This sort of thing is the reason I was in favour of lawsuits against companies in the 80's and 90's who'd profited from slave labour back in WWII.
If US companies now sense that dealing with nasty totalitarian states can result in an expensive lawsuit in the future it might make them a bit more wary of doing it.
As for Microsoft I'm the odd situation of disliking them intensely now on slashdot long after it was fashionable to do so. Back in the days when most people here hated them I actually didn't really object to them so much.
Now it's like everything they announce is an attempt to troll me.
I once worked with a guy who had their irritating "GoDaddy! GoDaddy! who's your daddy" jingle as his ringtone. I suspected he might have been a paedophile.
But the anonymity will only matter wen you connect to the tracker.
Not exactly. Suppose you connect to the tracker and act as a VPN server. Suppose the only people that connect to you are also VPN servers with a few peers at the edge of the cloud. Suppose everything is set up so the routing data is in RAM and will be binned once the torrent is done. Also none of the VPN servers in the middle of the cloud can decode what they're passing on.
Now at that point it's extremely hard for anyone to pin any piracy on anyone. It's even hard for the peers to tell what's really going on - once you go through two more VPN servers it's probably impossible.
you will get no speed boost by using a peer as a VPN server
Also, while the combined bandwidth is quite high, a lot of users do not have good upload speed - I had 768kbps until about a year ago.
Well you might compared to using a VPN service. All the ones I've used are painfully slow. Slower than my ADSL upload rate in fact, let alone my ADSL download rate.
If one of those is in the chain, you will get limited speed too.
Well you can ameliorate this a bit by connecting to a few servers and dropping the slowest one periodically. Rather like bitorrent already works in fact - I'm just adding VPN in to obfuscate things.
The people that run TOR discourage torrenting for just that reason. The bandwidth problem is the root of that - bittorrent has a way of sucking up available bandwidth and they want to use the bandwidth for their own nefarious purposes. Given that a swarm of biittorrent clients has a very high aggregate bandwidth why not use it to add anonymity to the torrenters?
But what if the RIAA advertises its computers as VPN servers (in your system)?
Well it's not as bad as you think. The idea is that you stack VPN servers. So each VPN server can't really tell what it's forwarding.
One problem with bittorrent is that it's too easy to find peer IP addresses.
Let's suppose the RIAA connect to the tracker. They can get a list of IP addresses and then contact the ISP to convert those into names and addresses to be sent a subpoena.
Now one way to get around this is to use a VPN. But most VPN providers are not able to provide sufficient bandwidth to get your warez.
Actually imagine the following scheme.
Everyone agrees that they will provide a VPN service when torrenting. Now a few people connect to the tracker and start downloading. They advertise their willingness to act as VPN servers to the tracker. People connect to them and also advertise their willingness to act as a VPN server. At some point the people connected directly can shuffle to the back of the queue, i.e. connect via one or more VPN servers.
If correctly coded it seems like it would almost impossible to track a downloader downloading via VPN to a real IP address. At most could be tracked to one of the VPN servers which would discard their data when they stopped.
Now It's not foolproof - some people need to connect directly to the tracker and they would be traceable.
You could imagine that the people in piracy friendly jurisdictions (e.g. Scandindavia) would volunteer to connect directly to the tracker and tell it they'd act as VPN servers. People in piracy unfriendly jurisdictions (e.g. US/UK) would opt to only connect via their VPN service. The only way to stop this would be to block VPN completely. Even China doesn't do that because big companies love VPN segments to connect their intranets over the internet.
Incidentally that's another happy side effect of my scheme - people in repressive places can easily find a VPN server. Maybe trackers could be set up solely for people willing to act as a VPN server, unconnected to torrents.
In many ways it gives you a completely anonymous internet - basically TOR but mainstreamed.
I got the complete works of Mozart off PirateBay and loaded it onto a 16GB iPod. Somewhat bizarrely the iPod didn't actually attempt to scroll the long song names. iTunes took ages and ages to import the files too. Basically it was completely useless, even though on a PC Winamp played the same files really well. I could even type j[Köchel number] to navigate around.
