Slashdot Mirror

Capsicum is a lightweight framework which extends a POSIX UNIX kernel to support new security capabilities and adds a userland sandbox API. It was originally developed as a collaboration between the University of Cambridge Computer Laboratory and Google, sponsored by a grant from Google, with FreeBSD as the prototype platform and Chromium as the prototype application. FreeBSD 9.0 provides kernel support as an experimental feature for researchers and early adopters. Application support will follow in a later FreeBSD release and there are plans to provide some initial Capsicum-protected applications in FreeBSD 9.1.

Traditional access control frameworks are designed to protect users from each other through the use of permissions and mandatory access control policies. However, they cannot protect the user when an application, such as a web browser, processes many potentially malicious inputs, such as HTML, scripting languages, and untrusted images. Capsicum provides application developers fine-grained control over files and network sockets to provide privilege separation within an application, with minimal code changes. In other words, it provides application compartmentalisation, allowing the application itself to provide many different sandboxes to contain its various elements. As an example, each tab in the Chromium browser has its own sandbox; it is also possible to contain each image in its own sandbox. Creating sandboxes under Capsicum does not require privilege, a key problem with current UNIX sandbox approaches.

As an example, the insecure tcpdump application can be sandboxed with Capsicum in about 10 lines of code and the Chromium web browser can be sandboxed in about 100 lines of code. capsicum(4) provides an overview of the available system calls. More information, including links to technical publications, projects, and a mailing list, can be found at the Capsicum website.

Capsicum also debuted, like, years ago.

And appears to be stale:

The website hasn't been updated since 2010.

The latest GitHub code is from 2010.

The "Documentation and Publications" are from 2009 and 2010

So stale it got imported into the base system and kernel newest release of FreeBSD.

Besides, they've proven the system works, what else is really needed? It will take time to change userland utilities to use it, and only at that point will there perhaps be a need to add more capabilities for use cases that may not have been thought of. As it is, I'd be hard pressed to think of a program more complicated than a web browser (network, disk, IPC, and UI access all needed in varying degrees).

As far as I know, Capsicum has mostly run its course and been superseded by other umbrellas, particularly CTSRD. The page for the latter even refers to the former as a 'success project'.

Capsicum also debuted, like, years ago.

And appears to be stale:

The website hasn't been updated since 2010.

The latest GitHub code is from 2010.

The "Documentation and Publications" are from 2009 and 2010

Ross Anderson's "Security Engineering" is also a fantastic read in this vein.

This guy has the right idea and this is what I meant.

I was once part of a particular arcade game emulation community (smaller than MAME) and the copy protections there ranged from non-existant, to the trivial, to the standard baked serial codes on the ROMs/hard drives and boards, to ones with security chips that performed very obnoxious operations in place for the main code itself, or outright served as an encryption device for the whole game data bank, decrypting on the fly for the CPU. The only way these particular ones were beaten were because the encryption method was simple and after patching out the security chip calls, the program could use the unencrypted data files natively. If you need an example of popular arcade games that took literally years to break because of aggressive copy protections of this sort, take a look at the CPS boards, made by Capcom. The early boards took a significant amount of time to emulate and make physical boards revivable - the CPS-3 board protection's death can be dated to approximately the year 2007. Not bad for hardware from 1996, I think. An intelligently designed system that used an encryption like AES would be an absolute nightmare to defeat, and would likely have to be defeated in similar, insane ways like burning off a chip's casing, then taking a photo of the physical layout of the chip in order to get at the data, as was the case for Mask ROMs. For a PC where you can take a dump from memory to snatch the key or the decrypted executable which you can then crack in standard ways, so this is less relevant, but it's still a higher entry bar - but most cracker groups voluntarily challenge themselves to defeat software packers and encrypters, so if your program is big enough to attract attention of one of those, it will be a matter of days rather than minutes. And then there are the folk that create home made replica server programs for MMOs so that they can hack the rules and drop rates, so there's always someone with the skill to write the assembly code to do what has to be done, even if they can't SEE what they're trying to copy.

At a significant cost, you CAN briefly deter pirates, except for only the most dedicated. If your software is niche enough (you imply that it is, at this stage) then you can survive with moving functionality off onto the hardware dongle. There are PC games that save profile data directly onto a USB stick, and some of these have been niche enough to make this barrier to cracking too high to overcome for years.

Is your software small enough, is your need big enough to foot this cost and inconvenience to your users? Can't answer that one for you.

Interesting assertion.

Scientific fact.

I'd like to see some evidence that, say, there was less diversity in the late Cretaceous

Evidence.

and more importantly that there'd be less diversity today if the KT event had not occurred.

