There's a huge difference between a Bank's external web server and the internal systems it uses for handling transactions and other applications. While I can't vouch for the accuracy of the other poster's comment, checking netcraft really doesn't tell you if a bank uses Microsoft's technology for its mission critical applications.
Re:Remove the Restrictions, and they will come...
on
Quarter-sized CD's?
·
· Score: 2
There will only be restrictions on the pre-recorded content released by record companies. For other applications like digital cameras, one will be able to use the device in any way he chooses.
Despite what the slashdot write-up implied, it seems music distribution is only a small part of the company's business plan. Their aim isn't to supplant CD's, which Sony tried to do with their MiniDisc; it's to replace the storage formats that are currently in portable devices. Nothing about the restrictions they're incorporating into the product will prevent the applications that you talked about.
QuickTime Player is the only thing limited in the free version. Third party software can encode DV streams and create Sorensen movies with the free version of QT. Both versions ship with identical codecs that aren't encumbered in any way.
This is precisely why the DMCA was enacted. DRM is clearly an intractable Comp Sci problem, but it can be solved legislatively. Just make it illegal to write and distribute the exploits! Problem solved.
Let's pretend that the DMCA didn't exist, and it was perfectly legal to reverse engineer digital rights management systems; how long do think it would be before an enterprising software developer would release an application that could play these files without respect to the rights of the copyright holder? To take this even further, this capability could be added to hardware players and be touted as a feature. Who would buy devices that were encumbered with respect to DMR, when devices that ignored the restriction could easily be obtained? Once these devices proliferated, DMR would be next to useless. The DMCA prevents this from occurring, and thus makes DMR a viable solution for publishers.
What surprises me is the length Microsoft went to prevent their DMR solution from being cracked. There's really no point in all the layers of obfuscation that they employed. Microsoft had to know that given a determined enough "hacker", they'd all be circumvented eventually. There only recourse is that the exploit will be ruled illegal (at least in the U.S.), which means a vast majority of the public will not have access to it, and this is really all that matters to Microsoft and the publishers that employ this technology.
Do you have references to the actual patents to back this up? How can two companies be given patents to the same thing? The whole idea of a patent is to give an inventor the sole right to make, use, and sell their invention for a set period of time. Remember, Bell was given the sole patent for the telephone because he was first to the patent office even though their were other inventors who filed patents to the invention mere hours after he did.
The sixth amendment says nothing about receiving immunity from prosecution if your offences where committed while working for the government. It reads:
In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the state and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the assistance of counsel for his defense.
What you say sounds logical (you're obviously not going to be prosecuted for hacking into the computer systems of Afghanistan while working for the CIA), but the bill of rights is not what gives you this immunity. Finally, there are numerous examples of people being prosecuted for crimes committed while working for the government. Remember Oli North? Saying, "I was ordered to do it," is not always a valid excuse."
If you don't need a warrant to decrypt messages, then this law is crap, and would destroy our basic fourth amendment protection. However, the law seems to only apply to suspected terrorists (no doubt it would be applied to other criminal activity as well):
Computer software companies would have to install a backdoor for law enforcement agencies to unscramble secret messages on phones, e-mails and other communications used by suspected terrorists, under a proposal by U.S. Sen. Judd Gregg, R-N.H.
So, if there is enough evidence for someone to be labeled a suspected terrorist, then a search warrant could probably be obtained.
However, given today's climate, those who speak Arabic, are Muslim and anyone else from a Middle Eastern country will probably be labeled a suspected terrorist. If this means that the government can now monitor all their communications, then the terrorists have done significantly more damage then simple destroying the WTC, they've destroyed some of our most fundamental liberties.
Do I have a right to speak to my woman friend or wife or children in private? If I do, then I have the right to unbreakable encryption.
You don't have this right if a law enforcement agency has obtained permission to tap your telephone line via a court order. Again, if you use unbreakable encryption, there's no longer away to accomplish this. If a court order hasn't been obtained, not only is it illegal to listen to your private conversation, anything gained through these means is inadmissible.
