Of course, you can still sniff to see what ports are actually in use...
Bingo!
With a knocking daemon a port scanner is going to see an IP address with no machine on the other end because no response is sent to its connection attempts. It's a great way to conceal the location of a server from broad port-scanning that you currently see on the internet.
That would just create a new variant to DOS attacks. Instead of taking you offline, they just persistantly knock on random ports, thereby disabling your ability to communicate with trusted sources.
The first point to make is this is no different, in terms of the resources required to perform such a DOS, as the situation is currently. This is a non-issue because it's already an issue with or without knocking.
There are all sorts of tricks to use that would keep the knocking daemon from chewing up memory such as any invalid knocking attempt makes the daemon sleep for X seconds. Or only the last 5 IP addresses that tried to knock have their knocking history recorded, so only a minimal memory footprint is made by the knocking daemon.
Second point, someone has to know enough that a knocking daemon is on a particular machine before they can start brute-forcing it. Otherwise an attacker would be required to try and brute force knock every server online. Care to think of the logistics of that?
Also, if no ports are accessible without knocking, a machine with a knocking daemon is going to appear to be dead. Why would someone "brute-knock" a dead IP address?
How is this different from the way things are now? You keep track of the last 5 connection attempts per IP address. If you get nailed with several hundred separate attempts using spoofed sources, how does that differ from a normal DOS? Eating up memory usage, right? Well then you take only the last 50 or even 10 IPs that were trying to connect.
DOS by bandwidth saturation. That's the only DOS and that's a problem regardless of if you're using a knock system or not.
sniff the port knocks this isn't a big issue when you understand the reason behing a knock system. The idea with knocks is to keep scanners from finding open ports. You don't have any ports open, in fact you don't respond to pings or ANYTHING, and scanners will assume a dead IP.
Knocking just opens up a port for 10 seconds.
If someone sniffs it, so what? Now they've got access to the sequence to open a specific port. The attacker still isn't into the system. It's as if no knocking system were in place, which is exaclty how things are now.
The knock system isn't going to stop everyone. But it is going to stop a majority of port scanners out there looking for live machines to exploit.
They could have easily changed the orientation of the shuttle if the suspected a problem. Land based telescopes would likely be no good because of the atmosphere tho. Spy scopes, if they bothered to ask, might have been a different story.
Would the atmosphere have been a problem? Seems there are several large telescopes that I've heard of which are built high up on mountains so even a cloudy evening doesn't hamper its use as it's above the cloud-line.
Plus there are amateur astronomy photos (can't find any links to some at the moment) online that I've seen taken by ground-based telescopes that get pretty detailed, down to making out the individual cabin windows.
So I don't think the atmosphere would play a big role in keeping NASA from getting ground-based photos of the shuttle.
The problem was with what would happen if they turned the shuttle over.
Flipping the shuttle over so Earth-based scopes could image it seems obvious. But there are important reasons why the shuttle flies upside down. Basically to protect the shuttle from space junk and micrometeriods and to also protect the crew and the shuttle from the radiation of the sun.
The maneuver would also take a some time during which the shuttle would make several revolutions around the Earth, definately exposing the craft and crew to the radiation and heat of the sun. Such a maneuver might even kill anything in the cargo-bay and thus end a majority of the experiments taking place on the shuttle.
Reading over the e-mails that NASA engineers sent around, they certainly thought there may be a problem, but I don't think it was ever considered to be a life-threatening emergency. Given that's the case, I doubt NASA would risk flipping the shuttle over and expose it to both space junk/micrometeriods and the sun and perhaps destroy its experiments. Not for what they probably didn't see as a major problem at that time.
How can a hole being ripped in the wing, or any other part of the shuttle not be picked up by some sensor?
The leading edge of the shuttle's wing is flat. Over that goes a series of reinforced carbon-carbon (RCC) panels which form a smooth, aerodynamically-friendly shape. These RCC panels are shaped something like a V rotated 90 degrees. This creates a small cavity between the RCC panels and the leading edge spar of the wing, which is where the RCC panels are bolted on.
