Slashdot Mirror


User: mlts

mlts's activity in the archive.

Stories
0
Comments
5,534
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,534

  1. Re:Short Answer on Could the US Phase Out Nuclear Power? · · Score: 1

    I don't know how much the cost would be, but it might perhaps be a way to get rare earths without having to kowtow to whomever has the stashes of it.

    I am wrong about the lead part, but I see a win/win/win situation with nuclear power, except for the fact that oil/coal would be shut out, and the concern another person posted.

    My only reservation about nuclear can be boiled down to the statement, "We can't trust a lot of contractors to build showerheads with proper grounding to keep people using them from being electrocuted. How can we trust people who are just there for the next quarter's dollar to build something that is as intricate as a reactor, no matter how well the design?"

    China solves this problem in their own brutal way -- a company ships a reactor head made of pot metal, and there will be corporate officers facing execution shortly after. Here in the US, some guy would be tossed under the bus, and life would go on, with the taxpayers paying for another Superfund site.

  2. Re:Crack some heads. on Cybersecurity and the Internet Economy · · Score: 4, Insightful

    We already had that. Operation Sun Devil.

    Result: The US is very hard pressed to find any true blackhats to work for them, while China considers them the same as front line infantry or artillery troops, and pays them very well. Russia, same.

    If we had another hacker pogrom, the people that would get scooped up wouldn't be the true people causing the breaches at SCEA, SOE, or other places. Those guys are clued enough to use compromised machines on Joe Sixpack's coffee table, or offshore sites.

    The people picked up would be people in the iPhone Dev Team, the ROM modders at XDA Developers, and others like that... low hanging fruit that are not doing anything against the law, but are interfering with profits or the will of a CEO somewhere.

  3. Re:Good 4 consumers, AND business! on Cybersecurity and the Internet Economy · · Score: 1

    Sarbanes Oxley compliance != security.

    SOX has made SAN makers rich due to having to store E-mail for a long amount of time (50 years if you have anything to do with aerospace).

    It also has pushed out F/OSS solutions because without "due diligence" (which means products need FIPS certifications, Common Criteria, yadda, yadda, pretty tags that require a lot of money to pay an independent testing lab to get approved), people might see prison time.

    That is if the law is enforced... AFAIK, HIPAA was enforced once.

    Voluntary codes won't work. It is actual laws that will make businesses hurt where it counts that will be the only impetus that will make a lot of businesses [1] lock their barn doors.

    [1]: Some companies actually do have good security. However, a lot view security as a cost center so don't really bother, other than maybe spitting out a few buzzwords like loose flatulence after a Pancho's dinner.

  4. Re:A poison by any other name.... on Could the US Phase Out Nuclear Power? · · Score: 2

    Big Oil knows its stuff, and the fear campaign is working, and has worked since even before 3MI. The guys know that nuclear power would kill Big Oil.

    Why? Reactions that are (as of now) energy expensive could be done on massive scales. Desalinate water, pull CO2 from the air, combine the two in a number of reactions, and one can get ethanol. Combine a reactor and a thermal depolymerization plant (which essentially "boils" plastic to short chain carbon atoms), and gasoline would be ready to be used from the sewage plants and garbage cans.

    Eventually Big Oil will have to move to another energy source, as oil is becoming more and more expensive to obtain. We have passed peak oil a long time past. However, cheap, polluting lignite coal is abundant, and until that crap (which arguably is one of the worst energy sources out there) is gone, Big Coal will still have their boot on the nuclear power industry's neck.

  5. Re:Short Answer on Could the US Phase Out Nuclear Power? · · Score: 3, Insightful

    It is getting there. India has done some with their Kakrapar reactor, although not as a direct fuel source.

    We have a nice vicious cycle here. People are afraid of nuclear power, so they want to defund research that makes using Pu and uranium a thing of the past. Because of slow advances in nuclear research, people continue to equate nuclear power with reactors made when McCarthy was saying that a commie was under every bed, and sock hops were the rage.