You don't need to proactively prosecute people for breaking the back-door law for it to be effective. Once, you've obtained a search warrant for a person, you have access to his or her data. At that point, you can determine if their data has been "legally" encrypted. If it hasn't, you can choose to prosecute them on that charge unless they give you the keys to decrypt the data. BR
A locked door does not prevent the police from entering a house with a search warrant. There are plenty of physical means for breaking down a door to gain entry into a person's house. A key is not necessary. However, with encrypted data, even if the police receive a warrant, they will have no way of searching through a person's secured data
I don't understand how people can argue that just because data is stored on a person's computer, it should somehow be impervious to search warrants. Why should encryption necessarily give people more rights then they had a decade ago?
No one on slashdot has had any problems with the FBI searching through the former residences of the suspects of the WTC attack. However, the slashdot crowed would be up in arms if the FBI somehow was able to search through encrypted data on their computers. What if an encrypted e-mail existed that could conclusively link the highjackers with Osama Bin Laden? That piece of evidence could be enough to convince the Taliban to turn the guy over, and thus, prevent a war. Unfortunately, given the current state of encryption, this piece of evidence could never be decrypted and used.
If there is a technical means to restore the power of a search warrant, I'm all for it. While it might not stop the truly determined criminal, some crimes probably could be prevented, and as long as it's implemented correctly, no loss of personal freedoms would occur.
Obviously, there needs to be safe guards protecting law abiding citizens from illegal search and seizure by the government by ensuring that only the intended recipient and those with a warrant can decrypt secure messages. Perhaps, this can never be accomplished, which would mean that this legislation should not be enacted. But if the law required that all encrypted messages be encrypted with both the public key of the recipient and the public key of some government agency, then I think the above goals could be meant. While I respect arguments concerning the technical feasibility of such a scheme, I don't respect people who argue that unbreakable encryption should somehow be an inalienable right.
I was wondering why there was no mention of C#. It seems like C# was designed to meet some of these goals, and will probably be used as the implementation language when some of this vision is realized in.NET and beyond.
What it does say is that someone knows Microsoft's code well enough to develop a "cracked" version of Windows that would either bypass the check entirely or always generate the same hardware ID number. This hardware ID could be an ID that someone previously had used to activate their copy of Windows. Therefore, if you used his serial number and the activation code that he was given, you could unlock your cracked copy of Windows without ever contacting Microsoft.
What if he had already made three previous hardware changes to his laptop since he last installed Office XP? Unbeknownst to him, his copy of Office XP would be due to become deactivated with just one more change.
So, he goes on the road, upgrades his RAM, and boom, Office no longer works.
I don't have a problem with Microsoft requiring that he call a toll-free number or use the Internet to reactivate application; however, I do have a problem when they require that he reenter the serial number to do it. What's the purpose of that? The solution, of course, is to always keep a list of your Microsoft serial numbers on both your computer and in paper form just such a situation happens to you.
Okay, so the Ethernet card would be reported as changed in hardware database stored on your computer. What other hardware do you expect to change on a daily bases? Remember, you only have reactivate your copy of Windows when morethen three pieces of hardware change. Also, it seems that MS is more lenient towards laptop users.
Unless you put your machine to sleep or are using a transmeta, mobile pentium, or some other chip and OS that supports lowering the CPU's clock rate while idle (i.e no procceses need CPU time), your CPU stays on at full power running an idle thread waiting for your OS to give it something to do. In this case, there is little to no power savings having your machine sit idling compared to having it do heavy number crunching.
As another post pointed out, the RIAA is not monitoring which files are flowing through the various networks. The RIAA is simply monitoring what is being offered by the users of the networks. A user that shares a thousand songs but downloads few will get caught by this new scanning technology, while a user that downloads many songs but shares none will not be punished.
It's ironic that the "good Samaritans" of the P2P world are the ones who get punished, while those who only leach will remain unmolested.
Re:rootness and capabilities
on
New Linux Worm
·
· Score: 2
I believe these applications start as root, but then lower their privilages after binding to the privalaged port. That way, they can still use a privlaged port, but won't expose the system to mallicious users if they are hacked. If someone compromised apache or sendmail, they would have no privilages on the remote system.
Slashdot Mirror
There's a huge difference between a Bank's external web server and the internal systems it uses for handling transactions and other applications. While I can't vouch for the accuracy of the other poster's comment, checking netcraft really doesn't tell you if a bank uses Microsoft's technology for its mission critical applications.