Yeah, I totally have the ability to demonstrate how things that didn't happen would have changed millions of years of evolution. Anybody who did that would have a common source: their ass. All we know is what did actually happen, and that is that all mass extinctions have had net positive effects in the long term. Even mass extinctions were not causal or catalytic, it is undeniable that they were not preclusive of those positive outcomes, because both the extinctions and the positive outcomes are facts.

Well, let's look at the sixteen climate scientists who signed this, shall we?

Claude Allegre, former director of the Institute for the Study of the Earth, University of Paris: Sounds reasonable, though it looks like the proper name for the "University of Paris" is the "Paris VI University", or "Pierre and Marie Curie University". Unfortunately, it looks like the man is kind of a crank, and he hasn't been the director of that Institute since 1986, which makes it weird that it's the one thing they list about him.

J. Scott Armstrong, cofounder of the Journal of Forecasting and the International Journal of Forecasting: That's pretty reasonable, but forecasting and climate science aren't exactly the same thing; forecasting is the study of what's going to happen tomorrow or next week in any topic, while climate science is trying to figure out what will happen in the next year or the the next ten years with the weather. Also, Armstrong's professional background seems to be primarily in advertising, not forecasting, and he hasn't actually published any papers on climatology that I can see.

Jan Breslow, head of the Laboratory of Biochemical Genetics and Metabolism, Rockefeller University: I'm not exactly sure what he's doing on this list, since presumably it's a list of climate scientists? I mean, just because he's a researcher in one field doesn't automatically qualify him in others; it's like taking your car to ten mechanics and ignoring what they say, then asking your doctor about it and following his advice.

Roger Cohen, fellow, American Physical Society: This dude seems to be a writer for the NY Times, and I can't seem to find anyone by that name on the list of Fellows of the American Physical Society. Maybe he received his fellowship before 1990? In any case, it doesn't signify much in terms of his ability to evaluate any kind of science; those fellowships are kinda prestigious, but they're handed out for all sorts of things.

Edward David, member, National Academy of Engineering and National Academy of Sciences: What can I say? He's an electrical engineer. Would you trust him to diagnose a heart condition? An expert in one subject is not automatically an expert in all subjects.

William Happer, professor of physics, Princeton: What can I say? Damnit Jim, he's a physicist, not a climatologist! Sure, they're related - but would you trust this guy if he was talking on the way that chemists all over the world are trying to fool us about the mind control properties of fluorine? (as a side note, he's also a Fellow of the American Physical Society - why didn't they mention that?)

Michael Kelly, professor of technology, University of Cambridge, U.K.: This dude is kinda hard to Google because he shares a name with a fairly famous guitar company and a well-respected journalist (who died in 2003); however, it looks like he's done some pretty awesome work on semi-conductors. Unfortunately, that doesn't have anything to do with climate research.

William Kininmonth, former head of climate research at the Australian Bureau of Meteorology: Well, for one thing, he hasn't been the head of the ABM since 1998 (this seems to be a theme, you know?); for another, he's trained as a meteorologist, not a climate scientist. Just because they both deal with the weather doesn't necessarily mean that his word carries extra weight, but I do have to admit that he's one of the better signatories of this list.

Ric

further reading http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf

A video lecture on the topic from the man who gave us the Josephson junction, who is certifiably smarter than any of us here and as good a physicist as we have on the planet. That doesn't mean he doesn't have some peculiar ideas. He most certainly does. Walks funny too. But some of his most peculiar ideas have paid off big time, and were contrary to "everyone's" intuitive sense of how things work in reality.

Not enough land, see http://www.inference.phy.cam.ac.uk/withouthotair/c31/page_245.shtml

This graph is more interesting - it shows Co2 emissions per capita against population (so area of rectange = absolute emissions). Being able to compare the area visually gives a better indication as to the degree of the problem in each nation. This graph shows another interesting thing - responsibility for cumulative/historical co2 emissions. Since co2 stays in the air for 50 to 100 years, the vast majority of co2 that is in the air right now was actually put there by the nations that were industrialised throughout the last century - ie. the US and Western Europe.

btw. The author of that book also addresses the issue of China:

What about China, that naughty “out of control” country? Yes, the area of China’s rectangle is about the same as the USA’s, but the fact is that their per-capita emissions are below the world average. India’s per-capita emissions are less than half the world average. Moreover, it’s worth bearing in mind that much of the industrial emissions of China and India are associated with the manufacture of stuff for rich countries.

So, assuming that “something needs to be done” to reduce greenhouse gas emissions, who has a special responsibility to do something? As I said, that’s an ethical question. But I find it hard to imagine any system of ethics that denies that the responsibility falls especially on the countries to the left hand side of this diagram – the countries whose emissions are two, three, or four times the world average. Countries that are most able to pay. Countries like Britain and the USA, for example.