    No interest in R&D for better energy solutions is pure suicide on a national level.

  6. Re:A poison by any other name.... on Could the US Phase Out Nuclear Power? · · Score: 2

    One also has to look at the high level nuclear waste. There isn't that much of it. On a pragmatic basis, toss it in a breeder reactor and keep using it until it turns to lead.

    You underscored a problem. People go batshit when they hear the word "nuclear". Take a MRI for example. It used to be called NMRI. However, people heard the first word in that abbreviation and thought that their body's component atoms would wind up ripped apart like a bad Star Trek transporter malfunction if they were scanned by such a device.

    It is almost amazing that when the world needs more energy (more people, and more energy per person), the voices that are loudest and most often listened to are ones which want to reduce the available sources of energy.

    My question is, why do people want to be still stuck on oil for transportation and coal for the grid in 20-40 years? Why is dirty as all get-out lignite coal (the mainstay of most coal plants) viewed as the clean and safe solution. Why do people state that nuclear isn't a 100% fix, so don't bother?

  7. Re:If we didn't have nuclear power, we would be fi on Could the US Phase Out Nuclear Power? · · Score: 2

    There are plenty of reactor designs that do not need Pu in the fuel. Thorium reactors come to mind. To boot, thorium is relatively cheap, and the biggest deposits are in countries that have decent infrastructure.

    There are other designs that do not use plutonium in any, shape, or form. TWR designs come to mind. In fact, most Gen IV designs are similar. No way these designs are going to be spitting any Pu amounts, much less enough to make it useful for terrorists.

    I'm sure you know this, as a nuclear engineer.

  8. Re:Short Answer on Could the US Phase Out Nuclear Power? · · Score: 4, Insightful

    Don't forget Big Oil and Big Coal. They would love the US to be nuclear free. There are plenty of lignite coal deposits and plenty of small towns just itching for toxic mine tailings to wind up in the ground water.

    Realistically, lets close nuclear plants... the first gen ones. Replace those with passively safe breeding designs like TWR that can happily chug on fuel until it is plain old lead suitable for adding to paint chips. Done right, we can take the high level nuclear products from older reactors and use it for more than triggering NIMBY knee jerk politics near Yucca Mountain.

    There is nothing wrong with nuclear power. We just need to move to designs of plants made after the conflict in Viet Nam, or ideally, designs made this millennium.

  9. Re:And so it begins... on Most Vulns Exploited By Stuxnet Worm Remain Unpatched · · Score: 1

    I can see laws being passed, but definitely nothing that actually will force companies to zip their flies up.

    We will see laws mandating DRM, squashing anonymity, demanding websites have a license for any accounts, root/Administrator taken away from computer users, DRM stacks in all Internet connected hardware with core/edge NAC enforcing it, and so on. Basically, everything on the *AA laundry list of wants.

    So, the next SCADA attack will likely result in the Internet ending up like Compuserve for everyone but the true blackhats... and I'm sure the ISPs will be more than willing to tack on the old Compuserve fees for hours on as well.

  10. Re:Seconded, delete it. Don't look, fix, or help on Ask Slashdot: What To Do With Other People's Email? · · Score: 1

    I have that happen all the time with a gmail account of mine. I have a filter, look through to find if the mail is relevant to me, then just purge the mailbox with the misguided stuff in it. Chronic people who send in error, I just blacklist their E-mail addresses.

  11. Re:Ahem. on Could Apple Kill Off Mac OS X? · · Score: 1

    I agree with you about that 96/192 is overkill for a lot of things. However, it was meant to be used in the context of CPU bandwidth, I/O bandwidth and other things that music production rely on, which no tablet made today has the ability to handle.

    Even at CD quality, an iPad would choke on handling just a proper drumset micing , much less a general four piece rock band.

    As for compression, I 100% agree wholeheartedly. I've used it as a "shoehorn" for a few tracks that end up all over the place, but not trying to ram the mix to 0db from start to finish.

