many days since original article and I'm too lazy to look it up, but my peeping tom reference was directed at the ability to make a machine produce the timestamp even if the machine's owner had intentionally turned it off. I recall a line about forcing windows to produce fingerprintable timestamps. That, IMO is peeping tom-foolery. If I configure my windows box to no longer include timestamp and someone forces it back on from the outside, that's a problem. That's analogous to creeping up under the window to look through the small crack in the curtains, or perhaps reaching through the open window to push up the shade. Follow?
for the record, I turned off tcp_timestamp within minutes of reading this -- not because I have anything to hide, but simply because my Tin Foil Hat was getting worn.
I totally agree that these bits of information need to be public and that our security is better as a result. I am merely tired (that is worn and mentally frayed) from the constant stream of new ways people can look at you that I didn't know about. I'm really a luddite at heart and wonder what I would have done were it not for tin foil.
while your trashing of my post is pretty good, I think you're missing the point. There seems to be a drive to find more ways of tracking what people are doing. My gripe is that I don't really see where this gets us except that now there is yet ANOTHER way for people to look at what you're doing. Whether you want them to or not. Inevitably somone will try to use this to their advantage without concern for my privacy or what damage it may do to me. I'm merely arguing that there has to be a point at which we decide we don't accept this anymore.
No, this isn't "peeking through the curtains".
Actually it is. I have multiple machines behind my NAT box. They are behind the box because I want them to access the web, but I don't want them open to the public. This fingerprinting technology allows them to "see" behind my box and see that I have other machines, and perhaps what OS they run etc. I prefer not to have that happen. So now I have to find a way to change the timestamps on packets so others can't tell what's going on. I have to pro-actively protect my privacy. That's an annoyance and, personally, I think its wrong. My privacy should be protected by default. True they "see" behind my box because I send packets out. Just like a peeping tom sees me through my windows because I reflect light out.
Also, don't get me wrong. I think the technology is cool and its an interesting bit of creativity to come up with this thing, but damn I lament yet another way for people to find out what I do.
Therefore, we developed a trick, which involves an intentional violation of RFC 1323 on the part of a semi-passive or active adversary, to convince Microsoft Windows 2000 and XP machines to use the TCP timestamps option in Windows-iniated flows.
and
without the fingerprinted device's known cooperation
sort of require a search warrant don't they?
IANAL, but seems to me that forcing your computer to do something other than what you've directed it to do (like forcing a timestamp you've turned off) without your persmission would be B&E. Unless you explicitly gave permission in the form of agreeing to a EULA or such.
Yet another reason to read the fine-print. You may inadvertently give persmission to allow this sort of privacy invasion.
I propose a new constitutional (for the US) amendment -- The congress shall not make any law that compromises the ANONYMITY of a citizen unless the citizen shall explicitly and intentionally give up that anonymity. In other words, unless I tell you who I am, you can't know who I am.
remote physical device fingerprinting... without the fingerprinted device's known cooperation.
counting the number of devices behind a NAT even when the devices use constant or random IP identifications
I, for one, welcome our new time-skew fingerprinting overlords.
Seriously though. This is yet another pile of steaming scary crap. Where are the days when I could telephone someone and NOT have to be identified. (caller id). Now I can't be an anonymous coward because slashdot can sniff my time-skew and put my name up anyway. Now the cable company can learn that I have multiple machines behind the firewall even though my contract says only one;-)
Is this really necessary? Nothing is sacred anymore. I want to be able to live my life behind my walls without people constantly peeking through the curtains, and thats what this is. At some point we have to stand up and say "you stop here" to these damn peeping toms.
Here's a point I haven't seen, though I've not read all 100-gabillion replies...
Broadcasters put up shows for people to watch. They pay for it through advertising revenue. Advertisers pay for air time based on how many people watch it. The more people are watching, the more they pay and the more the broadcaster makes. That's what ratings are for. So...
If you download and watch the show, you are not watching it on broadcast which means you aren't counted in the ratings. The ratings for the show go down, the advertisers pay less, the broadcasters pay less. (this assumes the ratings industry is accurate...)
