Yes, and they also have technical problems. Problem: intellectual property rights are overtaking personal rights. Solution: distributed filesharing system, aka Napster/GNUella.
Nobody cares about what you say or do, because people have more important things to think about than whether you can download MP3s for free or not.
The fact that online websites like slashdot continue to grow in popularity would seem to dispute that claim.
It's because of the vast damage that hackers can do with their illegal backdoor penetrations of other people's sites.
I don't see any world markets collapsing, companies going out of business, or people dying as a result of hacker activity. Sure, they boast that they could do that, but if you believe everything you read you get what you deserve. In truth, hackers cause headaches for business and government. Nothing more. Y2K nuts predicted hackers would go and destroy the world. Hrrmm.. I'm still here. Then they predicted they would go breaking into the 911 and emergency system and shut it down. Gee, why would they do that? Unsuprisingly, they didn't.
In supporting evidence of hackers (not crackers) spirit of exploration instead of damage, you'll note most breakins occur to educational instutitions, not commercial. This may be because they are curious about the system(s) they use every day. Go read "Hackers, heroes of the computer revolution" by Steven Levy. Another resource is to consult Appendix B of the Hacker Dictionary - here
No, hackers aren't dangerous because of what they do, they are dangerous because of what they know. THIS is why these laws are being passed. Thus far, the only big numbers damages from "hackers" have been over-inflated prices of "stolen proprietary information" and macro viruses which, quite frankly, is not hacker activity.
For all of six weeks until the FBI cracks it.
What confidence you have in the FBI! They must be able to do what thousands of academic professors dedicated to cracking these codes could not!
What does "take back democracy" mean? Demand which rights? [...]One of the problems with the Western public is that is is very happy to surrender rights for entitlements.
Asked and answered by the poster. I'll lay it out though in the form of a question: Are they surrendering liberty for personal security? If so, why?
An ISP cannot "give" encryption to customers.
SSL-enabled webservers. SSL-enabled imap, pop3, punching holes through the firewall(s) for VPN and SSL access, supporting IPv6 on their routers...
Yeah, but I really wonder what omnivore eats. Citzens? A "Potatoe" or two? Maybe Al can help us out here.. Al, are you out there? What do you feed Omnivore?
Yes, you may be bold now, but just wait until our secret administrative courts run a few of your employees through the ringer.
You'll install it, you have no choice. But I doubt you'll be nearly as brazen in the announcement that it was installed as you were in your announcement that it would not be.
Accuse me of having little faith, but I believe that until we rearchitecture the network to utterly defeat measures like this (transparent crypto?) the government will continue to use its machinery to coerce and manipulate the key internet players. Witness the "NSA key" in Windows 95/98/NT/W2K. Note how long until we found out about Echelon. Read how cryptography.. essentially a collection of mathematical formulas.. is classified as "munitions". The CDA, the DMCA, and a plethora of riders to innocent-sounding bills that we probably still haven't become public knowledge.
Someday, someone is going to need to devise a technical solution to these political problems. This is why they are so afraid of geeks - they know we have it within our power to end this form of tyranny for good. We are in control of the ultimate modern day press. Literally, with the click of a mouse button, we can go public with thousands of pages of information, blow the lids off back-office politics, and empower the average citizen to take back their democracy and demand their rights. This is why of all the new laws being passed, it is against "computer crime" (civil disobedience by another name) is being targetted with the most extreme forms of retribution our legal system has to offer. $300k fines? 10 years in jail? These are punishments that most people conviced of felony manslaughter don't get.
Good luck Earthlink.. but this ain't how you're going to beat them. If you want to beat them, adopt IPv6, and give your customers end-to-end encryption. Then.. go ahead and let them install omnivore. A boat load of good it'll do them then!