The bolts that hold the RCC panels to the spar are covered in insulation designed to take up to 3,200 degrees F.
The initial impact created a hole in the underside portion of the RCC panels, but did not go through the leading-edge of the wing itself.
So to detect this you would need to either have sensors on or inside the cavity of the RCC panels OR you detect it by the hole's effects on the wing, such as an increase in left-side drag.
From what bits I've read of the CAIB's final report, I don't believe there are any sensors on the inside of the RCC panels or inside the cavity between the RCC panels and the leading edge of the wing. Reason being it can get pretty hot in there and would probably destroy any sensors that were placed inside. So no direct sensor readings are going to detect the hole, becaue there aren't any.
So now to detect it right away you need to be able to observe the hole's effects in the form of drag. Problem is, this hole was on the underside of the wing. During ascent the shuttle is pointed vertically up so the effects of this 8 inch hole would be minimal at best and went undetected. Once in orbit, drag, for the purposes of this discussion, doesn't exist.
So there really wasn't any way to detect the hole or its effects.
The only way, until re-entry, would be a visual inspection of the area.
The shuttle wasn't carrying any equipment for a space walk, so that wasn't possible. The shuttle's orientation during orbit is to have it's belly facing away from the Earth, so land-based telescopes and cameras would have been useless.
Spy satellites or some other device in a higher orbit with a camera on board might have been able to do this. But I don't believe a request for such a thing was ever put to the CIA or NSA. It was certainly suggested, but I think the request was never pushed forward.
So that's why it was never detected until it was too late.
The only area I'm not 100% certain on is the sensors inside the RCC cavity. I know during tests of the RCC, they had sensors all over the thing. I've seen pictures of the inside leading edge which had some sensors, but I never saw anything inside the RCC cavity itself.
Given the need for insulation of bolts used to hold the RCC panels to the spar, I think my supposition that it's simply too hot inside that cavity for those sensors may be correct.
Is there any such thing as a GPL defense fund? A lot of open source software is being developed by people who probably don't have the extra money to pay the legal fees needed to pursue action against GPL violators. Hence the GPL remains untested in court (although IBM may help fix that soon).
It'd be nice if any leftovers from the US$10 million that IBM and Intel are putting up would be dumped over into a general GPL defense fund.
So someone gets their hands on a reader for these devices. This can be done by borrowing/stealing a reader from a store that has one installed or by someone who works at the manufacturing plant. Setup a power source and stick it in a backpack. Run a cable down to the reader which could either be in the pack or, if small enough, palmed in your hand.
As you walk through the streets, wave your hand across the phones of people standing around or as they walk by you. A laptop or PDA could be hooked up to the read recording in all the information.
The protocol/encryption is taken care of by the stolen hardware. No need to worry about cracking it.
--
Now if this system is based upon it's own network, then the reader doesn't have to do any decryption of the data. It can just be forwarded down the line to the network's core. The readers essentially become dumb terminals.
But I doubt this is the case. Every smart-card reader system that has a core data store includes storage space in individal readers to store transactions in case the core goes down.
--
What this type of system REALLY needs, as do exsiting ones such as smart pass or that gas station token thing, is some sort of activation button that must be depressed in order for information to be transmitted from the card. This would make it much more secure.
This New Scientist article doesn't cover if such a function exists with these new phones but given past devices that we've seen, I doubt it.
Where are: The USB Port HDD Size Headphone jack; Battery
USB, which seems likely, would be in the form of the mini port you see commonly on digital cameras. The electronics for such a device are pretty small and could easily be placed on the side of the device.
HD? What for? Memory cards can store savegame data and newer flash card formats like XD are incredibly small. Very easy to fit an XD slot into the side.
Headphone jack: a trivial component that can easily be placed on the side of the device. I don't think you need to give this one a second thought.