So.... here's the solution. Broadcasters package shows with the advertisements. Put the shows up for free download. Count how often its downloaded, apply a factor to determine how many people actually watch a downloaded show (like newspapers counting readers from borrowed copies) and include those numbers in the ratings. Ratings go up, advertising rates go up. all are happy. You'll still get a portion of the population that doesn't watch the ads, but I bet you'd discover that many people still would. Frankly, I wouldn't mind watching ads if I new it was part of the price for watching the show when I wanted... plus its nice to have the time to duck out to the kitchen or the can.
Or... even easier solution... Ratings industry is already in place, they simply have to make provision for counting those shows that are watched from download. simple.
The point is, it doesn't matter when a show is watched or on what media, just that the producers/broadcasters/advertisers know that its being watched and how often.
This web page was written with standards compliant code. It may not function properly when viewed with non-compliant browsers such as Internet Explorer. If you are unable to properly view this webpage with your current browser, please try one of the following : (insert links to) Mozilla, etc etc etc.
I see one of the main problems with this battle is that most desktop browser users don't give a rats ass who's browser they use as long as it works. But they do understand that a browser is a tool and that there are such things as standard tools. A wrench is only good if it fits the nut. If you manufacture wrenches that don't fit the standard sizes, then people wont use them. If sears decides to market wrenches that are in 1/3", 1/6" 1/12" sizes, they'll fail because the rest of the world (alright, US, non-metric) isn't going to resize all their nuts and bolts to fit. The same approach should be used with MS and web pages. write to the standard. people will go get the proper size tool and use it. A simple statement like that above puts it all in a nut-shell for them. This tells the user what the real root of the problem is without being offensive, just factual.
Certainly no one set sail expecting to never return. However, I think it is reasonable that early mariners EXPECTED a certain amount of loss of life on a voyage. If you look at the deep redundancy in a ships roster, it is obvious that they expected this. Why else have multiple levels of "mates" as well as a large pool of general laborers on a ship? The actual number of men needed to effectively maneuver a vessel was much smaller than the number of men brought on a voyage. Hence the plethora of "make-work" chores like daily deck swabbing. Gotta keep those guys busy until someone dies and you need a back-up.
No early auto manufacturer shipped cars that would kill the operators/passengers.
You are taking my points well beyond my intention. No one shipped cars that were guaranteed to explode. That doesn't mean they didn't ship cars that were known to OCCASIONALLY explode and that the explosion was preventable, but not for the money they were willing to spend in development of a solution. The automotive world is rife with stories of automakers fighting to deny the dangers in their own vehicles. Pintos that explode (debatable i suppose). SUV's that roll too easily. Corvairs that impale their drivers. Its not hard to speculate, and believe, that early car makers knew certain aspects of their cars were dangerous, but choose to market the vehicle anyway. Frankly, part of the appeal of early cars was the "danger."
We can go really far off topic and talk about other obvious and extreme examples of ignoring blatant safety measures: locked doors in sweatshops that catch fire, selling products that kill the consumer (tobacco!). Its a pretty long list. I'm not saying these are progress related examples, but they show that the business world, often the source of motivation for exploration and development, is sometimes all too willing to ignore safety concerns.
We used to have a certain leap-before-you-look attitude. Build it, test it, if it ends up dangerous, then try and make it better. Meanwhile, keep building and using it until a better solution comes along. This is opposed to our current approach -- make it as utterly safe as possible, and if it never gets off the ground, so be it.
I think the point I'm trying to make is that I fear our sometimes over-zealous approach to safety can stifle growth. I am not opposed to addressing safety early on in a project and it is the responsibility of product developers to take a thorough look at safety concerns. But regarding the original article: space travel is inherently dangerous. If we expect to eliminate that danger, we should not go into space. Early sea exploration was exceedingly dangerous. If mariners had attempted to eliminate all the dangers, they would never have gone. There are always risks, and we should strive to eliminate them, but we should simultaneously strive for progress as well.
BTW, I ain't no historian and am merely expounding upon the fractured and misleading information accumulated in this grey mush stored in a can on top of my neck.;-)
Further, you'd never get ME in one of those death-traps !!:-)
Obviously I don't mean that they had NO regard for life or safety, just that it sometimes took a back seat to progress. And remember, especially in the early days of the european exploration of the seas, the people who made the money were back on shore. and maybe the officers of the ship. The work-a-day sailor who faced the toughest challenges, and had the highest mortality rates was working for a couple meals a day, a pint of rum, and a pittance to take home if you survived. The officers and the investors stood to gain the most and were the least likely to die. Granted if the whole ship went down, you certainly lost some money, but I think a lot of the people driving this exporation (usually royalty with deep pockets) expected losses, possibly heavy losses, but look at the long term gains!
this is so far off topic now.
my point though, is that sometimes it seems we spend SO much on safety concerns that we hamper our own progress more than help it. sort of a diminishing returns thing.