"Betting $5 on a 100-to-1 underdog can be fun. Betting $50,000 would be foolish. Yet some PC users are making similarly outrageous wagers on Linux, the underdog in the operating-system wars." - Jesse Berst, March 02, 1999
That is the last Berst article. There is no need to moderate this post up, unless you happen to *really* dislike Jesse. Then, by all means.:)
Jesse Burst's opinion is anything but fixed. Infact, it fluxuates rapidly. I quote from this timeline:
"I think it's great if you are willing to promote Linux to your boss. As long as you are aware of the risk you are taking. The risk of getting fired." - Feb 16, 1998
"Is a Linux takeover likely? Give me a break. Of course not." - June 23, 1998
"I personally think Windows NT will be the mainstream operating system within a few years." [...] "My belief: Linux will never go mainstream" - September 9, 1998
"I've always said that Linux could become a serious challenger to Microsoft's Windows NT." - September 28, 1998
So no, of COURSE linux reviews aren't fixed, and how dare you accuse ZDNet of fixing reviews!
And how do you gurantee that the hacker with root-access can't get at the secret key actually used for encrypting the logs?
Well, it's "guarantee", and you guarantee that a hacker with root can't decrypt the data by never providing him the opportunity to get the key in the first place. I said this system would be using public/private key crypto, right? Okay, public encrypts.. so private....
And the private key isn't on the system, because it needs to remain secure.
I say run important logs to a printer, and BURN them after a while. Then it'll be quite gone (unless something sits arund in your printspools or something).
The CIA and NSA are well versed in recovering data after they were burned. Infact, this is how we have emoticons/smileys now - originally they were used as a code. But they killed the professor that created them, sealed the documents in magnesium binders, burned it, and then threw it in the ocean. Unfortunately some enterprising university kids got wind of this, went off-shore, recovered it, and reconstructed most of the data. This was AFTER a government agency burnt it to a crisp. So the idea of "using a printer" to secure your logs is one of the stupidest ways to do it - both in terms of space, and in terms of security.
After all - the only reason pgp makes sense for mail, is because we assume no (such;) agency has put a camera right over our keyboards and/or screens.
Ugggghhhnnn. And here you prove the very point you're trying to dispute - PGP uses public/private key crypto.. the same solution that I was advocating be used to prevent your hypothetical cracker from getting access to my hypothetical system. I think I'll stop short of getting sarcastic here and hit the submit button...
Pine leaves alot of sap residue in your fireplace. Honestly, I would recommend using dry oak as it burns dry and hot. You can also turn the dampener down quite abit and it will happily burn for hours and hours. The only wood I wouldn't recommend is poplar. Up here in Minnesota, that wood is very common, however it burns very crappy. Just avoid it, trust me.
That depends. You could get in trouble for taking this advice, depending on what form of tyranny^H^H^H^Hgovernment you happen to live under...
Personally, I would encrypt them all using public-private key crypto. The "public" key is what is used to feed the data into syslog, and the private key can be used to decrypt it if you need it. If your systems are physically or otherwise compromised, the attacker still cannot derive the private key as long as you maintain due diligence in maintaining the security of the logging host(s). This means you can log everything to your hearts content and not worry about privacy concerns, as much. Just make sure to put the standard disclaimers in your AUP.
I suspect, however, that wasn't quite the answer you were looking for. Honestly, in order to compromise most people's privacy requires an ungodly large harddrive to store all that information. Simply monitoring a T1 with a packetsniffer doing decent filtering can easily trash a fast 30GB HDD. The security industry is replete with stories of how crackers were caught because their packet sniffers went amok trying to log everything, and crashed the system trying.
I'd recommend logging the source and destination of mail, and when it was retrieved. If you are using RADIUS servers, log the times they signed on and off, and keep the system clock religiously on-time. Have the facilities to monitor each user (ie, be familiar with how to use a packetsniffer, and have a box on standby if you need to use it). A quick cheat would be to configure the RADIUS server to tell $SUSPECT connection to only use $MONITORED_IP and then tell the packetsniffer to dump everything from $MONITORED_IP to disk. It's simple, but it works.
