If you want a tip, here's something a read in a book by a Norwegian memory world champion, Oddbjørn By:
Assign each 2 digit number to a person and an action related to that person. The person has two names, so the first character of each name represent one of the digits.
Now you can represent 4 digits with a person and an action. This will give you 4 with different first characters.
Imagine locations on a known path.
Assign a person doing an action at each location.
Now you have 4 digits per location on your path... Just make a very long path and you'll have 1,000,000 digits (250,000 locations*) in no time!
To recite the number, just traverse your path and look at the name of the person in each location, and the name of the person associated with the action.
*You probably want less locations, so you can visit the same one under different conditions. E.g. during day / night / rain / snow / heavy winds... we're down to 50,000 locations already!
IMAGE CAPTION:
HAIR-RAISING: Technologist Svein Willassen thinks that government blocking of Internet is plain censorship, and at odds with the principles of freedom and freedom of speech on Internet.
Photo: TORBJØRN GRØNNING
GREY BOX ON RIGHT SIDE: Facts
The computer crime committee
January 11th 2002, the government, by royal decree, appointed a committee to investigate law amendments against computer crime (The computer crime committee).
Today, the computer crime committee consists of district stipendiary magistrate (sorenskriver) Knut Rønning (head of committee), deputy director Christina Christensen from the Ministry of Transport and Communication (Samferdselsdepartementet ), consultant Hanne Gulbrandsen from The Data Inspectorate (Datatilsynet), lawyer Birthe Taraldset from Bergen Banking AS, public prosecutor (statsadvokat) Jenny Sellæg and PhD student (doktorgradsstipendiat) Svein Willassen from Department of Telematics at NUST (NTNU, Norwegian University of Science and Technology).
The computer crime committee has worked strenuously with a general study of the penal code (straffeloven) and the penal code process (straffeprosessloven) to discover needs for further law amendments.
The law proposal
The minority proposal is being pushed by the head of committee, district stipendiary magistrate Knut Rønning and the Ministry of Transport and Communication by Christina Christensen.
They think an provision for Internet filtering should be amended to the penal code. The minority want it to be possible to filter web pages that are in violation of Norwegian law.
It is the Internet service providers that shall be required to shut down the pages. The suggested law amendment says:
"The service provider can be required to block access to certain places on Internet for their users if the contents might lead to stronger punishment than fines in Norway."
The primary proposal wants the prosecution to request blocking of web pages in the judiciary.
An ordinary court of law (tingretten) shall determine whether there is just cause for filtering. If it is, the Internet service provider is required to block the web site for Norwegian users.
An alternative proposal is that the Norwegian Media Authority (Medietilsynet) decides which web sites to block. If anyone appeal the decision, it can be brought to court.
INTRODUCTION:
Law proposal to stop file sharing, porn and gambling.
ARTICLE: by Jostein Ihlebæk
Monday 2007-02-12, 09:45 AM
updated 10:05 AM
Today, the Computer crime committee will submit a proposal that will require Internet service providers to block web sites with illegal contents.
Plain censorship and an assault on freedom of speech, says critics.
In violation of Norwegian law
One of the most inflammatory issues in the study is the provision for the government to intervene and block some web pages for Norwegian users.
The Ministry of Transport and Communication by Christina Christensen and district stipendiary magistrate Knut Rønning, believe Internet services providers should be required to block web sites that contain material in violation of Norwegian law, and will push a minority suggestion for this to be amended in the penal code.
This could leave Norway with one of the most stern Internet laws in the western world.
- Plain censorship
- This is a hair-raising proposal, says PhD student Svein Willassen at NUST. He is a member of The computer crime committee on behalf of technologists.
- The proposal can be compared with the Chinese net censorship, says Willa
> Imagine the guys and gals working at Google doing nothing but scanning in books.
Seeing as how many services google has launched in the recent year(s), I'd say they are pretty capable of doing multiple tasks at once over there (ie. they won't do "nothing but scanning in books").
When it comes to the how, they have a machine that can take a bunch of books and scan them. There was a story about this on slashdot some months back, unless I'm mistaken, anyone remember it?
Well, how about this, related case: Our school use a unique ID at the exams. This ID is "secret". The reason for it being secret is that a sensor should not be able to infer whose exam (s)he's looking at. And your grades may be published along with this ID, and your grades are not public either.
So, in an attempt to identify appliers for student assistant jobs, a faculty had you enter your secret ID. And then went on to display your name... Practically a database interface to perform the assumed secret transition from ID to name.
So. Write a 3 line bash/perl script, exploiting the fact that most IDs are within a limited number range. Suddenly you've got the names and IDs of most students. Should this be accounted as a criminal act?