There will only be restrictions on the pre-recorded content released by record companies. For other applications like digital cameras, one will be able to use the device in any way he chooses.
Despite what the slashdot write-up implied, it seems music distribution is only a small part of the company's business plan. Their aim isn't to supplant CD's, which Sony tried to do with their MiniDisc; it's to replace the storage formats that are currently in portable devices. Nothing about the restrictions they're incorporating into the product will prevent the applications that you talked about.
QuickTime Player is the only thing limited in the free version. Third party software can encode DV streams and create Sorensen movies with the free version of QT. Both versions ship with identical codecs that aren't encumbered in any way.
This is precisely why the DMCA was enacted. DRM is clearly an intractable Comp Sci problem, but it can be solved legislatively. Just make it illegal to write and distribute the exploits! Problem solved.
Let's pretend that the DMCA didn't exist, and it was perfectly legal to reverse engineer digital rights management systems; how long do think it would be before an enterprising software developer would release an application that could play these files without respect to the rights of the copyright holder? To take this even further, this capability could be added to hardware players and be touted as a feature. Who would buy devices that were encumbered with respect to DMR, when devices that ignored the restriction could easily be obtained? Once these devices proliferated, DMR would be next to useless. The DMCA prevents this from occurring, and thus makes DMR a viable solution for publishers.
What surprises me is the length Microsoft went to prevent their DMR solution from being cracked. There's really no point in all the layers of obfuscation that they employed. Microsoft had to know that given a determined enough "hacker", they'd all be circumvented eventually. There only recourse is that the exploit will be ruled illegal (at least in the U.S.), which means a vast majority of the public will not have access to it, and this is really all that matters to Microsoft and the publishers that employ this technology.
Do you have references to the actual patents to back this up? How can two companies be given patents to the same thing? The whole idea of a patent is to give an inventor the sole right to make, use, and sell their invention for a set period of time. Remember, Bell was given the sole patent for the telephone because he was first to the patent office even though their were other inventors who filed patents to the invention mere hours after he did.
Dr. Julian Bashir, Alexander Siddig from DS9, was British. He had a thing for Dax.
The sixth amendment says nothing about receiving immunity from prosecution if your offences where committed while working for the government. It reads:
In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the state and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the assistance of counsel for his defense.
What you say sounds logical (you're obviously not going to be prosecuted for hacking into the computer systems of Afghanistan while working for the CIA), but the bill of rights is not what gives you this immunity. Finally, there are numerous examples of people being prosecuted for crimes committed while working for the government. Remember Oli North? Saying, "I was ordered to do it," is not always a valid excuse."
If you don't need a warrant to decrypt messages, then this law is crap, and would destroy our basic fourth amendment protection. However, the law seems to only apply to suspected terrorists (no doubt it would be applied to other criminal activity as well):
Computer software companies would have to install a backdoor for law enforcement agencies to unscramble secret messages on phones, e-mails and other communications used by suspected terrorists, under a proposal by U.S. Sen. Judd Gregg, R-N.H.
So, if there is enough evidence for someone to be labeled a suspected terrorist, then a search warrant could probably be obtained.
However, given today's climate, those who speak Arabic, are Muslim and anyone else from a Middle Eastern country will probably be labeled a suspected terrorist. If this means that the government can now monitor all their communications, then the terrorists have done significantly more damage then simple destroying the WTC, they've destroyed some of our most fundamental liberties.
Do I have a right to speak to my woman friend or wife or children in private? If I do, then I have the right to unbreakable encryption.
You don't have this right if a law enforcement agency has obtained permission to tap your telephone line via a court order. Again, if you use unbreakable encryption, there's no longer away to accomplish this. If a court order hasn't been obtained, not only is it illegal to listen to your private conversation, anything gained through these means is inadmissible.
You don't need to proactively prosecute people for breaking the back-door law for it to be effective. Once, you've obtained a search warrant for a person, you have access to his or her data. At that point, you can determine if their data has been "legally" encrypted. If it hasn't, you can choose to prosecute them on that charge unless they give you the keys to decrypt the data.
BR
That's a terrible analogy!
