I had an idea along those lines once. The gist of it was that when someone comitted a crime, they'd be put in a big facility designed to contain them for a long period of time. Throughout this duration, they are not a threat to the general public. If, after having been contained there for many years, they are deemed safe, they could be released, at which point they become citizens again and enjoy those fancy shmancy civil liberties.
Oh, and they shouldn't have access to children in the big facility. That would probably negate the benefits of the system.
> "this many usb sticks with undetected exploit-ware on them would cause a lot of havoc!"
It cannot *possibly* be worse than the analogous situation for Microsoft Windows. Botnets will exist whether or not there are widely-exploited holes in Open Office.
By that logic, a device is just a series of atoms arranged in a particular way, so all patents can be invalidated on the grounds of prior art by the universe. Let's not go overboard.
And yes it was both the tune and lyrics that changed in that Futurama episode. Although Fry faithfully followed up with "And you smell like one too", sung to the last part of the original melody.
"There is a 1935 copyright registration for "Happy Birthday to You", as a work for hire by Preston Ware Orem for the Summy Company (the publisher of "Good Morning to All"). "Good Morning to All", however, was published in 1893 and is public domain by U.S. statute. The current owner of the 1935 copyright believes that one cannot sing "Happy Birthday to You" lyrics for profit without paying royalties. Except for the splitting of the first note in the melody "Good Morning to All" to accommodate the two syllables in the word happy, melodically "Happy Birthday to You" and "Good Morning to All" are identical."
"Neither the words nor the music of "Good Morning to All" is copyrighted under U.S. federal statute."
So it seems that they won the copyright over Happy Birthday due to the similarity in the tune, yes. However, that tune has since fallen into the public domain, and it is merely the lyrics that remain protected.
... Don't you think that joke would've been better saved for somewhere where it might have made sense? Like if I were talking about one of the many evil corporations that we all love to hate? Or an entity that has demonstrated extreme douchebaggery by suing someone for quotation? Are you suggesting that Matt Groening and company would litigate their fans over something like that? Or that the networks want to kill off their viewer base?
Hence the purpose of a trusted third party. Just because there are (always will be) organizations that will exploit the data doesn't mean there aren't (never will be) organizations that don't. It's a matter of finding the trusted party and not allowing anyone else access to your data.
It's funny how on the one hand we hate targeted advertising because it's an invasion of privacy and you can't trust the security of the data that a company keeps about you; and on the other hand, we hate untargeted advertising just as much for spamming us with irrelevant and annoying messages. I wonder if it'd ever be possible to register our data and preferences with some sort of trustworthy neutral party, and have advertising routed through them so that the business models that depend on it can still survive while we're not bored to pieces or abused by marketting companies.
It's not a vertical expansion on the part of the content producers. It's the entire industry. They've been moving in this direction for years - Just look at the current playing field:
- All commercial discs are encrypted under a nearly universal proprietary system, that is managed by a central authority responsible for controlling licensed players and ensuring the integrity of the platform. They continue to refine the model, learning from the mistakes of the last generation (CSS). - Vista's image constraint token. This is of course just the tip of the iceberg. Microsoft will continue adding more and more DRM-compatible features, although I'm not sure how long they'll space them apart. - HDCP. Proof that they have an interest in secure hardware. Combine this with additional memory protection in a trusted operating system, and the trusted computing chip that is becoming standard in hardware, and you'll soon have an environment in which the player keys embedded in software won't be extractable with a debugger, or similar attacks. Nor will the data itself, of course. (Note that I have no problem with the trusted computing chip (whatever the acronym for it is these days) by itself, as it is just a multi-purpose feature.)
The main thing standing in their way is time. They have to move gradually, or else they risk upsetting users by making them more aware of the landscape than they need to be. For example, studios are not yet using HDCP/ICT; they are voluntarily waiting a few years. The point is that it shouldn't be too difficult to see that these DRM platforms will become much more difficult to deal with - in terms of bypassing them technologically - in the near future.
Furthermore, even if we suppose that DRM were futile from a technological standpoint, you have to keep in mind that this is a war. DRM is a very important strategic chip, as are the mass lawsuits against file-sharers. Do you think the RIAA believed that they were losing significant revenue to file sharers, or that prosecuting them individually would suddenly transform the world into one that worked for them? It's always a battle, in that case one of public perception. They fought to embed the idea in the public's mind that file sharing was Wrong, and that violators would be prosecuted. And over time, this idea becomes embedded into our culture, that IP rights are more important, extensive, and exclusive than we originally valued them to be.