As far as advice on law enforcement.. it depends on your situation. If you have been compromised, it still may do you more harm than good to report it due to the administrative overhead involved in prosecuting them. Generally, however, they are quite helpful on getting you the information you need to prosecute. Don't expect them to get too involved though unless your SMTP logs say that a message was sent from l335h4x0r@yourisp.com to president@whitehouse.gov with a subject line mentioning what he's going to do with a box of cigars and a can of surgical lubricant. In that case, you probably won't have any choice but to cooperate.:)
but I'd like to think that this means that they tend to know something about the issues as well.
There isn't anything in democracy that says you need to know anything before you vote. There is, however, a key tenet that democracy needs the majority opinion to prevail.
Yeah.. of course it's unsafe, you might lower the barrier enough that a critical mass of "average" voters get into the polls and displace the special interest groups, hence rendering our existing corrupt system invalid. Better write a report about how that's bad in a non-obvious way quick!
Sorry, but this is just too transparent. Currently, politicians get into office by NOT playing the middle. Think about it - who's more likely to show up at the polls - the average apathetic american voter, or the rapid right-wing one? This is why groups like the Christian Coalition and the National Organization of Women (NOW) are so influential - they take a very small percentage of the voter population and make sure most of them vote. Combined with low voter turnout we have our current system of special interest groups essentially running the country. Our politicians aren't blind to this either - you'll note why the media makes such a big deal out of seemingly innane stuff -
For example, think about the current issues in the next election: abortion, gun control, crime, technology, or religion in schools. You'll note none of those are extremes likely shared by your peers. We could all care less - I mean, yeah, I have an opinion... but will I go out and vote for it?
And there you have it. Another report to quietly edge the people away from the truth.
I doubt this would be possible unless the MP3 format were changed to allow for some kind of ad header to be applied to the front or back. If it's just some audio that they encode and stick on the back or front of the MP3, how are you going to know which frames contain the ad audio and which contain the audio you want to hear?
Same way we do it with TV. Advertisements have a distinct signature audio-wise - the volume usually is higher than the TV programming. Simply normalize the output, and chop the high point. But that may only be effective for, say, classical music - Fear Factory might not have the same approach. Now most music has a prelude, a quiet opener, or atleast a distinct silence. You can't put that ad in the middle of the song or people will scream murder. So it has to be at the beginning or the end.
There's also the encoding - they might mismatch the bitrates. They will almost definately use 1 encoder - and probably not the one the MP3 has. So you can just analyze the MP3 and determine when the encoder changes - non-trivial, but considering how much geeks detest forced-advertisement, I'm sure it's possible. It's a BIG itch to scratch.
Another method I can think of is to simply visit the advertiser's site. Most of them are MORE than happy to provide ALL of their releases. A few waveforms and an FFT calculation later, and all your mp3's have had that signature removed.
Given that the primary method of MP3 distribution is currently online, someone could simply md5 sum the "bad" mp3's, and blacklist them. The servers (or clients) could then automagically purge them from the network. THAT is a trivial programming exercise.
Given that a benchmark as popular as this will tend to have vendors adding, uhh, "features" to make their webservers run faster for the benchmark, how did you manage to beat them anyway? Did you modify the TCP/IP stack? DoS the other servers during the test? Connect a compulsator to a large coil? Slashdot is dying to know.
you know, you can sell electricity back to the electric company.. so why not do the same with processing power? Buy it like you would any other commodity.
Think about it. You have a "smart" terminal, and you can connect to dozens of other servers nearby to run computing tasks on. You can also have a computer, or an entire cluster of computers, at home and sell the CPU time back onto the grid. With the proliferation of high speed internet access and wireless access, all we need now is decentralized solutions like beowulf to be stirred into the pot so we can run everyday programs.. and just add more CPUs to get more power. I see no reason why we can't do this, provided we re-architecture an OS to do it. Linux and UNIX in general is already close to where it needs to be...:)
Ah, well.. I'm sure someone had this idea before and patented it.. so maybe this is an idea doomed to die courtesy of Legal.
