And I was wondering what took the hot heads so long...
What is the relevance of this to the post at hand?
Shachar (at the time I am writing this, the "consequences" are +2 insightful, so you're doing fine so far. As is obvious from my reply, I think "off topic" would have been more appropriate).
If you're rooted, you are also de-anonymized. That's almost a sure bet. Avoiding getting rooted is the key.
That really depends on how much resources you are willing to put into not getting de-anonymized.
For example: Install a dedicated computer. This computer is used for all anonymized traffic, and only for it. Do not install TOR on it. Set it up in its own network, and set the router for that network to: 1. Not allow any connection between that network and the router, or any other component of your internal network. and 2. Route all outgoing traffic from that computer to the internet only through TOR, including DNS queries.
Even if that computer is rooted, any de-anonymizing beacon it will try to send out will be routed through TOR. It will simply not know what its own external IP address is. Since the rest of the network will not accept traffic from it, there is nothing it can do to try and hack the rest of the network.
Proper construction means that rooting the anonymous machine is, by no means, checkmate.
There are more ways to pay for vulnerability data than just money.
I was once the in-company contact point for those matters at Check Point. Check Point did not (I'm not sure whether they do today) offer bounties or any other monetary rewards. That was okay, because that was a well advertised policy.
I tried to make really really sure that whenever a researcher reported a vulnerability, they would get the only payment I could give - credit. Once someone reported a buffer overrun, and agreed to hold off publishing until we fix it (about a month). During that month, someone else came forward directly to the mailing lists with the precise same bug (hard to believe it was a coincidence). Luckily, we were about ready with the release, so it did not remain unpatched for long.
I made sure that on the official announcement, the proper credit be given.
If you report a vulnerability to a company, and they don't show any signs of fixing it, threaten to sue you, or simply show disrespect, your moral incentives to help that company and its users go down. Depending on who you are, that might not mean you'd start selling vulnerabilities, but it is definitely a disincentive.
If you contacted me and reported a bug in fakeroot-ng or rsyncrypto, I'd fix it. I'd do it for free. I'll say "thank you" for reporting it.
If you contacted me with the precise same bug, and offered to pay me $1000 to fix it, I'd take your money and fix it as soon as I could, because I believe it is okay for FOSS developers to make money from their work.
If you contacted me and offered to pay me $10, I'd probably be offended.* If you can't afford to pay me a reasonable fee for my time, then ask me nicely to volunteer it. Do not, however, presume to pay me an unreasonable fee for it. There are things I'd happily do for free that I will simply refuse to do for a reward that is demeaning.
Shachar
* - If you waited for me to fix it, and then contributed $10 to my pay pal account, I'd not only say "thank you", I'd even happily tell everyone I know that someone did it. $10 makes for a lousy paycheck, but it's a perfectly reasonable donation.
Actually, I gave my 3yo daughter an older smartphone with no SIM. She has the annoying "talking tom" app she likes.
By having it accessible and fully functional, I achieve two things: 1. She is not as obssessed with appropriating ours and 2. This is not a novel thing to be coveted, but rather just another toy. She plays with is maybe an hour a week, much (much much) less than she plays with her dolls.
Of course, the phone stays home. The concept of her going somewhere with it is, more or less, unthinkable to me (though, to be fair, not much different than her taking her favorit doll with her places).
While I agree with you, it is still a severe hyperbole. "IBM, the company that helped Hitler and preferred H1B workers"...
Somehow, I think you can find things IBM did in the past 70 years since Hitler killed himself that were worse than preferring H1B workers to Americans.
In other words, you praise the man who promised to do something you find unethical, and then betrayed the trust of those he made the promise to (and suffered consequences) over the man who decided he will not do something unethical, and suffered consequences for that refusal? You view the regime that punishes those who betray trust given, under consent, as worse than the one that punishes those who exercise their free will to openly refuse the trust to begin with?
I do not see the logic (never mind agreeing with the premise) of your argument.
For the record, the rest of your argument suffers from ignorance. Everybody knew Israel had them from before. If you want to educate yourself about the program, as well as when it was actually used (without a single nuke exploding), I recommend "The Samson Option: Israel's Nuclear Arsenal and American Foreign Policy". It has plenty for you to get mad at Israel over, should that be your inclination, and it even covers the Vaanunu episode.
You seriously don't see the difference between someone imprisoned for refusing to participate, and someone imprisoned for taking an auth of secrecy and then violating it?