On that note, for an excellent history of how the dominant powers in any given generation try to hold on to or extend that power, read Lawrence Lessig's "Free Culture". (I wish I had finished it before the semester started; now I'll have to wait till the summer.) It really gives you a great picture of how content creators, owners, and distributors push the envelope over long periods of time, leaving us with the counter-intuitive, locked-down, and downright ugly system that we have today.
Certainly true. But "breakable" in an absolute mathematical sense is different from breakable in a practical one. I never made the claim that the DRM systems of the future will never be circumvented under ANY circumstances. But it is a great leap indeed to call a merely theoretically assailable system broken, unworkable, or hopeless.
Really, the reason I did not use the word "tamper-proof" was because I felt it would be too strong of a term or overkill for the value of the content being protected. If that is the only flaw you can find with DRM in general, then go ahead and make the substitution if it makes you happy.
Now in retrospect the GGP, Lysergic, did use the word "theoretical", but I interpreted it to be synonymous with "fundamental", as if DRM was actually trivially proven to be worthless. So to be clear: I'm not claiming that there will necessarily be a perfect DRM system that is 100% unassailable. I'm claiming that DRM will certainly become better in the coming years, and the reason it has been bearable up to this point is that it can still be broken by Joe Expert Hacker, and the fruits of that accomplishment are still useful to other people. But this won't necessarily always be the case, if they make the system sophisticated enough. Once again, the technology IS there. We're just stuck waiting for them to push it on us.
I'm so tired of everyone screaming that DRM is inherently futile. Putting aside the issue of analog copying and assuming that the goal is to prevent perfect uncontrolled digital copying, DRM is a very real and workable system, so long as the entire platform is trusted. Digital signatures, encryption, authorization confirmation over networks, trusted hardware, tamper-resistant hardware - all the required tools exist, it'll just be a few more years before they're ready for mass consumer (forced) adoption. But the time will come when it will be much more difficult to decrypt protected content than its worth, even for a hobbyest with the resources.
What makes you think the encryption was cracked? To be cracked, there has to be an efficient way to extract plaintext without brute-force and without the secret key. So far it just seems like he read keys out of memory and applied them, just like DeCSS did. It was expected by the AACS people that this would happen, hence the ability to revoke player keys.
The article takes care to mention that this is not the end of AACS, but merely the beginning of a chase. I don't know why you think the game's over.
> The Free Standards Group (FSG) signed an agreement to combine forces with Open Source Development Labs (OSDL) to form a new organization -- The Linux Foundation.
It may not have been good for you, but I feel like I need a cigarette after reading that.
Er... No, it's not. As good as cynicism is for the soul, and as much as I like to bash all reality for not living up to my expectations, especially when it comes to software; You're overlooking the meaning of the word "inherent", treating it as if it's just means "very". For instance, networked services that trust the client to behave properly when the users are untrusted and control the client, are inherently insecure. Whereas as a system that makes good use of cryptography, validates input correctly, etc., may have issues in the implementation details but is fundamentally far more secure. To think otherwise is to ignore the difference between design/theory and implementation.;)
So in this case, I mean that there is an important difference between discovering just one more flaw among many others in a poorly designed system that will always have problems, and discovering a fundamental flaw whose presence makes an actual difference in the security of the system, and that if resolved would improve/restore confidence. I'm not suggesting that if no known flaws exist then there aren't any, for that would indeed ignore reality. Rather, the important thing is that the flaw makes the difference between a secureable system and an insecureable one. If you're going to state that once all known flaws are accounted for that there must still be unknown ones, then you've abandoned all hope in ever achieving security.
I realize there are ways to find such simple flaws as integer mistakes and buffer overflows, that's why I added the qualification "and whatever their modern successors are". For a complex piece of software, I don't think it's currently possible to demonstrate its security/reliability to a certainty even if it has an unlimited budget - although I am not disagreeing with your claim that it is economically unfeasible to even make an attempt.
Anyway, regardless of how easy or difficult it is to eliminate the mundane problems, the point still stands that they will be a problem whether or not one more person steps up and announces that he found a hole. It's a different scenario than what we have here, where someone is (supposedly) demonstrating flaws in one of the cornerstones of today's hashing algorithms. This person's research makes the subject more secure, not less.
Time for a corny slashdot analogy: If you're trying to secure swiss cheese, you may be justified in shooting the people who document the location of the holes, rather than trying to patch them all up. Replace that with a donut, and you may want to reward the person who shows you the opening in the middle, so that you can cover it up and go back to a state of relative security.
I have a related question: If SHA-1 were suddenly made useless in a heartbeat, specifically what systems would fail? It'd probably be an issue for/etc/shadow and any systems that use it for password storage and checking, but what else besides that would crumble? Is it used within other protocols like RSA or AES?
