Alternatively they could whitelist the known-valid game signatures. Block the old key, except where it's used by a game that is known to have been legitimately signed with $OLD_KEY. Everything else has to be signed with $NEW_KEY.
Unless, of course, Sony haven't been keeping track of what they've been signing... in which case, ROFLMAO!
DOSBox is a reverse-engineered re-implementation of the PC BIOS (int13h et al) and DOS APIs (int21h et al) and the x86 CPU. There's no Microsoft, Digital Research, IBM or whatever code in there. At all.
The problem with a phone number on the ID itself is pretty obvious... what if the impostor sets up his own (fake) number?
All you'd need to make a passable fake authentication service is a VoIP connection (with a landline phone number) tied to a software DTMF decoder.
Of course, there's always the option of calling Directory Enquiries to get the number of the agency in question (Police, FBI,
Indeed. But on how many systems is that the default?
The problem in industry tends to be one of authority: someone with some clout (read: one of the CEO's golfing buddies) wants to run Dancing Bears.
IT tell him it's a virus and put their foot down.
Joe Clueless then goes whining to the CEO, who overrules IT ("it's just a screensaver with some dancing bears, what harm can it do?"), who reluctantly allow Joe Clueless to install it (all the while telling the CEO that it's a Really Bad Idea). Joe installs it and, oh look, Steve the Script Kiddie just got access to the corporate LAN and all the company's secrets, source code, and other juicy tidbits.
CEO fires the IT manager, conveniently forgetting the fact that the manager had told the CEO that allowing Joe Clueless to run Dancing Bears was a really bad idea....
Point taken -- I forgot about that (I don't have a machine running Vista or Win7).
I run XP and 2000 in my virtual machines (it's not exactly hard to delete the snapshot file and start over if need be) but that's the extent of my Windows use.
You're right, it's not infallible. If a (l)user falls prey to the Dancing Bears Problem, their machine is going to be just as r00ted as the Windows box sitting next to it.
What Linux has is (relative) obscurity and a decent security model. Want to change a system setting? Root password pls. Want to install software in
The issue is that Windows makes it impossible to get any real work done (besides word-processing and that sort of thing) on a standard User account. To do anything interesting, you need (as a minimum) Power User access, which opens up a huge can of worms in terms of security.
What I like about Linux is that you can use Udev rules to allow users to access (e.g.) the VirtualBox device file (run virtual machines), add a Udev rule so a certain USB or PCI device is user-accessible... all this can be done on a per-user or per-group basis.
"Assume the user isn't allowed to do anything, then allow an admin to grant them permissions to do stuff" -- aka default deny -- will always be more secure than the default-permit security scheme Windows uses.
With default-permit, you can still lock the machine down nicely, but unless you have a full master list of everything that needs disabling, you're going to miss at least one setting, and Murphy's Law dictates that it'll be the one that the virus uses to pooch your machine... With default-deny this is a bit less likely because you have to explicitly allow things.
Oh don't get me started on Poop-ex!
They were my first ISP for broadband, after BT Internet kicked me off of "unlimited" dialup for "overuse". No matter, 512k ADSL1 > 56k dialup any day, especially when I can browse 24/7 and not tie up the phone line.
Anyway, things were fine for a couple of years -- there were a few oddities (IIRC you couldn't choose your own username or change the password on your account, so if the password got hacked you were precisely fscked) but nothing that stopped the service being useful.
And then they got bought out. Usage caps were introduced for "heavy users", the service quality went to hell (at one point I was calling almost daily to get a line issue dealt with, which they refused to escalate to BT), and it seems every time I called them I got some rude, condescending cow who had no interest in actually solving my problem, and just wanted to make me hang up the phone first.
It took them THREE AND A HALF WEEKS and much badgering and jumping through hoops just to get a MAC code out of them -- they argued that because of the buy-out, my 12-month contract had been reinstated (said contract having ended about two years previously). They wanted nearly £400 to cancel it... yeah, right. I politely informed them that if they did, they'd find themselves in small claims court.
Once I finally pried my MAC code out of their icy clutches, I switched to Be* (who have since been bought out by O2, but have remained more or less completely unmolested). I have to say, their Eastern-European tech support guys know their stuff. They're maybe not Cisco CCNA/CCNP-class networking gurus, but they know the difference between a DNS server and an IP address. Give them a technical explanation or request and they'll run with it and assume you know what you're talking about, and are always (it seems) willing to explain things. I've even had things like rDNS entries set up -- which surprised me, most ISPs won't do that on a 'home' DSL line.
