This may be odd, but a quick jaunt through the archive shows that RFC4 seems to predate it by a few days: it was born on March 24th vs. RFC1's April 7th...
-Jack Ash
My own impression of the book (some spoilers)
on
Digital Fortress
·
· Score: 4, Interesting
A few months back I read the DaVinci Code. I was impressed enough with the research the author did that my girlfriend went and got me Deception Point, and I got myself Digital Fortress. I read the both of them, and having now read 3 Dan Brown books I feel I can make a few generalizations:
(Spoiler warning!)
His plots and characters are paper thin. These books are the literary equivalent of your standard hollywood blockbuster movie (and by this I mean Independence Day, not LOTR). The main villain is always the guy closest to the character, a boss, confidant, etc. Motivation can be sexual, power, take your pick. The books are written so as to be ported directly to the big screen. You can almost see scene transitions between paragraphs. One of books chapters actually ended with "camera pan left, fade to black" (just kidding!:) )
The research for Digital Fortress was not as good as for DaVinci - we had the usual confusion between data and executable code (gee, you'd think government cryptogurus would know not to execute code contained within a suspect file), as well as exploding supercomputers, the ability to bypass every single security control by a clueless manager that should NOT be touching said supercomputer, etc. There's an actual 7 layer firewall somewhere that graphically displays the 7 walls, hacker attacks, and even displays each layer falling and the attackers getting closer and closer to the core of the system! Sure it's all explained away in some way or another, but it really makes no sense once you step back from it.
The plot for Deception Point was overly contrived and is designed as an excuse for shooting and chasing people around over a two hour movie, and does not stand up to the inspection of the reading pace of a book.
Now, don't get me wrong. I loved the books, they were fun, and even if the suspension of disbelief was a bit thin in some spots I would not hesitate to recommend any of them to almost anyone - it's just that Burger King is also tasty every once in a while, and seeing stuff blow up on screen while people chase each other is cool too.
MSN Messenger is down for me as well. I'm just glad to see that the Messenger Network Status page is up to the task of telling us if things are up or down (not!).
[quote]It is also very flexible and extendable, which, for Microsoft, can mean 'slow' and 'exploitable'.[quote]
Prepare for Karma burn in 5..4..3..2..
I guess nothing in the Linux world considered "flexible" and "extendable" can be considered "slow" or "exploitable"?
*cough* *cough* X-Windows *cough*.
Seriously, I don't like Microsoft any more than the next guy, but this kind of comment right on the front page shows why Slashdot has to be taken with a huge grain of salt to begin with. Let's all try to be a little bit more to the point and less editorial when posting news, mmmkay?
I have an actual Tablet PC that I use every day, the Acer C110. It's a wonderful tool, but it is not designed for use in the sunlight. Heck, it's not even that good when I sit at a conference room with bright lights above the center of the table - sitting at the edge of the table looking down on a horizontal reflective screen reflects the lights overhead... However, I have the ability to prop up my screen with my old PDA, which solves the issue quite nicely. The angle is just enough to avoid the lights.:)
The TabletPC is a wonderful tool. I wouldn't give mine up for anything in the world. Well, maybe something with a greater monetary value that I really wanted, as I would then go and buy myself another TabletPC - they're not in short supply.;) Anyway, this is not your best forum for TabletPC advice. I suggest you try heading over to TabletPCBuzz and use the forums there, you will find a TON of experts on the TabletPC.
Regardless of that, there's really a couple solutions:
a) If your application is a commercial app, designed to be run by just about anyone that chooses to purchase it, I'd suggest creating a "skins" menu for it, similar to the option within Franklin Covey's tabletplanner 3.0. This will allow your outdoor mostly users to pick a high contrast scheme, whereas the indoor users (or users who avoid using it until they are indoors) will pick a different one. Heck, even allow some form of button mapping to different schemes, mapped by default to your presets that test best under different conditions.
b) If you're targeting a vertical market and intend to design the whole solution, start to finish, I recall someone designed a TabletPC designed specifically for use outdoors. You could work that particular model into your design specs, and test your app out with the PC in question and the best looking/working colors, etc.
I apologize, as I do no recall what the specific model or maker was - I suggest you ask your question in the general forums at TabletPCBuzz. They will be able to provide you with further information.
My girlfriend likes stories, so adventure games seemed like a natural fit. After she saw me play through Longest Journey, she wanted to try some of her own, although a bit easier.
Long story short, although she's 30, she's now played every Nancy Drew adventure game from Her Interactive. And she's starting to branch out, she just completed Syberia, and likes a few simple "other games" like SuperMonkeyBall, or Mario Kart: Double Dash.
Google Receives Request for Licensing SCO IP. SCOX requests that Google pay up for using its secret Intellectual Property
MOUNTAIN VIEW, Calif. - January 10th, 2004- Google Inc. today announced that the SCO Group, Inc. had requested talks regarding Google's use of the Linux operating systems on their 10,000 server farm.
"Google should really give us a bunch of money" said Darl McBride. president and CEO. "We really are starting to run low on funds - I mean, YOU go and try to sue IBM. They're a fucking tank, fer chrissake" said the embattled McBride.
Upon hearing the request, Google founders Larry Page and Sergey Brin had one single thing to say:
"Ahahahahahahahahahaha ahahahahahahaahaha hahaaha hahahahahahaha ahahahahah ahahah aha ahahahahahahahahah ahahhahahahahahahahahah ahahah ahahahah ahaha haha aha ahahaha ahahhahaha ahah aha hah ahaha ah wheeeeee.... ". Added Brin "OK, that was funny. Now go away".
About SCO The SCO Group Inc. are a bunch of money grabbing whores who will probably end up in jail before this is all over.