That's assuming you're in the US. I live in Israel, and books I buy from Amazon are much more expensive in paper form, merely because of shipping costs. Since I bought my Kindle, all of my purchases (admitably, most of those were from the Humble Bundle) were in e-book form.
No offense intended, but this isn't a review. Come again after you've actually used it.
Personally, I do not intend to buy the new Nexus 7 at least until it will be possible to build AOSP for it (but I might go out and buy the old one now:-). That said, I have nothing for or against it.
All I'm saying is that your comment did not add information. The comment you'll write in 24 hours likely will, however.
For me, it's not the human error aspect, but rather the increased sensory equipment.
I went through chemotherapy a few years ago. One of its (many) side effects was to obliterate my veins. Every time I need to have my blood taken (which is once a year at the very least), my usual nurse first breaths a heavy sigh, then asks me where would I like to be repeatedly stabbed.
If the robot's extra sensors allowed it to stab just once, I'd take the risk of malfunction. Assuming proper hardware design, my robot's worst case cannot be all that worse than my human's typical case.
It gets worse, however. Some vendors do not like the fact that after factory reset, the phone takes a long time to boot as it turns all of the dex files into odex files. They also do not like the fact that these files take space in the data partition, which is where downloaded APKs and application data is stored by default. As a result, Android has a mechanism by which you can place an APK in the system partition that is already odexed. The APK file does not contain a classes.dex file at all. Instead, next to the APK there is another file, called with the same base name and an.odex extension. On such a system, the original, signed, code is not around, and all of the actual code of the application is unsigned.
The severity of this attack, scary though it may sound, is not very high. You need root access in order to change the system folder or access the dalvik-cache directory. There is no privilege escalation. Just running unsigned code that seems to be signed. Also, any change to other parts of the system will invalidate the cache, and cause your exploit to disappear.
All in all, an interesting, but not very scary, vulnerability.
I will wager a guess as to what the vulnerability is. If that is not it, then it just means there is another vulnerability.
I'll just state that I'm not sure this is it, as what I'm talking about is not trigerrable via an update. You would need root to trigger it.
The information I am writing here is a product of my own research. It may or may not be the same as discussed above, but the symptoms are similar enough that I think it is.
An APK is a zip file composed of two main parts. The compiled dalvik code (in a file called classes.dex), as well as the resources (spanning multiple files, exact format irrelevant here). All of those files are listed in a directory inside the APK with their hash, and that file is digitally signed. This is the Androidn signing process.
The code, however, is in a format that is not immediately usable. I'm a bit fuzzy on the specific details, but the general idea is that you would need to adapt it to load addresses, based on everything else running in the same address space (the framework, and other libraries, if applicable). As a result, when Android first sees an APK, it does "optimization", in which it essentially takes the dex file, does all of the necessary relocations, and stores it in a directory called "dalvik-cache". As long as none of the APKs on which this cache file depends changed (the cache file stores the hashes for the original APK and all other dependencies), then Android does not bother with the classes.dex file stored inside the APK. It simply loads the optimized dex (odex) directly from the cache whenever needed. Needless to say, the odex is not hashed and is not signed. If you change it, Android will load your modified code without complaining.
I had more to say, and typed it in and all, but then I got "Filter error: Lameness filter encountered" error. Probably too long. I think you will have to make do with the first half of my comment:-)
That's why he talked about estoppel. Please tell me you've read the article before you so confidently posted here.
The relevant part of estoppel here is the one about public statements. If you make a public statement showing commitment, and someone relies on that commitment, you cannot go back. Despite the fact there is no actual contract, things are just as binding.
Suppose you place code on github, and publish in your blog that you released it as GPL, but never actually write a license file or give any other indication in the actual source that it's free software. Suppose I then modify it and distribute it (adding a GPL license). You cannot sue me for copyright violation. You made a public statement about the code, and I relied on it. That's as good as a contract.
In theory, I think you are right (IANAL). In practice, however, the mere existence of MariaDB means that it would be close to impossible to prove any actual harm. Oracle can always claim that you are free to switch to MariaDB, and you will have a hard time proving that is difficult to do.
The radio here has been brimming with people saying how happy they were with the cars, and how they don't know what will happen next. All of them (that I heard) said they can charge the car at home, and it's only long commutes that are a problem.