Whether "it is fair to share CO2 emission rights equally across the world's population" is an ethical question, as is the question of who should pay to clean up a problem like this, but it is hard to construct a moral argument that a Westerner should be entitled to emit more co2 than a person born in another nation. Why should we have this entitlement?

This graph is more interesting - it shows Co2 emissions per capita against population (so area of rectange = absolute emissions). Being able to compare the area visually gives a better indication as to the degree of the problem in each nation. This graph shows another interesting thing - responsibility for cumulative/historical co2 emissions. Since co2 stays in the air for 50 to 100 years, the vast majority of co2 that is in the air right now was actually put there by the nations that were industrialised throughout the last century - ie. the US and Western Europe.

btw. The author of that book also addresses the issue of China:

What about China, that naughty “out of control” country? Yes, the area of China’s rectangle is about the same as the USA’s, but the fact is that their per-capita emissions are below the world average. India’s per-capita emissions are less than half the world average. Moreover, it’s worth bearing in mind that much of the industrial emissions of China and India are associated with the manufacture of stuff for rich countries.

So, assuming that “something needs to be done” to reduce greenhouse gas emissions, who has a special responsibility to do something? As I said, that’s an ethical question. But I find it hard to imagine any system of ethics that denies that the responsibility falls especially on the countries to the left hand side of this diagram – the countries whose emissions are two, three, or four times the world average. Countries that are most able to pay. Countries like Britain and the USA, for example.

Whether "it is fair to share CO2 emission rights equally across the world's population" is an ethical question, as is the question of who should pay to clean up a problem like this, but it is hard to construct a moral argument that a Westerner should be entitled to emit more co2 than a person born in another nation. Why should we have this entitlement?

my e-mails have no worth and no one in their right mind would want to read them in the first place

I think it's about time reference was made in this discussion to the statement of need made by Uncle Phil Zimmerman at the beginning of his original PGP 2.x User Manual :

Why Do You Need PGP ?

• Privacy is as apple-pie as the Constitution.

  Perhaps you think your E-mail is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? You must be a subversive or a drug dealer if you hide your mail inside envelopes. Or maybe a paranoid nut. Do law-abiding citizens have any need to encrypt their E-mail?

  What if everyone believed that law-abiding citizens should use postcards for their mail? If some brave soul tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their E-mail, innocent or not, so that no one drew suspicion by asserting their E-mail privacy with encryption. Think of it as a form of solidarity.

And much much more, of course. It all sounded like a very sane stance when I first read that, so I tried to do exactly what he recommended. Of course, almost nobody else tooled up to deal with my highly secure bar crawl plans, so it was a waste of time. PGP tools for email back then were very primitive, but they're a lot better now ... it shouldn't be beyond us all.

my e-mails have no worth and no one in their right mind would want to read them in the first place

I think it's about time reference was made in this discussion to the statement of need made by Uncle Phil Zimmerman at the beginning of his original PGP 2.x User Manual :

Why Do You Need PGP ?

• Privacy is as apple-pie as the Constitution.

  Perhaps you think your E-mail is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? You must be a subversive or a drug dealer if you hide your mail inside envelopes. Or maybe a paranoid nut. Do law-abiding citizens have any need to encrypt their E-mail?

  What if everyone believed that law-abiding citizens should use postcards for their mail? If some brave soul tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their E-mail, innocent or not, so that no one drew suspicion by asserting their E-mail privacy with encryption. Think of it as a form of solidarity.

And much much more, of course. It all sounded like a very sane stance when I first read that, so I tried to do exactly what he recommended. Of course, almost nobody else tooled up to deal with my highly secure bar crawl plans, so it was a waste of time. PGP tools for email back then were very primitive, but they're a lot better now ... it shouldn't be beyond us all.

if you sign and encrypt emails, you don't have to verify the keys, that's done automatically:

John Smith wants to send Jane Doe an email, so he looks up her public key at an online key repositoy.

He uses her public key to encrypt the email and his private key to sign it.

She receives the email and decrypts it with her private key, validating his signature using John's public key she looked up in the key repository. If her public key (used by John to encrypt the email) had been spoofed in the repository, she wouldn't be able to decrypt the email with her private key.

You're almost right, but you're wrong about the lack of need for verification. The fact that she can decrypt the email which was encrypted with her public key obtained from a keyserver simply means she is in possession of the corresponding private key, not that she really is [the right] "Jane Doe" ... you might be beginning a correspondence with a spook. To verify that she is the person she is supposed to be (and not some Black Ops team MITM'ing her), the public keys must be verified, either by exchanging them in person in the first place, or by reading out key fingerprints over the phone if you would recognise her voice.