Note 1: It was rumoured that the developer of this page was informed of its exploitability, but choose to ignore it, as he apparently thought it an unimportant issue. This kinda made some people upset. I, for one, sent him and the person with formal responsibility an email, explaining in no uncertain terms that this was unacceptable. Unfortunately, this was friday afternoon, and some began to harvest information to prove this to some reporters.
Note 2: Local and national newspapers were informed as soon as much ID information had been gathered. The national ones didn't bother, but the local paper as well as a well regarded student newspaper printed the story, much to the frustration of the school. Newspapers are, for one, open during the weekend. However, except for bad publicity, nothing happened to the school or its employees. This was the third time they leaked personal information (and made it to the newspapers for it). And our country does have rather strict laws on the responsibility and accountability of people/companies holding personal information. Namely, "(...) must (...) ensure (...) adequate information security with respect to (...) confidentiality (...)" and "(...) may be punished with fines or up to one year in jail for (...) gross negligance (...)". So, does making a lookup table for secret database information consitute gross negligance? Hell, yeah, if you ask me.
Note 3: Our national law regarding the storing of personal information admits unauthorized storage of personal information as long as this is done with "journalistic intent", but IANAL, so who knows.
Epilogue: The school chose not to persue the case if the involved people (who made no attempt to hide their identity) deleted all their retrieved data and signed a statement saying they had done so. None had any intent except to stop the school from being so careless with information and signed. The student assistant application page was rewritten shortly after. With a scheme that identified you through a hash of your national ID (secret) in addition to your secret ID. Guessing both of these is not impossible, but adequately difficult, in my opinion. Listing all students is surely infeasible enough. It probably took 10 minutes to think out the new scheme and 15-20 minutes to implement. Hopefully these 30 minutes will be applied in the first place next time around, although I have my doubts (see someone else's post about who slashdotters trust).
> If this sort of thing is allowed to continue, how long before I can be convicted under some foreign dictatorship's censorship laws for something I said a thousand miles away?
How about asking: How long since russian citizen Sklyarov was arrested when visiting US for breaking US law (DMCA) while in Russia.
Now, this is not quite the same thing, but it surely has its place in the discussion about one nations laws being applied to actions committed in another nation.
Google for Sklyarov or start reading the Free Sklyarov webpage
Or perhaps you should call it GNU/Linux, at least in this setting, considering that linux is only a kernel (read about Linux and GNU, some history will do you good). But more important here, the stated goal of the GNU project was to make a complete and free operating system, and is sponsored by the kind men and women of the Free Software Foundation, without which I think the software world would be a far worse place to work.
Slashdot Mirror
Second annual movie-plot threat contest already has loads of suggestions: http://www.schneier.com/blog/archives/2007/04/anno uncing_seco.html
There are plenty of memory techniques. Didn't you know there is a world championship in remembering things? See for instance http://www.worldmemorychampionship.com/ or http://www.worldmemorychallenge.com/.
If you want a tip, here's something a read in a book by a Norwegian memory world champion, Oddbjørn By:
*You probably want less locations, so you can visit the same one under different conditions. E.g. during day / night / rain / snow / heavy winds... we're down to 50,000 locations already!
HEADING: Wants web censorship in Norway
IMAGE CAPTION: HAIR-RAISING: Technologist Svein Willassen thinks that government blocking of Internet is plain censorship, and at odds with the principles of freedom and freedom of speech on Internet. Photo: TORBJØRN GRØNNING
GREY BOX ON RIGHT SIDE: Facts
The computer crime committee
January 11th 2002, the government, by royal decree, appointed a committee to investigate law amendments against computer crime (The computer crime committee).
Today, the computer crime committee consists of district stipendiary magistrate (sorenskriver) Knut Rønning (head of committee), deputy director Christina Christensen from the Ministry of Transport and Communication (Samferdselsdepartementet ), consultant Hanne Gulbrandsen from The Data Inspectorate (Datatilsynet), lawyer Birthe Taraldset from Bergen Banking AS, public prosecutor (statsadvokat) Jenny Sellæg and PhD student (doktorgradsstipendiat) Svein Willassen from Department of Telematics at NUST (NTNU, Norwegian University of Science and Technology).
The computer crime committee has worked strenuously with a general study of the penal code (straffeloven) and the penal code process (straffeprosessloven) to discover needs for further law amendments.
The law proposal
The minority proposal is being pushed by the head of committee, district stipendiary magistrate Knut Rønning and the Ministry of Transport and Communication by Christina Christensen.
They think an provision for Internet filtering should be amended to the penal code. The minority want it to be possible to filter web pages that are in violation of Norwegian law.
It is the Internet service providers that shall be required to shut down the pages. The suggested law amendment says:
"The service provider can be required to block access to certain places on Internet for their users if the contents might lead to stronger punishment than fines in Norway."
The primary proposal wants the prosecution to request blocking of web pages in the judiciary.