As the artists who created the DNA of which your current form is an expression, you parents own the copyright to you. They, and only they, may authorise photos of you.
That means mom has to sign off before you can star in porn flicks AND she gets her cut of the profits.
Its a matter of priorities. Law enforcement has to protect my money above all. Once they get that right, then they can worry about rape and violence and all that other petty shit.
Corporate profits supersede all other considerations.
You're dealing with 2 different crimes with two different sets of laws governing their respective penalties. They have different statutes regarding jail times, fines etc.
I'm not saying its RIGHT that they are different levels of punishment, but that the difference exists by virtue of the fact that they are different crimes... capeche?
This implies that you can be fined more for the POTENTIAL of committing further acts of copyright infringement. I don't think that holds up. That's like punishing a murderer for future murders they were thinking about committing. I read it like this: a store bought DVD has already paid its royalties to the copyright holder, if not directly produced by the copyright holder. The retailer through several levels, has paid the copyright holder for the material and then is reselling a pre-packaged, fully licensed sealed item. A shoplifter is merely stealing this already licensed and legal copy of an item. The shoplifter is not copying, distributing or performing any other COPYRIGHT infringement by merely walking out the door with it.
A downloader however, by mere virtue of the fact that they have MADE A COPY of the material without paying the copyright holder for that privilege has violated the copyright.
Its a different crime.
Now, if the shoplifter rips it and passes on copies of it, then your back to COPYing the work...
WHat happens if you download a copy of something you already own for purposes of backing up the material?
I can't think of one single new industry (if you really wanna call it that -- how about "exploratory push"?) that was helped by creating safety measures before people pushed ahead. That's the whole problem with the space industry. We started concerned about saftey and then haven't really gone anywhere. Were the early trans-atlantic sailors concerned with safety? how about early pioneers of flight? automobile developers? nope nope nope. They were pushed by a drive to get something done and frankly lots of people got killed or injured, and that's tragic, but they did get something done. If you look at any major human developement the safety measures came much later, after the new technology or territory or whatever was well developed. Hell we didn't have seatbelts required in cars until the 70's(?), well after the auto was largely fully developed. Shipping is still plagued with mis-haps due to largely inadequate safety reg for commercial ship building.
Now look at space exploration. We've only lost a handful of astronauts due to massive safety efforts from day one -- and that's great! meanwhile we've done little more than throw some rocks up in the sky and watch them fall back down. If we'd taken some real risks -- put some willing guys on the end of a bomb and chucked 'em out there and see what happens, then we'd probably be a lot farther along than we are today. True , we'd have lost a lot of people, but its sort of the price you pay to develop something.
I would think that commercial exploitation would be opposed to early safety reg for just these reasons. Its generates more upfront cost, lowers your initial ROI and generally makes it a big PITA to get things done.
that said, I'm not gonna sit on top of time bomb anytime soon...;-)
"He will still have to pay restitution to Microsoft and to people whose commuters were affected in an amount to be determined at a hearing set for Feb. 10."
Surely M$ will reward the wee lad for helping them learn about yet another security hole?
Slashdot Mirror
many days since original article and I'm too lazy to look it up, but my peeping tom reference was directed at the ability to make a machine produce the timestamp even if the machine's owner had intentionally turned it off. I recall a line about forcing windows to produce fingerprintable timestamps. That, IMO is peeping tom-foolery. If I configure my windows box to no longer include timestamp and someone forces it back on from the outside, that's a problem. That's analogous to creeping up under the window to look through the small crack in the curtains, or perhaps reaching through the open window to push up the shade. Follow?
for the record, I turned off tcp_timestamp within minutes of reading this -- not because I have anything to hide, but simply because my Tin Foil Hat was getting worn.