Battery: probably a small lithium ion battery. you'd be surprised how small and powerful batteries are getting. I've got a wireless headset that uses a battery the size of a pice of bubblegum that holds enough charge to support constant use for up to 48 hours. PSP will, obviously, have more electronics to power, but a 3-hour battery is well within the range of possibility.
Slower load times, cart over disc usage. We'll see if they can work around that.
Note the use of mini-discs. The load times are going to be on par with what you see from the Gamecube, which is not much at all.
Re:Heads up on the sarcasm folks.
on
Even Grues Get Full
·
· Score: 2, Insightful
By the look of comments so far, there seem to be quite a few people with malfunctioning sarcasm sensors today.
No. I think that the author was trying to be sarcastic but a lot of people agree that UF is crap exactly for the same reasons the review's author gives.
Every web comic I've ever been to has seen the artist grow and get increasingly better as time progressed. Illiad... I just don't know what's retarding his growth, artistically, but the look of the comic alone is of such repetitive, low quality that any good writing is being horribly overshadowed by the bad art.
And I think Illiad misses the funny more often than not as well. There's only so many jokes you can make about geek-dom before it's gets really old. It's like when your cousin Bob starts spouting "floppy/hard drive" jokes thinking he's discovered an untapped resource for hilarity.
There's the antiquated comparison between UF and Penny Arcade that seems to come up every time and gets ignored every time because it's been said before.
But I just want to point out that Penny Arcade actually does go outside the realm of gaming. In fact there have been several weeks in a row where little actual gaming-related comics are written.
I don't see that in UF at all. No attempt at broadening the subject matter or expanding into new perspectives.
There's just no growth and without growth things get boring.
I moved from Linux to Windows. I've read articles about others who made or at least tried to make the switch.
I notice Roblimo had some arguments in there that seemed to mirror much of my own, and others, experiences with moving to Linux.
First is Roblimo's argument about X-Chat vs. mIRC. He mentions how difficult it is for him to add a new network to mIRC. I had the same problem, in reverse, with moving to Linux. I found adding a network in mIRC incredibly simple and easy while X-Chat seemed to be overly difficult. I also hated the user interface and found it counter-intuitive. Exactly the opposite of what Roblimo says in his article.
The copy/paste thing. Being rooted in Windows for a long time I was quite familiar with CTRL-C / CTRL-V. It tooks a complete rewiring of my thought process (which has yet to fully mature) to even think about being able to paste without having to explicitly copy first. Just highlight and press the middle button? Eh-GADS!
Anyways, there were many many other similarities (in reverse) with my conversion to Linux and Roblimo's look at Windows XP.
My point being that I hope perhaps Roblimo learned (doesn't seem like he did) and others will acknowledge that moving between platforms is not something that's easy in any direction.
And you would have thought people would understand that by now. Just look at Window/Mac conversions during the 90s.
"How the hell do I right click?!"
"Who the hell needs more than one mouse button?!"
It's like trying to convert anything else that's deeply ingrained in one's personal life. It takes a lot of time to get familiar with the new surroundings. One day or one week or even one month's worth of experience in the new platform simply is not enough to make a solid argument on which platform is better.
I've been on Linux about 2 years now and I still don't get the VI(M) advocates out there. I can't stand working in VI. Yet there are those who would sooner give up a loved one then their copy of VI.
I'll try to keep an open mind... but that whole VI thing is just damn hard to comprehend.
For those of you comparing the maximum sentences for robbery, theft, arson, assualts and so on to this guy's maximum sentence, I'd like to point something out.
What's more harmful to society? The murder of a single person or 160,000 bounced e-mails?
The point here is how poorly constructed these laws are. They are built upon antiquated views that simply don't realize the limits these laws can be taken to; as we now see in this case.
It should not be a per-email offense, it should be a per-incident offense with a bit of leeway in sentencing to handle light (a few dozen spoofed mails) to heavy (a few million spoofed mails) incidents.