As far as Pipex go, I'm only doing business with one of their "subsidiaries" at the moment -- 123-Reg. Once I manage to pry my domains out of their control, they'll be moved elsewhere...
And what about clock skew?
Let's say you're online from 5PM to 5:30PM, and someone else gets your IP address when they log in at 5:31PM, and immediately kicks off Bittorrent, Gnutella or whatever.
The Appointed Enforcement Agency's clock says someone downloaded an infringing MP3 at 5:29. But their clock is three minutes behind the ISP's clock -- it was the guy who logged in at 5:31 who downloaded the MP3, not you.
So you get whacked with the banhammer for something someone else did. And how can you prove your innocence in this case?
Computer and router clocks have (relatively speaking) TERRIBLE accuracy. This is NOT outside the realms of possibility. An ISP may well lock the clocks on their servers together with NTP or something, and if they really care (most don't) they'll do the same for routers. If they really, REALLY care they'll lock against a Stratum 1 or 2 time source like MSF, NIST or GPS.
But the MAFIAA probably don't care much for accurate time, and their clocks are almost guaranteed not to match the ISP's. They're probably just COTS PCs, with no clock synching to speak of.
For bonus points, factor in clock drift over time. The 'standard' is a 32.768KHz crystal divided by 32768. Not all crystals will oscillate at the same frequency -- and they're well known to be temperature dependant. Ever wondered why your watch keeps better time than your PC? Hint: body heat. (the temperature inside a PC case varies with ambient temperature, CPU load and a ton of other factors).
So yes the IP address at a given time *is* a valid way of identifying a specific customer, but if and ONLY IF your Big Evil Enforcement Agency(tm) and the ISP have synch'ed their clocks together really, REALLY well...
Up until roughly two years ago Cadsoft EAGLE was one of these. Then last year they switched to sending out a CD-R with your licence keyfile on it, and now they're just emailing you a link to the keyfile on their website (and sending the Install Key in a separate email).
Fun. I'd rather have the CD-R, but it's nice not to have to pay the £5.95 charge for Special Delivery.
> Max write speed: 1000 kilobits / second (7.7 megabytes per minute)
You're about 2x out there: the maximum bit rate is 1Mbps, but that's after encoding. Before encoding, you're looking at roughly 500kbits/sec. Then you have overheads (headers and gaps), and other stuff to contend with.
Additionally, you can get about 90,000 magnetic flux transitions on a single track of a 3.5" DSHD disc. You get 160 tracks per disc (80 tracks, 2 sides).
The More You Know
I've noticed this too... One of my relatives did a comp-sci B.Sc. in the early 1990s, and most of the modules on that course were development-type subjects that were essentially "practical" modules. Skills you'd use in the real world -- a few language modules (Pascal, C/C++), a computer architectures module, and some maths type stuff ("mathematics for computing science").
In contrast, the 4-year B.Sc. course I'm doing is roughly 60%-70% hard theory -- Formal Aspects and Evaluation, Lambda Calculus, Denotational Semantics, Functional Programming, with a bit of Project Management thrown in for good measure. The Formal Aspects stuff is part of a single module, and well into the realms of "headache inducing" and "can't see any real-world use for this".
Given the choice, I'd have sooner gone for more practical modules -- things like lambda calculus and functional programming languages may look nice on paper, and might be some academic's pet project, but I honestly can't see a use for them in a real world application...
In actual fact, an embedded systems module would have been REALLY cool. Give a room full of students a ready-made 68000 board (or a software emulator), then get them to make that board do something interesting. Nothing beats the fun of bringing up a newly-designed CPU board completely from cold
The thing that cheesed me off most about the whole ordeal was that they issued a firmware "fix" that bricked the drives outright.
At that point I started to suspect their in-house testing checklist looked something like this:
1. Compile it.
2. Release to the customer.
3. ???
4. Profit!
I mean, seriously, it's a stinker of a bug, but there's a step missing between 1. and 2.: "Get a few hundred drives from the warehouse, do random number of R/Ws, image, set up for failure. Test to see if bug is fixed, also test for bricking / regressions / other issues". Screw the cost, get the engineers some drives from the warehouse, get a few from RMA that have failed, and let them do some testing.
The clincher was that the first firmware update didn't fix the whole issue: while the bricking could be considered a bigger problem, the update still didn't fix the bug -- you could get past the "bricking" with the serial console, but the drive would still crap itself when it saw the trashed SMART log record.
As for the whole RMA procedure, they made a colossal clusterfsck of it. The front-line staff didn't know a thing about the bug (even though it was on the knowledge base), and just played the "stonewalling game". As in, "it's a problem with your hardware, the drive is spinning so it's fine."