So I guess if you're a Apple product user you have small collections of songs with names like "Sex", "Violence", "Titties" and so on which you bought off iTunes because your friends told you to. And yeah, I'm sure they're ironically stupid songs rather than just really stupid songs.
Having spent some time in Taiwan I'd say it works like this
5% of the population want de jure independence as opposed to the current de facto sort. If Taiwan declared de jure independence the Chinese would invade.
5% of the population want to join China.
90% of the population want to keep the status quo for the time being.
But it's more complex than that - the people that want to join China actually want to join the Republic of China, not the People's Republic.
So really the overwhelming majority are waiting for a change in the PRC. Then you'd see a real debate about whether to join a federal democratic China or go their own way.
It's entirely possible that the CEO and his cronies are making more money at RIM than they could anywhere else, at any time, even if they drive the company into the ground.
Pretty much really.
Most CEO's have share options and a very generous golden parachute. So their incentive is to convince people everything is OK for long enough for the shares to vest and then bail out.
I think most medium sized companies follow a ballistic path in terms of value. They start off small and very efficient and grow very quickly. Then there is a plateau when they are highly inefficient but still have a large enough income to be viable. Eventually there is a decline as old sources of income dry up and the company is too sclerotic to find new ones. During the plateau phase everyone keeps their heads down and says positive things and hopes the decline will come after they've moved on.
Except for dudes like this that don't. But they just get fired. Of course if you really want to work for a dynamic company then you need to start your own. Mind you you're unlikely to get as good a salary as you'd get at RIM.
Dunno where you worked but most of the places I worked would fire this guy for "reducing user confidence in the brand" or some such. They'd probably lose any money in the salary/pension pipeline too.
If they sued the company's lawyers would say that they've owed the company millions - i.e. they were solely to blame for any subsequent share price decline.
You'll probably end up in a SuperMax prison if you do something like that. And people will forget about you and still plug in USB sticks they find in the carpark.
In a sense it's a bit like trolling slashdot with inconvenient truths. You'll get hidden from the hivemind and the hivemind will go on unbothered by them.
Well if I was a nanobot I'd deduce that the humans back on Earth were a clear and present danger to the national security of Alpha Centauri and send a relativistic kill vehicle back to get rid of them. The cool thing about RKVs is that you could fragment them before impact and pepper the planet with impactors. Then following on behind you could have machines that would go into Earth orbit to bomb and then colonise the planet. That combined effect of a devastating cluster nuking to upset the biosphere followed by invasion by numerous varieties of grey goo would be very hard to defend against.
But then again I've always been a complete cunt, cuntier than 99.9% of the population. So maybe they won't do anything like that. Maybe when the nanobot equivalent of Hal_Porter said "Earth delenda est"at the end of each speech in the Alpha Centauri they'd all say "No! The humans are nice! Let's send them the message so they can come here and tell us what to do".
As we move into the realm of ChipSats, Peck has my full attention. Take the ChipSat to its logical conclusion and you can envision thousands of tiny spacecraft slung out from the Solar System at ten percent of lightspeed to make the journey to the Centauri stars. "When these small craft arrive," says Peck (I'm quoting from Larry's story again), "they might send back a single, simple signal; one bit of information confirming or denying some scientific principle, such as is there a blue-green planet, for example."
Michio Kaku suggested "emailing" DNA samples to a spacestation built by nanobots that were sent out at 0.1c to a nearby star. There the colonists would be assembled. Of course to make the process work you'd need to email their mental state too which requires some non trivial discoveries to get working. But the fact we could send nanonprobes at 0.1c seems pretty damn impressive to me.
> Not necessarily, that security is only enforced by the kernel if an app requests to access something thru itvia an API. A buffer overflow or vector go around the kernel and write it directly using assembly and not using the win32 API.
User mode code can't access hardware registers because they're mapped kernel mode only. So code would need to get into kernel mode which requires an unpatched exploit. Also there are a lot of different types of disk controller out there now - they're not all IDE anymore. So malware than did direct hardware access would need to build in drivers for at least the most popular controller - AHCI. It would be hard to do this by direct hardware access without bricking the system because the Windows driver is accessing the device at the same time. No malware I know of can access disk hardware directly.