Did this guy do something wrong? Yeah. But does it warrant 500 years in prison and millions of dollars in fines? No way.
This should fall under existing harrassment laws and this spoofed e-mail law be nixed.
I wonder what would have happened if this guy put 10,000 letters into the mail system with a bogus address and a return address of these newpaper editors?
Does that mean that unless i put a "no trespassing" sign on my door you can come into my house uninvited? Even though the street from which you entered is public property?
Poor analogy.
A better (and more timely) analogy would be if you are handing out candy from your front door during Halloween, can someone try going to the side door and look for more candy?
Why is it when I access a web site I don't need to get explicit permission to access it first? IANAL but it's certainly a fuzzy area in terms of legality.
You could argue that because a computer is set up on a public network and listening on a port specifically used for the common task of transmitting information via HTTP that the server operator would have a reasonable expectation that anyone connected to the internet could/will try to access said server.
That to control access to data the server operator needs to either implement some kind of access control mechanism or remove the server from the public network.
NYT did neither. There was an open proxy that Llamo used to get through to NYT's intranet. If he didn't need to get explicit permission to access the NYT website, why does he need to get explicit permission to access this proxy server or the NYT intranet? Especially if he never encounters an "authorized use only" type of message.
Unless you regularly allow public access to your house there is no pre-defined "access allowed" type of environment/paradigm/whatever. That's probably where the case can be made that a person entering your house without permission is committing a crime. The attacker has no reason to believe he has permission to access your house.
But with NYT, they let people access their data all the time. There's a reasonable belief that the NYT has granted permission to access their computers, or so it could be argued anyways.
But as I said, this is a really fuzzy area.
That's why the law governing whether or not a person can walk into your house uninvited, and the law governing computer access are two completely separate laws and any analogy made between computers and personal property (when not in a physical sense) cannot be made.
It proves that he found something he felt was a security problem. It does not imply that he was intruding. It would be the same if I found out that by changing an ID value in the URL I could access others' personal information on/. I would certainly e-mail Taco or whomever and let them know about the vulnerability right away. That does _NOT_ mean I was intruding, does it?
Unless someone gives you PERMISSION to break into something of theirs, IT'S ILLEGAL TO DO SO.
Actually it may not be a clear cut illegal intrusion. If Llamo never encountered an "authorized use only" or "for NYT staff only" message then it can (as has been in the past) argued that Llamo had no reason to believe he was accessing an area of the NYT network he was not suppose to. Given that he was accessing it via the Internet which is a PUBLIC network.
That may be why the NYT is trying to put a dollar figure to the "damage" Llamo caused. Then they can argue property damage.
I realize that NASA may be applying logic about how to make their missions safer, however it appears they are more concerned about protecting themselves, and their bottom line.
I don't think so at all.
Imagine that shuttles are no longer taking cargo into orbit. You now have the payload area to store all sorts of equipment that could be used should a future emergency arise.
In the slew of monday-morning-quarterbacking after the accident it was noted that even if the crew were made aware of the problem right from the start there would have been no way to repair the shuttle. Furthermore there weren't any EVA suits so the astronauts would not have been able to at least confirm the damage to the wing.
With cargo (we're talking BIG cargo, like a satellite or a self-contained lab) on a separate ship, EVA suits, extra oxygen and food, repair parts, etc, could be stored on board the shuttle to allow the astronauts to better handle an emergency.
How is it "evil" to publish a list of IP addresses that match a listing criteria?
The devil is in the details. It's not a list of single IP addresses, that's far too large and complex to maintain. What's happening is large blocks (we're talking B class IP blocks here) are getting blacklisted because of the actions of a few individuals.
This does more harm than good especially with colocation services. What happens is one person starts spamming off a machine at a colocation company and SPEWS and other lists will blacklist the whole block that colocation company is on.