About Google Google's innovative search technologies connect millions of people around the world with information every day. Founded in 1998 by Stanford Ph.D. students Larry Page and Sergey Brin, Google today is a top web property in all major global markets. Google's targeted advertising program, which is the largest and fastest growing in the industry, provides businesses of all sizes with measurable results, while enhancing the overall web experience for users. Google is headquartered in Silicon Valley with offices throughout North America, Europe, and Asia. For more information, visit www.google.com.
###
Google is a trademark of Google Inc. All other company and product names may be trademarks of the respective companies with which they are associated.
For further information: Nathan Tyler Google Inc. +1 650-623-4311 nate@google.com
What the author is complaining about here is that someone can take a WORLD OPENABLE FILE and modify it.
This is the exact same thing that we see on Slashdot every other day regarding DRM files. Repeat after me: If you can open it, you can change it. Heck, you can probably cut and paste the contents into a new unprotected Word document!
The only news here is that you can "reinsert" the password into the document. Big whooptie doo. Because if I were to publish a form in a public location I would not keep a protected backup elsewhere for it.
What's next?
"A researcher has discovered that by opening a document on one PC he can retype the document on the PC to his right in an unprotected format. The style of the document needed a little tweaking to match the original, but it was doable".
I mean, SERIOUSLY. These files merely have a small protection against being overwritten accidentally. If you want real protection in the Microsoft world, use EFS, share permissions, something else.
Word has a couple levels of protection:
1) Change protection. This is merely a stupid password to make sure you don't accidentally change the document, make sure you can only write in certain fields, etc. It's a poor man's DRM.
2) Read protection. This is true encryption. It was really poor under Office 95, but from Office 97 and forwards it has been significantly strengthened, to the point where it's now a pure brute force attack. Pick a line from a song as a passphrase and you won't break the document open in a million years.
Office 2003 is supposed to have some magical DRM properties that go even beyond these capabilities in that you can permission a document to be readable but not printable, you can forward only within an organization or you can expire the document in three days. When we see an article on how to break that (beyond digital camera and OCR) I'll be impressed.
This works for server, but not workstation/Pro/XP. The "workstation" class operating systems only support RAID 0 - not even sure if they do JBOD configurations. On the plus side, IDE RAID cards or even motherboards these days are quite inexpensive...
Seriously. Look it up. Essentially an inline gateway, runs an agent on your machine, and checks configuration settings. It's not an antivirus, it just checks the antivirus is running. It can check versions on files, or the existence of certain directories. The configuration resides on the server. And, if the inline server doesn't like what it sees, it blocks you from accessing the network. Period. No agent, no access. Messy configuration, no access. Funny business, no access.
It's a dream come true:). Of course everything is configurable, from the checks, to the responses, it can block you but warn you, redirect you to a public website to download patches, take your pick.
Supposedly the next version will integrate with Cisco switches and disable ports for misconfigured users so it won't need to be inline...
It's more of a bargain bin program. How exactly this is a "feather in Activision's cap" or whatever is beyond me. All this means is the game is now available for under $20, and hence maybe some more people will pick it up. It was probably already deeply discounted at your local Electronics Boutique anyway.
Let me put it this way: Halo, Grant Theft Auto III/VC, Zelda or Mario Sunshine are NOT on the "greatest platinum hits" for any of the systems, and I really don't know of any titles that would deserve that name more... That's because they still sell just fine at $50/copy.
Being put into the bargain bin really says "look at me, no one is buying me anymore". But it's great news for low budget gamers in search for a pretty decent game...
This is the funniest thing I've seen in a long time - it's like a multi-generational meeting. Kirk, didn't you use to take pride in dressing like the evil dude from Indy Jones? (I recall some funny comment on tufts.general about forgetting your anti-ark specs). And Grant Taylor, god of ACS:), living legend at my time...
I worked at Eaton right after Kirk did, with Roman, Merredith & Sarah, and Todd.
I was there when Henson (the machine) nearly died, and remember Jon Rozes going nuts at the keyboard. One of the external hard drives power supply died, and Jon was in a trance getting data out of there every time the disk spun up enough to be used. The funny thing was that I suggested splicing in power from the main power supply inside Henson - and things remained like that with an open case for 3 years!
Henson was retired over time (heck, the OSF/1 license expired!!!), Jumbolaya the NT server brought in, the Pentiums and above were brought up to Win95 in a 28 hour deployment marathon (486s went to Linux)... Good times.
Actually, I was a student at Tufts at the time they implemented the student network. At the time, ACS (Acedemic Computing Services) did require students to register MAC addresses, and I think I recall them assigning static IPs via DHCP or BOOTP (This was back in 95, DHCP was not very popular yet). You could let the network take care of everything for you, or you could enter it manually if you knew what you were doing...
I really don't remember if they used managed hubs/switches, but I recall it was a fairly trivial exercise to figure out where people were in a dorm by counting the IPs assigned (they had some pattern).
-Jack Ash (Miguel if anyone else from Tufts is reading)
Re: "Broadcast segments" - You are absolutely correct sir. My mistake. I unfortuantely have a tendency to use the word "broadcast" when in reality I mean collision. Broadcasts should indeed be passed to all interfaces, and the WET11 handles this appropriately. What I originally meant was that I thought bridges were supposed to separate collision domains - packets would only be passed through the bridge if the destination address was on the other side.
Re: behaviors: Indeed part 2 is a direct consequence of part 1. If you send packets out with a modified source MAC, the reply's destination will have to be that same modified MAC. However, I still fail to see why the WET11 needs to change MACs in the first place. D-Link has a device similar to the WET11 in function (sorry, don't know the name) that reportedly passes packets on transparently. From what I can tell, on my BEFW11S4 access point, the Wireless connector acts simply as a switched port. It keeps a table of attached MACs in order to minimize traffic effects.