> If you have WindowsXP the problem is worse as the CPU has no way to tell the difference between data and executable bytes.
Post SP3 and on pretty much any modern CPU you have DEP which means that the CPU will catch attempts to execute data pages and the OS will abort the process.
> Flash uses images but Windows considers it an executable and will simply let it run full access.
I'm not really sure what you're trying to say here. Flash is an exe file. But the code is run in user mode and if you don't run as admin neither does any process on your machine. So even if you can do a buffer flow exploit in flash and get arbitrary code execution you still need to do another exploit to get admin rights or into kernel mode before you can do any real damage. Non admin user mode code is very limited in terms of what it can do.
Running as non admin is not perfect but it does add one more hurdle exploits have to clear. The other thing you can do is to run Secunia PSI to keep flash patched and run Microsoft Security Essentials to scan for malicious code. Also I run AdBlock on Opera since some ad server sites have accidentally distributed malware in the past. And I don't pirate software. I like Opera but it has a rather low market share - if I were writing malware I'd aim at IE and/or Firefox and ignore the less popular browsers.
I've never had a virus on Windows. Though I suspect if someone skilled really tried hard - e.g. the people that wrote the Aurora malware - they could probably infect machines like mine. But you're talking about governments then - not the sort of people who run botnets made up mostly of low hanging fruit machines. Which are a lot more common than set ups like mine.
fyi lotus notes mgraton over the wkend mandatory unpaid overtime for all in us/eu
Most BlackBerry users are probably just executive types who use e-mail to add a one-line top-posted canned response like "FYI:" or "Why?"
Well yeah, but they do it while quaffing free champagne waiting to board their business class flight.
The "email power users" are all shackled to the desk back at the office doing the actual work. And the execs can force them to migrate to Lotus Notes if they feel like poking the serfs in the eye.
I once did some consultancy for a baseband chipset manufacturer. They explained that operators subsidize phones for about $200 and any hack means that they would lose that. The deals they signed had penalty clauses so it affected them too.
The whole system was very secure - all code executed was digitally signed. All signatures were checked before the code was executed. The boot rom had the public key so it could verify signatures but not the private key necessary to sign them. They had a clever trust chain scheme to minimize the chance of operator keys being leaked.
They had anti downgrade protection - so if one version was cracked they'd OTA update it with a fixed version secure in the knowledge the users would not be able to undo that.
Now I think AT&T subsidizes iPhones for more - around $480. I.e. $20 per month for a 24 month contract. Of course the hapless victims that buy iPhones end up paying much more than $20 per month for their service - say $70. If they could unlock the phone they could stop paying AT&T and get a cheaper contract than $70. So AT&T lose big money if iPhones are cracked.
I.e. Apple doesn't sell phones to users, it sells users to AT&T.
They don't block downgrading as some sort of "trap". It's to limit the number of potential issues people can have. It's part of what makes Apple products "just work", and is done with the intention of making compelling hardware on those grounds.
Plus of course if they block downgrading you can't downgrade to a jailbreakable version.
Funny how Apple fans brag that Apple stuff is more secure but then say they can jailbreak it by visiting a website. And when Apple decide to fix the exploit they downgrade to be able to keep jailbreaking. And then when Apple stop that they explain it's all for their own good.
Seriously believing all those mutually contradictory things simultaneously is actually quite impressive.
Slashdot Mirror
This sort of thing is the reason I was in favour of lawsuits against companies in the 80's and 90's who'd profited from slave labour back in WWII.
If US companies now sense that dealing with nasty totalitarian states can result in an expensive lawsuit in the future it might make them a bit more wary of doing it.
As for Microsoft I'm the odd situation of disliking them intensely now on slashdot long after it was fashionable to do so. Back in the days when most people here hated them I actually didn't really object to them so much.
Now it's like everything they announce is an attempt to troll me.
GoDaddy = the worst in the world.
I once worked with a guy who had their irritating "GoDaddy! GoDaddy! who's your daddy" jingle as his ringtone. I suspected he might have been a paedophile.
But the anonymity will only matter wen you connect to the tracker.