That kills mail services to the hundreds of other legitimate companies who are unfortunately on the same block as the one spammer.
Anyone familiar with Something Awful's battle with SPEWS knows this is a very real situation.
So what's a blacklister to do? Maintain a large list of several hundre thousand (at minimum) IP addresses or block B (and even A) class adress blocks to bring that list down to a far more easily maintained list?
That's why it's "evil". It's lazy, inefficient, ineffective, and does more harm than good....with very little collateral damage.
Wait until someone who has a server within the same B class you're on to start spamming and you get put into the blacklist. Then we'll see if you're still singing the praises of blacklists.
Any hopes Slashdot ever had of being a reputable news source... wait, they never had those hopes. News for fanatics, stuff that gets you riled up until you read the article and realize it's not what you thought but hey, buy our T-shirts anyways!
If that's the case, then they won't be upset even if they lose the right to distribute their software due to the patent claims.
Quite true. But what about SCO's shareholders? I'm willing to bet that a press release stating that SCO has been forced to stop selling software would reflect very badly on the company and send its shares back down to where they were before this whole mess started.
I've heard this comment all the time, too, and I used to think it was true....They weren't just taking the pills and sitting on their asses. Come to think of it, I've never met anyone taking those supplements who wasn't also on some kind of exercise program.
I'll just point out that you can't assume this. I've had several friends try to use Stacker 2 without any regular exercise.
Perhaps, given that you seem to be into your body's health and exercising, the only people you talk with in which supplements would come up are those who work out at the same place or share similar interests.
This is far from being about overthrowing the government.
This is about teaching how to make explosives with the intent be that those who learn how to use that knowledge against the government.
But the real kicker is that, according to the search warrant, Austin was flying under the radar until he defaced a couple web sites. Then an FBI investigator started looking into Austin and found his site raisethefist.com.
From that site Austin secured himself a second charge under 18 USC 842 (p)(2)(A) which makes it unlawful to provide information about explosives when the intent is that such knowledge be used to committ a crime.
Why is it, that when someone describes in layman terms some basic exothermic chemistry, they are public enemy number 1?
When that someone tells you to take the bomb-making knowledge you've just been given and use it in a harmful manner against ANYONE, including police officers as is the case here, then you are committing a crime.
Austin is charged under this because he was suspected of being responsible for several defacements which are detailed in the warrant. Looking at what's in the warrant there seems to be more than enough evidence to support this charge.
18 USC 842(p)(2) - Unlawful Distribution of Information Relating to Explosives, etc...
In the search warrant are several quotes from raisethefist.com in which information about explosives is provided along side some comments that encourage this knowledge be used against police officers.
Here's the exact quote from 18 USC 842 (p)(2)(A):
to teach or demonstrate the making or use of an explosive, a destructive device, or a weapon of mass destruction, or to distribute by any means information pertaining to, in whole or in part, the manufacture or use of an explosive, destructive device, or weapon of mass destruction, with the intent that the teaching, demonstration, or information be used for, or in furtherance of, an activity that constitutes a Federal crime of violence;
Clearly what Austin did, provide information about explosives within the context of causing harm to others with said knowledge, falls under this law.
From the information that I have available it seems very apparent that Austin did commit crimes under current US law.
Now had Austin removed suggestions for use of this bomb making knowledge and just presented it in a separate, straight-forward format, he could not be charged under 18 USC 842.
However, he still defaced some sites and thus is still in violation of 18 USC 1030.
Remember, IANAL, but this seems pretty straightforward to me. No freedom of speech issue here.
Slashdot Mirror
Of course, you can still sniff to see what ports are actually in use...
Bingo!
With a knocking daemon a port scanner is going to see an IP address with no machine on the other end because no response is sent to its connection attempts. It's a great way to conceal the location of a server from broad port-scanning that you currently see on the internet.
That would just create a new variant to DOS attacks. Instead of taking you offline, they just persistantly knock on random ports, thereby disabling your ability to communicate with trusted sources.