Personally, I suspect Linksys is using the MAC translation in order to allow more devices behind WET11s to connect to a single Access Point. I mean, imagine your accesspoint has an address table of 5 MACs (just a sample number for my point). A single WET11 is designed to have up to 30 devices behind it, so passing each one's MAC address would overload the Access Point and make it not work. However, if a single MAC is passed for the whole network the Access Point would be able to handle up to 150 devices with 5 WET11s! NOTE: This is pure conjecture on my part.
I don't know if there's a difference between Infrastructure and Ad-Hoc modes. All I've worked with is Infrastructure, so I've no information on Ad-Hoc. However, Linksys has some documentation indicating that two WET11s, linked to each other in ad-hoc mode would allow XBoxes to communicate with each other, which might indicate no MAC changes in ad-hoc...
The way I see it, the WET11 should act as a pure bridge, and simply keep tabs on which MACs are on which side of the bridge and forward accordingly, and of course transparently. This would also allow the WET11 to forward protocols other than IP - one of the objectives you suggest...
I guess what I'm saying is if you're gonna build and market a Network Bridge, make it just a BRIDGE, dammit.:)
I was one of the early customers for the Linksys WET11. My hope at the time I bought it was to be able to hook it up to my Xbox game console and use it to play Xbox games online while running Gamespy or or XBConnect on my primary PC, and therefore not have to run any unsightly ethernet from my entertainment center into my computer room (I rent an apartment, and the landlord would appreciate me returning it eventually without too many extra holes).
Obviously, nothing is ever that simple. I discovered that the WET11 performs some wonky MAC addressing translations when forwarding packets. Seeing as Xbox System Link games depend entirely on ethernet addressing schemes, the WET11 proved to be useless for this - despite Linksys advertising it as a solution for Xbox gaming.
Correct me if I'm wrong - something labelled as a "Network Bridge" should pass packets from one side of the bridge to the other unaltered, and simply keep a table of what addresses are on what side so as to pass packets when necessary between two broadcast segments. WET11 converts all MAC addresses on its "wired" network into it's own address. The reverse is different - it'll reassemble incoming wireless packets based on what I guess was their original IP source, and place the MAC address it replaced with its own back in the packet. Go figure why they go through all the trouble. Of course this behavior is undocumented, so this took several hours of packet sniffing (so blame me, I don't deal with Layer 2 issues every day).
Now, Xbox Live is expected to work at the IP level, but that is'nt out until December. Existing System Link game like Halo only work on a local broadcast segment, using ethernet for addressing while sending out some horribly mangled non-RFC compliant ethernet packets that look like UDP but aren't.
The ethernet mangling caused problems with Gamespy and XBConnect, but I was able to get in touch with the developer for XBConnect and over a nice weekend hacking session we were able to cobble together support for the WET11 in his program - essentially it now has the option to look for the MAC address of the WET11, and retranslate that to that of an Xbox. The funny bit is on the return path from a remote Xbox, it needs to again translate the address of the local Xbox back to a WET11 so your average Access Point knows who to retransmit your Xbox packets to. Every Xbox game needs to go through four translations: two on the WET11 and two on XBC.
http://www.xbconnect.com
http://www.apoxx.org/community/viewforum.php?f=1 3 - this is the forum for XBC. Look for anything in there labelled WET11.
For corporations with Mucho Moolah(TM), you can get ISS Wireless Scanner ( http://www.iss.net/products_services/enterprise_pr otection/vulnerability_assessment/scanner_wireless.php ).
Actually it's a pretty cool product, it'll detect access points with SSID broadcast turned off, it'll detect wireless users, it'll even try to break into the access points (haven't used the feature much, so I'm not sure what it tries to do there).
Unfortunately it only runs on Win 2000 (I run it on XP, but that's unsupported), and only works with Orinoco cards and a couple of the known derivatives. On the plus side, it's got all the cool alerting features like SNMP and SMTP, and it has the "authorized list" of access points to minimize false positives...
-Jack Ash
PS: No, I'm not affiliated with ISS, but I run and administer their products at my office, including Wireless Scanner.
A couple of salient points come to mind when reading this article:
1) Recording games/presentations/etc. The reason why we don't do it is because if the system was capable of generating it real time in the first place, it's far less space intensive to record the parameters of the animation than the output. i.e. It's cheaper to say "Daemia fires rocket at these coordinates" than record an MPEG of said rocket shot. AND, as hardware gets better, your recording does too.
Which leads me to point 2:
2) Since it's cheaper to capture realtime animation by capturing parameters, the only use of the capture function would be NON-realtime applications - i.e. getting your Geforce5TiUltraPro to render an extremely complex scene with incredible realism at 1 fps. That's not a typo. If we have 10MB/s back-into-the-PC bandwidth and each super high resolution shot takes 10MB on average, we have a wonderful solution working at 1 fps. Spend the fill rates on 600 passes for each pixel or something like that. Imagine the quality of the scenes! Capture the damn things and be glad you're not rendering at 1 frame per hour like they were 5 years ago.
Repeat after me - if you're rendering for posterity you don't need real time... That'll come eventually.
Now, for this to happen, each and all of the proof methods must remain secure.
And there's the rub. Fingerprint verification is not just about verifying a fingerprint image.
It's about verifying a three dimesional image of a fingerprint (in optical sensors), with depth. Or the living, deep within third layer of skin (in some new capacitive sensors). On a live fingerprint (so they can't cut off your fingerprint). And that's not just heat sensors in there, there's also the ability to detect body electricity or resistance or whatever the heck it's called:). And as time goes by add a whole other array of verification checks, that make sure that not just the fingerprint image is unique, but the FINGER itself is unique.