  12. Re:They're already phasing it out on Could Apple Kill Off Mac OS X? · · Score: 1

    Most of those are to allow a consistent user interface, so someone's workflow on an iPad can be almost the same on a regular Mac. I'm sure some of us will still use alt-tab instead of swiping at windows. Jobs showed that stuff because it makes a lot of sizzle.

    The real cool features of Lion were the ones Jobs barely touched on. Lion's WDE for example, FileVault 2. This is something that may not be flashy, but it means a lot to companies and individuals, where a stolen Mac just can be written off as a hardware loss, not hardware + data. Another feature is $50 for Lion Server. This is nice because it is an inexpensive way to get a directory server in a home LAN, as well as the usual server tools (e. g: DNS, sendmail, web server, even a wiki server.)

  13. Re:(cough)bullshit(cough) on Could Apple Kill Off Mac OS X? · · Score: 1

    Bingo.

    Take music production. Yes, an iPad can handle 4-5 tracks, or it can handle a lot more acting as a control surface to an existing studio, but for a serious studio, it will require an iMac, or a Mac Pro. Just a drum set alone requires 16 microphones, and the CPU usage to handle 16 tracks at studio quality (96 bit, 192 khz stereo at the minimum, lots more if mixing 5.1 or 7.1) is going to choke an iPad. Video is even worse, if one is talking true production quality stuff, not consumer grade "HD" video.

    Slap iOS on a Mac Pro? Won't work -- too much headache for companies like DigiDesign to make modules and hardware attachments, then push out an app that has drivers with everything in it.

    In theory, we can see a "server" based iOS with background apps for OpenDirectory and such. However, in any serious data center, even the PHB who thought the "server appliance" was initially cool would in time participate in drop-kicking such a box from the top of the parking garage. Mainly because each enterprise has its own way of managing machines, and an OS that disallows anything but approved apps on the server side (while also denying root access) would fail any security audit today.

    Macs are staying put in the ecosystem. If Apple starts tightening the screws too hard on general purpose computers, Microsoft and the Linux distro makers are waiting in the wings to take up the slack.

  14. Re:So, there is no indication? on Could Apple Kill Off Mac OS X? · · Score: 1

    When I saw that, it actually was bringing the iPad and iPhone in line with the competition.

    Android devices are standalone -- they don't need to be tied to a desktop to work. It is a good idea to back them up and scoop the backups to a PC periodically, (or root the thing and use Titanium Backup to store encrypted backups on DropBox [1].)

    The PC and Mac are not demoted -- they still are in the same hierarchy. The iPhone and iPad are now standalone devices like they should be, and like how the competition is.

    [1]: Since TB encrypts the backups before sending, Dropbox's security isn't as vital as if they were in plaintext. I wish nandroid had a security option, but as of now, it does not.

  15. Re:I don't believe it... on Bitcoin Used For the Narcotics Trade · · Score: 1

    The question is not if I know the coins are fine. Unless there is a break in the cryptosystems used, then I have faith in it.

    However, it is getting others to do the same thing that means a chunk of currency. Will other people freak out about "miners" and think it is the same thing as Zimbabwe running their printing press? Those are battles this currency will have to overcome.

    The system from my perspective looks secure -- it is a well designed currency ecosystem. However what will kill it won't be the technical aspect. It will be if it provides useful functionality good enough for people to bother using it. Not just geeks, but Joe Sixpack who is worried about the stash of gold under his bed and barely trusts the American dollar.

  16. Re:OS X Server on Apple WWDC: iOS 5, Lion, iCloud · · Score: 1

    OS X Server, or xSAN?

  17. Re:I don't believe it... on Bitcoin Used For the Narcotics Trade · · Score: 1

    Currencies need trust. For me to trust bitcoin for more than just novelty purposes, here is what I need:

    1: 5-10 years from now, will my coins still have a value, or will "miners" make the currency worthless like Beens, Flooz, or many other "Internet currencies" that have come, left nasty farts, and gone.