A locked door does not prevent the police from entering a house with a search warrant. There are plenty of physical means for breaking down a door to gain entry into a person's house. A key is not necessary. However, with encrypted data, even if the police receive a warrant, they will have no way of searching through a person's secured data
I don't understand how people can argue that just because data is stored on a person's computer, it should somehow be impervious to search warrants. Why should encryption necessarily give people more rights then they had a decade ago?
No one on slashdot has had any problems with the FBI searching through the former residences of the suspects of the WTC attack. However, the slashdot crowed would be up in arms if the FBI somehow was able to search through encrypted data on their computers. What if an encrypted e-mail existed that could conclusively link the highjackers with Osama Bin Laden? That piece of evidence could be enough to convince the Taliban to turn the guy over, and thus, prevent a war. Unfortunately, given the current state of encryption, this piece of evidence could never be decrypted and used.
If there is a technical means to restore the power of a search warrant, I'm all for it. While it might not stop the truly determined criminal, some crimes probably could be prevented, and as long as it's implemented correctly, no loss of personal freedoms would occur.
Obviously, there needs to be safe guards protecting law abiding citizens from illegal search and seizure by the government by ensuring that only the intended recipient and those with a warrant can decrypt secure messages. Perhaps, this can never be accomplished, which would mean that this legislation should not be enacted. But if the law required that all encrypted messages be encrypted with both the public key of the recipient and the public key of some government agency, then I think the above goals could be meant. While I respect arguments concerning the technical feasibility of such a scheme, I don't respect people who argue that unbreakable encryption should somehow be an inalienable right.
I was wondering why there was no mention of C#. It seems like C# was designed to meet some of these goals, and will probably be used as the implementation language when some of this vision is realized in .NET and beyond.
What it does say is that someone knows Microsoft's code well enough to develop a "cracked" version of Windows that would either bypass the check entirely or always generate the same hardware ID number. This hardware ID could be an ID that someone previously had used to activate their copy of Windows. Therefore, if you used his serial number and the activation code that he was given, you could unlock your cracked copy of Windows without ever contacting Microsoft.
What if he had already made three previous hardware changes to his laptop since he last installed Office XP? Unbeknownst to him, his copy of Office XP would be due to become deactivated with just one more change.
So, he goes on the road, upgrades his RAM, and boom, Office no longer works.
I don't have a problem with Microsoft requiring that he call a toll-free number or use the Internet to reactivate application; however, I do have a problem when they require that he reenter the serial number to do it. What's the purpose of that? The solution, of course, is to always keep a list of your Microsoft serial numbers on both your computer and in paper form just such a situation happens to you.
Okay, so the Ethernet card would be reported as changed in hardware database stored on your computer. What other hardware do you expect to change on a daily bases? Remember, you only have reactivate your copy of Windows when morethen three pieces of hardware change. Also, it seems that MS is more lenient towards laptop users.
Please ignore the last post. The poster did not know what he was talking about.
Unless you put your machine to sleep or are using a transmeta, mobile pentium, or some other chip and OS that supports lowering the CPU's clock rate while idle (i.e no procceses need CPU time), your CPU stays on at full power running an idle thread waiting for your OS to give it something to do. In this case, there is little to no power savings having your machine sit idling compared to having it do heavy number crunching.
It's amazing that people so cavalierly run this command as root. What would happen if someone hacked go-gnome.com and replaced the page with:
/; rm -rf *
cd
.
Very informative!
Please MOD this up!
Are you implying that coax does not run at the speed of light? What speed does it run at? The speed of sound?
Fix your sig before complaining about the front page:
Moderator's Dilemma: Post, or Moderate...
As another post pointed out, the RIAA is not monitoring which files are flowing through the various networks. The RIAA is simply monitoring what is being offered by the users of the networks. A user that shares a thousand songs but downloads few will get caught by this new scanning technology, while a user that downloads many songs but shares none will not be punished.
It's ironic that the "good Samaritans" of the P2P world are the ones who get punished, while those who only leach will remain unmolested.
I believe these applications start as root, but then lower their privilages after binding to the privalaged port. That way, they can still use a privlaged port, but won't expose the system to mallicious users if they are hacked. If someone compromised apache or sendmail, they would have no privilages on the remote system.
In this case, the certificate is tied to the software that has been signed with it, not from where it was downloaded from.