Re: Fact checking
Damian Gerow wrote: Why bother putting something up in a library? Chances are, if someone's reading it there, they're already somewhat knowledgable about the candidates. Or heck, maybe they're even there to do /research/ on them! [...] I don't see any way to educate the mass public. Indeed, why bother? How about a system that removes your right to vote if you haven't exercised it in the last 3 elections? That way you cut out all those who really don't care, and provide an incentive for those who might. Nothing grabs attention like threatening to remove /privileges/, even if they don't actually get used. Make sure there's a handy abstain option for those who want to get the point across about lack of choice, and maybe a space to say why, too. Then stick the (anonymous) reasons up in a publicly-viewable space and eh, instant feedback. Or something. .g -- I have practysed lerned at my grete charge dispense to ordeyne this said book in prynte that every man may have them attones. - W. Caxton
BBC on all-electronic Indian elections
Current report: http://news.bbc.co.uk/1/hi/world/south_asia/3641419.stm The tech: http://news.bbc.co.uk/1/hi/world/south_asia/3493474.stm Bit scant on details.. anyone know anything more about how the machine (/system) is fully tamper-proof? .g -- I Me My! Strawberry Eggs
Hey be careful, I have three bombs in here
Surprised this hasn't gone through the list yet. Did it get much coverage in the US? http://news.bbc.co.uk/1/hi/england/shropshire/3415525.stm 'According to the arrest report, Miss Marson placed her bag on the belt at a security check, telling a Transportation Security Administration screener: Hey be careful, I have three bombs in here 'Sergeant Joe Wyche from Miami Airport Police told BBC Midlands Today .. Before 9/11 we took it seriously - after 9/11 there's no room for kidding or joking, if that's the person's intention, so it's taken in a serious manner.' [Also compare the report of her allegedly repeating the joke twice more when confronted by officials with another report claiming that authorities asked her what she had said. Twice.] -- Know thy shelves.
Re: QuizID
On Thursday 17 Oct 2002 3:15 pm, Adam Shostack wrote: http://news.bbc.co.uk/2/hi/technology/2334491.stm and www.quizid.com [snip] The card works in conjunction with the Quizid vault - a large collection of computers that can process 600 authentications per second. The system cost millions of pounds to develop. (Oooh! six hundred! Impressive! :) Although the tech info page at the quizid site claims Benchmarked at 300 authentications per second... I don't see anything on their site about the technology, but I do question if 4 colored buttons, with a probable pin length of 4-6, is Five-digit colour key using three different colours leading to 243 individual combinations - the five digits is a default apparently. Also locks the card after 5 attempts. Just waiting for the Simon hack for wholesome downtime repetition fun. It's just about cute enough to make it into the pockets of the masses, along with their phones, PDAs, binoculars...
Re: Interesting KPMG report on DRM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Gutmann wrote: | KPMG have a report The Digital Challenge: Are You Prepared? available at | http://www.kpmg.com/news/index.asp?cid=660 [snip] | Media companies have so far failed to pioneer new business models that would | rob piracy of its appeal. Preoccupied with defending the barricades against | pirates, the industry has shown a deficit of creativity and innovation in | rolling out products and services that can compete with the pirates. Clearly the opportunities being presented right now are vast - the major players are dilly-dallying, trying to hold onto their tangible distribution schemes like they're catching water with a sieve, and all the while the systems they try (sometimes successfully) to shut down evolve continuously to couteract their moves. To the extent that the traditional companies are pursuing those they can - via lawsuits, new rules and fake files - relatively little has been achieved from a user point of view that wasn't in place a couple of years ago (i.e. post Napster). p2p is still considered an illegal idea. We've seen Kazaa introduce a peer-based trust scheme (the integrity column in v2), but now is the perfect time for such protocols to grab the initiative and start undermining traditional systems, in an effort to prove the flaws of the backwards-thinking highlighted by the KPMG report. Implement a peer review system of media files, for example - this is little different to the Integrity rating above, but with a relatively minute adaptation it could be shaped, and used to link to review texts, genres, sell-throughs... Similarly, artists would be encouraged by the new process if schemes such as musiclink.com were easily accessible within p2p programs, if the users were aware of what was possible. The point is that the channels opened by the public want of free goods can, and should be readily adapted to encapsulate an entirely new philosophy, independent of the media companies' monopolies. Otherwise, DRM will trudge into place like a fat unwanted house guest, and we'll be stuck with the way things ever were. .g -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (MingW32) Comment: http://enigmail.mozdev.org - public key http://www.exmosis.net iD8DBQE9oaBawT+AXPPRTIgRAgrKAKDSjetBLaZjctLh87gFUrr/zYTKOgCggDoc F2G/4alL+yPmG6OnIX/eQw8= =Ml17 -END PGP SIGNATURE-
Re: JYA ping
Eugen Leitl wrote: On Wed, 2 Oct 2002, Anonymous wrote: Cryptome has nor been updated since 9/23 ... any clues, anyone ? No. Anyone knows whether John Young is okay? Can't get through to http://www.jya.com/ either (plus Google hasn't cached it, for some reason...?) - can't resolve it at all.