Assuming your reply was serious, I'll just point out that the question is not what system to use. By all means, do use whatever is most convenient to you. In fact, that is precisely what the article is ridiculing your government for saying. The question is what system should we teach children who have not been indoctrinated to any of the systems.
And, also, do you happen to have any references to the gun claim, or was this some obscure car analogy I didn't get?
But you see why civil engineers typically use english units. They units are based on tangible quantities, not some scientific ease of math basis. When we need easy math, we use kilopounds and decimal feet.
Actually, I don't see that at all. In fact, this sentence, to me, seemed completely unrelated to anything else discussed here. I suspect you just grew up with these units, got used to them, and therefor, now, think they are somehow better.
Neither. I suspect you just fell for the same blunder I originally did.
My bookshelf is 85cm wide, 170cm hi and 33cm deep. That makes it about half a cubic meter in volume. This, however, does not amount to the amount to the volume of books it can contain. Not all depth is used, and the books are not tall enough to fill the gaps between the shelves. All in all, let's assume half of the bookshelf's volume is lost (and I'm being generous to your side of the argument). Let's round the bookshelf's volume up to half a cubic meter (again, making your case easier to make).
So a bookshelf can host around 0.25 cubic meters of books. To make the analogy, we need to suddenly dump 7 new bookshelves worth of books on your apartment, and tell you "yeah, find a place for them".
As for your desk analogy - that just proves my point - people have a hard time of understanding volume. A desk is measured by its surface area. It has plenty of usable volume beneath and above it. If that were a block, you'd speak differently.
At the moment, there are five uninstalled air condition units sitting at the side of my living room. They take about 3 cubic meters. Yes, I can still use the apartment (but it's a really really big one), but they sure as hell stick out.
When you put soil in water, it changes. In particular, one component is removed from the mix: air.
I have no idea how much air is in the soil. I was working under restrictive assumptions (i.e. - ones that make the weight smaller), just to give a feel for the result.
Almost a decade ago, I was in a trip to the USA. I was very surprised to see Liter used for car engine sizes (here they usually use cubic centimeters, which are exactly 1/1000, so not a real problem).
I remember strolling through a supermarket, and looking at the soda bottles, which were bigger than the 1.5L bottles common here. I picked one up to see what size it was. I guess most readers know the answer - it was 2 liters. I remember wondering how come Americans are willing to use a metric unit.
So I asked a vendor. His answer was "This isn't a metric unit. It's liter". So I asked him how much was a liter, and his answer was something along the lines of "33.8 ounces" (without blinking of stopping to think about it).
Which, of course, got me my answer. The reason Americans are using a metric unit is because they don't know it's metric.
The problem with your proposal is that, if implemented that way, means just adding another unit to the mix, without exposing people to the main advantage that the metric system has to offer. That does not bode well for a "migration path".
You should add to that the fact that volume realization is hard. I'll give a couple of examples. First, bear in mind that the two units people are, more or less, familiar with are a milliliter (1 cubic centimeter = 1/1000 of a liter) and a liter.
The first was when a company I worked for ordered a certain amount of boxes for their product. We were trying to figure out whether we have where to store them. I made the calculation, based on box size, and figured the entire bunch would require a little less than 2 cubic meters (around 1.8). We sort of made a hand gesture estimate and figured it was not that much. Boy, were we wrong. We ended up using up every spare cabinet and space in the office. Lesson learned: a cubic meter is a lot.
The happened just yesterday. I was telling my wife we will have to remove some soil from our garden to make space for extra flooring. She said "we'll be giving that to friends, right?". I told her it was about 500 liters of soil. I then made a quick mental calculation. We'll need about 12 squared meter of flooring, and the base is about half a meter deep. 6000 liters. Assuming soil is half as dense than water (it was while driving, so I couldn't look it up), you get 3 tons of soil. My instinct was off by a factor of 10, and her instinct was off by a factor of 1000.
This doesn't mean this is useless. Can you make this same calculation, off the top of your head, using imperial units? Metric does simplify things quite considerably. It's just that, specifically for volumes, that is a hard problem to solve.
Slashdot Mirror
And I was wondering what took the hot heads so long...
What is the relevance of this to the post at hand?
Shachar
(at the time I am writing this, the "consequences" are +2 insightful, so you're doing fine so far. As is obvious from my reply, I think "off topic" would have been more appropriate).
Since when does spending a year in Israel make you Israeli?
I guess it's a matter of how you define yourself, but to the best of my knowledge, Sacha does not define himself as Israeli.
