Forgot your password?
typodupeerror

Comment: Re:System restore stinks. Image your disk (Score 1) 449

by daniel de graaf (#32069208) Attached to: Win7 Can Delete All System Restore Points On Reboot
He's probably using etckeeper, which is a wrapper that does keep permissions, ownership, and empty directories. It generates the commits automatically on update and daily for manual changes. Yes, I use it too. Very nice to be able to say "oh, looks like I broke the VPN configuration when I forgot to restart it last week... how did it look before?"

Comment: Re:At least they have started selling music online (Score 1) 949

by daniel de graaf (#31694700) Attached to: New Litigation Targets 20,000 BitTorrent-Using Downloaders

If this is actually the only thing keeping them back, a good solution is to just watermark the downloads with the purchaser's name/email/account name. Do it in an obvious manner (like a comment field) in addition to a hidden watermark that at least requires some work to remove.

This won't stop the pirates, of course - I don't know of any watermarking scheme that is resistant to a coalition of people with different watermarks - but it will require another step of comparable difficulty to ripping the DVD if you don't want to share the watermarked version.

Once that's done, they just have to send threatening letters to (or cancel the accounts of) people who uploaded in order to force people to put in the effort to remove the watermarks. Maybe they'll get a few convictions of the people too stupid to remove the watermarks prior to uploading to p2p, but those people (should) understand the risks involved with uploading.

I know I would jump at getting unencumbered versions of various movies, they're a lot easier to use than DVDs or DRM'd downloads.

Comment: Re:Changing the voltage supply req. HW access, rig (Score 5, Insightful) 173

by daniel de graaf (#31362304) Attached to: Researchers Find Way To Zap RSA Algorithm

Depends on what the DRM is trying to protect. Music players, video players for downloadable content, and basically anything where the content isn't tied to a physical object like a game disc will need a private key of some kind to encrypt the data on their volatile storage. While most of this will probably be done using symmetric encryption, you still need some way for the server that hands out the content to prove that it is a real device and not an emulated device, and that's normally done with a locally stored private key.

Encryption

Researchers Find Way To Zap RSA Algorithm 173

Posted by timothy
from the vhat-here-in-ze-laboratory dept.
alphadogg writes "Three University of Michigan computer scientists say they have found a way to exploit a weakness in RSA security technology used to protect everything from media players to smartphones and e-commerce servers. RSA authentication is susceptible, they say, to changes in the voltage supply to a private key holder. While guessing the 1,000-plus digits of binary code in a private key would take unfathomable hours, the researchers say that by varying electric current to a secured computer using an inexpensive purpose-built device they were able to stress out the computer and figure out the 1,024-bit private key in about 100 hours – all without leaving a trace. The researchers in their paper outline how they made the attack (PDF) on a SPARC system running Linux."

Comment: Re:Too often is bad too. (Score 1) 499

by daniel de graaf (#30848018) Attached to: Analysis of 32 Million Breached Passwords

The cookie is not to identify you (what do you think your username is for?) but to identify the browser/computer that you are using. Obviously, since you're signing in to an account, the privacy issues of storing a cookie are rather irrelevant.

At least on all the systems like this that I have used, the username and password are still required; the cookie just bypasses that additional email/question/whatever. That means that stealing the cookie doesn't get you anywhere useful, as compared to not having the system at all. Requiring this cookie does make some attacks harder (for example, phishing attacks that impersonate/proxy the real site), so it's not a useless measure or just to irritate you.

Comment: Re:What Has Changed? (Score 1) 900

by daniel de graaf (#25228117) Attached to: How Big Should My Swap Be?

You can turn off overcommit in Linux if want to - most people find the default behavior more useful since many applications allocate memory they do not need to use, and don't handle out of memory errors gracefully. Change the sysctl "vm.overcommit_memory" to 2, and see "Documentation/vm/overcommit-accounting" in the linux kernel source for related sysctls.

There are occasions where you might want to use a lot of swap, if there are one-time-run applications that use a ton of RAM to do something like image manipulation/scientific computing/whatever. Those might be rare, but it would be very irritating to get out-of-memory errors just because the kernel doesn't feel like using swap.