If John and Jane both get each other's public keys from a repository, and fail to verify them, then both keys may be bogus keys uploaded by MITM Bad Guys. This was well described by Phil Zimmerman in the original PGP 2.x User Manual

This is the other part of the PGP web-of-trust concept that most geeks I know don't quite get. When I countersign your key, I'm signing it to say that you really are the person you say you are (or rather "this key really does belong to the person it claims to belong to"), and NOT you are a person who can be trusted. So I must NOT countersign your key unless/until I'm really sure it's your key - which needs the key verification step to have been performed.

Unfortunately, most IT people I know who've ever been persuaded to try PGP just merrily get busy countersigning all the public keys they acquire, whether or not they've verified them. It doesn't help that some PGP email client software insists that you only use 3rd party public keys you're certain of, and won't let you pick an unverified key - so users will often just sign the 3rd party key to say they're certain of it so they can click 'Send' on the email.

Relatedly, I often suspect my colleagues don't even read the question you get asked when signing a key, which says "How strongly do you believe this person knows how to use PGP properly ?"

It is actually quite tricky to use PGP carefully enough to gain the full web-of-trust benefit - although I agree you can do what many folks do, and just ignore all that key-signing stuff, and wing it :)

Sigh ...

Notice the fact that China and India have 58% of emissions. That is not because of their large economies, but lack of controls.

What? China has a massive economy. Economy of the People's Republic of China: "The People's Republic of China (PRC) ranks since 2010 as the world's second largest economy after the United States. It has been the world's fastest-growing major economy, with consistent growth rates of around 10% over the past 30 years. China is also the largest exporter and second largest importer of goods in the world."

China and India also have a combined population that is eight times bigger than the U.S. population.

Also, check out this graph of global emissions per capita. China has emissions several times less than western nations, and, in fact, lower than the world average. And India's emissions are even lower than that. And if you are going to argue that per capita emissions aren't important, then you will need to argue from the moral perspective that you have the right to pollute more than a person in a third world country. You need to answer the question: what gives you that right?

It is difficult to construct a coherent moral argument, that given a limited resource, I, as a westerner, should be entitled to several times more of that resource than people living in other parts of the world.

China may have lots of dirty industry, but it's per capita emissions are several times less than those of the U.S., Australia, Canada and Western Europe. In fact, China's emissions per capita are below the world average, and it has stated that it won't follow the U.S. path of increasing emissions, they acknowledged to let emissions rise that high would be a "disaster for the world". Hopefully they will be able to do this.

We also need to be honest here: the problem of increased atmospheric CO2 is mostly our fault, especially when you consider the cumulative emissions we made over the last century, which dwarf those of China.

This graph show current emissions per capita. The author insightfully points out: "So, assuming that “something needs to be done” to reduce greenhouse gas emissions, who has a special responsibility to do something? As I said, that’s an ethical question. But I find it hard to imagine any system of ethics that denies that the responsibility falls especially on the countries to the left hand side of this diagram – the countries whose emissions are two, three, or four times the world average. Countries that are most able to pay. Countries like Britain and the USA, for example."

The next page has a graph for historical cumulative emissions of CO2. CO2 stays in the atmosphere for 50 to 100 years. Guess who is responsible for putting most of the extra CO2 that is currently in the atmosphere there? Not China.

The alternative 'just use less' philosophy is based upon some crazy idea that 7 billion people can just live in yurts.

Not true. Energy costs are rising. People are using less. We aren't all living in yurts. Ultimately, it is not sustainable (barring some amazing scientific advance) to have 7 billion people living the current lifestyle of the average westerner. It isn't even sustainable for us westerners. I would encourage you to read the book I linked to (there are PDF, epub etc. versions). You'd be surprised how much energy we use. The author is pro-nuclear, but even there his sums show we will have to build new nuclear plants at a rate faster than ever before to match the decline in fossil fuel supplies, and rely on technology that doesn't exist yet (industrial processes for seawater extraction) if we are to maintain our current western energy usage.

China may have lots of dirty industry, but it's per capita emissions are several times less than those of the U.S., Australia, Canada and Western Europe. In fact, China's emissions per capita are below the world average, and it has stated that it won't follow the U.S. path of increasing emissions, they acknowledged to let emissions rise that high would be a "disaster for the world". Hopefully they will be able to do this.

We also need to be honest here: the problem of increased atmospheric CO2 is mostly our fault, especially when you consider the cumulative emissions we made over the last century, which dwarf those of China.

This graph show current emissions per capita. The author insightfully points out: "So, assuming that “something needs to be done” to reduce greenhouse gas emissions, who has a special responsibility to do something? As I said, that’s an ethical question. But I find it hard to imagine any system of ethics that denies that the responsibility falls especially on the countries to the left hand side of this diagram – the countries whose emissions are two, three, or four times the world average. Countries that are most able to pay. Countries like Britain and the USA, for example."

