Posts by h4rm0ny

Um, I actually did read it as fsck at first glance. :o :(

But then El Reg hasn't been bought out by Americans or something has it? Why the fuck would we need words censored? Self-censorship is the saddest censorship. :(

Re: Choice during install

I haven't tried this yet, but I understand the new Gnome has dependencies on systemd so unless you remove that, you're stuck with systemd. And I wouldn't be at all surprised if there are others in there that depend on it. So someone can correct me if I'm wrong but I believe you're basically stuck with Wheezy until Devuan is available.

>>"That depends on how they're forensically identified and how one goes about removing the traces"

No it doesn't. You should really read some of the previous comments here. It doesn't matter how you remove the frames or pad them out, it only matters that you can only do this for the cases you are aware that they are different. And you can only do that between the compromised copies you have available. If you have two copies, you can see the differences between those two. You wont know about the differences between them and a third copy that you do not have. Because you do not know about those differences you cannot obfuscate them. Therefore your "merged" version clearly indicates that you had access to copies A and B but not C. Therefore the distributor knows which two studios were compromised.

>>which would basically whittle down the forensic tagging to the point the studio won't be able to tell which studio got raided

It doesn't work like that with them unable to work out "which" single studio got raided (or sold them out). They get a list of all the ones that did and by doing the exercises you are talking about all you are doing is ensuring that list is complete.

>>"Oh, speaking of third copies, if the pirates obtain a third copy, they can probably defeat the signature reliably by using a "two-out-of-three" rule, keeping the clip length that appears in two of the three copies (and in the event of a three-way-tie between cut, extend, and nothing, keep the nothing)."

Again, no. You are assuming that the copies do not have markers in common. That's not how this works. The pool of possible markers is huge (derived from the number of frames in the movie) and all copies will have markers in common with all but one other meaning only a complete compromise of all recipients allows one to complete obscure / remove all markers and all that tells the studio anyway is that all parties were compromised.

PLEASE, read the other comments first before responding with confidence that you know better how this works. You actually don't get this. And if I sound a little short with you it's because whenever something like this is touted there are a half-dozen or so people who all just assume that they all have spotted a flaw in this that the mathematicians haven't and rather than ask if it is one, they confidently make assertions about their way of beating this as if the creators had never considered it. It's frustrating.

>>If the pirates obtained TWO copies, they could run a picture delta analysis to determine off frames and work from there: keeping edits from BOTH copies to throw off the forensic identification"

This has been covered in detail. The above is possible. But what it achieves is to tell the distributors that TWO studios have leaked. And which ones they were. Basically, you think using n sources hides which one of n was the leak. It doesn't, it provides a list of thise n studios that have been compromised.

Re: If they really are serious

>>"About stopping leaks and piracy release the damn thing when its done rather than waiting. If the English language version was ready why sit on it?"

Well it only leaked ahead of the official release by about a day so they were hardly "sitting on it". And if you're suggesting releasing all episodes at once, that's far worse from the point of view of advertising revenues so the producers would make far less money. It's also arguably worse from the public experience as for many the What Will Happen Next community factor of people getting excited waiting for the next episode, discussing it, is a big part of the experience. Millions of people discuss Game of Thrones (and enjoy doing so) in a way that simply would not happen if it were released as a big blob like a movie with breaks.

>>"Also regional delays are unecessary. If the latest episode of X is already out in Y then Johnny Pirate will download it. With on demand TV im sure most people would forgo piracy and just watch it on demand. Unfortunately the choice isnt there."

Getting rid of regional segregation and just having a single sales model for shows would certainly be a cost saving for we in the affluent West. Basic economics is you charge what the market will bare. And that figure is different in India to what it is in the USA or the UK for example. So if there's no regional segregation the price will average. That means cheaper for we in the West, but much more expensive for people in India, Pakistan or wherever.

>>"And should I re-encode to a different frame rate, all is lost."

No, because your new encode will still have length variations in scenes that relate to the source copies. You can average scene lengths but that brings us back to having successfully narrowed down a short-list of those recipients that were leaks. Think of your re-encode as adding 2 to every number in a sequence - it does nothing to conceal the original pattern. To do that, you need to know which numbers in the sequence are different to other sequences and change those parts in a way that is special. And you can only do that with ones that have leaked so once again - the distributor knows which parties contributed.

>>"My point is that once someone knows how you encode something, they can mess it up."