I think there's a difference in the way the government would treat someone who finds a critical vulnerability in an otherwise secure system, and someone who find just another practical exploit in an inherently insecure system.
The reason businesses and governments don't appreciate the work of some Joe Researcher who finds another buffer overflow vulnerability is that they are a dime a dozen and impossible to eliminate entirely, so rather than go after the bug they go after the guys who find and publish them. Without these white-hat hackers, the black-hats have less ammunition.
Compare this to breaking a hash algorithm, where the security repercussions are not specific to any one application, but rather a whole domain that was previously thought to be secure. If you persecute a researcher in that field, you don't stop some major government intelligence agency from financing the same kind of research with even worse results, as they wouldn't be so public about it once they reach a conclusion.
However hopeless hash researchers think their field is, it can't be nearly as bad as trying to secure software implementations of buffer overflows (and whatever their modern successors are). Mundane flaws like that will always exist, so publishing specific information about them doesn't really help too much. Systematic, interesting flaws like this one however, are much more important and should be made public.
I believe my college (RPI) has a/16 or two, but I'm vague on the details. We're also visible yet firewalled from the public Internet. At least this means dyndns works within the network. If I need to access something on my personal machine from the outside, I generally log into one of my accounts on the school's network and proceed from there. So I can indirectly access files and what not, but not a game server.
We're (currently or at least recently) ranked among the top ten most wired campuses. Apparently this means 10 Mb/s networks in the residence halls. Oh well, the uplink from there is still good enough to make many FPS gamers jealous.
It's still just another form of reproducible digital authentication. The only thing standing between a random cyber criminal and your picture (or video) is encryption, and that doesn't work if they have infected and compromised your computer anyway.
We don't need any revolutions from flash. The technology we need is already here - client side certificates, hardware crypto dongles, etc - We just need to start using it.
Slashdot Mirror
I had an idea along those lines once. The gist of it was that when someone comitted a crime, they'd be put in a big facility designed to contain them for a long period of time. Throughout this duration, they are not a threat to the general public. If, after having been contained there for many years, they are deemed safe, they could be released, at which point they become citizens again and enjoy those fancy shmancy civil liberties.
Oh, and they shouldn't have access to children in the big facility. That would probably negate the benefits of the system.
> "this many usb sticks with undetected exploit-ware on them would cause a lot of havoc!"
It cannot *possibly* be worse than the analogous situation for Microsoft Windows. Botnets will exist whether or not there are widely-exploited holes in Open Office.
By that logic, a device is just a series of atoms arranged in a particular way, so all patents can be invalidated on the grounds of prior art by the universe. Let's not go overboard.
And yes it was both the tune and lyrics that changed in that Futurama episode. Although Fry faithfully followed up with "And you smell like one too", sung to the last part of the original melody.
Or, if you're an optimist, that the absurdly strong powers of copyright holders to "protect" their works ended up causing the public to abandon them.
Wikipedia disagrees. http://en.wikipedia.org/wiki/Happy_Birthday_to_You
"There is a 1935 copyright registration for "Happy Birthday to You", as a work for hire by Preston Ware Orem for the Summy Company (the publisher of "Good Morning to All"). "Good Morning to All", however, was published in 1893 and is public domain by U.S. statute. The current owner of the 1935 copyright believes that one cannot sing "Happy Birthday to You" lyrics for profit without paying royalties. Except for the splitting of the first note in the melody "Good Morning to All" to accommodate the two syllables in the word happy, melodically "Happy Birthday to You" and "Good Morning to All" are identical."
"Neither the words nor the music of "Good Morning to All" is copyrighted under U.S. federal statute."
So it seems that they won the copyright over Happy Birthday due to the similarity in the tune, yes. However, that tune has since fallen into the public domain, and it is merely the lyrics that remain protected.
... Don't you think that joke would've been better saved for somewhere where it might have made sense? Like if I were talking about one of the many evil corporations that we all love to hate? Or an entity that has demonstrated extreme douchebaggery by suing someone for quotation? Are you suggesting that Matt Groening and company would litigate their fans over something like that? Or that the networks want to kill off their viewer base?
Not the tune, just the lyrics. That's why Futurama sang a different variant in the episode with Nibbler's Birthday.
One of these days, I may very well be able to post on slashdot without citing Futurama. That day is not today.
Then I have already failed, by replying to you.
I remind you that the universe exists because Bruce Schneier needed a reference platform. Anyway, http://geekz.co.uk/schneierfacts/fact/126.