The next page has a graph for historical cumulative emissions of CO2. CO2 stays in the atmosphere for 50 to 100 years. Guess who is responsible for putting most of the extra CO2 that is currently in the atmosphere there? Not China.

The alternative 'just use less' philosophy is based upon some crazy idea that 7 billion people can just live in yurts.

Not true. Energy costs are rising. People are using less. We aren't all living in yurts. Ultimately, it is not sustainable (barring some amazing scientific advance) to have 7 billion people living the current lifestyle of the average westerner. It isn't even sustainable for us westerners. I would encourage you to read the book I linked to (there are PDF, epub etc. versions). You'd be surprised how much energy we use. The author is pro-nuclear, but even there his sums show we will have to build new nuclear plants at a rate faster than ever before to match the decline in fossil fuel supplies, and rely on technology that doesn't exist yet (industrial processes for seawater extraction) if we are to maintain our current western energy usage.

Problem is, America and the world is filled with too many folks with superstitious beliefs regarding nuclear power.

The problem is not superstitious beliefs. The problem is one of governance and management - we have not yet figured out a way to have either government run, or privately run, nuclear power programs with effective safety protocols. On the one hand we have government run programs with their inherent problems, and on the other, for-profit corporations reducing safety to maximise profits. Here's a recent example from a supporter of nuclear power:

The safety of nuclear operations in Britain remains a concern. The THORP reprocessing facility at Sellafield, built in 1994 at a cost of £1.8 billion, had a growing leak from a broken pipe from August 2004 to April 2005. Over eight months, the leak let 85 000 litres of uranium-rich fluid flow into a sump which was equipped with safety systems that were designed to detect immediately any leak of as little as 15 litres. But the leak went undetected because the operators hadn’t completed the checks that ensured the safety systems were working; and the operators were in the habit of ignoring safety alarms anyway.

The safety system came with belt and braces. Independent of the failed safety alarms, routine safety-measurements of fluids in the sump should have detected the abnormal presence of uranium within one month of the start of the leak; but the operators often didn’t bother taking these routine measurements, because they felt too busy; and when they did take measurements that detected the abnormal presence of uranium in the sump (on 28 August 2004, 26 November 2004, and 24 February 2005), no action was taken.

By April 2005, 22 tons of uranium had leaked, but still none of the leak-detection systems detected the leak. The leak was finally detected by accountancy, when the bean-counters noticed that they were getting 10% less uranium out than their clients claimed they’d put in! Thank goodness this private company had a profit motive, hey? The criticism from the Chief Inspector of Nuclear Installations was withering: “The Plant was operated in a culture that seemed to allow instruments to operate in alarm mode rather than questioning the alarm and rectifying the relevant fault.”

If we let private companies build new reactors, how can we ensure that higher safety standards are adhered to? I don’t know.

2. Nuclear does not look promising, but it is an interesting one. Currently we get less than 3% of our daily Western life energy from nuclear plants. Nuclear would last 1000 years if we each used 0.55 kWh per day. But we don't - Westerners use about 250 kWh per day. We would need to ramp up production 40 times to cover our current daily usage. If we tried to cover all of our energy needs with nuclear, we will run out in of (currently known) recoverable reserves in 25 years. Ocean extraction of uranium is possible, but currently costs 10 times more than mining ore. Maintaining our current life styles on 10x energy cost isn't feasible: we would need some major technology developments here...

These numbers aren't right. The 25 year number in particular I've heard a lot, and it's true assuming (1) no breeder reactors and (2) no fuel reprocessing (because the US shut it all down for some reason related to nuclear proliferation - hah!).

Factor in reprocessing alone, and the number jumps to the hundreds of years range, with breeder reactors - thousands of years. With thorium it's tens of thousands and sea-water processing pushes it to hundreds of thousands.

The "only 25 years" number has been created by Greenpeace and over environmental lobby groups to add a "why bother" aspect to nuclear power which simply isn't true.

The average American consumes about 250 kWh per day. If we all raised our standard of consumption to an average American level, the green pro- duction stack would definitely be dwarfed by the red consumption stack. What about the average European and the average Brit? Average Eu- ropean consumption of “primary energy” (which means the energy con- tained in raw fuels, plus wind and hydroelectricity) is about 125 kWh per day per person. The UK average is also 125 kWh per day per person. These official averages do not include two energy flows. First, the “em- bedded energy” in imported stuff (the energy expended in making the stuff) is not included at all. We estimated in Chapter 15 that the embedded energy in imported stuff is at least 40 kWh/d per person. Second, the official estimates of “primary energy consumption” include only industrial energy flows – things like fossil fuels and hydroelectricity – and don’t keep track of the natural embedded energy in food: energy that was originally harnessed by photosynthesis.

In areas with a lot of sun, if you can get a majority of buildings to install solar heating/cooling/lighting and photovoltaic, and some local storage, you can make a big dent in the energy requirements (from coal) in a particular region.

