Roughly the same techniques used to identify spam can be used to identify abuse of a protocol. For example, there exist bayesian intrusion detection algorithms.
Maybe it is time for people to start using those techniques and figure out that something is wrong almost from the getgo.
Even more horrifying: in my case, my local username was part of the information that panopticlick found... the reason was that one of the plugin binaries was in a subdirectory of my homedir, and its path contained my username, and apparently the path of that binary was sent out by firefox. However, I'm not sure if the fault lies with firefox or with the particular plugin (citrix receiver for linux). Probably the latter, because in the plugin-box, it identifies itself with its full path.
If you don't know that restrictions are as much part of design as features, you need to read up on design. There's a great speech about simplicity and the tyranny of choice over on TED, I can recommend it.
In my book, rule number one in user interface design is: minimize latency, not inverse throughput. However, when the cpu is idle, there is plenty of opportunity to run other tasks. And my point is, that i want to decide for myself if i take an opportunity or not.
The bigger point, and this is where my concerns stem from, is that the masses don't see the restrictions, and only the relatively few people who are "tinkerers" understand what is happening. A few more miles down the road, and we won't be even able to write our own open-source apps anymore.
Ah, you want your experience to be ruined? Not a problem, buy Microsoft, they have a guarantee on that part.:-)
Ha, that's a good one:-)
Why? I'm serious. Give me a good reason apart from "because I want it".
I think I referred to the success of Linux three posts back. Openness is generally a good thing. It allows us to get the most out of our technology. It saves us from having to buy multiple (semi-crippled) devices where one machine could suffice. It could bring uniformity of interfaces to all our devices. It could even give the economy an extra boost (again see Linux for proof).
Yes a lot of devices can be considered computers. That's why these rules should be crafted very carefully, by people well-versed in the applicable fields.
I fail to see where it has anything to do with anti-competitiveness
You don't recall the recent refusal of the google voice application from the app store?
This is only an example. Further, I don't like apple being in charge of selling all the apps for their platform. They can pull all sorts of tricks there, like down-ranking possible competitors, etc.
The problem is that the apple stuff is defective *by design*. Why don't they allow us to run multiple applications at once on the iphone and ipad, for example? Because it ruins the user experience for the average user, and this could give apple a bad rep. As a consumer i do not want to be treated like that. And don't get me started about the app store.
Computing devices should be open, and there should be rules for that. In fact, if microsoft pulled apple's anti-competitive tricks, then they would be sanctioned by the EU before they saw it coming.
If the 3G network is so sensitive to untrusted code, that can be seen as a design flaw in itself (albeit not on the part of apple).
However, proper isolation techniques should have then be used to separate the operating system from the transmission of 3G signals, because an operating system like the one that comes with the iphone can not be fully trusted either (it is simply too complicated for that).
In fact, the internal operation of the transmitter should be completely unaccessible from software, to prevent any kind of attack, either from jailbreaks, or from worms or anything similar. That is something the FCC should enforce. Because we don't want to give anybody the power to suddenly open a massive (remotely planned) DOS attack on our 3G towers.
Now, if these measures have been taken, it should be perfectly ok to start "tinkering" with the iphone.
And as far as I know, Google does sell that information to advertisers as its main business
Not so sure about that... in their privacy statement, they say that they inform advertisers only about the number of times their ads were clicked (that is, in total, thus no information about individual clicks is released).
It's time to introduce the Hippocratic Oath for software and hardware engineers.
It is under development, but for now it reads:
I swear by Hephaestus, god of technology, and I take to witness all the gods, all the goddesses, to keep according to my ability and my judgment, the following Oath and agreement:
I shall not create locked down software and machines of any form.
If I fulfill this oath and do not violate it, may it be granted to me to enjoy life and art, being honored with fame among all men for all time to come; if I transgress it and swear falsely, may the opposite of all this be my lot.
And he ultimately addresses the possibility that the entire Universe, including everyone in it, is in principle computable by a completely deterministic computer program.
He should try to do some actual computational physics/chemistry. The amount of processor power you need to simulate only tiny structures is so enormous that he'd be thrown back to reality really quickly.