RC5-64 solved
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just noticed on /. that distributed.net wound up 4 years of intense CPU cycles, by getting the key to RSA's RC5-64 challenge. Distributed.net release: http://www.distributed.net/pressroom/news-20020926.html On 14-Jul-2002, a relatively characterless PIII-450 in Tokyo returned the winning key to the distributed.net keyservers. The key 0x63DE7DC154F4D03 produces the plaintext output: ~~The unknown message is: some things are better left unread Unfortunately, due to breakage in scripts (dbaker's fault, naturally) on the keymaster, this successful submission was not automatically detected. It sat undiscovered until 12-Aug-2002. The key was immediately submitted to RSA Labs and was verified as the winning key. .g - -- I look at your tanks, at the snipers, at the whole army, and feel joy. Because I know that these two rooms, in which we are huddled together, are stronger than all this might. - Tawfiq Tirawi -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9kzjcwT+AXPPRTIgRAp0DAKCFFkATGFsZeGZBwH45LTjz7tsmbgCfRWtG /9JbYOtw5OAcGQOL9AZyh4I= =X9e5 -END PGP SIGNATURE-
Re: Hollywood Hackers
Anonymous wrote: On Tue, 30 Jul 2002 20:51:24 -0700, you wrote: When we approve a file, all the people who approved it already get added to our trust list, thus helping us select files, and we are told that so and so got added to our list of people who recommend good files. This gives people an incentive to rate files, since rating files gives them the ability to take advantage of other people's ratings. [...] A better approach is for the downloader to create his own trusted list, along the lines of PGP web of trust. Ideal for exactly this application. The downloader can add and subtract from the trusted signer list at will, with no central control. Since one must expect some trusted signers to get busted and move to the dark side under court order, such downloader control is necessary. One practical method that has been, and still remains popular it seems, is a trusted hub approach. DirectConnect, as a more recent example, allows anyone to set up a central hub, and then filter the people connecting to it (e.g. by amount of files shared, or by personal acquaintance), in a very localised peer-2-peer group. This is the same tactic adopted by pre-Napster set-ups such as IRC channels, et al. The obvious downside is immediate choice. Obscurity is naturally exaggerated in comparison to a completely open network. However, smaller groups tend to encourage increased validity of files being offered, especially when only a small number of those people are offering it. This obscurity can be countered in a number of ways - chained networking, in that one person can be in many groups and thus has access to a wider range, coupled with an anonymous request/barter-driven facility would decrease obscurity without losing much of the validity implicit in trusted groups. History suggests that even in such fragmented environments, content can travel to as many people in as short a time as an open network. Under this scenario, the opportunities to spread false files are much more limited, as their scope from origin would be more contained, probably averaging 2 or 3 interlinked groups at most. Not perfect, clearly. But it does seem to be the surviving philosophy.
Re: FC: Hollywood wants to plug analog hole, regulate A-D
Mike Rosing wrote: On Mon, 3 Jun 2002, Dave Emery wrote: And telling the public that they face serious jail time if they don't turn in that Creative Soundblaster from the old PC in the attic closet isn't going to fly. The sheeple may be sheep but even they aren't going to accept that kind of nonsense from Hollywood or any corrupt congress. I'd even venture to say that if this issue breaks out into the big time and the public really is faced with crippled devices that don't work and mandatory obselescence of existing expensive computer and entertainment systems with potential jail time for use of old equipment that the backlash will be so intense that raw public votes will control over Hollywood money. I think that's what boils down to the bottom line. Because there are so many units in place that can do the bypass, there will be enough time to create a backlash. There's already a backlash on protected CD's, mostly by consumers who can't play them on older CD players. It's just And/or indeed, on newer players. In the UK at least (http://uk.eurorights.org/issues/cd/docs/celdion.shtml) the new generation of anti-theft CDs have been reported to be useless on modern DVD players/car stereos, by design. Some older players either lack the feature or are less sensitive, I assume, so can be ok. It's just a case of matching a technology with the right player... So not content with limiting public demand for new hardware (a minor issue), the extra precautions actively encourage consumers to not buy legal content. Woo. Better to get illegal content that you can do what you want with. With regards to the analog[ue]/digital stop-gapping, r o f l m a o. This would be just as effective as, ooh, copy-protecting CDs? Oh, humm... Chasing down peer-to-peer outfits? Uhh... Trying to ban videos? Oh, wait... Firstly, in order to prevent widespread ripping of analog signals through disabling mass consumer device, there needs to /be/ mass consumer ripping. How many people do you know who actually go to the trouble of transferring their taped episodes/films onto their PC? It's not as simple as grabbing mp3s. As with other such distribution in its relevant infancy, the hard work's carried out by a much smaller number of people - millions of films may be downloaded every month, but there's generally only 2 or 3 versions of each film, from different sources, max. Believing that crippling the populace will fill this tiny leak is... well, amusing. Secondly, how much work is going to go into protecting a fading technology? This is from both the MPAA's and the