    2: I understand Bitcoin, but can you get Joe Sixpack who buys gold because Rush, Beck, and Palin say so to trust this currency? They wouldn't understand it, much less give it credence.

    3: Is BitCoin use going up or declining? If it is declining, then there isn't going to be much interest in putting resources into the technology.

    4: The technology is interesting, but when virtually coins are "mined", people likely wouldn't want to play in the market.

    5: You have to convince the masses that the currency can be converted to gold, that "mining" coins isn't going to flood the economy with currency.

    6: Backing. eGold is backed by metal. The US Dollar is backed by the US government. Who backs BitCoin? To the average person out there, some big name would need to step up to the plate, elsewise this becomes a novelty item.

    7: What happens to the currency if someone makes a TWIRL machine, or heaven forbid, a quantum computer that can factor RSA in a lot shorter time? The whole currency and any assets bound to it are depending on the security of some cryptographic algorithms. If one of the algos used is broken, it would mean the whole ecosystem would be destroyed. Ideally, it should use redundant algorithms (chained encryption, etc.) to reduce this as a threat.

    8: This is a pseudoanonymous currency, not anonymous. It can be claimed it is "neither fish nor foul", and having neither the benefits of anonymity, nor the ease of use of standard credit cards or PayPal. It might dupe people into thinking it is anonymous, and then later get nailed by the IRS for tax fraud, or even FinCEN may step into the picture.

    BitCoin has promise, but at best it is a "transport currency" -- convert to BitCoins, make a purchase or sale, and the other side immediately converts them out. There is no real assurance of stability.

  18. Re:And? on Cheap GPUs Rendering Strong Passwords Useless · · Score: 1

    Chip and PIN is not the best technology -- something like OATH, or IBM's ZTIC would be a far better implementation, perhaps giving the ZTIC device a built in EDGE/3G radio so it has its own link and doesn't have to be attached to a computer.

    However, this "password hash HSM" is intended not to guard against a compromised password, but to guard against someone snarfing the /etc/shadow equivalent in case everything internal gets compromised. This way, even though a blackhat may have root everywhere, the best that can be done would be running password guesses and having the device then start producing "too many wrong guess" errors for 5+ minutes per user. A user with a weak password is still easily hacked, as this provides no benefit if there are other weak links in the chain.

    Companies have learned to physically store their secret RSA keys in HSMs for SSL and whatnot. It is time for password data to be treated in the same manner.

  19. Re:And? on Cheap GPUs Rendering Strong Passwords Useless · · Score: 2

    Realistically, we need to have passwords as *an* authentication method, as opposed to *the* auth method.

    Until we can decide on another method of authentication, perhaps one thing to do is have the mechanism that does the password validation (as well as storing hashes) physically secured on a tamper resistant card, similar to how public keys are stored on HSMs.

    The mechanism on the tamper resistant card would have ports to store data on external media (encrypted with LUKS where the whole drive is encrypted with a key stored on internal, protected flash.)

    The API for this device is fairly simple: Store a userID/password/date of expiration item, do a compare (hash, result) and return yes, no, or "too many times tried", change the expiration date on userID/password, delete the item, and reformat, purging everything, generating all new keys.

    This way, there is no way that the stored values can ever be pulled. Brute force guesses will be slowed down because after 3-5 tries, the device will only allow one compare every "x" amount of minutes. Physical attack of the device is not going to reveal much other than quickly blown e-fuses due to tamper responses going off. The goal is to have an extremely simple device that just does authentication challenges. The LDAP server or authorization server handles if an account is expired or not. This thing just moves the passwords from hashes stored in /etc/shadow to a locked down appliance.

    Other features could include:

    Special key/PIN/password to start up, in case the device is powered off.

    GPS location so the device will not work unless in a configured location.

    A fiber optic cable that wraps around items, if it is pulled, the device locks until a key or password is given.

    Backups done encrypted via USB flash drives, where the hash material is stored encrypted to private keys of the other HSMs, or smart card.