Yes it would be possible in theory, but good luck doing that for each and every game that comes out. It's a bit like saying a 1024 bit private RSA key can be cracked by sheer trying of all possible combinations. Sure, it can be done, but it'll take a lot of time. The comparison is also not fair because RTMP was never meant to be uncrackable, the specification was just not open.
The point is that the dongle-scheme (when done correctly) is simpler and more user-friendly than the "always online" scheme, and also most likely offers better protection against piracy.
you need to crack the game into "believing" the dongle is there
Like i posted in another branch in this discussion, you can put part of the code into the dongle. Not just a few big code-blocks, but a lot of small basic-blocks (moving some registers into other registers, perhaps doing some arithmetic, etc.) Just make sure that those calls are not in performance-critical parts of your code.
Spreading those dongle calls over your binary can be automated.
In this situation, it's pretty trivial to patch the binary so that it jumps unconditionally to the 'challenge accepted' code path.
Not if part of the code is running on the dongle (think not a few big code-blocks, but a large number of very small basic blocks of non-performance-critical assembly code).
You'll have to distribute the calls to the dongle over the binary, but you can automate that. I wouldn't be surprised if it would be even harder to crack than this online-scheme.
Slashdot Mirror
never attribute to serendipity what can be explained by science
All of their own sites, business and back-end technology is just as closed as Microsoft's
Google's stuff is even more closed because not even their binaries are viewable.
Depends what you class as an operation.
Indeed, all artificial neurons in data's brain could be fired once in one big SIMD operation.
Ah now i can finally keep my touchscreen from getting greasy...
(Or does it interfere with its operation?)
Roughly the same techniques used to identify spam can be used to identify abuse of a protocol. For example, there exist bayesian intrusion detection algorithms.
Maybe it is time for people to start using those techniques and figure out that something is wrong almost from the getgo.
Even more horrifying: in my case, my local username was part of the information that panopticlick found... the reason was that one of the plugin binaries was in a subdirectory of my homedir, and its path contained my username, and apparently the path of that binary was sent out by firefox. However, I'm not sure if the fault lies with firefox or with the particular plugin (citrix receiver for linux). Probably the latter, because in the plugin-box, it identifies itself with its full path.
If you don't know that restrictions are as much part of design as features, you need to read up on design. There's a great speech about simplicity and the tyranny of choice over on TED, I can recommend it.
In my book, rule number one in user interface design is: minimize latency, not inverse throughput. However, when the cpu is idle, there is plenty of opportunity to run other tasks. And my point is, that i want to decide for myself if i take an opportunity or not.
The bigger point, and this is where my concerns stem from, is that the masses don't see the restrictions, and only the relatively few people who are "tinkerers" understand what is happening. A few more miles down the road, and we won't be even able to write our own open-source apps anymore.
Ah, you want your experience to be ruined? Not a problem, buy Microsoft, they have a guarantee on that part. :-)
Ha, that's a good one :-)
Why? I'm serious. Give me a good reason apart from "because I want it".
I think I referred to the success of Linux three posts back. Openness is generally a good thing. It allows us to get the most out of our technology. It saves us from having to buy multiple (semi-crippled) devices where one machine could suffice. It could bring uniformity of interfaces to all our devices. It could even give the economy an extra boost (again see Linux for proof).
Yes a lot of devices can be considered computers. That's why these rules should be crafted very carefully, by people well-versed in the applicable fields.
I fail to see where it has anything to do with anti-competitiveness
You don't recall the recent refusal of the google voice application from the app store?
This is only an example. Further, I don't like apple being in charge of selling all the apps for their platform. They can pull all sorts of tricks there, like down-ranking possible competitors, etc.
The problem is that the apple stuff is defective *by design*. Why don't they allow us to run multiple applications at once on the iphone and ipad, for example? Because it ruins the user experience for the average user, and this could give apple a bad rep. As a consumer i do not want to be treated like that. And don't get me started about the app store.
Computing devices should be open, and there should be rules for that. In fact, if microsoft pulled apple's anti-competitive tricks, then they would be sanctioned by the EU before they saw it coming.