I totally agree that these bits of information need to be public and that our security is better as a result. I am merely tired (that is worn and mentally frayed) from the constant stream of new ways people can look at you that I didn't know about. I'm really a luddite at heart and wonder what I would have done were it not for tin foil.
while your trashing of my post is pretty good, I think you're missing the point. There seems to be a drive to find more ways of tracking what people are doing. My gripe is that I don't really see where this gets us except that now there is yet ANOTHER way for people to look at what you're doing. Whether you want them to or not. Inevitably somone will try to use this to their advantage without concern for my privacy or what damage it may do to me. I'm merely arguing that there has to be a point at which we decide we don't accept this anymore.
No, this isn't "peeking through the curtains".
Actually it is. I have multiple machines behind my NAT box. They are behind the box because I want them to access the web, but I don't want them open to the public. This fingerprinting technology allows them to "see" behind my box and see that I have other machines, and perhaps what OS they run etc. I prefer not to have that happen. So now I have to find a way to change the timestamps on packets so others can't tell what's going on. I have to pro-actively protect my privacy. That's an annoyance and, personally, I think its wrong. My privacy should be protected by default. True they "see" behind my box because I send packets out. Just like a peeping tom sees me through my windows because I reflect light out.
Also, don't get me wrong. I think the technology is cool and its an interesting bit of creativity to come up with this thing, but damn I lament yet another way for people to find out what I do.
Therefore, we developed a trick, which involves an intentional violation of RFC 1323 on the part of a semi-passive or active adversary, to convince Microsoft Windows 2000 and XP machines to use the TCP timestamps option in Windows-iniated flows.
and
without the fingerprinted device's known cooperation
sort of require a search warrant don't they?
IANAL, but seems to me that forcing your computer to do something other than what you've directed it to do (like forcing a timestamp you've turned off) without your persmission would be B&E. Unless you explicitly gave permission in the form of agreeing to a EULA or such.
Yet another reason to read the fine-print. You may inadvertently give persmission to allow this sort of privacy invasion.
I propose a new constitutional (for the US) amendment -- The congress shall not make any law that compromises the ANONYMITY of a citizen unless the citizen shall explicitly and intentionally give up that anonymity. In other words, unless I tell you who I am, you can't know who I am.
that and a dime 'll get you a dime.
remote physical device fingerprinting ... without the fingerprinted device's known cooperation.
;-)
counting the number of devices behind a NAT even when the devices use constant or random IP identifications
I, for one, welcome our new time-skew fingerprinting overlords.
Seriously though. This is yet another pile of steaming scary crap. Where are the days when I could telephone someone and NOT have to be identified. (caller id). Now I can't be an anonymous coward because slashdot can sniff my time-skew and put my name up anyway. Now the cable company can learn that I have multiple machines behind the firewall even though my contract says only one
Is this really necessary? Nothing is sacred anymore. I want to be able to live my life behind my walls without people constantly peeking through the curtains, and thats what this is. At some point we have to stand up and say "you stop here" to these damn peeping toms.
Damn, Outed.
Must develop new
psuedonym.
can't maintain identity...
I do not have contempt for heretics who do not share my beliefs. I merely beat them mercilessly until they do.
share that is.
It is entirely possible that their intellectual needs are met by an accumulation of random facts and paragraphs.
Not sure what
a random
paragraph is. The temperature here is 33 degrees
fahrenheit. I took a walk today. My HP
doesn't like talking to CUPS.
There are 3,472 green M&M's in the
jar.
Here's a point I haven't seen, though I've not read all 100-gabillion replies...
Broadcasters put up shows for people to watch. They pay for it through advertising revenue. Advertisers pay for air time based on how many people watch it. The more people are watching, the more they pay and the more the broadcaster makes. That's what ratings are for. So...
If you download and watch the show, you are not watching it on broadcast which means you aren't counted in the ratings. The ratings for the show go down, the advertisers pay less, the broadcasters pay less. (this assumes the ratings industry is accurate...)
So.... here's the solution. Broadcasters package shows with the advertisements. Put the shows up for free download. Count how often its downloaded, apply a factor to determine how many people actually watch a downloaded show (like newspapers counting readers from borrowed copies) and include those numbers in the ratings. Ratings go up, advertising rates go up. all are happy. You'll still get a portion of the population that doesn't watch the ads, but I bet you'd discover that many people still would. Frankly, I wouldn't mind watching ads if I new it was part of the price for watching the show when I wanted... plus its nice to have the time to duck out to the kitchen or the can.
