I just read an interesting article on internet piracy in a TV-producer friend's professional magazine (DGA Quarterly Fall09 "The Piracy Problem").
They mention the most effective solution is to identify users who are downloading pirated content and simply inform them their actions are illegal. Perhaps the next step is suspending their internet connection for a short period (60min) with the help of the ISP. That would be sufficiently disruptive to alter their behavior most likely.
However the question is how do you identify these users? Its a cat and mouse game. If the p2p clients (the mice) get smart, they can do fancy things to hide their tracks. I just spent 120 sec musing about what I would do (a mental exercise only), and at the limit I'd encrypt all traffic, and send it all to port 80 or 443 to make it look like web traffic, using a kernel module to redirect necessary packets to the correct application port based on a token in the payload or perhaps some useful header field.
The cat would probably do something like measure the rate and number of different connections to a node to identify the mouse, rather than the contents of the data stream itself. Then the mouse would attempt to make its traffic look indistinguishable from a busy user reading multiple webpages at once. The mouse just has to make identifying himself hard enough to cause the cat to make mistakes once in a while, to cause false positives. I.e. if the cat shut down the internet connection of a legitimate web browsing customer for 60min, just once per 10,000 users monitored, that would likely be enough to stop the cat altogether. The ISP does not want to jeopardize its customer relationships, give refunds, get the reputation for invading privacy, etc.
The ultimate cat would be a employ a method that affects only filesharing protocols, but not web-browsers, and legitimate users. I cannot think of one myself.
Thursday, April 15, 2010
Trip, Travel Insurance : Access America
A bad experience. The travel insurance my wife bought stated it covered cancellations due to bad weather. Great. She had bad weather on her way from NYC to Albuquerque, and was forced to spend the night in Denver airport. The next flight to New Mexico was not for more than 24 hours. However her insurance claim (worth $500) was denied because her carrier had some other flight going to some other destination within 24 hours. Their policy small print required "complete cessation of service by the airline" defined as no flights leaving the airport for 24 hours. If there was complete cessation of service for 23 hours, then one flight on the airline left for Mexico City, her claim would be denied; making this insurance worth much less than she thought. We will never buy from this company again.
Access America (AA) is offered by default by Orbitz, you just need to tick an option box. The Romans knew it, and this blog entry is a testament: Caveat Emptor, buyer beware.
Access America (AA) is offered by default by Orbitz, you just need to tick an option box. The Romans knew it, and this blog entry is a testament: Caveat Emptor, buyer beware.
Tuesday, April 13, 2010
nuclear power plant argument
Q: Should we build nuclear plants since it is impossible to build a
system that doesnt fail?
A: Yes.
Q: Why?
A.1. It is efficient and green.
A.2. there are designs for smaller power plants, that on failure, inherent to the design, will shut off the reactor. I.e. the default state of the system is off, similar to air brakes on a bus.
A.1. It is efficient and green.
A.2. there are designs for smaller power plants, that on failure, inherent to the design, will shut off the reactor. I.e. the default state of the system is off, similar to air brakes on a bus.
I.e. you can build a system that moves to a safe state on failure.
A weaker argument, also for (From ChrisH discussion):
A weaker argument, also for (From ChrisH discussion):
Worse if chem plant blows up. We run those regularly.
Apollo GUI Goodness
I just talked to an old timer about the Legendary Apollo Workstations of the early 80s. Can we get back some of their goodness? They had a GUI environment called DM, before the X server, similar to windows/apple, that had a control window. This window could understand a special language with a power that even now we can only dream about.
Apparently they could do the equivalent of
and programmatically pop up a new window showing arbitrary text, etc. This would be extremely useful; has KDE thought of making full python bindings for its KWin? Better yet, give us an interpreter window widget like they had.
They also had a flag to provide a terminal with either a BSD or SYSV unix interface, down to the system calls seen by the user programs. Amazing.
Apparently they could do the equivalent of
for w in $(all windows in current desktop):
search w.contents() for text "foo"
and programmatically pop up a new window showing arbitrary text, etc. This would be extremely useful; has KDE thought of making full python bindings for its KWin? Better yet, give us an interpreter window widget like they had.
They also had a flag to provide a terminal with either a BSD or SYSV unix interface, down to the system calls seen by the user programs. Amazing.
SSH Hostbased Auth
Put this in the blog because its hard to find on the web, and if you
need to do it, it is quite critical to know it.
REPRODUCE
on cent4gardenhub
1. ssh-add -D
2. ssh -v cent5gardnenhub = asks for password. Gosh no. Not. Again.
DIAGNOSE
Q1: Is one of these false?
A. Is the result of $(hostname) the same as forward and reverse DNS
maps:
if test "$(hostname)." == "$(host $(hostname -i) | awk '{print $5}')";
then echo ok; fi
B. is $(hostname) listed in /etc/ssh/shosts.equiv on remote machine
C. is the remotehost on the ssh command line ($argv) listed in
/etc/ssh/ssh_known_hosts on the remote machine?
D. Does the public key from (C) match that listed in
ssh_host_rsa_key.pub on the local machine?
Q2: Are there any errors in /var/log/authpriv on the remote machine?
need to do it, it is quite critical to know it.
REPRODUCE
on cent4gardenhub
1. ssh-add -D
2. ssh -v cent5gardnenhub = asks for password. Gosh no. Not. Again.
DIAGNOSE
Q1: Is one of these false?
A. Is the result of $(hostname) the same as forward and reverse DNS
maps:
if test "$(hostname)." == "$(host $(hostname -i) | awk '{print $5}')";
then echo ok; fi
B. is $(hostname) listed in /etc/ssh/shosts.equiv on remote machine
C. is the remotehost on the ssh command line ($argv) listed in
/etc/ssh/ssh_known_hosts on the remote machine?
D. Does the public key from (C) match that listed in
ssh_host_rsa_key.pub on the local machine?
Q2: Are there any errors in /var/log/authpriv on the remote machine?
Second Academic Tenure
The Japanese reportedly have a tradition of encouraging academics to switch fields every 10 years. The reason is it is felt if they do not they get calcified in the field, and worse, squash good new ideas as they threaten their own. John likes this and suggests a second tenure meeting, 15 years away from the first one. It would be very unlikely that a person would be allowed tenure in the same field a second time. A quote from John from today "Dick Feynman, yes, go ahead and continue to work on physics, but John Salmon, well you might make some incremental advance to large astrophysics simulation technique, but you should probably apply that big brain to chemistry, biology, xxx".
A whacky idea.
A whacky idea.
Subscribe to:
Posts (Atom)