Unfortunately it doesn't even come close. From this book: if you cover every south facing rooftop with solar panels you get 10 square meters of solar panels per person, which provides energy of 5 kWh per day per person. Current Western energy usage is estimated at 250 kWh per day. Those figures are based on the UK, where average sun level is 60% of the level at the equator. So moving the panels to Africa is only going to get us an extra 66%, so we still aren't meeting even 5% of our current energy needs (and then you would have to deal with transmission loss etc.). It isn't going to make a big dent...

Yes, energy density is a problem. If every single rain drop that fell on the Britain were exploited perfectly (100% capture of energy from first impact to sea level), then the whole lot would meet about 3% of the nation's current energy consumption. (Figures from Sustainable energy without the hot air: hydroelectric). Photovolatic farming also has big problems. To meet our current daily energy use with PV solar would require 20% of the land to be covered in panels, and to do it on a scale to power the UK alone would require 500 times all the photovoltaics in the whole world today. We either need some huge advances in science, or to seriously lower our energy consumption.

Yes, energy density is a problem. If every single rain drop that fell on the Britain were exploited perfectly (100% capture of energy from first impact to sea level), then the whole lot would meet about 3% of the nation's current energy consumption. (Figures from Sustainable energy without the hot air: hydroelectric). Photovolatic farming also has big problems. To meet our current daily energy use with PV solar would require 20% of the land to be covered in panels, and to do it on a scale to power the UK alone would require 500 times all the photovoltaics in the whole world today. We either need some huge advances in science, or to seriously lower our energy consumption.

The problem is that the water is too hot to re-use for cooling, and cooling it would in turn require time and energy. It's therefore easier to pump the hot water out to sea and forget about it. It is used as heating water in some places, but this has problem, see Sustainable energy without the hot air: Combined heat and power: "Delivering useful heat to a customer always reduces the electricity produced to some degree. The true net gains from combined heat and power are often much smaller than the hype would lead you to believe."

The emissions cost is kind of reflected in the price, because energy costs money, and there is a correlation between energy used during manufacturing and emissions. There have been many analyses of solar power; a typical panel has an energy yield ratio of between 4 and 7 (ref. Sustainable energy without the hot air). So it generates 4 to 8 times more energy than it costs to manufacture, transport and install.

1. Biomass can only meet a small amount of our energy needs. If we devote 75% of land to growing biofuels, and burn it all, we get about 10% of our current energy consumption.

2. Nuclear does not look promising, but it is an interesting one. Currently we get less than 3% of our daily Western life energy from nuclear plants. Nuclear would last 1000 years if we each used 0.55 kWh per day. But we don't - Westerners use about 250 kWh per day. We would need to ramp up production 40 times to cover our current daily usage. If we tried to cover all of our energy needs with nuclear, we will run out in of (currently known) recoverable reserves in 25 years. Ocean extraction of uranium is possible, but currently costs 10 times more than mining ore. Maintaining our current life styles on 10x energy cost isn't feasible: we would need some major technology developments here...

(Figures from Sustainable Energy without the hot air. Read it, it's free to download and full of interesting figures.)

1. Biomass can only meet a small amount of our energy needs. If we devote 75% of land to growing biofuels, and burn it all, we get about 10% of our current energy consumption.

2. Nuclear does not look promising, but it is an interesting one. Currently we get less than 3% of our daily Western life energy from nuclear plants. Nuclear would last 1000 years if we each used 0.55 kWh per day. But we don't - Westerners use about 250 kWh per day. We would need to ramp up production 40 times to cover our current daily usage. If we tried to cover all of our energy needs with nuclear, we will run out in of (currently known) recoverable reserves in 25 years. Ocean extraction of uranium is possible, but currently costs 10 times more than mining ore. Maintaining our current life styles on 10x energy cost isn't feasible: we would need some major technology developments here...

(Figures from Sustainable Energy without the hot air. Read it, it's free to download and full of interesting figures.)

The food and water problem is an energy problem.

I'm afraid biomass does not appear to be the answer. See Sustainable energy without the hot air - solar biomass. I recommend reading it, it's a well thought out book, with free electronic versions (epub/pdf) for download.

When you say "we stop by using capabilites" I just know you are referring to FreeBSD and not Linux, because Linux is weak in the capabilities arena. As a matter of fact, the new Capsicum framework is implemented in FreeBSD. Again, one of those things, such as Dtrace, ZFS, MAC and Jails that are ready for consumption in FreeBSD but not even on the radar of the high-browse superior Linoox crowd.

http://www.cl.cam.ac.uk/research/security/capsicum/

Can't this be done in software:
http://www.inference.phy.cam.ac.uk/opengazer/

Ha I found it "digitaldesk" all one word.

http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-330.html

http://video.google.com/videoplay?docid=5772530828816089246

I believe this movie dated june 1991 is the actual movie I watched in '93 at the IEEE meeting

http://www.youtube.com/watch?v=S8lCetZ_57g

The movie is well worth watching and I promise my immortal /. Karma that it is not a rickroll.