Or... even easier solution... Ratings industry is already in place, they simply have to make provision for counting those shows that are watched from download. simple.
The point is, it doesn't matter when a show is watched or on what media, just that the producers/broadcasters/advertisers know that its being watched and how often.
Seems that a simple disclaimer ala:
This web page was written with standards compliant code. It may not function properly when viewed with non-compliant browsers such as Internet Explorer. If you are unable to properly view this webpage with your current browser, please try one of the following : (insert links to) Mozilla, etc etc etc.
I see one of the main problems with this battle is that most desktop browser users don't give a rats ass who's browser they use as long as it works. But they do understand that a browser is a tool and that there are such things as standard tools. A wrench is only good if it fits the nut. If you manufacture wrenches that don't fit the standard sizes, then people wont use them. If sears decides to market wrenches that are in 1/3", 1/6" 1/12" sizes, they'll fail because the rest of the world (alright, US, non-metric) isn't going to resize all their nuts and bolts to fit. The same approach should be used with MS and web pages. write to the standard. people will go get the proper size tool and use it. A simple statement like that above puts it all in a nut-shell for them. This tells the user what the real root of the problem is without being offensive, just factual.
that's Silicone,
;-)
why you would put caulk in a breast beyond me...
Not to mention the potential implications for breast implants!
No ship ever left intending to never return.
;-)
:-)
Certainly no one set sail expecting to never return. However, I think it is reasonable that early mariners EXPECTED a certain amount of loss of life on a voyage. If you look at the deep redundancy in a ships roster, it is obvious that they expected this. Why else have multiple levels of "mates" as well as a large pool of general laborers on a ship? The actual number of men needed to effectively maneuver a vessel was much smaller than the number of men brought on a voyage. Hence the plethora of "make-work" chores like daily deck swabbing. Gotta keep those guys busy until someone dies and you need a back-up.
No early auto manufacturer shipped cars that would kill the operators/passengers.
You are taking my points well beyond my intention. No one shipped cars that were guaranteed to explode. That doesn't mean they didn't ship cars that were known to OCCASIONALLY explode and that the explosion was preventable, but not for the money they were willing to spend in development of a solution. The automotive world is rife with stories of automakers fighting to deny the dangers in their own vehicles. Pintos that explode (debatable i suppose). SUV's that roll too easily. Corvairs that impale their drivers. Its not hard to speculate, and believe, that early car makers knew certain aspects of their cars were dangerous, but choose to market the vehicle anyway. Frankly, part of the appeal of early cars was the "danger."
We can go really far off topic and talk about other obvious and extreme examples of ignoring blatant safety measures: locked doors in sweatshops that catch fire, selling products that kill the consumer (tobacco!). Its a pretty long list. I'm not saying these are progress related examples, but they show that the business world, often the source of motivation for exploration and development, is sometimes all too willing to ignore safety concerns.
We used to have a certain leap-before-you-look attitude. Build it, test it, if it ends up dangerous, then try and make it better. Meanwhile, keep building and using it until a better solution comes along. This is opposed to our current approach -- make it as utterly safe as possible, and if it never gets off the ground, so be it.
I think the point I'm trying to make is that I fear our sometimes over-zealous approach to safety can stifle growth. I am not opposed to addressing safety early on in a project and it is the responsibility of product developers to take a thorough look at safety concerns. But regarding the original article: space travel is inherently dangerous. If we expect to eliminate that danger, we should not go into space. Early sea exploration was exceedingly dangerous. If mariners had attempted to eliminate all the dangers, they would never have gone. There are always risks, and we should strive to eliminate them, but we should simultaneously strive for progress as well.
BTW, I ain't no historian and am merely expounding upon the fractured and misleading information accumulated in this grey mush stored in a can on top of my neck.
Further, you'd never get ME in one of those death-traps !!
Obviously I don't mean that they had NO regard for life or safety, just that it sometimes took a back seat to progress. And remember, especially in the early days of the european exploration of the seas, the people who made the money were back on shore. and maybe the officers of the ship. The work-a-day sailor who faced the toughest challenges, and had the highest mortality rates was working for a couple meals a day, a pint of rum, and a pittance to take home if you survived. The officers and the investors stood to gain the most and were the least likely to die. Granted if the whole ship went down, you certainly lost some money, but I think a lot of the people driving this exporation (usually royalty with deep pockets) expected losses, possibly heavy losses, but look at the long term gains!
this is so far off topic now.
my point though, is that sometimes it seems we spend SO much on safety concerns that we hamper our own progress more than help it. sort of a diminishing returns thing.