Not exactly. Suppose you connect to the tracker and act as a VPN server. Suppose the only people that connect to you are also VPN servers with a few peers at the edge of the cloud. Suppose everything is set up so the routing data is in RAM and will be binned once the torrent is done. Also none of the VPN servers in the middle of the cloud can decode what they're passing on.
Now at that point it's extremely hard for anyone to pin any piracy on anyone. It's even hard for the peers to tell what's really going on - once you go through two more VPN servers it's probably impossible.
you will get no speed boost by using a peer as a VPN server
Also, while the combined bandwidth is quite high, a lot of users do not have good upload speed - I had 768kbps until about a year ago.
Well you might compared to using a VPN service. All the ones I've used are painfully slow. Slower than my ADSL upload rate in fact, let alone my ADSL download rate.
If one of those is in the chain, you will get limited speed too.
Well you can ameliorate this a bit by connecting to a few servers and dropping the slowest one periodically. Rather like bitorrent already works in fact - I'm just adding VPN in to obfuscate things.
Or you can use TOR. The problem is bandwidth.
The people that run TOR discourage torrenting for just that reason. The bandwidth problem is the root of that - bittorrent has a way of sucking up available bandwidth and they want to use the bandwidth for their own nefarious purposes. Given that a swarm of biittorrent clients has a very high aggregate bandwidth why not use it to add anonymity to the torrenters?
But what if the RIAA advertises its computers as VPN servers (in your system)?
Well it's not as bad as you think. The idea is that you stack VPN servers. So each VPN server can't really tell what it's forwarding.
Isn't he a slashdot intern? He'd probably get beaten badly for complaining about interns being mistreated.
One problem with bittorrent is that it's too easy to find peer IP addresses.
Let's suppose the RIAA connect to the tracker. They can get a list of IP addresses and then contact the ISP to convert those into names and addresses to be sent a subpoena.
Now one way to get around this is to use a VPN. But most VPN providers are not able to provide sufficient bandwidth to get your warez.
Actually imagine the following scheme.
Everyone agrees that they will provide a VPN service when torrenting. Now a few people connect to the tracker and start downloading. They advertise their willingness to act as VPN servers to the tracker. People connect to them and also advertise their willingness to act as a VPN server. At some point the people connected directly can shuffle to the back of the queue, i.e. connect via one or more VPN servers.
If correctly coded it seems like it would almost impossible to track a downloader downloading via VPN to a real IP address. At most could be tracked to one of the VPN servers which would discard their data when they stopped.
Now It's not foolproof - some people need to connect directly to the tracker and they would be traceable.
You could imagine that the people in piracy friendly jurisdictions (e.g. Scandindavia) would volunteer to connect directly to the tracker and tell it they'd act as VPN servers. People in piracy unfriendly jurisdictions (e.g. US/UK) would opt to only connect via their VPN service. The only way to stop this would be to block VPN completely. Even China doesn't do that because big companies love VPN segments to connect their intranets over the internet.
Incidentally that's another happy side effect of my scheme - people in repressive places can easily find a VPN server. Maybe trackers could be set up solely for people willing to act as a VPN server, unconnected to torrents.
In many ways it gives you a completely anonymous internet - basically TOR but mainstreamed.
I got the complete works of Mozart off PirateBay and loaded it onto a 16GB iPod. Somewhat bizarrely the iPod didn't actually attempt to scroll the long song names. iTunes took ages and ages to import the files too. Basically it was completely useless, even though on a PC Winamp played the same files really well. I could even type j[Köchel number] to navigate around.
So I guess if you're a Apple product user you have small collections of songs with names like "Sex", "Violence", "Titties" and so on which you bought off iTunes because your friends told you to. And yeah, I'm sure they're ironically stupid songs rather than just really stupid songs.
Smartphones have batteries? My phone has at best a UPS feature as I walk from USB connection to car charger to AC adapter.
It's still pretty useful though.
Having spent some time in Taiwan I'd say it works like this
5% of the population want de jure independence as opposed to the current de facto sort. If Taiwan declared de jure independence the Chinese would invade.
5% of the population want to join China.
90% of the population want to keep the status quo for the time being.