Other than resolution and 3d acceleration, nothing has really changed in the past 20 years WRT this specific technology.

I would have thought it would be obvious that the computer the robot is typing on is "trusted". Yes, my computer has a TPM. It's disabled by default, can only be initialized from the BIOS and can be cleared and reinitialized at any time.

Why would a robot typing have any effect on what that computer is allowed or not allowed to do with T.C. enabled? If, for example, T.C. receives a blacklist that forbids the use of the word "democracy", it will not be transmitted or received whether the typist is human or robotic.

I think you may have some basic misconceptions about "Trusted Computing". Try reading this: http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

HTH

Strat

Thanks for the link.

Okay, I read. I followed the included link http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html and read it, then spent another couple of hours reading more from a few of the links included in that article. At first blush there is some seriously horrifying stuff going on, much of it masquerading under the simplified banner of "think of the children"-style of emotional appeal but whose ultimate goal, and real appeal to the powers that be, is ultimately profit and control. Then it gets worse, IMO.

To me the warning of the dictum latterly attributed to Lord Acton (?) of "Power corrupts; absolute power corrupts absolutely." applies. [I suspect that that thought precedes written language.] If the power exists, it will be used - similar to yet farther reaching than "The 400" effectively control the US economy concomitant with its realpolitik. (I came across an article yesterday about researchers using systems analysis to determine that 1381 multi-nationals effectively controlled the planet's economy, all sans benefit of conspiracy but rather merely efficiency, but cannot find the link just now - science 2.0, perhaps; it was interesting reading, and it doesn't require a tin-foil hat to accord it some credence.)

So, if I have this a-rightly: TC does not, or will not, eventually, require more than a CPU and, at root, certain few government keys. It will be independent of OS, BIOS or UEFI, separate on-board chip, application code, what have you. Non-TC CPUs will be isolated to unconnected hobbyists; there will be no Internet functionality independent of approved TC CPUs. By extension, it will not even be possible to have private electronic-based communication amongst "ourselves" using PGP and such, because non-TC comms will not make it through any of various Internet intermediaries. And I suggest not counting on darknet.

http://en.wikipedia.org/wiki/Trusted_Computing_Group gives a quick look at the initial industry players.

At the moment, so far as I know, volume production of chips is not a trivial or easily hidden activity; further, absent genuine keys or imaginary effective counterfeits, independent and free electronic interaction will not be possible. If you think that's a gloomy overthink, it was worse before I read the comics section.

What with proprietary formats and such, DRM, DMCA, etc. - tip of the iceberg and all that - I see this as a snowball rolling down an endless slope such that the only hope is that "the" singularity when it may happen might prove a more benign overlord or, perhaps, even companion of sorts. Meanwhile, let's continue to have fun. It's only cradle to grave, right?

On the off-chance anyone got this far: sorry for the long post. I first read on some of this back in the early 90's, and found it to be sufficiently scary and depressing then after doing a bit of extrapolation.

Any smart people with non-smart-ass ideas on how to deal with this? I'm a bit more than curious, even 'tho, at 64, it may not be personally relevant for long.

Some of the drawings were very high up so children had to have been lifted by adults to reach them. Moreover, there are clear designs in the patterns, and swirls and the like. They aren't just straight lines at height level. And as discussed at http://www.cam.ac.uk/research/features/prehistoric-pre-school/, the children's work was mainly confined largely to a single room.

Unfortunately, the presentation in question doesn't seem to be online. There was a presentation on this subject at a conference at Cambridge http://www.sscip.org.uk/files/SSCIP%20Annual%20Conference%202011/Programme%20Autumn%202011a.pdf which apparently includes a lot of other examples of artifacts made by children in cultures throughout human history. Can someone find the relevant papers online? The author of the work is Jess Cooney from Cambridge. There's a page http://www.cam.ac.uk/research/features/prehistoric-pre-school/ with more details but I can't find actual preprints or the like.

But there's one thing that this sort of thing really shows: science rocks. We can use clever tests and careful measurements to figure out details about the age of children painting on caves. This is exactly why science is awesome. And we're always learning more and more, developing more clever techniques, and finding out more about the universe and ourselves. We are on a long, slow, possibly never-ending journey. But that journey leads closer and closer to truth. And those children and adults long ago who struggled to survive and experimented with different ways to paint are part of that same journey that we are.

(Sorry, something about this story just gets me a bit emotional.)

