This email has been excerpted out of order, sorry, but it suits my
flaming more to take them in the order that I have.
On the other hand if you’re trying to prevent a third party, say,
someone who has never been to my house, from getting at this data when
If the computer is compromised, there is not much I can do.
Wrong. Your own words, in fact, state that you are trying to prevent a
user of your software from getting at the data its securing. A hacker
to a compromised machine is just that - a user. The fact is that if you
in did successfully build a secure system for displaying encrypted
videos or images without the user of the system being able to retrieve
that data with anything but his eyes or a camera, it would, IMHO,
require special hardware. In that case, short of physically modifying
the machine, no user nor hacker could get at that data. Your statement
is therefore wrong, a compromised machine with special
security-oriented cryptographic hardware could still secure data from
any user or hacker as long as they weren’t able to actually remove your
special hardware and do some really hardcore reverse engineering that
would require resources and skill-sets perhaps belonging only to
anti-terrorist organizations (but even then, no terrorist organization
to date has used cryptography sophistication of that caliber, and so
it’s quite possible that no one on Earth has the ability to reverse
engineer a piece of computer hardware if you built it with proper
fail-safe mechanisms.
If for example, the computer contained encrypted credit card numbers,
we must
consider the CC numbers compromised. I understand this. This is not
exactly
my concern in this post.
What I just want to avoid is someone having a simple sniffer and being
able to
intercept easily decrypted information. Since we are talking about
"communication", I’m not even discussing how information is stored, or
displayed
or processed, just the communication of the information, from a
program to another
within the same computer.
This, again, completely depends on the things you haven’t mentioned yet
- your target audience and intended use - which will tell us who is
likely to want to get this secure data - which will tell us who you
want to protect this data from. Let’s talk about free lance
programming. (This is going to excerpt this email a bit out of order so
bare with me.)
If you’re trying to make money (you did say you had “clients”) trust
me
when I say if you do it’s because you ripped people off much the same
way that the following sites do:
Another nuclear-powered-assumption here, when I work for a client I do
what they want;
usually they come to me because they have a need and they ask me to
design a solution
to that need. I don’t sell products. I don’t work with illegal stuff,
I’m very
concerned about lisences and in any case, the information I’m
discussing is not harmful
to any laws by itself and as of now, I (and all of us in this mailing
list) have the
right to the information.
Hypothetical scenario 1: A government agency or a big intellectual
property corporation with a legitimate reason for software that would
allow people in their organization to securely view media without
allowing the owner or another user of the computer to see that media,
wants this kind of software to protect their secrets. Surely they’d go
to a nobody freelance programmer from Montr?al and ask him to make it,
right? I think not.
Hypothetical scenario 2: An ordinary citizen wants this kind of
software with no legitimate reason. I bet he’d go to a big software
company that was actually capable of creating this sort of product and
pay the tens or hundreds of thousands of dollars that this kind of
product would actually be worth. Wait, no, he’d go to a freelance
programmer.
Hypothetical scenario 3: Terrorists. Not legitimate. Not illegitimate.
Not cheap. But not exactly throwing money around either. They might go
to a freelance programmer, but let’s face it, not you.
Now let’s jump forward to the next thing you said, because it relates
quite well to the next thing I’m gonna say:
Listen, clearly what’s going on here is you aren’t experienced enough
to know how to secure this data, or more specifically, what or who it
even needs to be secured from. You clearly aren’t working for a
government agency or a company that wants to share intellectual
property securely, so the only plausible purpose I can see from this
thread so far is that you want to watch videos that are illegal in
your
country.
You are making a thousand-brick-assumption here, for a fact I live in
Montreal, Quebec,
Canada and except for difamous videos (or artwork) and child
pornography, I don’t know
anything that is not allowed to be viewed. And as for child
pornography, well, I’m only
22 so why would I be interested in the younger, I got plenty of
premium choice of my age!
Wouldn’t you know it? The exact thing you guessed is the exact thing I
had in mind! DEVIANT PORN DUMBASS. That is the ONLY illegitimate
reason for wanting this kind of software.
Finally, the last legitimate comment will be about this, which was
originally at the beginning of XM’s email.
Let’s try to make this post constructive for a second…
Second: You haven’t been specific about WHO you are trying to prevent
from getting at this data. If you’re trying to prevent the owner of a
computer and your software from getting at the data that’s contained
in
it, I’ve got news for you: it can’t be done. Someone, somewhere, some
day, will crack your program. It’s that simple. Perfect example is
DeCSS. Even Windows XP was cracked before it was even available to the
public.
There’s no target in particular, I’m just interested in security, I
understand that some
company (that might become my client) will want more security, and
that’s why, before
even starting my work that I read a lot of information and discusses
what is not yet
written or what I haven’t found yet to read.
Hate to burst your bubble, but that is REALLY IMPORTANT. As I’ve
already pointed out, the measures you have to take are EXTREMELY
DIFFERENT when trying to protect, say, your child porn from your wife,
than, say, trying to protect pre-patent million-dollar ideas from
industrial espionage. This is once again, a steaming pile of evidence
that you are out of touch with the application of security / privacy
software, statements like “There’s no target in particular, I’m just
interested in security” are sure to win you a gold medal in the dumbass
olympics.On Aug 25, 2004, at 8:50 PM, xm at ca.inter.net wrote:
With the real discussion out of the way for now, why don’t I point out
all the irrelevant mistakes you made! Note to bystanders: if you don’t
enjoy the maddox.xmission.net, you probably won’t like this; it is
because some people really hate flamewars that I have saved these
comments for the end of the email so you can easily ignore them.
Though, let’s be honest, a lot of flaming has already been included.
Sorry.
Let’s begin with your response to my “nuclear-powered-assumption.”
So you write software “to order,” that doesn’t mean you don’t make
money, it doesn’t mean you’re not ripping them off, it doesn’t mean you
don’t make anything illegal, and it doesn’t mean (though this I suppose
may be a language problem) that you don’t sell “products.” Everything
you said here is entirely irrelevant.
Now onto the “thousand-brick-assumption.”
First of all, thanks for telling me where Montr?al is, really I’m a
backwoods hick who only knows that I live in the USA and Iraq is across
the ocean somewhere.
Secondly, and perhaps, worst of all your idiotic remarks… no, you
know what? You’re right. Nobody on Earth (especially on The Internet)
is into deviant sex because, as you so aptly put it, they got plenty of
premium choice having normal sex, right? Now, I don’t condone a lot of
the deviant sex out there, but I don’t walk around thinking that every
other man on the planet gets off on big boobs and thin torsos JUST
BECAUSE I DO. I seriously recommend diversifying yourself, there is
clearly something not working in your head if you still cling THAT
TIGHTLY to the toddler-age notion that all others think as you do.
I realize it wasn’t a very constructive answer here… but at least I
discussed about the
main idea a little more, and that may help other understand my
questions. I hope.
Don’t white wash over your anger, you tried doing exactly what I did,
and that was to prove the guy who offended you wrong in the most
embarrassing, and insulting way possible. You aren’t the first to try
and pretend you’re a more dignified pacifist only moments after trying
to nail the other guy to a wall (not to mention moments BEFORE said
nailing if you include your BS about "let’s try to make this post
constructive.) Sorry, but I don’t buy it - I’ve watched way too much
Elimidate? to fall for that. People like to yell at each other, some
are just better at it than others (of course, it helps to be right.)
The End
xm
cool real name buddy