Shachar
If you're rooted, you are also de-anonymized. That's almost a sure bet. Avoiding getting rooted is the key.
That really depends on how much resources you are willing to put into not getting de-anonymized.
For example:
Install a dedicated computer. This computer is used for all anonymized traffic, and only for it. Do not install TOR on it. Set it up in its own network, and set the router for that network to:
1. Not allow any connection between that network and the router, or any other component of your internal network.
and
2. Route all outgoing traffic from that computer to the internet only through TOR, including DNS queries.
Even if that computer is rooted, any de-anonymizing beacon it will try to send out will be routed through TOR. It will simply not know what its own external IP address is. Since the rest of the network will not accept traffic from it, there is nothing it can do to try and hack the rest of the network.
Proper construction means that rooting the anonymous machine is, by no means, checkmate.
Shachar
There are more ways to pay for vulnerability data than just money.
I was once the in-company contact point for those matters at Check Point. Check Point did not (I'm not sure whether they do today) offer bounties or any other monetary rewards. That was okay, because that was a well advertised policy.
I tried to make really really sure that whenever a researcher reported a vulnerability, they would get the only payment I could give - credit. Once someone reported a buffer overrun, and agreed to hold off publishing until we fix it (about a month). During that month, someone else came forward directly to the mailing lists with the precise same bug (hard to believe it was a coincidence). Luckily, we were about ready with the release, so it did not remain unpatched for long.
I made sure that on the official announcement, the proper credit be given.
If you report a vulnerability to a company, and they don't show any signs of fixing it, threaten to sue you, or simply show disrespect, your moral incentives to help that company and its users go down. Depending on who you are, that might not mean you'd start selling vulnerabilities, but it is definitely a disincentive.
Shachar
If you contacted me and reported a bug in fakeroot-ng or rsyncrypto, I'd fix it. I'd do it for free. I'll say "thank you" for reporting it.
If you contacted me with the precise same bug, and offered to pay me $1000 to fix it, I'd take your money and fix it as soon as I could, because I believe it is okay for FOSS developers to make money from their work.
If you contacted me and offered to pay me $10, I'd probably be offended.* If you can't afford to pay me a reasonable fee for my time, then ask me nicely to volunteer it. Do not, however, presume to pay me an unreasonable fee for it. There are things I'd happily do for free that I will simply refuse to do for a reward that is demeaning.
Shachar
* - If you waited for me to fix it, and then contributed $10 to my pay pal account, I'd not only say "thank you", I'd even happily tell everyone I know that someone did it. $10 makes for a lousy paycheck, but it's a perfectly reasonable donation.
Actually, I gave my 3yo daughter an older smartphone with no SIM. She has the annoying "talking tom" app she likes.
By having it accessible and fully functional, I achieve two things:
1. She is not as obssessed with appropriating ours
and
2. This is not a novel thing to be coveted, but rather just another toy. She plays with is maybe an hour a week, much (much much) less than she plays with her dolls.
Of course, the phone stays home. The concept of her going somewhere with it is, more or less, unthinkable to me (though, to be fair, not much different than her taking her favorit doll with her places).
Shachar
While I agree with you, it is still a severe hyperbole. "IBM, the company that helped Hitler and preferred H1B workers"...
Somehow, I think you can find things IBM did in the past 70 years since Hitler killed himself that were worse than preferring H1B workers to Americans.
Shachar
In other words, you praise the man who promised to do something you find unethical, and then betrayed the trust of those he made the promise to (and suffered consequences) over the man who decided he will not do something unethical, and suffered consequences for that refusal? You view the regime that punishes those who betray trust given, under consent, as worse than the one that punishes those who exercise their free will to openly refuse the trust to begin with?
I do not see the logic (never mind agreeing with the premise) of your argument.
For the record, the rest of your argument suffers from ignorance. Everybody knew Israel had them from before. If you want to educate yourself about the program, as well as when it was actually used (without a single nuke exploding), I recommend "The Samson Option: Israel's Nuclear Arsenal and American Foreign Policy". It has plenty for you to get mad at Israel over, should that be your inclination, and it even covers the Vaanunu episode.
Shachar
You seriously don't see the difference between someone imprisoned for refusing to participate, and someone imprisoned for taking an auth of secrecy and then violating it?
Shachar
Read the description. He wasn't a Lockhead emplyee. He held 10% shares of the contractor company that designed the product.