As the artists who created the DNA of which your current form is an expression, you parents own the copyright to you. They, and only they, may authorise photos of you.
That means mom has to sign off before you can star in porn flicks AND she gets her cut of the profits.
Its a matter of priorities. Law enforcement has to protect my money above all. Once they get that right, then they can worry about rape and violence and all that other petty shit.
Corporate profits supersede all other considerations.
get my
v1A.gR..aaaaa!!!!
Oh... come on, someone had to do it!
You're dealing with 2 different crimes with two different sets of laws governing their respective penalties. They have different statutes regarding jail times, fines etc.
I'm not saying its RIGHT that they are different levels of punishment, but that the difference exists by virtue of the fact that they are different crimes... capeche?
This implies that you can be fined more for the POTENTIAL of committing further acts of copyright infringement. I don't think that holds up. That's like punishing a murderer for future murders they were thinking about committing.
I read it like this: a store bought DVD has already paid its royalties to the copyright holder, if not directly produced by the copyright holder. The retailer through several levels, has paid the copyright holder for the material and then is reselling a pre-packaged, fully licensed sealed item. A shoplifter is merely stealing this already licensed and legal copy of an item. The shoplifter is not copying, distributing or performing any other COPYRIGHT infringement by merely walking out the door with it.
A downloader however, by mere virtue of the fact that they have MADE A COPY of the material without paying the copyright holder for that privilege has violated the copyright.
Its a different crime.
Now, if the shoplifter rips it and passes on copies of it, then your back to COPYing the work...
WHat happens if you download a copy of something you already own for purposes of backing up the material?
I can't think of one single new industry (if you really wanna call it that -- how about "exploratory push"?) that was helped by creating safety measures before people pushed ahead. That's the whole problem with the space industry. We started concerned about saftey and then haven't really gone anywhere. Were the early trans-atlantic sailors concerned with safety? how about early pioneers of flight? automobile developers? nope nope nope. They were pushed by a drive to get something done and frankly lots of people got killed or injured, and that's tragic, but they did get something done. If you look at any major human developement the safety measures came much later, after the new technology or territory or whatever was well developed. Hell we didn't have seatbelts required in cars until the 70's(?), well after the auto was largely fully developed. Shipping is still plagued with mis-haps due to largely inadequate safety reg for commercial ship building.
;-)
Now look at space exploration. We've only lost a handful of astronauts due to massive safety efforts from day one -- and that's great! meanwhile we've done little more than throw some rocks up in the sky and watch them fall back down. If we'd taken some real risks -- put some willing guys on the end of a bomb and chucked 'em out there and see what happens, then we'd probably be a lot farther along than we are today. True , we'd have lost a lot of people, but its sort of the price you pay to develop something.
I would think that commercial exploitation would be opposed to early safety reg for just these reasons. Its generates more upfront cost, lowers your initial ROI and generally makes it a big PITA to get things done.
that said, I'm not gonna sit on top of time bomb anytime soon...
interface with my shoe phone?
Its a PITA to keep it tuned, but it has at least 4 voices!
g econtent?lp=de_en&trurl=http%3A%2F%2Fwww.heise.de% 2Fct%2Fmachflott%2Fprojekte%2F55771
http://babelfish.altavista.com/babelfish/trurl_pa
depends on who went down in the resulting conflagration ;-)
Aah life is good.
ooh! and a bag of groceries in one hand, a cell phone in the other, a camel-back full of coffee.
Now that's convenience!
"He will still have to pay restitution to Microsoft and to people whose commuters were affected in an amount to be determined at a hearing set for Feb. 10."
Surely M$ will reward the wee lad for helping them learn about yet another security hole?
urrrhhhh brain hurts. too...far ... in past ... to re..mem...ber
Here's some nit-picky crap but wasn't the C64 6510 and Vic20 6502? oh gawd I'm outed. I actually had both of them for a while.
Can't remember... if not, then what was the 6510? was that apple ][e ??
oh well. it gone now.
killed that brain cell years ago.