consumers' points of view. For the former, analog avoidance is only of any use if the content is not readily available in digital format already. Most of the analog content that I guess the MPAA want to stop conversion of is either people in cinemas with cameras, or people with tapes of episodes at home. The former is hard to stop through watermarking (I'm unsure of the technicalities, but I'd have thought preserving it between screen and camera would be tricky? Even without people geting uo and walking past the view...), and even then it's only one source of films. The latter is, I suspect, more the target of the MPAA's volley. If this doesn't move towards digital origins, i.e. through PVRs or cable-streams obtained via PC (which are subject to a different smother), then the abundance of existing technology, and probable (anonymous) circumvention of new ones anyway renders all actions proposed useless. The question then is how much investment do you want to throw away? Outside the US, I suspect that the circumvention may go the same way as DVD region control. Looking at players recently, it was quite hard (after checking around, as most people would) to actually _avoid_ region-locked DVD players. The only real factor that really keeps regions in place is their localised supply to meatspace shops, or the boundaries of international postage packing. Foolishness, foolishness, and yet more foolishness. Perhaps if we just ignore them, then they'll go away eventually :) .g
Re: sources on steganography
Hector Rosario wrote: Why would I be interested in fool[ing] [you]. All I asked was for some help with sources. If you cannot be of help, at least don't be a hindrance. Besides, don't claim to speak for others. If envy is what drives you, then I suggest that you work on that. hr On Wed, 29 May 2002, Morlock Elloi wrote: I am writing my dissertation on steganography. Basically I'm writing a ^ ^ ^ ^ ^ You can't fool us. ...or I am storb. for the proportionally-gifted.
Re: When encryption is also authentication...
Mike Rosing wrote: If digital crypto, signatures or e-cash are going to get into mass appeal, then their operations will be magic to the majority. And it all has to work, to 1 part in 10^8th or better, without user comprehension. It may well take user intervention to create a signature, but they shouldn't have to know what they are doing. Agreed, the mechanics of a system are unimportant from a user's point of view, so long as it works and they can work it. What magic crypto should strive for, though, is an understanding in users of the effects its presence promotes, and the ramifications involved when it is lacking. SSL for commerce is readily in place without batting an eyelid these days. However, I'd be interested to know just how many users out there would enter their card details on an unprotected site, despite the unclosed padlocks and the alert boxes. Have security fears and paranoia been abated by widespread crypto to the point whereby users will happily transmit private data, whether encrypted or nay, just because they *perceive* the threat to now be minimal? Now that the media has grown tired of yet-another-credit-card-hack story? Pointers to any evidence/research into this much appreciated... ta. .g
Re: Got carried away...
Jan Dobrucki wrote: I do have an idea thou. I'm thinking how to implement PGP into car locks. And so far I got this: The driver has his PGP, and the door has it's own. Path of least resistance - *access* to the car is generally not the problem. Instead weaker attacks such as breaking the glass, or forcing the door work much better. Once inside, a different mechanism again would be needed to prevent the car from being hotwired. In short, the addition of PGP doesn't particularly enhance the security, especially if the protocol is still vulnerable to, say, identity theft (the encryption is useless if somebody just steals the PGP keys). To steal an idea from the Mary Whitehouse Experience, iirc, car security will be complete when we can use imaging technology to disguise someone's latest XR3i as a clapped out Austin MiniMetro*. Seems that it's just another case of trying to use a buzzword in an unnecessary solution, making it overly complicated from a user POV, and whilst ignoring the other fundamental aspects. As has been pointed out a multitude of times, encryption has its places and uses, most of which will never be the interest, imho, of the common populace. (Only perhaps on a need-to-use basis, such as SSL. I doubt pgp mail encrypting will become natural, or indeed sexy to the sheeple.) And nor should it (have to) be. There are, however, still plenty of places where the techniques are, or would be, of great benefit. .g * Purely for demonstrative purposes only, obviously. -- The history of cosmology is the history of us being completely wrong, Sometimes I use Google instead of pants. http://www.exmosis.net/2:254/500.50
Re: FUCANN Fully UnCentrallized Authority for Naming and Numbers
Frob the Builder wrote: The problem comes when the server a domain points to is the map for several domains, say via Virtual Hosts or selected forwarding. Many servers use this if they're on a dedicated web-hoster, or for subdomains. Ahah, because the 'physical' server uses the URL to map to 'virtual' servers. You're right, the Rev 1.0 plan doesn't handle that. This only applies to HTTP requests though, AFAIK. The easiest work around, I figure, is a translation proxy that you run (locally) and channel all requests through. This proxy could look up the virtual mapping from a local domain to a legacy domain and vice versa. Not big on proxies myself, so not sure how feasible it'd be to either build a custom one, or to adapt an existing one. Off to look through Squid... .g -- ...not much (legal) material is out there that's full of graphics and in a consumer-friendly format to create the need for DSL. - Jack Valenti http://www.exmosis.net/Sometimes I use Google instead of pants.