you got it right, you'd have one of the copy protection answers. By doing that a few times I got the whole table in no time.
Literally.
I was downloading Slackware on 1998 and had no broadband yet, so I used the university's sun server to download the 50 diskettes needed to install it with all bells and whistles. I left it downloading and went home, when I came back the next day I had filled the whole /tmp volume with the download.
(not that it did stop me, I just limited the amount of data to download at one time and kept firing the downloader)
And, yes. That was all the space they had for students at that time.
I've got to admit that google works fast.
The search you posted takes you back to the same post. Talk about circular references.
TPB has perfectly legal uses.
Linux distros are usually transferred via TPB, so are amateur authorized releases (Lamont, Familjen, Timbuktu). Also I was conducting a few experiments with TPB regarding distribution of own files to friends.
If these are not legal uses, then something is really wrong.
I've taken exception to that statement of yours.
As you say, times have changed. You therefore justify the actions of the media distributors, and claiming they have the right to subvert the original idea of copyright. However you deny the same effect for their clients, from your point of view, times have changed in favour of the RIAA, MPAA, etc, but is not to be changed in favour of the consumer.
Times have changed, now the corporations do as you are saying. Times keep changing, and the increase of piracy (as in copyright infringement) is also part of the change. Now piracy in firmly embedded in the society, in part due to the actions of the corporations as you were saying.
Which one is right and which one is wrong? The law says the corporations are right. They have the right to continue earning money from something published half a century ago. That doesn't mean it is legitimate, as law and legitimacy are not always in agreement. From the viewpoint of legitimacy, it is not as clear.
The fact that a law says we must keep paying does not mean the people like to pay, and the existence of TPB shows that there's a big segment of the population not willing to pay, refuting your last phrase and in fact reinforcing my point about illegitimacy.
With the society not willing to have "disney still make profits from Mickey Mouse. As is their right, because it's their property", there's little reason for that to happen, except that their "right" comes as a result of an oppresive yoke.
The TPB guys might go to jail, but that does not make the distributors' act legitimate, in fact, its illegitimacy is shown by the outrage in some segments of society and by the fact that still a lot of people keep pirating unrelented.
So, basically even though there is a book somewhere saying that they can keep charging me for things that are 50 years old, that doesn't mean that I have to agree that it's their god given right. In fact, I (and probably most of the /.ers) think it's a highly immoral act. You're free to try to make me think your way by force, but I warn you that revolutions start that way.
But not longer than Disney. At least while having these extremely long protection terms.
The cargo has to go somewhere. You must also be able to load it and unload it in port.
Just what I thought. Biometrics is just a fancy way of producing a password when used remotely. I'd rather use a password then. The reason I think biometrics are insecure when used remotely is that it is not that hard to take a sample for some types of systems, like face recognition and then replay it forever. It's harder when talking about fingerprints, so they might help.
I've been thinking of possible ways of using biometrics remotely, but it looks like unless you can make the user do something unexpected every time, it is open to replay attacks. Voice identification, provided the system makes the user say different things each time, might work.
I've just read that press release. It looks like they're using biometrics to unlock the fob. That's a good idea, mostly because it's not remote (the fob is not communicating via a network with the sensor, so you cannot have a fake sensor send replayed or fake data). And they keep the password, a very wise choice if you ask me.
So you were just talking about hardening after all.
It's a nice setup, but I was talking about people that only allow access to SSH from a few addresses and then undo the restriction by placing a VPN accessible from anywhere. You, on the other hand, know that if you need to access your system from outside comcast you won't be able to. You're not deceiving yourself.
Check the post I originally replied to.
Microscope or a magnifying glass. And if it's unreadable, you still have the analog copy next to it.
You're forgetting about storage density. With punchcards, even A4 (or letter) sized ones you'd need a stack of them, and that means they can get mixed.
A4 paper has a surface of 1/16 m^2, assuming one of the holes is 5mm x 5mm, a hole's surface would be 25mm^2.
1 m^2 = 1000 mm x 1000 mm = 1 000 000 mm ^ 2. So an A4 piece of paper is 62500 mm^2. That means that on an A4 piece of paper you can punch 2500 holes. That's 2500 bits. Assuming one of those pictures takes 100 MB, that means you need 40000 A4 sheets to store it. Not very practical.
PS: All those calculations above, I did them without any external tables (and they weren't difficult at all), metric system ROCKS, and so does the A series of paper.
Good point the one about the VPN server being a hardened device (although it is not always that way).
I'm not talking directly about hardening, though. I was talking about being honest about having access from a limited set of addresses. I'm assuming that your post is about more than mere hardening.
You're explaining the reason why you prefer to trade one set of vulnrabilities for another. But you are still following my line of thought: you have access from everywhere, and you've traded SSH's bug set for your VPN's (or your VPN's and SSH's if that's the only thing accessible once you authenticate).
It's a great hardening measure, but you're still having access from anywhere on the Internet. Why not be honest to yourself?
As for fobs, have you used the ssh-agent? It is essentially a software implementation of a fob. There's nothing preventing someone from using a hardware token instead (I've heard rumors about using SSH with a PKCS#11 token, I've thought of it myself but decided not to because of driver issues).
As for biometrics, I don't know what kind of VPN you're using and if you were talking of biometrics as a thought exercise, but I honestly recomend you don't use it, and if you do, not as the only means of authentication. You're connecting remotely to a VPN server, so that server has no way of knowing if it's really communicating with a computer with a sensor or if it's communicating with an imposter replaying a fingerprint, iris scan, etc intercepted from a previous session or somehow captured from the user. Nothing short of trusted computing can (and you'd be relying on some sort of public/private key, anyway).
When they're finished, why don't they make a torrent of the data and post it to TPB?
This data is supposed to be in the public domain, so there should be no reason not to do it, and P2P might turn out to be a good failsafe, in case this happens again with whatever medium they use this time.
Piracy saved lots of BBC content once, why not try to do it for NASA?
Why not encode it digitally on microfilm then? With a printed negative on the next slide, so we have the best of both worlds.
That should last longer than punchcards.
Is there any difference with respect to a PKCS#11 token?
I've been thinking of using one of these tokens as a "road warrior" SSH key, but then realised that since they need drivers to be useable, that wouldn't be practical to use on machines not owned by me.
Also, why not S/KEY instead of one of those yubikeys (or at least the random password)?
While there might be good reasons to allow root access with a restricted key, that's hardly wise and there usually there is no need to do so.
As for the pointlessness of keys AND password, I think you're rather uncreative. There are a few uses of that scheme, the first one to come to my mind is a random password tightly controlled by the IT staff and periodically changed (and the user can do nothing about that) plus a key, under user control. The password allows enforcement of the security rules and insures that a stolen key is useless after a certain amount of time, even if the user chooses a guessable passphrase or leaves it unprotected, while having the security of a public/private key.