The first point to make is this is no different, in terms of the resources required to perform such a DOS, as the situation is currently. This is a non-issue because it's already an issue with or without knocking.
There are all sorts of tricks to use that would keep the knocking daemon from chewing up memory such as any invalid knocking attempt makes the daemon sleep for X seconds. Or only the last 5 IP addresses that tried to knock have their knocking history recorded, so only a minimal memory footprint is made by the knocking daemon.
Second point, someone has to know enough that a knocking daemon is on a particular machine before they can start brute-forcing it. Otherwise an attacker would be required to try and brute force knock every server online. Care to think of the logistics of that?
Also, if no ports are accessible without knocking, a machine with a knocking daemon is going to appear to be dead. Why would someone "brute-knock" a dead IP address?
dos attacks!
How is this different from the way things are now? You keep track of the last 5 connection attempts per IP address. If you get nailed with several hundred separate attempts using spoofed sources, how does that differ from a normal DOS? Eating up memory usage, right? Well then you take only the last 50 or even 10 IPs that were trying to connect.
DOS by bandwidth saturation. That's the only DOS and that's a problem regardless of if you're using a knock system or not.
sniff the port knocks
this isn't a big issue when you understand the reason behing a knock system. The idea with knocks is to keep scanners from finding open ports. You don't have any ports open, in fact you don't respond to pings or ANYTHING, and scanners will assume a dead IP.
Knocking just opens up a port for 10 seconds.
If someone sniffs it, so what? Now they've got access to the sequence to open a specific port. The attacker still isn't into the system. It's as if no knocking system were in place, which is exaclty how things are now.
The knock system isn't going to stop everyone. But it is going to stop a majority of port scanners out there looking for live machines to exploit.
They could have easily changed the orientation of the shuttle if the suspected a problem. Land based telescopes would likely be no good because
of the atmosphere tho. Spy scopes, if they bothered to ask, might have been a different story.
Would the atmosphere have been a problem? Seems there are several large telescopes that I've heard of which are built high up on mountains so even a cloudy evening doesn't hamper its use as it's above the cloud-line.
Plus there are amateur astronomy photos (can't find any links to some at the moment) online that I've seen taken by ground-based telescopes that get pretty detailed, down to making out the individual cabin windows.
So I don't think the atmosphere would play a big role in keeping NASA from getting ground-based photos of the shuttle.
The problem was with what would happen if they turned the shuttle over.
Flipping the shuttle over so Earth-based scopes could image it seems obvious. But there are important reasons why the shuttle flies upside down. Basically to protect the shuttle from space junk and micrometeriods and to also protect the crew and the shuttle from the radiation of the sun.
The maneuver would also take a some time during which the shuttle would make several revolutions around the Earth, definately exposing the craft and crew to the radiation and heat of the sun. Such a maneuver might even kill anything in the cargo-bay and thus end a majority of the experiments taking place on the shuttle.
Reading over the e-mails that NASA engineers sent around, they certainly thought there may be a problem, but I don't think it was ever considered to be a life-threatening emergency. Given that's the case, I doubt NASA would risk flipping the shuttle over and expose it to both space junk/micrometeriods and the sun and perhaps destroy its experiments. Not for what they probably didn't see as a major problem at that time.
How can a hole being ripped in the wing, or any other part of the shuttle not be picked up by some sensor?
The leading edge of the shuttle's wing is flat. Over that goes a series of reinforced carbon-carbon (RCC) panels which form a smooth, aerodynamically-friendly shape. These RCC panels are shaped something like a V rotated 90 degrees. This creates a small cavity between the RCC panels and the leading edge spar of the wing, which is where the RCC panels are bolted on.
The bolts that hold the RCC panels to the spar are covered in insulation designed to take up to 3,200 degrees F.
The initial impact created a hole in the underside portion of the RCC panels, but did not go through the leading-edge of the wing itself.