That may be the point you are trying to make but what you keep doing is posting what you think is an easy way around this which turns out not to be. Everything you say is exactly what someone who is intelligent but lacks experience in the subject matter comes out with. The problem is that each time you do this, you assume you are right without having tested it against things in practice or against counter-points.

>>"How? If your method of identification is dropped frames and I drop more frames then you can only see the total dropped frames, not the number of frames I dropped thus"

Because I have the master list of which frames I have dropped for each recipient and can add back in any you have dropped which aren't on the list. Unless you magically coincide with the same frames by happy accident (and you have to win that lottery multiple times to really obscure the signature) then I can tell the difference between which frames you have dropped and which ones I have dropped.

Now obviously if you had access to all or many different leaked copies you could do comparisons and work out which frames I had dropped from each of them and then remove all such frames from a single copy thus anonymising it, or put ones back in making it look like it's from another. But you can only do this between sources you have copies from which returns us to the situation where you have to have compromised many recipients rather than a small number or one.

Basically, if you have only compromised one recipient, what you suggest cannot work. If you have compromised two recipients then what you suggest can obscure whether your copy originated from either of those but it doesn't help you because my inability to distinguish which one out of two gives me the same information - I know that these two recipients leaked. Your technique basically only works to obscure videos between leaked parties by which point I already have the information I want.

>>"As a pirate I could defeat this in seconds flat. Just drop a random number of frames from the start and end of each scene"

And I can see which frames have been dropped and add them back in. Your solution doesn't work unless the hidden information is always in start and end of each scene.

Re: not addressing the Core Problem

>>"That would do away with the need for admin rights for installers (which is IMHO one of the biggest problems in keeping things secure as you give far too much in the way of rights to an app that should not need it), and it would contain issues with the app to that one user environment. Adobe, for instance, should be be allowed to go near any admin rights."

This is not invalid, it's a common security principle in many areas. The problem with it though, is you end up with your user space starting to become a de facto admin space. There are so many things that software needs to do that can be harmful if subverted that you can only go so far down that road before you find it's not having much affect in terms of securing you. Userspace is not the panacea some people are starting to treat it as.

I agree about Adobe, however, and would actually extend that to not being allowed to go near a computer in the first place.

Re: @Jason7 - You know very well...

>>"Security is the justification for taking away control from you like in UEFI Secure Boot."

Well on any x86 device so far, that's only meant taking away control from people who can't work out how to get into the UEFI BIOS and switch Secure Boot to "Off".

Which admittedly, may include you.

>>"Sounds more like a DRM mechanism than helping protect the OS from compromise."

Ideally, it would be both. If software can be verified at the hardware level then you can say goodbye to intrusive DRM that can hit performance or has to keep signing you into an online account, etc. Win-Win, imo.

Re: Identity badges don't guarantee good behaviour

>>"The trouble with this type of approach to security is that knowing (or thinking you know) what something "is" doesn't really tell you very much about what it "does" - or might do when it thinks you aren't looking."

That's not the way it helps. The point is that if it isn't what it's supposed to be, you're unlikely to be the first victim. It will rapidly be reported and its signature revoked.

Re: But what about...

>>"Expect that to be implemented as enabled by default on home/consumer rated OEM installs and disabled by default only on volume licence distributions."

IF your unsupported assumption turns out to be true, then the user could, you know, turn it off again. And if a user can't manage that then they're exactly the sort of person who shouldn't be turning it off anyway.

There's an account of a Viking funeral (one of the few first-hand written accounts by an educated writer) by a 10th Century Arab traveller who gave the following account:

The dead chieftain was put in a temporary grave, which was covered for ten days until they had sewn new clothes for him. One of his thrall women volunteered to join him in the afterlife and she was guarded day and night, being given a great amount of intoxicating drinks while she sang happily. When the time had arrived for cremation, they pulled his longship ashore and put it on a platform of wood, and they made a bed for the dead chieftain on the ship. Thereafter, an old woman referred to as the "Angel of Death" put cushions on the bed. She was responsible for the ritual.

Meanwhile, the thrall girl went from one tent to the other and had sexual intercourse with the men. Every man told her: "Tell your master that I did this because of my love to him". In the afternoon, they moved the thrall girl to something that looked like a door frame, where she was lifted on the palms of the men three times. Every time, the girl told of what she saw. The first time, she saw her father and mother, the second time, she saw all her relatives, and the third time she saw her master in the afterworld. There, it was green and beautiful and together with him, she saw men and young boys. She saw that her master beckoned for her.