Politics seems much more of a problem with linux companies than in other tech sectors. Mundane issues like licensing are fiercely debated both internally and externally with their customers. That, quite frankly, does not happen in any other business sector except the linux one.
Given that, what advice would you offer to businesses trying to get into linux? ESR and RMS have two opinions on it, can we get a third?
You know, imagine if we rotated a few words around, how our government would respond...
People Fight Online Statements They Don't Agree With
This is an interesting article at Slashdot about eFU, a website that specializes in tracking the comments of, and garnering personal information about folks with a beef with another person. The service isn't cheap, upwards of $0 per "screenname". This was apparently used against anti-Microsoft people three months ago. The Slashdot article seems to hint that eFU is used primarily to root out uncomplimentary messages on "rouge" web sites such as itself.
Businesses are getting away with things these days no person could ever have...
Hmm... Using doubleclick cookies for encryption keys. That'd be... bizarre... Most of them aren't primes though, so I doubt it'd do you much good.
:) That wasn't quite what I meant...
Ideally there are an indeterminate number of hops between you and the server (Possibly some caching too) so that no server could ever know for sure who's downloading from it.
I feel things like zeroknowledge and this are not good. Society does not need 24/7 anominaty, it needs privacy and authenticity at the right times.
That's a fallacy. If you only encrypt sensitive material, you are vulnerable to traffic analysis. You are also telling your attacker exactly what needs to be cracked and what can safely be discarded. Thus you have lowered the workload required to aquire your sensitive data. This, incase you didn't know, is not good. You really want your data to be difficult to recover.
There's a reason why the front windshild of cars are not allowed to be tinted. Imagine if I could drive around town and run over old ladies with there being no way for me to be discoverd?
If you look on the front of your car, you'll see a big slab of metal called a "license plate" - a unique identifier people can use to track you down when you go on a run-down-the-old-lady spree. No, the reason your windshield cannot be tinted is because of safety, not accountability - other drivers need to see that you are looking at them.. very important at 4-way stops and such. It is also, umm, somewhat difficult to see through tinted glass at night.. meaning you could easily go off the road and kill yourself.. or someone else.
Anyway, completely offtopic, but the MNDOT and other states have already endorsed the use of tinted windshields provided they can be "de-tinted" at night - ie, some kind of light-sensitive filter that only darkens when exposed to light. I believe IBM or 3M are working on this around here.
There's no way to prevent man-in-the-middle attacks with a truly anonymous protocol as there is no way to verify the authenticity of the server.
In addition, crypto without a pre-arranged way to mutually verify both parties is trivial to crack. The NSA will certainly not mind you exporting this protocol overseas.:P But that is just a footnote to the above problem I mentioned. You can probably derive the encryption keys by monitoring the beginning of the conversation with the server and thus decrypt the contents of the packet(s). However, I am no expert in this, so I may be incorrect about being able to derive the keys - specifically, I know nothing about the duffie-hellmann(sp?) public key exchange stuff, beyond "it works", so YMMV.
The other problem I can see is that you're sending up a big red flag saying "Here I am! Look at me, I'm up to no good!" to your network administrators. Net admins are notoriously paranoid, moreso now with the proliferation of scripts. This means that if you use it at work, you stand a good chance of having your network access monitored/revoked and/or you getting your ass canned. Yeah! Go crypto!
The ideal protocol for this would be one where monitoring would a) do an attacker no good (which means you have to verify the authenticity of the server somehow before you communicate over the unsecured channel (the 'net)) and b) look like normal traffic. This is important - either you encrypt everything, even non-sensitive material, or you encrypt nothing and rely on stenography. I like stenography better myself.. and it'll become more important as governments crack down on conventional crypto - witness new zealand, I believe, which made it a law forcing you to divulge the keys of every encrypted thing on your system under penalty of jail.. even when they can't prove you ever had them!
Imagine an HTTP request to www.someplace.com where the downloaded JPEG contains the information requested and the POST contents contained the key+query. E-commerce cookies can easily look like crypto keys. Rewrite a few doubleclick cookies and no one will be the wiser.