If the 3G network is so sensitive to untrusted code, that can be seen as a design flaw in itself (albeit not on the part of apple).
However, proper isolation techniques should have then be used to separate the operating system from the transmission of 3G signals, because an operating system like the one that comes with the iphone can not be fully trusted either (it is simply too complicated for that).
In fact, the internal operation of the transmitter should be completely unaccessible from software, to prevent any kind of attack, either from jailbreaks, or from worms or anything similar. That is something the FCC should enforce. Because we don't want to give anybody the power to suddenly open a massive (remotely planned) DOS attack on our 3G towers.
Now, if these measures have been taken, it should be perfectly ok to start "tinkering" with the iphone.
Well, in my definition of "tinkering", you should have access to the privileged parts of the cpu.
The possibility of building one's own operating system has been a huge success at least once for general purpose computers, you know...
when you jailbreak a cellphone, you are putting lives at risk.
This is only indicative of a serious design flaw.
Imagine that the internet worked like that. With the many rooted computers out there, the internet would have been brought down to the ground by now.
So you say that if i want to port linux to the iphone, i can do that?
I think it's time the EU did something against the practices of apple, just like it did against Microsoft.
I mean, apple is surely showing anti-competitive behavior. Plus, there could be large economical benefits if the apple platform was more open.
Solution: just double the number of bits in the key, and we're comfortably safe again...
And as far as I know, Google does sell that information to advertisers as its main business
Not so sure about that... in their privacy statement, they say that they inform advertisers only about the number of times their ads were clicked (that is, in total, thus no information about individual clicks is released).
Chrome is open-source, right? Anybody else could add this to Chrome.
It's time to introduce the Hippocratic Oath for software and hardware engineers.
It is under development, but for now it reads:
I swear by Hephaestus, god of technology, and I take to witness all the gods, all the goddesses, to keep according to my ability and my judgment, the following Oath and agreement:
I shall not create locked down software and machines of any form.
If I fulfill this oath and do not violate it, may it be granted to me to enjoy life and art, being honored with fame among all men for all time to come; if I transgress it and swear falsely, may the opposite of all this be my lot.
you can't honestly call it abuse
Technically, yes.
Morally, no.
If the first personal computers required permission from the manufacturer for each new program or new feature
...then, for sure, Linux would not have existed.
Hell, if this continues, I wonder if there's a future for open-source projects.
I say big shame on Apple for abusing an open-source operating system (BSD) in this way.
Media Access Control, now that exactly covers what Apple has been doing with its app-store and its DRM'ed iTunes.
And he ultimately addresses the possibility that the entire Universe, including everyone in it, is in principle computable by a completely deterministic computer program.
He should try to do some actual computational physics/chemistry. The amount of processor power you need to simulate only tiny structures is so enormous that he'd be thrown back to reality really quickly.
a dongle seems to me much more user-friendly than forcing everybody to be always online...
Yes it would be possible in theory, but good luck doing that for each and every game that comes out.
It's a bit like saying a 1024 bit private RSA key can be cracked by sheer trying of all possible combinations. Sure, it can be done, but it'll take a lot of time. The comparison is also not fair because RTMP was never meant to be uncrackable, the specification was just not open.
The point is that the dongle-scheme (when done correctly) is simpler and more user-friendly than the "always online" scheme, and also most likely offers better protection against piracy.
you need to crack the game into "believing" the dongle is there
Like i posted in another branch in this discussion, you can put part of the code into the dongle. Not just a few big code-blocks, but a lot of small basic-blocks (moving some registers into other registers, perhaps doing some arithmetic, etc.) Just make sure that those calls are not in performance-critical parts of your code.
Spreading those dongle calls over your binary can be automated.
In this situation, it's pretty trivial to patch the binary so that it jumps unconditionally to the 'challenge accepted' code path.
Not if part of the code is running on the dongle (think not a few big code-blocks, but a large number of very small basic blocks of non-performance-critical assembly code).
You'll have to distribute the calls to the dongle over the binary, but you can automate that. I wouldn't be surprised if it would be even harder to crack than this online-scheme.