An ordinary court of law (tingretten) shall determine whether there is just cause for filtering. If it is, the Internet service provider is required to block the web site for Norwegian users.
An alternative proposal is that the Norwegian Media Authority (Medietilsynet) decides which web sites to block. If anyone appeal the decision, it can be brought to court.
INTRODUCTION:
Law proposal to stop file sharing, porn and gambling.
ARTICLE: by Jostein Ihlebæk
Monday 2007-02-12, 09:45 AM
updated 10:05 AM
Today, the Computer crime committee will submit a proposal that will require Internet service providers to block web sites with illegal contents.
Plain censorship and an assault on freedom of speech, says critics.
In violation of Norwegian law
One of the most inflammatory issues in the study is the provision for the government to intervene and block some web pages for Norwegian users.
The Ministry of Transport and Communication by Christina Christensen and district stipendiary magistrate Knut Rønning, believe Internet services providers should be required to block web sites that contain material in violation of Norwegian law, and will push a minority suggestion for this to be amended in the penal code.
This could leave Norway with one of the most stern Internet laws in the western world.
- Plain censorship
- This is a hair-raising proposal, says PhD student Svein Willassen at NUST. He is a member of The computer crime committee on behalf of technologists.
- The proposal can be compared with the Chinese net censorship, says Willa
> Imagine the guys and gals working at Google doing nothing but scanning in books. Seeing as how many services google has launched in the recent year(s), I'd say they are pretty capable of doing multiple tasks at once over there (ie. they won't do "nothing but scanning in books"). When it comes to the how, they have a machine that can take a bunch of books and scan them. There was a story about this on slashdot some months back, unless I'm mistaken, anyone remember it?
Well, how about this, related case: Our school use a unique ID at the exams. This ID is "secret". The reason for it being secret is that a sensor should not be able to infer whose exam (s)he's looking at. And your grades may be published along with this ID, and your grades are not public either.
So, in an attempt to identify appliers for student assistant jobs, a faculty had you enter your secret ID. And then went on to display your name... Practically a database interface to perform the assumed secret transition from ID to name.
So. Write a 3 line bash/perl script, exploiting the fact that most IDs are within a limited number range. Suddenly you've got the names and IDs of most students. Should this be accounted as a criminal act?
Note 1: It was rumoured that the developer of this page was informed of its exploitability, but choose to ignore it, as he apparently thought it an unimportant issue. This kinda made some people upset. I, for one, sent him and the person with formal responsibility an email, explaining in no uncertain terms that this was unacceptable. Unfortunately, this was friday afternoon, and some began to harvest information to prove this to some reporters.
Note 2: Local and national newspapers were informed as soon as much ID information had been gathered. The national ones didn't bother, but the local paper as well as a well regarded student newspaper printed the story, much to the frustration of the school. Newspapers are, for one, open during the weekend. However, except for bad publicity, nothing happened to the school or its employees. This was the third time they leaked personal information (and made it to the newspapers for it). And our country does have rather strict laws on the responsibility and accountability of people/companies holding personal information. Namely, "(...) must (...) ensure (...) adequate information security with respect to (...) confidentiality (...)" and "(...) may be punished with fines or up to one year in jail for (...) gross negligance (...)". So, does making a lookup table for secret database information consitute gross negligance? Hell, yeah, if you ask me.
Note 3: Our national law regarding the storing of personal information admits unauthorized storage of personal information as long as this is done with "journalistic intent", but IANAL, so who knows.
Epilogue: The school chose not to persue the case if the involved people (who made no attempt to hide their identity) deleted all their retrieved data and signed a statement saying they had done so. None had any intent except to stop the school from being so careless with information and signed. The student assistant application page was rewritten shortly after. With a scheme that identified you through a hash of your national ID (secret) in addition to your secret ID. Guessing both of these is not impossible, but adequately difficult, in my opinion. Listing all students is surely infeasible enough. It probably took 10 minutes to think out the new scheme and 15-20 minutes to implement. Hopefully these 30 minutes will be applied in the first place next time around, although I have my doubts (see someone else's post about who slashdotters trust).
> If this sort of thing is allowed to continue, how long before I can be convicted under some foreign dictatorship's censorship laws for something I said a thousand miles away? How about asking: How long since russian citizen Sklyarov was arrested when visiting US for breaking US law (DMCA) while in Russia. Now, this is not quite the same thing, but it surely has its place in the discussion about one nations laws being applied to actions committed in another nation. Google for Sklyarov or start reading the Free Sklyarov webpage
Or perhaps you should call it GNU/Linux, at least in this setting, considering that linux is only a kernel (read about Linux and GNU, some history will do you good). But more important here, the stated goal of the GNU project was to make a complete and free operating system, and is sponsored by the kind men and women of the Free Software Foundation, without which I think the software world would be a far worse place to work.