*sarcasm* Well, of course it'll be obsolete.. in 15 years. Duh. What do you expect? Can we please get an oracle that doesn't state the obvious now? *end sarcasm*
More seriously, you cannot say something is obsolete before it actually is. Check the dictionary definition.
Slashdot Mirror
çéLxÕÑætPÑä-£í8JöJ)Ê$ikÙb*SQË ©J2ÆZôñ)ä®×ýÜÀéqÚ:å}DecTÊ@ryptKèÑ6M~f£ÿ ékmeOjDöif*Û0youÄÀúÛcan£ÿ7çd õÊÓÅ3¼Üóßê£>rè15ìðgVÂÌÕòÝÇF|ä¾õÖN_ë=õó|)kæøiY5ôãv) hÄ øÊ*e+Úõî
Crack that.
Political problems have political solutions.
Yes, and they also have technical problems. Problem: intellectual property rights are overtaking personal rights. Solution: distributed filesharing system, aka Napster/GNUella.
Nobody cares about what you say or do, because people have more important things to think about than whether you can download MP3s for free or not.
The fact that online websites like slashdot continue to grow in popularity would seem to dispute that claim.
It's because of the vast damage that hackers can do with their illegal backdoor penetrations of other people's sites.
I don't see any world markets collapsing, companies going out of business, or people dying as a result of hacker activity. Sure, they boast that they could do that, but if you believe everything you read you get what you deserve. In truth, hackers cause headaches for business and government. Nothing more. Y2K nuts predicted hackers would go and destroy the world. Hrrmm.. I'm still here. Then they predicted they would go breaking into the 911 and emergency system and shut it down. Gee, why would they do that? Unsuprisingly, they didn't.
In supporting evidence of hackers (not crackers) spirit of exploration instead of damage, you'll note most breakins occur to educational instutitions, not commercial. This may be because they are curious about the system(s) they use every day. Go read "Hackers, heroes of the computer revolution" by Steven Levy. Another resource is to consult Appendix B of the Hacker Dictionary - here
No, hackers aren't dangerous because of what they do, they are dangerous because of what they know. THIS is why these laws are being passed. Thus far, the only big numbers damages from "hackers" have been over-inflated prices of "stolen proprietary information" and macro viruses which, quite frankly, is not hacker activity.
For all of six weeks until the FBI cracks it.
What confidence you have in the FBI! They must be able to do what thousands of academic professors dedicated to cracking these codes could not!
Answer: VPN.
Technical solutions to political problems are very, very rare.
Apache's DAV module, Napster, GNUella, DeCSS, warez, data havens, PGP, anonymous remailers, Freedom / anonymous proxies, junkbuster, anti-spam filters...
What does "take back democracy" mean? Demand which rights? [...]One of the problems with the Western public is that is is very happy to surrender rights for entitlements.
Asked and answered by the poster. I'll lay it out though in the form of a question: Are they surrendering liberty for personal security? If so, why?
An ISP cannot "give" encryption to customers.
SSL-enabled webservers. SSL-enabled imap, pop3, punching holes through the firewall(s) for VPN and SSL access, supporting IPv6 on their routers...
Yeah, but I really wonder what omnivore eats. Citzens? A "Potatoe" or two? Maybe Al can help us out here.. Al, are you out there? What do you feed Omnivore?
You'll install it, you have no choice. But I doubt you'll be nearly as brazen in the announcement that it was installed as you were in your announcement that it would not be.
Accuse me of having little faith, but I believe that until we rearchitecture the network to utterly defeat measures like this (transparent crypto?) the government will continue to use its machinery to coerce and manipulate the key internet players. Witness the "NSA key" in Windows 95/98/NT/W2K. Note how long until we found out about Echelon. Read how cryptography.. essentially a collection of mathematical formulas.. is classified as "munitions". The CDA, the DMCA, and a plethora of riders to innocent-sounding bills that we probably still haven't become public knowledge.