The argument is similar to asking if a desktop scanner is good for ID, by placing your face in front of it. But the system can be fooled with a photograph. Well, if so, the system is not mature enough, and it needs to be reworked. It should have 3D, live person detection, thermal imaging, and a whole bunch of other stuff I can't even think of but which I'm sure you agree should be there. You should not be able to fool it just by mucking around with a picture.
Biometrics are unique identifiers. Let that sink in. You can clone some of their aspects but not all of them. I'm not sure if further research has been done, but I seem to remember that genetic twins do NOT share the same fingerprints, which would seem to put a damper in the idea of cloning an exact duplicate of your own fingerprint.
The main argument people have had so far against biometrics is that they could potentially be copied or bypassed. Yet, history shows that with each passing iteration the system will get better and better and it will be harder to fool the biometric sensor with a fake sample, until a point is reached where it is easier and more cost-effective to use some other hack (disassemble the reader and feed the system false electrical signals?) than faking the actual biometric presented.
The only real question in my mind is whether we are better off in a world where anyone can be you and you can be anyone else (passwords/tokens) or a world where only you can be you, but you can't be anyone else (biometrics). Both have compelling reasons of existance - freedom and responsibility - two components which are essential for healthy society to exist. The question is can you have responsibility without sacrificing freedom and anonymity?
-JackAsh
Think Smartcards that need to be inserted into a reader.
Sure you could rig some insane hack that reads a smartcard from somewhere else on the planet, but in general "something you have" really translates to "something you have access to".
Say that 1 in one million people have the same fingerprint as you in your left index finger. That's 6000 people worldwide that have the same fingerprint as you on hat finger.
Now what's the probability that they have the same fingerprint as you on their right index? AND their left middle finger? AND their right middle finger? AND they claim that their ID is Kanasta?
Actually there is no obscurity here - it's just a sound mathematical principle. Think about it this way - when you digitally sign a message with PGP or with a certificate a mathematical signature is created with a digest from your message that verifies in no uncertain terms that that message has not been tampered with (within a certain degree of probability). Obviously, the cryptographic message digest is of a certain fixed, limited size, which means there are a lot of character combinations that could have generated a digest like that, it's just that you are not likely to a) encouter them; or b) find one that makes sense in any language.
Fingerprints are similar to that. I'd suggest going to google images and search for the term "fingerprint minutiae" there's several graphics there that can explain it better than I ever will. But to simplify, let me suggest a simplified model:
My fingerprint, when scanned, results in a model that contains an XY grid centered in the image, with a diagonal ridge at coordinates 5,17; and a whorl at -6, 12; and a fork at 3, -4.
Now there's about 80 other minutiae on my finger, that my current scanner picks up, but this will suffice. As you can imagine you cannot reconstruct my fingerprint from this data. It's just impossible. You might get an idea of what it looks like, but it's never exact because the minutiae are not enough to describe the print itself.
You argument is sound - this is very similar to the crypt() function. One way, etc.
Except with this data you can very easily generate one print that will fool this one algorithm. Real easy, even - much more so than brute forcing a crypt() hash. Just create a basic fingerprint and modify it to contain those features within it. Heck, even make it a bit imperfect - a fingerprint is never read the same way twice, and most modern algorithms are smart enough to check for identity matches.
The problem is that the next algorithm at a different ATM or shop doesn't look for the same features, but rather different ones. It might focus on ridges exclusively and their relation to each other, or some other random bit. And unfortunately you do not have that data - you just have the data that was important to the other algorithm. In essence the minutiae algorithms are EXTREMELY lossy, so much so that you would need to crack more databases than you want in order to compromise a single print.
And hey, if all your fingerprints are compromised you can always switch back to passwords:).
I guess my point is technology will make it infeasible to duplicate fingerprints exactly - Biometrics (at least as related to computer authentication) are still in their infancy. Being able to dupe a system with a jello mold is not exactly an attack that should succeed on a mature system. But it'll grow, and get so insanely good it'll take a heck of a hack to get through it.:)
You raise interesting points. While there is a need for things like a witness protection program, what is making the system work is that systems have too many fingerprints in store, and there is a finite, highly probable chance that other people share your biometric - it's just that they don't know it. Comparing the minutiae points of two fingerprint samples might give a certain percentage match, but not 100% - A lot of other people (most systems default to 1 in 10000 false acceptance rate) will have a similar fingerprint given a large enough population in a business database. It is also computationally infeasible (most likely) to run a match against all fingerprints in the system once you have a large enough database (of course, this argument falls down with enough computing power and time).
In any event, as you yourself agree cash is always available as a last resort. And if you truly need a witness protection program I expect the Government will have enough resources to change or wipe your records from at least the databases that matter. Hopefully together with the new ID you'll move far away enough that you won't need to frequent the same businesses you were before (and a nice hello to globalization issues here).
Yes, I realize there will be problems, but nothing irresoluble with good will and a little bit of effort.
Think of the advantages on the other hand - Joe Shmoe is behind his child support payments and has skipped state - well, guess what - now you have a good chance of finding that deadbeat and getting him back on plan... And so on for any other number of crimes.
Look at it this other way. Shedding your ID right now is most likely illegal in some way (note, I said likely - there might be cases and forms in which it xan be done legally). And difficult. But it can be done. And people can still track you, with difficulty, but it can be done. This is merely one of those technologies that will make the former harder and the latter easier, but both will still be possible.
Slashdot Mirror
This may be odd, but a quick jaunt through the archive shows that RFC4 seems to predate it by a few days: it was born on March 24th vs. RFC1's April 7th...
-Jack Ash
A few months back I read the DaVinci Code. I was impressed enough with the research the author did that my girlfriend went and got me Deception Point, and I got myself Digital Fortress. I read the both of them, and having now read 3 Dan Brown books I feel I can make a few generalizations:
:) )
(Spoiler warning!)