Shachar
That's assuming you're in the US. I live in Israel, and books I buy from Amazon are much more expensive in paper form, merely because of shipping costs. Since I bought my Kindle, all of my purchases (admitably, most of those were from the Humble Bundle) were in e-book form.
Shachar
No offense intended, but this isn't a review. Come again after you've actually used it.
Personally, I do not intend to buy the new Nexus 7 at least until it will be possible to build AOSP for it (but I might go out and buy the old one now :-). That said, I have nothing for or against it.
All I'm saying is that your comment did not add information. The comment you'll write in 24 hours likely will, however.
Shachar
Haven't we learned not trust anonymous coward reporting?
Shachar
For me, it's not the human error aspect, but rather the increased sensory equipment.
I went through chemotherapy a few years ago. One of its (many) side effects was to obliterate my veins. Every time I need to have my blood taken (which is once a year at the very least), my usual nurse first breaths a heavy sigh, then asks me where would I like to be repeatedly stabbed.
If the robot's extra sensors allowed it to stab just once, I'd take the risk of malfunction. Assuming proper hardware design, my robot's worst case cannot be all that worse than my human's typical case.
Shachar
Second half of above comment:
It gets worse, however. Some vendors do not like the fact that after factory reset, the phone takes a long time to boot as it turns all of the dex files into odex files. They also do not like the fact that these files take space in the data partition, which is where downloaded APKs and application data is stored by default. As a result, Android has a mechanism by which you can place an APK in the system partition that is already odexed. The APK file does not contain a classes.dex file at all. Instead, next to the APK there is another file, called with the same base name and an .odex extension. On such a system, the original, signed, code is not around, and all of the actual code of the application is unsigned.
The severity of this attack, scary though it may sound, is not very high. You need root access in order to change the system folder or access the dalvik-cache directory. There is no privilege escalation. Just running unsigned code that seems to be signed. Also, any change to other parts of the system will invalidate the cache, and cause your exploit to disappear.
All in all, an interesting, but not very scary, vulnerability.
Shachar
I will wager a guess as to what the vulnerability is. If that is not it, then it just means there is another vulnerability.
I'll just state that I'm not sure this is it, as what I'm talking about is not trigerrable via an update. You would need root to trigger it.
The information I am writing here is a product of my own research. It may or may not be the same as discussed above, but the symptoms are similar enough that I think it is.
An APK is a zip file composed of two main parts. The compiled dalvik code (in a file called classes.dex), as well as the resources (spanning multiple files, exact format irrelevant here). All of those files are listed in a directory inside the APK with their hash, and that file is digitally signed. This is the Androidn signing process.
The code, however, is in a format that is not immediately usable. I'm a bit fuzzy on the specific details, but the general idea is that you would need to adapt it to load addresses, based on everything else running in the same address space (the framework, and other libraries, if applicable). As a result, when Android first sees an APK, it does "optimization", in which it essentially takes the dex file, does all of the necessary relocations, and stores it in a directory called "dalvik-cache". As long as none of the APKs on which this cache file depends changed (the cache file stores the hashes for the original APK and all other dependencies), then Android does not bother with the classes.dex file stored inside the APK. It simply loads the optimized dex (odex) directly from the cache whenever needed. Needless to say, the odex is not hashed and is not signed. If you change it, Android will load your modified code without complaining.
I had more to say, and typed it in and all, but then I got "Filter error: Lameness filter encountered" error. Probably too long. I think you will have to make do with the first half of my comment :-)
Shachar
He used to be able to write he volunteered for wikileaks on his resume before. He cannot now.
Shachar
That's why he talked about estoppel. Please tell me you've read the article before you so confidently posted here.
The relevant part of estoppel here is the one about public statements. If you make a public statement showing commitment, and someone relies on that commitment, you cannot go back. Despite the fact there is no actual contract, things are just as binding.
Suppose you place code on github, and publish in your blog that you released it as GPL, but never actually write a license file or give any other indication in the actual source that it's free software. Suppose I then modify it and distribute it (adding a GPL license). You cannot sue me for copyright violation. You made a public statement about the code, and I relied on it. That's as good as a contract.
Shachar
In theory, I think you are right (IANAL). In practice, however, the mere existence of MariaDB means that it would be close to impossible to prove any actual harm. Oracle can always claim that you are free to switch to MariaDB, and you will have a hard time proving that is difficult to do.