Someday, someone is going to need to devise a technical solution to these political problems. This is why they are so afraid of geeks - they know we have it within our power to end this form of tyranny for good. We are in control of the ultimate modern day press. Literally, with the click of a mouse button, we can go public with thousands of pages of information, blow the lids off back-office politics, and empower the average citizen to take back their democracy and demand their rights. This is why of all the new laws being passed, it is against "computer crime" (civil disobedience by another name) is being targetted with the most extreme forms of retribution our legal system has to offer. $300k fines? 10 years in jail? These are punishments that most people conviced of felony manslaughter don't get.
Good luck Earthlink.. but this ain't how you're going to beat them. If you want to beat them, adopt IPv6, and give your customers end-to-end encryption. Then.. go ahead and let them install omnivore. A boat load of good it'll do them then!
Again, courtesy of LWN - the 1999 linux timeline.. quotes:
"Betting $5 on a 100-to-1 underdog can be fun. Betting $50,000 would be foolish. Yet some PC users are making similarly outrageous wagers on Linux, the underdog in the operating-system wars." - Jesse Berst, March 02, 1999
That is the last Berst article. There is no need to moderate this post up, unless you happen to *really* dislike Jesse. Then, by all means. :)
"I think it's great if you are willing to promote Linux to your boss. As long as you are aware of the risk you are taking. The risk of getting fired." - Feb 16, 1998
"Is a Linux takeover likely? Give me a break. Of course not." - June 23, 1998
"I personally think Windows NT will be the mainstream operating system within a few years." [...] "My belief: Linux will never go mainstream" - September 9, 1998
"I've always said that Linux could become a serious challenger to Microsoft's Windows NT." - September 28, 1998
So no, of COURSE linux reviews aren't fixed, and how dare you accuse ZDNet of fixing reviews!
Well, it's "guarantee", and you guarantee that a hacker with root can't decrypt the data by never providing him the opportunity to get the key in the first place. I said this system would be using public/private key crypto, right? Okay, public encrypts.. so private....
And the private key isn't on the system, because it needs to remain secure.
I say run important logs to a printer, and BURN them after a while. Then it'll be quite gone (unless something sits arund in your printspools or something).
The CIA and NSA are well versed in recovering data after they were burned. Infact, this is how we have emoticons/smileys now - originally they were used as a code. But they killed the professor that created them, sealed the documents in magnesium binders, burned it, and then threw it in the ocean. Unfortunately some enterprising university kids got wind of this, went off-shore, recovered it, and reconstructed most of the data. This was AFTER a government agency burnt it to a crisp. So the idea of "using a printer" to secure your logs is one of the stupidest ways to do it - both in terms of space, and in terms of security.
After all - the only reason pgp makes sense for mail, is because we assume no (such ;) agency has put a camera right over our keyboards and/or screens.
Ugggghhhnnn. And here you prove the very point you're trying to dispute - PGP uses public/private key crypto.. the same solution that I was advocating be used to prevent your hypothetical cracker from getting access to my hypothetical system. I think I'll stop short of getting sarcastic here and hit the submit button...
Personally, I would encrypt them all using public-private key crypto. The "public" key is what is used to feed the data into syslog, and the private key can be used to decrypt it if you need it. If your systems are physically or otherwise compromised, the attacker still cannot derive the private key as long as you maintain due diligence in maintaining the security of the logging host(s). This means you can log everything to your hearts content and not worry about privacy concerns, as much. Just make sure to put the standard disclaimers in your AUP.
I suspect, however, that wasn't quite the answer you were looking for. Honestly, in order to compromise most people's privacy requires an ungodly large harddrive to store all that information. Simply monitoring a T1 with a packetsniffer doing decent filtering can easily trash a fast 30GB HDD. The security industry is replete with stories of how crackers were caught because their packet sniffers went amok trying to log everything, and crashed the system trying.