By using intoxicating drinks, they thought to put the thrall girl in an ecstatic trance that made her psychic and through the symbolic action with the door frame, she would then see into the realm of the dead. The same ritual also appears in the Icelandic short story "Völsa þáttr," where two pagan Norwegian men lift the lady of the household over a door frame to help her look into the otherworld.

Thereafter, the thrall girl was taken away to the ship. She removed her bracelets and gave them to the old woman. Thereafter she removed her finger rings and gave them to the old woman's daughters, who had guarded her. Then they took her aboard the ship, but they did not allow her to enter the tent where the dead chieftain lay. The girl received several vessels of intoxicating drinks and she sang and bade her friends farewell.

Afterwards, a round barrow was built over the ashes, and in the centre of the mound they erected a staff of birch wood, where they carved the names of the dead chieftain and his king. Then they departed in their ships

The account is published in a book by Steinsland & Meulengracht published in 1998 if anyone is interested. As you can see, China has little to worry about in comparison.

Re: @Ian Emery (was: Fantastic idea, I have already booked some for my funeral.)

It also makes it harder for the authorities to prosecute him than if a friend or relative had to arrange it themself.

Well, the authorities could prosecute if they wish, but he wont care.

Re: Not needed with the future direction ?

>>"The direction Microsoft are currently heading is for them to have most core applications running on their servers, your data stored on their OneDrive. And instead of people paying for an full blown OS on their own devices, for Microsoft to control everything."

Yet another thing the bastards have stolen from Google! >:(

>>"Is it 'cos dey is Black(berry)?"

Given we're talking about the Met, here... probably.

>>"You wonder why 'nixers are hostile to MS and laugh at their misfortune, where have you been for the last 20 years ?"

Well actually, around 20 years ago I was working on HP UNIX give or take a couple of years (1998). I've worked on UNIX and then GNU/Linux for well over a decade and didn't use Windows in any serious manner until around the time of Windows 7. And you know what? I still don't laugh at other people's misfortune. I judge things on what they are today, not the actions of fifteen years ago. I could actually dig out some old Slashdot posts if I chose where I was endlessly damning MS for various things (SCO, their Embrace, Extend, Extinguish with Internet Explorer), etc. But when the situation changed, I didn't cling to old opinions, I kept them up to date. MS today produce some very good products and I recognize that. Furthermore, I don't cheer when something bad happens or people have to pull an all-nighter because of a problem. What I have learned is that any complex piece of software has problems. Today it is an MS product, tomorrow it will be Apple or an Open Source project.

So don't tell me what I don't know or that I have to indulge in pointing and laughing because of old history. We move on. At least some of us do.

Re: Oh boy, probably continuing the ever-worse skype releases...

>>"Now it's just untrustworthy shite."

Skype sold out to the NSA all by themself, before MS got a hold of them. Check your information. Those joining PRISM the chronological order was something like Skype, Google, Microsoft, Yahoo. I can't remember where the others were but Skype was always crap and always untrustworthy. I used to argue with everyone I met about it that they should be using some open SIP client but few people listened. And now look where we are. :(

Re: I was wrong.

>>"It was Nirvana's Nevermind on Wikipedia that got blocked"

No it wasn't. It was an album by a band called the The Scorpions which had a young girl with her crotch covered by fake damage to the CD cover. I wont link to it but you can look it up.

The rest sounds accurate as I remember it, just the wrong band and album.

Re: Some political minds might be concentrated if...

>>"They do however have the choice of deciding what to promise, with most of them opting to promise the moon when they know it's not possible."

That's because the one's making promises get elected. Take a population of 20 candidates. 19 tell the truth, 1 promises everyone a pony. The one lying gets elected. It's immaterial whether you chastise MPs for lying or not because the system is set up to reward the liar. The only way to change that system is to get the voters to not reward lying - complaining about the MPs wont change anything. And to change the voter behaviour, you need more educated people.

Re: What about...

>>"Calls on Vodafone frequently fail even if the phone claims to have reception"

I get that with Vodafone. My phone will show medium or even high reception but the call keeps dropping. It's only something I have noticed since moving to Vodafone. I have been trying to work out if it is the network or something wrong with my phone. If my phone is showing good signal, what causes the call to repeatedly drop and txt messages to fail?