Hence the purpose of a trusted third party. Just because there are (always will be) organizations that will exploit the data doesn't mean there aren't (never will be) organizations that don't. It's a matter of finding the trusted party and not allowing anyone else access to your data.
It's funny how on the one hand we hate targeted advertising because it's an invasion of privacy and you can't trust the security of the data that a company keeps about you; and on the other hand, we hate untargeted advertising just as much for spamming us with irrelevant and annoying messages. I wonder if it'd ever be possible to register our data and preferences with some sort of trustworthy neutral party, and have advertising routed through them so that the business models that depend on it can still survive while we're not bored to pieces or abused by marketting companies.
I'd call people exchanging zygote's some variant of "transfertilization". I'd call people contributing gametes "sex".
> "is a company following through on its claims really so shocking"
Yes. Yes it is
Fool. Bruce Schneier could still watch it.
It's not a vertical expansion on the part of the content producers. It's the entire industry. They've been moving in this direction for years - Just look at the current playing field:
- All commercial discs are encrypted under a nearly universal proprietary system, that is managed by a central authority responsible for controlling licensed players and ensuring the integrity of the platform. They continue to refine the model, learning from the mistakes of the last generation (CSS).
- Vista's image constraint token. This is of course just the tip of the iceberg. Microsoft will continue adding more and more DRM-compatible features, although I'm not sure how long they'll space them apart.
- HDCP. Proof that they have an interest in secure hardware. Combine this with additional memory protection in a trusted operating system, and the trusted computing chip that is becoming standard in hardware, and you'll soon have an environment in which the player keys embedded in software won't be extractable with a debugger, or similar attacks. Nor will the data itself, of course. (Note that I have no problem with the trusted computing chip (whatever the acronym for it is these days) by itself, as it is just a multi-purpose feature.)
The main thing standing in their way is time. They have to move gradually, or else they risk upsetting users by making them more aware of the landscape than they need to be. For example, studios are not yet using HDCP/ICT; they are voluntarily waiting a few years. The point is that it shouldn't be too difficult to see that these DRM platforms will become much more difficult to deal with - in terms of bypassing them technologically - in the near future.
Furthermore, even if we suppose that DRM were futile from a technological standpoint, you have to keep in mind that this is a war. DRM is a very important strategic chip, as are the mass lawsuits against file-sharers. Do you think the RIAA believed that they were losing significant revenue to file sharers, or that prosecuting them individually would suddenly transform the world into one that worked for them? It's always a battle, in that case one of public perception. They fought to embed the idea in the public's mind that file sharing was Wrong, and that violators would be prosecuted. And over time, this idea becomes embedded into our culture, that IP rights are more important, extensive, and exclusive than we originally valued them to be.
On that note, for an excellent history of how the dominant powers in any given generation try to hold on to or extend that power, read Lawrence Lessig's "Free Culture". (I wish I had finished it before the semester started; now I'll have to wait till the summer.) It really gives you a great picture of how content creators, owners, and distributors push the envelope over long periods of time, leaving us with the counter-intuitive, locked-down, and downright ugly system that we have today.
Certainly true. But "breakable" in an absolute mathematical sense is different from breakable in a practical one. I never made the claim that the DRM systems of the future will never be circumvented under ANY circumstances. But it is a great leap indeed to call a merely theoretically assailable system broken, unworkable, or hopeless.
Really, the reason I did not use the word "tamper-proof" was because I felt it would be too strong of a term or overkill for the value of the content being protected. If that is the only flaw you can find with DRM in general, then go ahead and make the substitution if it makes you happy.
Now in retrospect the GGP, Lysergic, did use the word "theoretical", but I interpreted it to be synonymous with "fundamental", as if DRM was actually trivially proven to be worthless. So to be clear: I'm not claiming that there will necessarily be a perfect DRM system that is 100% unassailable. I'm claiming that DRM will certainly become better in the coming years, and the reason it has been bearable up to this point is that it can still be broken by Joe Expert Hacker, and the fruits of that accomplishment are still useful to other people. But this won't necessarily always be the case, if they make the system sophisticated enough. Once again, the technology IS there. We're just stuck waiting for them to push it on us.
I'm so tired of everyone screaming that DRM is inherently futile. Putting aside the issue of analog copying and assuming that the goal is to prevent perfect uncontrolled digital copying, DRM is a very real and workable system, so long as the entire platform is trusted. Digital signatures, encryption, authorization confirmation over networks, trusted hardware, tamper-resistant hardware - all the required tools exist, it'll just be a few more years before they're ready for mass consumer (forced) adoption. But the time will come when it will be much more difficult to decrypt protected content than its worth, even for a hobbyest with the resources.