I'd recommend logging the source and destination of mail, and when it was retrieved. If you are using RADIUS servers, log the times they signed on and off, and keep the system clock religiously on-time. Have the facilities to monitor each user (ie, be familiar with how to use a packetsniffer, and have a box on standby if you need to use it). A quick cheat would be to configure the RADIUS server to tell $SUSPECT connection to only use $MONITORED_IP and then tell the packetsniffer to dump everything from $MONITORED_IP to disk. It's simple, but it works.
As far as advice on law enforcement.. it depends on your situation. If you have been compromised, it still may do you more harm than good to report it due to the administrative overhead involved in prosecuting them. Generally, however, they are quite helpful on getting you the information you need to prosecute. Don't expect them to get too involved though unless your SMTP logs say that a message was sent from l335h4x0r@yourisp.com to president@whitehouse.gov with a subject line mentioning what he's going to do with a box of cigars and a can of surgical lubricant. In that case, you probably won't have any choice but to cooperate. :)
Hope this helps,
Yeah, but you won't see them "playing the middle" when trying to get party nominations. And THAT is what I was referring to.
Why would someone need to provide a credit card to vote? Oh, wait.. the voting booth was hosted at aol.com ...
There isn't anything in democracy that says you need to know anything before you vote. There is, however, a key tenet that democracy needs the majority opinion to prevail.
Sorry, but this is just too transparent. Currently, politicians get into office by NOT playing the middle. Think about it - who's more likely to show up at the polls - the average apathetic american voter, or the rapid right-wing one? This is why groups like the Christian Coalition and the National Organization of Women (NOW) are so influential - they take a very small percentage of the voter population and make sure most of them vote. Combined with low voter turnout we have our current system of special interest groups essentially running the country. Our politicians aren't blind to this either - you'll note why the media makes such a big deal out of seemingly innane stuff -
For example, think about the current issues in the next election: abortion, gun control, crime, technology, or religion in schools. You'll note none of those are extremes likely shared by your peers. We could all care less - I mean, yeah, I have an opinion... but will I go out and vote for it?
And there you have it. Another report to quietly edge the people away from the truth.
Gee, this looks remarkably similar to this piece I wrote. Now the trolls are plagarizing me too.
Same way we do it with TV. Advertisements have a distinct signature audio-wise - the volume usually is higher than the TV programming. Simply normalize the output, and chop the high point. But that may only be effective for, say, classical music - Fear Factory might not have the same approach. Now most music has a prelude, a quiet opener, or atleast a distinct silence. You can't put that ad in the middle of the song or people will scream murder. So it has to be at the beginning or the end.
There's also the encoding - they might mismatch the bitrates. They will almost definately use 1 encoder - and probably not the one the MP3 has. So you can just analyze the MP3 and determine when the encoder changes - non-trivial, but considering how much geeks detest forced-advertisement, I'm sure it's possible. It's a BIG itch to scratch.
Another method I can think of is to simply visit the advertiser's site. Most of them are MORE than happy to provide ALL of their releases. A few waveforms and an FFT calculation later, and all your mp3's have had that signature removed.
Given that the primary method of MP3 distribution is currently online, someone could simply md5 sum the "bad" mp3's, and blacklist them. The servers (or clients) could then automagically purge them from the network. THAT is a trivial programming exercise.
Cheers,
Given that a benchmark as popular as this will tend to have vendors adding, uhh, "features" to make their webservers run faster for the benchmark, how did you manage to beat them anyway? Did you modify the TCP/IP stack? DoS the other servers during the test? Connect a compulsator to a large coil? Slashdot is dying to know.
Think about it. You have a "smart" terminal, and you can connect to dozens of other servers nearby to run computing tasks on. You can also have a computer, or an entire cluster of computers, at home and sell the CPU time back onto the grid. With the proliferation of high speed internet access and wireless access, all we need now is decentralized solutions like beowulf to be stirred into the pot so we can run everyday programs.. and just add more CPUs to get more power. I see no reason why we can't do this, provided we re-architecture an OS to do it. Linux and UNIX in general is already close to where it needs to be... :)
Ah, well.. I'm sure someone had this idea before and patented it.. so maybe this is an idea doomed to die courtesy of Legal.