But it's more complex than that - the people that want to join China actually want to join the Republic of China, not the People's Republic.
So really the overwhelming majority are waiting for a change in the PRC. Then you'd see a real debate about whether to join a federal democratic China or go their own way.
It's entirely possible that the CEO and his cronies are making more money at RIM than they could anywhere else, at any time, even if they drive the company into the ground.
Pretty much really.
Most CEO's have share options and a very generous golden parachute. So their incentive is to convince people everything is OK for long enough for the shares to vest and then bail out.
I think most medium sized companies follow a ballistic path in terms of value. They start off small and very efficient and grow very quickly. Then there is a plateau when they are highly inefficient but still have a large enough income to be viable. Eventually there is a decline as old sources of income dry up and the company is too sclerotic to find new ones. During the plateau phase everyone keeps their heads down and says positive things and hopes the decline will come after they've moved on.
Except for dudes like this that don't. But they just get fired. Of course if you really want to work for a dynamic company then you need to start your own. Mind you you're unlikely to get as good a salary as you'd get at RIM.
Dunno where you worked but most of the places I worked would fire this guy for "reducing user confidence in the brand" or some such. They'd probably lose any money in the salary/pension pipeline too.
If they sued the company's lawyers would say that they've owed the company millions - i.e. they were solely to blame for any subsequent share price decline.
Another great victory for basement dwellers!
http://en.wikipedia.org/wiki/File:Bitcoin_crash_2011-06-19.png
Gotta make the punishment hurt for it to have any effect.
Taking a way his XBox isn't going to hurt him. The judge should have ordered they cut his ears off or something. Or made him use a PS3.
Dutch is just swamp German.
Will use it when it ends up on Windows Update.
Or not actually, since I don't have any Windows 7 machines, only XP and Vista ones.
Even if they did decide to support XP I'd probably keep using Opera.
Well if Opera, Mozilla and Google stopped supporting Windows I might use it.
You'll probably end up in a SuperMax prison if you do something like that. And people will forget about you and still plug in USB sticks they find in the carpark.
In a sense it's a bit like trolling slashdot with inconvenient truths. You'll get hidden from the hivemind and the hivemind will go on unbothered by them.
I once read a book on management by a German philosopher called Rudolf Hoess.
Ever since then I've done this with computers.
If they are misbehaving line them all up outside in the hot sun. Take out one randomly and beat it into pieces in front of the others.
After that I've noticed that the other machines seem to be a lot more reliable.
To be honest I think that's very dangerous. You could easily end up with a bunch of illiterate blanks on your colony.
Well if I was a nanobot I'd deduce that the humans back on Earth were a clear and present danger to the national security of Alpha Centauri and send a relativistic kill vehicle back to get rid of them. The cool thing about RKVs is that you could fragment them before impact and pepper the planet with impactors. Then following on behind you could have machines that would go into Earth orbit to bomb and then colonise the planet. That combined effect of a devastating cluster nuking to upset the biosphere followed by invasion by numerous varieties of grey goo would be very hard to defend against.
But then again I've always been a complete cunt, cuntier than 99.9% of the population. So maybe they won't do anything like that. Maybe when the nanobot equivalent of Hal_Porter said "Earth delenda est"at the end of each speech in the Alpha Centauri they'd all say "No! The humans are nice! Let's send them the message so they can come here and tell us what to do".
What about this
http://www.centauri-dreams.org/?p=1275
As we move into the realm of ChipSats, Peck has my full attention. Take the ChipSat to its logical conclusion and you can envision thousands of tiny spacecraft slung out from the Solar System at ten percent of lightspeed to make the journey to the Centauri stars. "When these small craft arrive," says Peck (I'm quoting from Larry's story again), "they might send back a single, simple signal; one bit of information confirming or denying some scientific principle, such as is there a blue-green planet, for example."
Michio Kaku suggested "emailing" DNA samples to a spacestation built by nanobots that were sent out at 0.1c to a nearby star. There the colonists would be assembled. Of course to make the process work you'd need to email their mental state too which requires some non trivial discoveries to get working. But the fact we could send nanonprobes at 0.1c seems pretty damn impressive to me.