His plots and characters are paper thin. These books are the literary equivalent of your standard hollywood blockbuster movie (and by this I mean Independence Day, not LOTR).
The main villain is always the guy closest to the character, a boss, confidant, etc. Motivation can be sexual, power, take your pick.
The books are written so as to be ported directly to the big screen. You can almost see scene transitions between paragraphs. One of books chapters actually ended with "camera pan left, fade to black" (just kidding!
The research for Digital Fortress was not as good as for DaVinci - we had the usual confusion between data and executable code (gee, you'd think government cryptogurus would know not to execute code contained within a suspect file), as well as exploding supercomputers, the ability to bypass every single security control by a clueless manager that should NOT be touching said supercomputer, etc. There's an actual 7 layer firewall somewhere that graphically displays the 7 walls, hacker attacks, and even displays each layer falling and the attackers getting closer and closer to the core of the system! Sure it's all explained away in some way or another, but it really makes no sense once you step back from it.
The plot for Deception Point was overly contrived and is designed as an excuse for shooting and chasing people around over a two hour movie, and does not stand up to the inspection of the reading pace of a book.
Now, don't get me wrong. I loved the books, they were fun, and even if the suspension of disbelief was a bit thin in some spots I would not hesitate to recommend any of them to almost anyone - it's just that Burger King is also tasty every once in a while, and seeing stuff blow up on screen while people chase each other is cool too.
-Jack Ash
Foundstone (http://www.foundstone.com), ISS Internet Scanner (http://www.iss.net).
Also try Nessus (http://www.nessus.org) on the free side of things.
-Jack Ash
MSN Messenger is down for me as well. I'm just glad to see that the Messenger Network Status page is up to the task of telling us if things are up or down (not!).
-JackAsh
[quote]It is also very flexible and extendable, which, for Microsoft, can mean 'slow' and 'exploitable'.[quote]
Prepare for Karma burn in 5..4..3..2..
I guess nothing in the Linux world considered "flexible" and "extendable" can be considered "slow" or "exploitable"?
*cough* *cough* X-Windows *cough*.
Seriously, I don't like Microsoft any more than the next guy, but this kind of comment right on the front page shows why Slashdot has to be taken with a huge grain of salt to begin with. Let's all try to be a little bit more to the point and less editorial when posting news, mmmkay?
-JackAsh
I have an actual Tablet PC that I use every day, the Acer C110. It's a wonderful tool, but it is not designed for use in the sunlight. Heck, it's not even that good when I sit at a conference room with bright lights above the center of the table - sitting at the edge of the table looking down on a horizontal reflective screen reflects the lights overhead... However, I have the ability to prop up my screen with my old PDA, which solves the issue quite nicely. The angle is just enough to avoid the lights. :)
;) Anyway, this is not your best forum for TabletPC advice. I suggest you try heading over to TabletPCBuzz and use the forums there, you will find a TON of experts on the TabletPC.
The TabletPC is a wonderful tool. I wouldn't give mine up for anything in the world. Well, maybe something with a greater monetary value that I really wanted, as I would then go and buy myself another TabletPC - they're not in short supply.
Regardless of that, there's really a couple solutions:
a) If your application is a commercial app, designed to be run by just about anyone that chooses to purchase it, I'd suggest creating a "skins" menu for it, similar to the option within Franklin Covey's tabletplanner 3.0. This will allow your outdoor mostly users to pick a high contrast scheme, whereas the indoor users (or users who avoid using it until they are indoors) will pick a different one. Heck, even allow some form of button mapping to different schemes, mapped by default to your presets that test best under different conditions.
b) If you're targeting a vertical market and intend to design the whole solution, start to finish, I recall someone designed a TabletPC designed specifically for use outdoors. You could work that particular model into your design specs, and test your app out with the PC in question and the best looking/working colors, etc.
I apologize, as I do no recall what the specific model or maker was - I suggest you ask your question in the general forums at TabletPCBuzz. They will be able to provide you with further information.
Best of luck,
-Jack Ash
My girlfriend likes stories, so adventure games seemed like a natural fit. After she saw me play through Longest Journey, she wanted to try some of her own, although a bit easier.
Long story short, although she's 30, she's now played every Nancy Drew adventure game from Her Interactive. And she's starting to branch out, she just completed Syberia, and likes a few simple "other games" like SuperMonkeyBall, or Mario Kart: Double Dash.
-Jack Ash
Google Receives Request for Licensing SCO IP.
SCOX requests that Google pay up for using its secret Intellectual Property
MOUNTAIN VIEW, Calif. - January 10th, 2004- Google Inc. today announced that the SCO Group, Inc. had requested talks regarding Google's use of the Linux operating systems on their 10,000 server farm.
"Google should really give us a bunch of money" said Darl McBride. president and CEO. "We really are starting to run low on funds - I mean, YOU go and try to sue IBM. They're a fucking tank, fer chrissake" said the embattled McBride.
Upon hearing the request, Google founders Larry Page and Sergey Brin had one single thing to say:
"Ahahahahahahahahahaha ahahahahahahaahaha hahaaha hahahahahahaha ahahahahah ahahah aha ahahahahahahahahah ahahhahahahahahahahahah ahahah ahahahah ahaha haha aha ahahaha ahahhahaha ahah aha hah ahaha ah wheeeeee.... ". Added Brin "OK, that was funny. Now go away".
About SCO
The SCO Group Inc. are a bunch of money grabbing whores who will probably end up in jail before this is all over.