Shachar
The radio here has been brimming with people saying how happy they were with the cars, and how they don't know what will happen next. All of them (that I heard) said they can charge the car at home, and it's only long commutes that are a problem.
Shachar
Assuming your reply was serious, I'll just point out that the question is not what system to use. By all means, do use whatever is most convenient to you. In fact, that is precisely what the article is ridiculing your government for saying. The question is what system should we teach children who have not been indoctrinated to any of the systems.
And, also, do you happen to have any references to the gun claim, or was this some obscure car analogy I didn't get?
Shachar
But you see why civil engineers typically use english units. They units are based on tangible quantities, not some scientific ease of math basis. When we need easy math, we use kilopounds and decimal feet.
Actually, I don't see that at all. In fact, this sentence, to me, seemed completely unrelated to anything else discussed here. I suspect you just grew up with these units, got used to them, and therefor, now, think they are somehow better.
Shachar
Neither. I suspect you just fell for the same blunder I originally did.
My bookshelf is 85cm wide, 170cm hi and 33cm deep. That makes it about half a cubic meter in volume. This, however, does not amount to the amount to the volume of books it can contain. Not all depth is used, and the books are not tall enough to fill the gaps between the shelves. All in all, let's assume half of the bookshelf's volume is lost (and I'm being generous to your side of the argument). Let's round the bookshelf's volume up to half a cubic meter (again, making your case easier to make).
So a bookshelf can host around 0.25 cubic meters of books. To make the analogy, we need to suddenly dump 7 new bookshelves worth of books on your apartment, and tell you "yeah, find a place for them".
As for your desk analogy - that just proves my point - people have a hard time of understanding volume. A desk is measured by its surface area. It has plenty of usable volume beneath and above it. If that were a block, you'd speak differently.
At the moment, there are five uninstalled air condition units sitting at the side of my living room. They take about 3 cubic meters. Yes, I can still use the apartment (but it's a really really big one), but they sure as hell stick out.
Oh, and this is algebra, not calculus.
Shachar
When you put soil in water, it changes. In particular, one component is removed from the mix: air.
I have no idea how much air is in the soil. I was working under restrictive assumptions (i.e. - ones that make the weight smaller), just to give a feel for the result.
Shachar
Almost a decade ago, I was in a trip to the USA. I was very surprised to see Liter used for car engine sizes (here they usually use cubic centimeters, which are exactly 1/1000, so not a real problem).
I remember strolling through a supermarket, and looking at the soda bottles, which were bigger than the 1.5L bottles common here. I picked one up to see what size it was. I guess most readers know the answer - it was 2 liters. I remember wondering how come Americans are willing to use a metric unit.
So I asked a vendor. His answer was "This isn't a metric unit. It's liter".
So I asked him how much was a liter, and his answer was something along the lines of "33.8 ounces" (without blinking of stopping to think about it).
Which, of course, got me my answer. The reason Americans are using a metric unit is because they don't know it's metric.
The problem with your proposal is that, if implemented that way, means just adding another unit to the mix, without exposing people to the main advantage that the metric system has to offer. That does not bode well for a "migration path".
You should add to that the fact that volume realization is hard. I'll give a couple of examples. First, bear in mind that the two units people are, more or less, familiar with are a milliliter (1 cubic centimeter = 1/1000 of a liter) and a liter.
The first was when a company I worked for ordered a certain amount of boxes for their product. We were trying to figure out whether we have where to store them. I made the calculation, based on box size, and figured the entire bunch would require a little less than 2 cubic meters (around 1.8). We sort of made a hand gesture estimate and figured it was not that much. Boy, were we wrong. We ended up using up every spare cabinet and space in the office. Lesson learned: a cubic meter is a lot.
The happened just yesterday. I was telling my wife we will have to remove some soil from our garden to make space for extra flooring. She said "we'll be giving that to friends, right?". I told her it was about 500 liters of soil. I then made a quick mental calculation. We'll need about 12 squared meter of flooring, and the base is about half a meter deep. 6000 liters. Assuming soil is half as dense than water (it was while driving, so I couldn't look it up), you get 3 tons of soil. My instinct was off by a factor of 10, and her instinct was off by a factor of 1000.
This doesn't mean this is useless. Can you make this same calculation, off the top of your head, using imperial units? Metric does simplify things quite considerably. It's just that, specifically for volumes, that is a hard problem to solve.
Shachar