As was, the CSRs didn't know anything about the "firmware issue" (Seagate refused to call it a recall) until near the end, and SG themselves just kept making fuckup after fuckup until it all ballooned into one giant clusterfuck.
Given that they had their own in-house data recovery service, and that they knew how these drives were failing, they should have (at the VERY LEAST) offered to repair them free-of-charge regardless of warranty status. It's a firmware bug, thus it's Seagate's fault.
It seems a lot of "customer first" type policies have fallen by the wayside recently... Now it's pretty much "take the customer for all they're worth, and hope they don't tell their friends/the cops that we were naughty."
My opinion of Seagate was soured before the 7200.11 issues though -- I bought a 500GB 7200.10, which died within about 8 months. Basically, the motor locked up mid-spin, and (AFAICT) the motor control chip decided to slam on the brakes (short all 3 motor coils to ground -- aka dynamic braking). Big mistake. The drive launched itself across the floor (the cables were pretty loose) and nailed the side of my leg. It wasn't especially painful, but certainly brought me back into the "real world" (I was in the middle of a huge mess of coding).
The next morning I called Seagate, spoke to a really apathetic CSR who spoke to me like I was interrupting something far more important, and who couldn't give a flying crap in a storm about issuing an RMA number. During the 15-minute call, the CSR outright refused to escalate the call to a supervisor ("we have no supervisors here"), and just kept giving me the same answer time-and-again.
I gave up and called the company that sold me the drive (CCL Computers in Bradford). In 5 minutes I had an RMA number, and instructions for returning it. "It might take a week to get it tested, but we'll replace it if it's faulty."
Two days later I had a new drive sitting on my desk at work. Now *that* is customer service.
The whole Barracuda 7200.11 series was a dead bust. I had a 500GB 7200.11 pack in with the "just plays dead" issue -- basically the SMART log overruns, the drive detects this on boot, then barfs. A bit later on they admitted there was a firmware bug, but their RMA policy didn't change... Basically:
- You pay for shipping there, they pay for it back. But you have to send it back in a Seagate-labelled shipping box -- sending it back in a normal "foam and ESD-bag" HDD box is grounds for them refusing the RMA. The special Seagate box (which is identical to most HDD shipping boxes) costs £15, plus P&P and VAT.
- You get a "Seagate reconditioned" or "refurbished" drive back. Not a repaired version of your drive, not a new drive.
- Even though they knew the fault was down to a firmware issue (i.e. their fault) they didn't offer any form of data recovery with the RMA... but conveniently they allowed you to send it to "Seagate Data Recovery" for repair and replacement. What's that, you sent the drive to Drivesavers or Ontrack? No RMA for you, sir!
After all the bullshit and the humps they wanted me to jump through, I jumped ship. A friend suggested WD on the grounds that their RMA system is a lot easier to deal with (go to website, enter serial number, accept terms and conditions, print shipping label, pack, post -- no need to call and argue your case to get an RMA#).
My main PC now runs two 500GB WD RE2s with TLER disabled (I wanted the 5-year guarantee which at the time was only available on the RE2s), and a Seagate 7200.10 as a backup (the 7200.10s are solid performers, the 7200.11s are turkeys). The PVR has a 1TB WD Caviar-GP GreenPower drive (first-generation too), and I think there's another 500GB Caviar-GP kicking around in an external drive box somewhere around here...
The home server runs a 500GB 7200.10 and a 500GB 7200.11 (RAID-1 mirrored), with latest firmware on the '11. The '11 is the one I tried to RMA, but ended up fixing with a home-made terminal cable (an FTDI TTL-232R-3V cable hooked up to an adapter). Those two are old enough that I'm considering swapping them out for a pair of 1.5TB WD RE-series or Caviar Black Edition drives.
I've owned Maxtors as well -- I have a 7850AV (850MB ATA) which just won't die, and an 80GB D540X (which was one of the designs they got from Quantum) which was an RMA replacement for a 40GB drive that failed. Again, no issues with the RMA -- a quick phone call, send it back in a hard drive shipping box ("but it'd be a good idea to put a few layers of bubble wrap around that and put it in a larger, stronger box just to be safe" -- which I did), receive new drive a week later.
I also note with some interest that Seagate have canned their 5-year guarantee scheme, which doesn't exactly inspire confidence in their products....
If I had any mod points, I'd be trying to decide whether to vote "+1 funny" or "+1 informative" right now...
More likely the dragon will roast your a**...
Though I've heard most dragons try to avoid lawyer-meat. Something about it tasting slimy and rather disgusting...
"If I do not want others to quote me, I do not speak." -- Phil Wayne