About Google
Google's innovative search technologies connect millions of people around the world with information every day. Founded in 1998 by Stanford Ph.D. students Larry Page and Sergey Brin, Google today is a top web property in all major global markets. Google's targeted advertising program, which is the largest and fastest growing in the industry, provides businesses of all sizes with measurable results, while enhancing the overall web experience for users. Google is headquartered in Silicon Valley with offices throughout North America, Europe, and Asia. For more information, visit www.google.com.
###
Google is a trademark of Google Inc. All other company and product names may
be trademarks of the respective companies with which they are associated.
For further information:
Nathan Tyler
Google Inc.
+1 650-623-4311
nate@google.com
I mean, honestly.
What the author is complaining about here is that someone can take a WORLD OPENABLE FILE and modify it.
This is the exact same thing that we see on Slashdot every other day regarding DRM files. Repeat after me: If you can open it, you can change it. Heck, you can probably cut and paste the contents into a new unprotected Word document!
The only news here is that you can "reinsert" the password into the document. Big whooptie doo. Because if I were to publish a form in a public location I would not keep a protected backup elsewhere for it.
What's next?
"A researcher has discovered that by opening a document on one PC he can retype the document on the PC to his right in an unprotected format. The style of the document needed a little tweaking to match the original, but it was doable".
I mean, SERIOUSLY. These files merely have a small protection against being overwritten accidentally. If you want real protection in the Microsoft world, use EFS, share permissions, something else.
Word has a couple levels of protection:
1) Change protection. This is merely a stupid password to make sure you don't accidentally change the document, make sure you can only write in certain fields, etc. It's a poor man's DRM.
2) Read protection. This is true encryption. It was really poor under Office 95, but from Office 97 and forwards it has been significantly strengthened, to the point where it's now a pure brute force attack. Pick a line from a song as a passphrase and you won't break the document open in a million years.
Office 2003 is supposed to have some magical DRM properties that go even beyond these capabilities in that you can permission a document to be readable but not printable, you can forward only within an organization or you can expire the document in three days. When we see an article on how to break that (beyond digital camera and OCR) I'll be impressed.
-Jack Ash
This works for server, but not workstation/Pro/XP. The "workstation" class operating systems only support RAID 0 - not even sure if they do JBOD configurations. On the plus side, IDE RAID cards or even motherboards these days are quite inexpensive...
-Jack Ash
One word:
:). Of course everything is configurable, from the checks, to the responses, it can block you but warn you, redirect you to a public website to download patches, take your pick.
Cybergatekeeper.
Seriously. Look it up. Essentially an inline gateway, runs an agent on your machine, and checks configuration settings. It's not an antivirus, it just checks the antivirus is running. It can check versions on files, or the existence of certain directories. The configuration resides on the server. And, if the inline server doesn't like what it sees, it blocks you from accessing the network. Period. No agent, no access. Messy configuration, no access. Funny business, no access.
It's a dream come true
Supposedly the next version will integrate with Cisco switches and disable ports for misconfigured users so it won't need to be inline...
-Jack Ash
...is it's got very poor replayability, unless you pick the Buddhist specialization (or so I hear).
-Jack Ash
It's more of a bargain bin program. How exactly this is a "feather in Activision's cap" or whatever is beyond me. All this means is the game is now available for under $20, and hence maybe some more people will pick it up. It was probably already deeply discounted at your local Electronics Boutique anyway.
Let me put it this way: Halo, Grant Theft Auto III/VC, Zelda or Mario Sunshine are NOT on the "greatest platinum hits" for any of the systems, and I really don't know of any titles that would deserve that name more... That's because they still sell just fine at $50/copy.
Being put into the bargain bin really says "look at me, no one is buying me anymore". But it's great news for low budget gamers in search for a pretty decent game...
-Jack Ash
This is the funniest thing I've seen in a long time - it's like a multi-generational meeting. Kirk, didn't you use to take pride in dressing like the evil dude from Indy Jones? (I recall some funny comment on tufts.general about forgetting your anti-ark specs). And Grant Taylor, god of ACS :), living legend at my time...
I worked at Eaton right after Kirk did, with Roman, Merredith & Sarah, and Todd.
I was there when Henson (the machine) nearly died, and remember Jon Rozes going nuts at the keyboard. One of the external hard drives power supply died, and Jon was in a trance getting data out of there every time the disk spun up enough to be used. The funny thing was that I suggested splicing in power from the main power supply inside Henson - and things remained like that with an open case for 3 years!
Henson was retired over time (heck, the OSF/1 license expired!!!), Jumbolaya the NT server brought in, the Pentiums and above were brought up to Win95 in a 28 hour deployment marathon (486s went to Linux)... Good times.
Later, all.
-Miguel
Actually, I was a student at Tufts at the time they implemented the student network. At the time, ACS (Acedemic Computing Services) did require students to register MAC addresses, and I think I recall them assigning static IPs via DHCP or BOOTP (This was back in 95, DHCP was not very popular yet). You could let the network take care of everything for you, or you could enter it manually if you knew what you were doing...
I really don't remember if they used managed hubs/switches, but I recall it was a fairly trivial exercise to figure out where people were in a dorm by counting the IPs assigned (they had some pattern).
-Jack Ash
(Miguel if anyone else from Tufts is reading)
Re: "Broadcast segments" - You are absolutely correct sir. My mistake. I unfortuantely have a tendency to use the word "broadcast" when in reality I mean collision. Broadcasts should indeed be passed to all interfaces, and the WET11 handles this appropriately. What I originally meant was that I thought bridges were supposed to separate collision domains - packets would only be passed through the bridge if the destination address was on the other side.
:)
Re: behaviors: Indeed part 2 is a direct consequence of part 1. If you send packets out with a modified source MAC, the reply's destination will have to be that same modified MAC. However, I still fail to see why the WET11 needs to change MACs in the first place. D-Link has a device similar to the WET11 in function (sorry, don't know the name) that reportedly passes packets on transparently. From what I can tell, on my BEFW11S4 access point, the Wireless connector acts simply as a switched port. It keeps a table of attached MACs in order to minimize traffic effects.