I can clone a magstripe card with very cheap off the shelf hardware, and use that card whereever. Cloning a modern (using the updated security software) chip card though, especially one that has the original timing attacks fixed requires serious hardware. That was what chip cards were created to fix, the chip and PIN bit was more of a side-benefit.

The original chip cards were vulnerable to cloning using offline terminals however, most of those particular attacks have been fixed through the shift from Static Data Authentication (SDA) to Dynamic (DDA). The attacks themselves are quite interesting and easy to understand. SDA cards (which are cheaper to manufacture) produced a crypto packet which could not be interpreted by the terminal. This caused a problem with offline terminals which were only periodically connected to the bank and were thus vulnerable to replay attacks. Fortunately though, DDA was made mandatory for all cards issued after 2011 so it shouldn't be a problem in future. (there's also a protocol called CDA which adds still further security)

The other problem was that the part of the packet which distinguished chip and sig transactions from chip and pin ones was in a proprietary card issuer dependant format. This meant a chip and pin card could be fooled into falling back to signing a chip and signature request, by a device in the middle which was passed to the terminal as if it were a chip and pin request. The terminal unable to tell the difference, thought the correct pin was entered. It's unclear whether this is fixed yet as it would require a terminal software upgrade to read the IAD and use CDA to protect the IAD, alternatively it would require the issuer to detect a signature verified transaction at their end and decline if it were unexpected.

Chip and signature mode can't be removed either. It is still necessary, as not everyone can use a pin, nor is it feasible to get pins under certain circumstances. Anyway you can find a summary of all these at cambridge's site.

It is well known in time synchronization circles that by default Windows stores the time in the BIOS/RTC in the local time zone but there is a registry hack for Vista and above to make Windows use UTC in BIOS/RTC. However Windows uses UTC internally.

The hypervizor is the new ring 0. And it's going to evolve into a microkernel and user mode drivers.

Xen already is, in essence, a microkernel, and already has "user-mode" drivers (called "driver domains"). In a 2005 paper, some of the authors of Xen argue that hypervisors are microkernels done right.

It's hard to see how that could apply to Linux running KVM, though.

Take a look here:

http://www.cl.cam.ac.uk/~rnc1 ...and then read this pdf:

http://www.cl.cam.ac.uk/~rnc1/cleanfeed.pdf

Take a look here:

http://www.cl.cam.ac.uk/~rnc1 ...and then read this pdf:

http://www.cl.cam.ac.uk/~rnc1/cleanfeed.pdf

berkeley. Also see section 3 of this.

The other interesting calculation is that about 10e6*1.6/25 = 640000 litters of fuel were burned on his behalf by aircraft. http://www.inference.phy.cam.ac.uk/withouthotair/cC/page_277.shtml

I see no mention of CPU speed. I'm guessing it wouldn't be that great.

Yes, there are other limits to computing.

Specifically the energy/time version of the Heisenberg Uncertainty Principle. At the limit of observability, if you reduce the energy, then you increase the time. So, measurable low-energy operations are going to take a relatively long time to complete.

There are other limits to computation.

Wouldn't a low energy computer be extremely slow?

According to the energy/time version of Heisenberg's uncertainty principle, a small uncertainty in energy would mean a large uncertainty in time. Any measurable operation close to this limit would take an extremely long time to complete.

There is similar work being done on FreeBSD:
http://www.cl.cam.ac.uk/research/security/capsicum/

Remember, the current program has cost something like 1000 American lives due to fuel convoy attacks, and is a logistical nightmare. Pretending that greener alternatives are impossible because they are ALSO logistical nightmares that will cost American lives is an unimpressive and unconvincing form of argument.

Solar panels are heavy. They are big. They are prone to damage by wind. They do not generate power at night, so they must be accompanied by large batteries or capacitors. They produce a trickle of power, and are not well designed for powering heavy machinery.

Are you suggesting that a mobile site in the desert should be surrounded by thousands of square meters of generators? Are you out of your mind? The are well suited for science fair projects, or convincing the masses that you are "green", but certainly not the right choice for mobile military installations.

In case you want to do the math yourself, be aware that a south-facing solar panel in Britain generates 0.022kW / square meter. Sure, you'll do better in the desert, but comparing this to diesel powered generators is just laughable.

A specific example: Oxford

http://www.ox.ac.uk/admissions/undergraduate_courses/courses/computer_science/computer_science_.html

Cambridge is a less good example because in the first year they make you do other stuff:

http://www.cl.cam.ac.uk/admissions/undergraduate/intro/

(20 years ago or so, CS didn't exist in the first year, so you had to apply to do something else then change subjects. Now you can spend _part_ of your first year
doing it.)

Imperial College, London:

http://www3.imperial.ac.uk/ugprospectus/facultiesanddepartments/computing/computingcourses

And how about Pisa:

http://www.di.unipi.it/