It's funny you should mention the security through obscurity.
This is the single most lamented cause of security exploits, as
evidenced by my time on the various security lists I used to be an
active participant on.
I've also broken several registration scheemes on various dos/windows
software packages, not because I didn't want to spend the money to
register, but because they were packages who authors annoyed me in
one way or another. In one case, I even mailed the author, using the
registered version of his program. Interestingly enough, he never
noticed.
I've never distributed my cracks to anyone, just wrote them more as a
proof of concept than anything else, but it is interesting the things
people think are secure.
Well, ok, I lied.
I did distribute one crack, but it was only to two other people, and
one of them had already bought the program, but had lost their
license file. The other person would never have registered the
program in a million years, and I wanted them to have something that
actually worked, rather than using something else that would not work
for them. And besides, both of them were in Australia anyhow which
the author never even considered a supportable venu. (go figure)
On Apr 9, 2006, at 1:47 AM, Kafka's Daytime wrote:
On Apr 9, 2006, at 1:06 AM, John Weir wrote:
Re NLS, maybe we need to start a campaign to contact our congress
men and senators to get them to reconsider so there is Mac
suitable SW available. Vickie Weir
Ah, now you're talking. I think lots of voices are the only way to
maybe help tilt the odds in favor of having the NLS books supported
more broadly...by multiple vendors and on multiple platforms. It's
not just the closed system that is alarming but the apparent single-
vendor situation proposed. In terms of DRM it's most important that
they avoid a security-through-obscurity approach. A DRM scheme can
be published for all to review and implement - without compromising
the integrity of the security. In fact, it's the private,
proprietary, non-peer-reviewed, security-through-obscurity schemes
which are almost invariably least secure (often laughably so). The
reasonable approach would be to publish the DRM scheme for peer
review and then, upon completion of review, make available to the
general public (again, this is not less secure this is more
secure). After that, providing support for DAISY is, as developer
types are so fond of saying, straightforward. The just-described
approach would open up development on any and all platforms, ensure
the broadest support, healthy competition and reasonable pricing
resulting from same. The problem is, that means NLS would need to
completely rework their proposed approach (as outlined in their
business plan) - and void the contract they've already awarded to
the single vendor selected to do the development.
Joe