Given that, what advice would you offer to businesses trying to get into linux? ESR and RMS have two opinions on it, can we get a third?
People Fight Online Statements They Don't Agree With
This is an interesting article at Slashdot about eFU, a website that specializes in tracking the comments of, and garnering personal information about folks with a beef with another person. The service isn't cheap, upwards of $0 per "screenname". This was apparently used against anti-Microsoft people three months ago. The Slashdot article seems to hint that eFU is used primarily to root out uncomplimentary messages on "rouge" web sites such as itself.
Businesses are getting away with things these days no person could ever have...
BUY A TAPE BACKUP DRIVE
Cripes.. this isn't a new problem...
:) That wasn't quite what I meant...
Ideally there are an indeterminate number of hops between you and the server (Possibly some caching too) so that no server could ever know for sure who's downloading from it.
It's called zero knowledge
That's a fallacy. If you only encrypt sensitive material, you are vulnerable to traffic analysis. You are also telling your attacker exactly what needs to be cracked and what can safely be discarded. Thus you have lowered the workload required to aquire your sensitive data. This, incase you didn't know, is not good. You really want your data to be difficult to recover.
There's a reason why the front windshild of cars are not allowed to be tinted. Imagine if I could drive around town and run over old ladies with there being no way for me to be discoverd?
If you look on the front of your car, you'll see a big slab of metal called a "license plate" - a unique identifier people can use to track you down when you go on a run-down-the-old-lady spree. No, the reason your windshield cannot be tinted is because of safety, not accountability - other drivers need to see that you are looking at them.. very important at 4-way stops and such. It is also, umm, somewhat difficult to see through tinted glass at night.. meaning you could easily go off the road and kill yourself.. or someone else.
Anyway, completely offtopic, but the MNDOT and other states have already endorsed the use of tinted windshields provided they can be "de-tinted" at night - ie, some kind of light-sensitive filter that only darkens when exposed to light. I believe IBM or 3M are working on this around here.
In addition, crypto without a pre-arranged way to mutually verify both parties is trivial to crack. The NSA will certainly not mind you exporting this protocol overseas. :P But that is just a footnote to the above problem I mentioned. You can probably derive the encryption keys by monitoring the beginning of the conversation with the server and thus decrypt the contents of the packet(s). However, I am no expert in this, so I may be incorrect about being able to derive the keys - specifically, I know nothing about the duffie-hellmann(sp?) public key exchange stuff, beyond "it works", so YMMV.
The other problem I can see is that you're sending up a big red flag saying "Here I am! Look at me, I'm up to no good!" to your network administrators. Net admins are notoriously paranoid, moreso now with the proliferation of scripts. This means that if you use it at work, you stand a good chance of having your network access monitored/revoked and/or you getting your ass canned. Yeah! Go crypto!
The ideal protocol for this would be one where monitoring would a) do an attacker no good (which means you have to verify the authenticity of the server somehow before you communicate over the unsecured channel (the 'net)) and b) look like normal traffic. This is important - either you encrypt everything, even non-sensitive material, or you encrypt nothing and rely on stenography. I like stenography better myself.. and it'll become more important as governments crack down on conventional crypto - witness new zealand, I believe, which made it a law forcing you to divulge the keys of every encrypted thing on your system under penalty of jail.. even when they can't prove you ever had them!
Imagine an HTTP request to www.someplace.com where the downloaded JPEG contains the information requested and the POST contents contained the key+query. E-commerce cookies can easily look like crypto keys. Rewrite a few doubleclick cookies and no one will be the wiser.
Good for finding music, but anything more than sampling and I want a CD or a raw wave file.
*sarcasm* Well, of course it'll be obsolete.. in 15 years. Duh. What do you expect? Can we please get an oracle that doesn't state the obvious now?
*end sarcasm*
More seriously, you cannot say something is obsolete before it actually is. Check the dictionary definition.