How cool is that?
> Not necessarily, that security is only enforced by the kernel if an app requests to access something thru itvia an API. A buffer overflow or vector go around the kernel and write it directly using assembly and not using the win32 API.
User mode code can't access hardware registers because they're mapped kernel mode only. So code would need to get into kernel mode which requires an unpatched exploit. Also there are a lot of different types of disk controller out there now - they're not all IDE anymore. So malware than did direct hardware access would need to build in drivers for at least the most popular controller - AHCI. It would be hard to do this by direct hardware access without bricking the system because the Windows driver is accessing the device at the same time. No malware I know of can access disk hardware directly.
> If you have WindowsXP the problem is worse as the CPU has no way to tell the difference between data and executable bytes.
Post SP3 and on pretty much any modern CPU you have DEP which means that the CPU will catch attempts to execute data pages and the OS will abort the process.
> Flash uses images but Windows considers it an executable and will simply let it run full access.
I'm not really sure what you're trying to say here. Flash is an exe file. But the code is run in user mode and if you don't run as admin neither does any process on your machine. So even if you can do a buffer flow exploit in flash and get arbitrary code execution you still need to do another exploit to get admin rights or into kernel mode before you can do any real damage. Non admin user mode code is very limited in terms of what it can do.
Running as non admin is not perfect but it does add one more hurdle exploits have to clear. The other thing you can do is to run Secunia PSI to keep flash patched and run Microsoft Security Essentials to scan for malicious code. Also I run AdBlock on Opera since some ad server sites have accidentally distributed malware in the past. And I don't pirate software. I like Opera but it has a rather low market share - if I were writing malware I'd aim at IE and/or Firefox and ignore the less popular browsers.
I've never had a virus on Windows. Though I suspect if someone skilled really tried hard - e.g. the people that wrote the Aurora malware - they could probably infect machines like mine. But you're talking about governments then - not the sort of people who run botnets made up mostly of low hanging fruit machines. Which are a lot more common than set ups like mine.
I run as non admin. Overwriting the MBR requires a handle to "\\.\PhysicalDriveX". That requires Admin rights, so malware trying to do this would fail on my machine.
fyi lotus notes mgraton over the wkend mandatory unpaid overtime for all in us/eu
Most BlackBerry users are probably just executive types who use e-mail to add a one-line top-posted canned response like "FYI:" or "Why?"
Well yeah, but they do it while quaffing free champagne waiting to board their business class flight.
The "email power users" are all shackled to the desk back at the office doing the actual work. And the execs can force them to migrate to Lotus Notes if they feel like poking the serfs in the eye.
I once did some consultancy for a baseband chipset manufacturer. They explained that operators subsidize phones for about $200 and any hack means that they would lose that. The deals they signed had penalty clauses so it affected them too.
The whole system was very secure - all code executed was digitally signed. All signatures were checked before the code was executed. The boot rom had the public key so it could verify signatures but not the private key necessary to sign them. They had a clever trust chain scheme to minimize the chance of operator keys being leaked.
They had anti downgrade protection - so if one version was cracked they'd OTA update it with a fixed version secure in the knowledge the users would not be able to undo that.
Now I think AT&T subsidizes iPhones for more - around $480. I.e. $20 per month for a 24 month contract. Of course the hapless victims that buy iPhones end up paying much more than $20 per month for their service - say $70. If they could unlock the phone they could stop paying AT&T and get a cheaper contract than $70. So AT&T lose big money if iPhones are cracked.
I.e. Apple doesn't sell phones to users, it sells users to AT&T.
They don't block downgrading as some sort of "trap". It's to limit the number of potential issues people can have. It's part of what makes Apple products "just work", and is done with the intention of making compelling hardware on those grounds.
Plus of course if they block downgrading you can't downgrade to a jailbreakable version.
Funny how Apple fans brag that Apple stuff is more secure but then say they can jailbreak it by visiting a website. And when Apple decide to fix the exploit they downgrade to be able to keep jailbreaking. And then when Apple stop that they explain it's all for their own good.
Seriously believing all those mutually contradictory things simultaneously is actually quite impressive.