Personally, I suspect Linksys is using the MAC translation in order to allow more devices behind WET11s to connect to a single Access Point. I mean, imagine your accesspoint has an address table of 5 MACs (just a sample number for my point). A single WET11 is designed to have up to 30 devices behind it, so passing each one's MAC address would overload the Access Point and make it not work. However, if a single MAC is passed for the whole network the Access Point would be able to handle up to 150 devices with 5 WET11s! NOTE: This is pure conjecture on my part.
I don't know if there's a difference between Infrastructure and Ad-Hoc modes. All I've worked with is Infrastructure, so I've no information on Ad-Hoc. However, Linksys has some documentation indicating that two WET11s, linked to each other in ad-hoc mode would allow XBoxes to communicate with each other, which might indicate no MAC changes in ad-hoc...
The way I see it, the WET11 should act as a pure bridge, and simply keep tabs on which MACs are on which side of the bridge and forward accordingly, and of course transparently. This would also allow the WET11 to forward protocols other than IP - one of the objectives you suggest...
I guess what I'm saying is if you're gonna build and market a Network Bridge, make it just a BRIDGE, dammit.
-Jack Ash
I was one of the early customers for the Linksys WET11. My hope at the time I bought it was to be able to hook it up to my Xbox game console and use it to play Xbox games online while running Gamespy or or XBConnect on my primary PC, and therefore not have to run any unsightly ethernet from my entertainment center into my computer room (I rent an apartment, and the landlord would appreciate me returning it eventually without too many extra holes).
1 3 - this is the forum for XBC. Look for anything in there labelled WET11.
Obviously, nothing is ever that simple. I discovered that the WET11 performs some wonky MAC addressing translations when forwarding packets. Seeing as Xbox System Link games depend entirely on ethernet addressing schemes, the WET11 proved to be useless for this - despite Linksys advertising it as a solution for Xbox gaming.
Correct me if I'm wrong - something labelled as a "Network Bridge" should pass packets from one side of the bridge to the other unaltered, and simply keep a table of what addresses are on what side so as to pass packets when necessary between two broadcast segments. WET11 converts all MAC addresses on its "wired" network into it's own address. The reverse is different - it'll reassemble incoming wireless packets based on what I guess was their original IP source, and place the MAC address it replaced with its own back in the packet. Go figure why they go through all the trouble. Of course this behavior is undocumented, so this took several hours of packet sniffing (so blame me, I don't deal with Layer 2 issues every day).
Now, Xbox Live is expected to work at the IP level, but that is'nt out until December. Existing System Link game like Halo only work on a local broadcast segment, using ethernet for addressing while sending out some horribly mangled non-RFC compliant ethernet packets that look like UDP but aren't.
The ethernet mangling caused problems with Gamespy and XBConnect, but I was able to get in touch with the developer for XBConnect and over a nice weekend hacking session we were able to cobble together support for the WET11 in his program - essentially it now has the option to look for the MAC address of the WET11, and retranslate that to that of an Xbox. The funny bit is on the return path from a remote Xbox, it needs to again translate the address of the local Xbox back to a WET11 so your average Access Point knows who to retransmit your Xbox packets to. Every Xbox game needs to go through four translations: two on the WET11 and two on XBC.
http://www.xbconnect.com
http://www.apoxx.org/community/viewforum.php?f=
-Jack Ash
For corporations with Mucho Moolah(TM), you can get ISS Wireless Scanner ( http://www.iss.net/products_services/enterprise_pr otection/vulnerability_assessment/scanner_wireless .php ).
Actually it's a pretty cool product, it'll detect access points with SSID broadcast turned off, it'll detect wireless users, it'll even try to break into the access points (haven't used the feature much, so I'm not sure what it tries to do there).
Unfortunately it only runs on Win 2000 (I run it on XP, but that's unsupported), and only works with Orinoco cards and a couple of the known derivatives. On the plus side, it's got all the cool alerting features like SNMP and SMTP, and it has the "authorized list" of access points to minimize false positives...
-Jack Ash
PS: No, I'm not affiliated with ISS, but I run and administer their products at my office, including Wireless Scanner.
A couple of salient points come to mind when reading this article:
1) Recording games/presentations/etc. The reason why we don't do it is because if the system was capable of generating it real time in the first place, it's far less space intensive to record the parameters of the animation than the output. i.e. It's cheaper to say "Daemia fires rocket at these coordinates" than record an MPEG of said rocket shot. AND, as hardware gets better, your recording does too.
Which leads me to point 2:
2) Since it's cheaper to capture realtime animation by capturing parameters, the only use of the capture function would be NON-realtime applications - i.e. getting your Geforce5TiUltraPro to render an extremely complex scene with incredible realism at 1 fps. That's not a typo. If we have 10MB/s back-into-the-PC bandwidth and each super high resolution shot takes 10MB on average, we have a wonderful solution working at 1 fps. Spend the fill rates on 600 passes for each pixel or something like that. Imagine the quality of the scenes! Capture the damn things and be glad you're not rendering at 1 frame per hour like they were 5 years ago.
Repeat after me - if you're rendering for posterity you don't need real time... That'll come eventually.
-JackAsh
Now, for this to happen, each and all of the proof methods must remain secure. And there's the rub. Fingerprint verification is not just about verifying a fingerprint image. It's about verifying a three dimesional image of a fingerprint (in optical sensors), with depth. Or the living, deep within third layer of skin (in some new capacitive sensors). On a live fingerprint (so they can't cut off your fingerprint). And that's not just heat sensors in there, there's also the ability to detect body electricity or resistance or whatever the heck it's called :). And as time goes by add a whole other array of verification checks, that make sure that not just the fingerprint image is unique, but the FINGER itself is unique.