What makes you think the encryption was cracked? To be cracked, there has to be an efficient way to extract plaintext without brute-force and without the secret key. So far it just seems like he read keys out of memory and applied them, just like DeCSS did. It was expected by the AACS people that this would happen, hence the ability to revoke player keys.
The article takes care to mention that this is not the end of AACS, but merely the beginning of a chase. I don't know why you think the game's over.
> The Free Standards Group (FSG) signed an agreement to combine forces with Open Source Development Labs (OSDL) to form a new organization -- The Linux Foundation.
It may not have been good for you, but I feel like I need a cigarette after reading that.
Er... No, it's not. As good as cynicism is for the soul, and as much as I like to bash all reality for not living up to my expectations, especially when it comes to software; You're overlooking the meaning of the word "inherent", treating it as if it's just means "very". For instance, networked services that trust the client to behave properly when the users are untrusted and control the client, are inherently insecure. Whereas as a system that makes good use of cryptography, validates input correctly, etc., may have issues in the implementation details but is fundamentally far more secure. To think otherwise is to ignore the difference between design/theory and implementation. ;)
So in this case, I mean that there is an important difference between discovering just one more flaw among many others in a poorly designed system that will always have problems, and discovering a fundamental flaw whose presence makes an actual difference in the security of the system, and that if resolved would improve/restore confidence. I'm not suggesting that if no known flaws exist then there aren't any, for that would indeed ignore reality. Rather, the important thing is that the flaw makes the difference between a secureable system and an insecureable one. If you're going to state that once all known flaws are accounted for that there must still be unknown ones, then you've abandoned all hope in ever achieving security.
I realize there are ways to find such simple flaws as integer mistakes and buffer overflows, that's why I added the qualification "and whatever their modern successors are". For a complex piece of software, I don't think it's currently possible to demonstrate its security/reliability to a certainty even if it has an unlimited budget - although I am not disagreeing with your claim that it is economically unfeasible to even make an attempt.
Anyway, regardless of how easy or difficult it is to eliminate the mundane problems, the point still stands that they will be a problem whether or not one more person steps up and announces that he found a hole. It's a different scenario than what we have here, where someone is (supposedly) demonstrating flaws in one of the cornerstones of today's hashing algorithms. This person's research makes the subject more secure, not less.
Time for a corny slashdot analogy: If you're trying to secure swiss cheese, you may be justified in shooting the people who document the location of the holes, rather than trying to patch them all up. Replace that with a donut, and you may want to reward the person who shows you the opening in the middle, so that you can cover it up and go back to a state of relative security.
I have a related question: If SHA-1 were suddenly made useless in a heartbeat, specifically what systems would fail? It'd probably be an issue for /etc/shadow and any systems that use it for password storage and checking, but what else besides that would crumble? Is it used within other protocols like RSA or AES?
I think there's a difference in the way the government would treat someone who finds a critical vulnerability in an otherwise secure system, and someone who find just another practical exploit in an inherently insecure system.
The reason businesses and governments don't appreciate the work of some Joe Researcher who finds another buffer overflow vulnerability is that they are a dime a dozen and impossible to eliminate entirely, so rather than go after the bug they go after the guys who find and publish them. Without these white-hat hackers, the black-hats have less ammunition.
Compare this to breaking a hash algorithm, where the security repercussions are not specific to any one application, but rather a whole domain that was previously thought to be secure. If you persecute a researcher in that field, you don't stop some major government intelligence agency from financing the same kind of research with even worse results, as they wouldn't be so public about it once they reach a conclusion.
However hopeless hash researchers think their field is, it can't be nearly as bad as trying to secure software implementations of buffer overflows (and whatever their modern successors are). Mundane flaws like that will always exist, so publishing specific information about them doesn't really help too much. Systematic, interesting flaws like this one however, are much more important and should be made public.
I believe my college (RPI) has a /16 or two, but I'm vague on the details. We're also visible yet firewalled from the public Internet. At least this means dyndns works within the network. If I need to access something on my personal machine from the outside, I generally log into one of my accounts on the school's network and proceed from there. So I can indirectly access files and what not, but not a game server.
We're (currently or at least recently) ranked among the top ten most wired campuses. Apparently this means 10 Mb/s networks in the residence halls. Oh well, the uplink from there is still good enough to make many FPS gamers jealous.
It's still just another form of reproducible digital authentication. The only thing standing between a random cyber criminal and your picture (or video) is encryption, and that doesn't work if they have infected and compromised your computer anyway.
We don't need any revolutions from flash. The technology we need is already here - client side certificates, hardware crypto dongles, etc - We just need to start using it.