    Multiple devices for redundancy that can keep in sync with each other.

    With a dedicated HSM storing the password hashes, this would go a long way to adding security, just like a HSM does to protecting SSL keys.

  20. Re:Hmm.. on Bubble Bursting On the MMO Market? · · Score: 1

    I second that. On Rift with multiple 50s, I have yet to see a single flame-fest in chat, people spamming inane crap, or other items that plague WoW's general chats. This is on the most populated PvE server in the game.

    In fact, Rift tends to be too quiet. You really need to get in a guild if you want to do more than PuG invasion raids, heroic rifts, or PuG instances.

    Of all the MMOs, I prefer EQ1 and EQ2. Mainly because they have an established community. It isn't perfect, but there have been lots of nights where interesting discussions have gone on in various chat channels.

  21. Re:And this is surprising why? on New MacDefender Defeats Apple Security Update · · Score: 1

    Local user can be mission accomplished very easily. For example, users with admin privs have write access to the /Applications folder. This means that malware can infect programs there with ease.

    At least Apple is one step ahead with the App Store. I can see the "file downloaded" dialog be only available to admins only in a future rev of OS X.

  22. Re:Which ones? on 30+ Infected Apps Pulled From Android Market · · Score: 3, Interesting

    Heck with antivirus/antimalware software. That way of thinking means we end up with the arms race that the blackhats will win every time, and our CPU, RAM, and disk I/O will be collateral damage, just like it is in the Windows ecosystem. If we had to have standard AV software, phone makers would have to double the RAM and add an additional core just to handle the continual I/O of a scanning utility.

    In reality, you want to go to a genetic HIPS (host-based intrusion protection system) type of architecture that will stop attacks because of the method used, as opposed to definite file signatures. File signatures means you have this dandy database which means jack squat because the 0-days change a couple bytes each version. For example, if malware uses a series of phone numbers, one blacklists that list instead of each executable hash, as there are far fewer phone numbers than changes to executables possible. Why is a HIPS based system better than real time signatures? HIPS systems only fire off when an action is done, and not having to be actively running.

    Even better would be to borrow from the Blackberry model, and if an app is about to use a service that is going to charge, prompt the user who/what/when/where/why/how/how much they will be billed for, and allow them to say "yes, don't bother me again", "yes", "no", or "hell no, this app can never do this".

  23. Re:I've been waiting for these on OCZ Couples SSD, Mechanical Storage On a PCIe Card · · Score: 1

    From what I recall, MS operating systems can use the feature the best. ReadyDrive didn't seem to go well, because it is "neither fish nor foul".

    SANs do autotiering, using SSD for either a large persistant cache, or move data up and down the hierarchy as needed. Most HDDs would be too expensive with the drive controller intelligence to handle this. So, until recently this has been a dead feature.

  24. Re:I've been waiting for these on OCZ Couples SSD, Mechanical Storage On a PCIe Card · · Score: 2

    Windows Vista and newer had the ability to use a technology called ReadyDrive which can use the SSD as a cache, and the spinning platter as the HDD.

    So far, there have been very few drives using this technology. It seems like it would be useful, although what would make SSD and conventional HDD pairings more useful would be a hard drive controller doing what most SANs do -- autotiering. Data that is read/written to all the time gets moved to the SSD while stuff that isn't used gets put on the platters.

  25. Re:Linux = "Immune to malware" (another /. LIE?) on 'Fee-Deduction' Malware On Android Spotted In the Wild · · Score: 1

    If one visits sites like MacRumors, and looks under the iPhone hacks section, you will find a good amount of people posting about installing apps with Installous from dodgy repos. They all kinds of problems, from having to DFU restore, to corruption of other app's data, and so on.

    The evidence is anecdotal (someone whining about a spotty JB iPhone that has been heavily modified could be a lot of issues), but slapping on pirated apps from repos that have not been vetted is just asking for an additional payload to come with the .apk file.