When the OOM killer is invoked, the application isn't usually allocating memory - it's using memory that it has allocated before and that the kernel overcommitted on. So there's no good way to send an out-of-memory error other than by something like a signal handler. I think the reason this isn't done is because the signal handler would likely need to allocate RAM to run (maybe to get its code paged off disk) and this wouldn't help with the memory pressure.

Earth

Removing CO2 From the Air Efficiently 487

Posted by kdawson
from the install-anywhere dept.
Canadian scientists have created a device that efficiently removes CO2 from the atmosphere. "The proposed air capture system differs from existing carbon capture and storage technology ... while CCS involves installing equipment at, say, a coal-fired power plant to capture CO2 produced during the coal-burning process, ... air capture machines will be able to literally remove the CO2 present in ambient air everywhere. [The team used] ... a custom-built tower to capture CO2 directly from the air while requiring less than 100 kilowatt-hours of electricity per tonne of carbon dioxide."
Software

The Future of Subversion 173

Posted by kdawson
from the had-a-good-run dept.
sciurus0 writes "As the open source version control system Subversion nears its 1.5 release, one of its developers asks, what is the project's future? On the one hand, the number of public Subversion DAV servers is still growing quadratically. On the other hand, open source developers are increasingly switching to distributed version control systems like Git and Mercurial. Is there still a need for centralized version control in some environments, or is Linus Torvalds right that all who use it are 'ugly and stupid'?" The comments on the blog post have high S/N.
Idle

How to Write 200,000 Books 4

Posted by samzenpus
Writing a book can be hard. You have to pick a title, cover art and compile a table of contents. If you want it in a Library it has to be assigned a numerical code (ISBN) not to mention the weeks, months or even years of actual writing. Philip M. Parker has found an easier way. He has generated over 200,000 books making him, "The most published author in the history of the planet." He has created computer algorithms that collect publicly available information on a subject and works with a team of programmers and 60-70 computers to produce such page turners as "The 2007-2012 Outlook for Tufted Washable Scatter Rugs, Bathmats and Sets That Measure 6-Feet by 9-Feet or Smaller in India." (144 pages at a very reasonable price of $495). Philip admits that many of his "books" are only printed when a customer buys one. I can't wait for "Samzenpus's Email correspondence with his mother from 2007-2008". I hear she figured out how to change her background image all by herself.
Earth

China Vows to Stop the Rain 214

Posted by samzenpus
from the way-ahead-of-the-germ-warfare-division dept.
Since the Olympic stadium doesn't have a roof, the Beijing Meteorological Bureau has been given the task of making sure the games remain dry. According to Zhang Qian, head of weather manipulation (best title to have on a business card ever) at the bureau, they've had success with light rain but heavy rain remains tough to control. I see a hurricane cannon in some lucky country's future.
Security

Schneier's Keynote At Linux.conf.au 138

Posted by kdawson
from the necessary-security-theater dept.
Stony Stevenson writes "Computer security expert Bruce Schneier took a swipe at a number of sacred cows of security including RFID tags, national ID cards, and public CCTV security cameras in his keynote address to Linux.conf.au (currently being held in Melbourne, Australia). These technologies were all examples of security products tailored to provide the perception of security rather than tackling actual security risks, Schneier said. The discussion of public security — which has always been clouded by emotional decision making — has been railroaded by groups with vested interests such as security vendors and political groups, he claimed. 'For most of my career I would insult "security theater" and "snake oil" for being dumb. In fact, they're not dumb. As security designers we need to address both the feeling and the reality of security. We can't ignore one. It's not enough to make someone secure, that person needs to also realize they've been made secure. If no-one realizes it, no-one's going to buy it,' Schneier said."
The Courts

+ - RIAA drops another case->

Submitted by
NewYorkCountryLawyer
NewYorkCountryLawyer writes "Once again the RIAA has dropped a case "with prejudice", this time after concluding it was the defendant's daughter, rather than the defendant, that it should have sued in the first place. In a White Plains, New York, case, Lava v. Amurao, mindful that in similar scenarios it has been held liable for the defendant's attorneys fees (Capitol v. Foster and Atlantic v. Andersen), the RIAA this time went on the offensive over its attorneys fee exposure, even though there was no attorneys fee motion pending, arguing that it was the defendant's fault — and not the RIAA's — that the record companies sued the wrong person, because the defendant didn't tell them that his daughter was the file sharer they were looking for."
Link to Original Source

Nothing happens.

Working...