The argument is similar to asking if a desktop scanner is good for ID, by placing your face in front of it. But the system can be fooled with a photograph. Well, if so, the system is not mature enough, and it needs to be reworked. It should have 3D, live person detection, thermal imaging, and a whole bunch of other stuff I can't even think of but which I'm sure you agree should be there. You should not be able to fool it just by mucking around with a picture.
Biometrics are unique identifiers. Let that sink in. You can clone some of their aspects but not all of them. I'm not sure if further research has been done, but I seem to remember that genetic twins do NOT share the same fingerprints, which would seem to put a damper in the idea of cloning an exact duplicate of your own fingerprint.
The main argument people have had so far against biometrics is that they could potentially be copied or bypassed. Yet, history shows that with each passing iteration the system will get better and better and it will be harder to fool the biometric sensor with a fake sample, until a point is reached where it is easier and more cost-effective to use some other hack (disassemble the reader and feed the system false electrical signals?) than faking the actual biometric presented.
The only real question in my mind is whether we are better off in a world where anyone can be you and you can be anyone else (passwords/tokens) or a world where only you can be you, but you can't be anyone else (biometrics). Both have compelling reasons of existance - freedom and responsibility - two components which are essential for healthy society to exist. The question is can you have responsibility without sacrificing freedom and anonymity?
-JackAsh
Think Smartcards that need to be inserted into a reader.
Sure you could rig some insane hack that reads a smartcard from somewhere else on the planet, but in general "something you have" really translates to "something you have access to".
-JackAsh
Say that 1 in one million people have the same fingerprint as you in your left index finger. That's 6000 people worldwide that have the same fingerprint as you on hat finger.
Now what's the probability that they have the same fingerprint as you on their right index? AND their left middle finger? AND their right middle finger? AND they claim that their ID is Kanasta?
-JackAsh
Good, bad... I'm the guy with the gun.
-JackAsh
Penguin,
:).
:)
Actually there is no obscurity here - it's just a sound mathematical principle. Think about it this way - when you digitally sign a message with PGP or with a certificate a mathematical signature is created with a digest from your message that verifies in no uncertain terms that that message has not been tampered with (within a certain degree of probability). Obviously, the cryptographic message digest is of a certain fixed, limited size, which means there are a lot of character combinations that could have generated a digest like that, it's just that you are not likely to a) encouter them; or b) find one that makes sense in any language.
Fingerprints are similar to that. I'd suggest going to google images and search for the term "fingerprint minutiae" there's several graphics there that can explain it better than I ever will. But to simplify, let me suggest a simplified model:
My fingerprint, when scanned, results in a model that contains an XY grid centered in the image, with a diagonal ridge at coordinates 5,17; and a whorl at -6, 12; and a fork at 3, -4.
Now there's about 80 other minutiae on my finger, that my current scanner picks up, but this will suffice. As you can imagine you cannot reconstruct my fingerprint from this data. It's just impossible. You might get an idea of what it looks like, but it's never exact because the minutiae are not enough to describe the print itself.
You argument is sound - this is very similar to the crypt() function. One way, etc.
Except with this data you can very easily generate one print that will fool this one algorithm. Real easy, even - much more so than brute forcing a crypt() hash. Just create a basic fingerprint and modify it to contain those features within it. Heck, even make it a bit imperfect - a fingerprint is never read the same way twice, and most modern algorithms are smart enough to check for identity matches.
The problem is that the next algorithm at a different ATM or shop doesn't look for the same features, but rather different ones. It might focus on ridges exclusively and their relation to each other, or some other random bit. And unfortunately you do not have that data - you just have the data that was important to the other algorithm. In essence the minutiae algorithms are EXTREMELY lossy, so much so that you would need to crack more databases than you want in order to compromise a single print.
And hey, if all your fingerprints are compromised you can always switch back to passwords
I guess my point is technology will make it infeasible to duplicate fingerprints exactly - Biometrics (at least as related to computer authentication) are still in their infancy. Being able to dupe a system with a jello mold is not exactly an attack that should succeed on a mature system. But it'll grow, and get so insanely good it'll take a heck of a hack to get through it.
-JackAsh
You raise interesting points. While there is a need for things like a witness protection program, what is making the system work is that systems have too many fingerprints in store, and there is a finite, highly probable chance that other people share your biometric - it's just that they don't know it. Comparing the minutiae points of two fingerprint samples might give a certain percentage match, but not 100% - A lot of other people (most systems default to 1 in 10000 false acceptance rate) will have a similar fingerprint given a large enough population in a business database. It is also computationally infeasible (most likely) to run a match against all fingerprints in the system once you have a large enough database (of course, this argument falls down with enough computing power and time).
In any event, as you yourself agree cash is always available as a last resort. And if you truly need a witness protection program I expect the Government will have enough resources to change or wipe your records from at least the databases that matter. Hopefully together with the new ID you'll move far away enough that you won't need to frequent the same businesses you were before (and a nice hello to globalization issues here).
Yes, I realize there will be problems, but nothing irresoluble with good will and a little bit of effort.
Think of the advantages on the other hand - Joe Shmoe is behind his child support payments and has skipped state - well, guess what - now you have a good chance of finding that deadbeat and getting him back on plan... And so on for any other number of crimes.
Look at it this other way. Shedding your ID right now is most likely illegal in some way (note, I said likely - there might be cases and forms in which it xan be done legally). And difficult. But it can be done. And people can still track you, with difficulty, but it can be done. This is merely one of those technologies that will make the former harder and the latter easier, but both will still be possible.
-JackAsh