So to detect this you would need to either have sensors on or inside the cavity of the RCC panels OR you detect it by the hole's effects on the wing, such as an increase in left-side drag.
From what bits I've read of the CAIB's final report, I don't believe there are any sensors on the inside of the RCC panels or inside the cavity between the RCC panels and the leading edge of the wing. Reason being it can get pretty hot in there and would probably destroy any sensors that were placed inside. So no direct sensor readings are going to detect the hole, becaue there aren't any.
So now to detect it right away you need to be able to observe the hole's effects in the form of drag. Problem is, this hole was on the underside of the wing. During ascent the shuttle is pointed vertically up so the effects of this 8 inch hole would be minimal at best and went undetected. Once in orbit, drag, for the purposes of this discussion, doesn't exist.
So there really wasn't any way to detect the hole or its effects.
The only way, until re-entry, would be a visual inspection of the area.
The shuttle wasn't carrying any equipment for a space walk, so that wasn't possible. The shuttle's orientation during orbit is to have it's belly facing away from the Earth, so land-based telescopes and cameras would have been useless.
Spy satellites or some other device in a higher orbit with a camera on board might have been able to do this. But I don't believe a request for such a thing was ever put to the CIA or NSA. It was certainly suggested, but I think the request was never pushed forward.
So that's why it was never detected until it was too late.
The only area I'm not 100% certain on is the sensors inside the RCC cavity. I know during tests of the RCC, they had sensors all over the thing. I've seen pictures of the inside leading edge which had some sensors, but I never saw anything inside the RCC cavity itself.
Given the need for insulation of bolts used to hold the RCC panels to the spar, I think my supposition that it's simply too hot inside that cavity for those sensors may be correct.
Anyone care to correct me on this?
Somewhere in Mars, a little robot has a screen with the Blue Screen of Death.
Well, after color correction by NASA, it would appear to be more purple.
Is there any such thing as a GPL defense fund? A lot of open source software is being developed by people who probably don't have the extra money to pay the legal fees needed to pursue action against GPL violators. Hence the GPL remains untested in court (although IBM may help fix that soon).
It'd be nice if any leftovers from the US$10 million that IBM and Intel are putting up would be dumped over into a general GPL defense fund.
So someone gets their hands on a reader for these devices. This can be done by borrowing/stealing a reader from a store that has one installed or by someone who works at the manufacturing plant. Setup a power source and stick it in a backpack. Run a cable down to the reader which could either be in the pack or, if small enough, palmed in your hand.
As you walk through the streets, wave your hand across the phones of people standing around or as they walk by you. A laptop or PDA could be hooked up to the read recording in all the information.
The protocol/encryption is taken care of by the stolen hardware. No need to worry about cracking it.
--
Now if this system is based upon it's own network, then the reader doesn't have to do any decryption of the data. It can just be forwarded down the line to the network's core. The readers essentially become dumb terminals.
But I doubt this is the case. Every smart-card reader system that has a core data store includes storage space in individal readers to store transactions in case the core goes down.
--
What this type of system REALLY needs, as do exsiting ones such as smart pass or that gas station token thing, is some sort of activation button that must be depressed in order for information to be transmitted from the card. This would make it much more secure.
This New Scientist article doesn't cover if such a function exists with these new phones but given past devices that we've seen, I doubt it.
Where are:
The USB Port
HDD Size
Headphone jack;
Battery
USB, which seems likely, would be in the form of the mini port you see commonly on digital cameras. The electronics for such a device are pretty small and could easily be placed on the side of the device.
HD? What for? Memory cards can store savegame data and newer flash card formats like XD are incredibly small. Very easy to fit an XD slot into the side.
Headphone jack: a trivial component that can easily be placed on the side of the device. I don't think you need to give this one a second thought.
Battery: probably a small lithium ion battery. you'd be surprised how small and powerful batteries are getting. I've got a wireless headset that uses a battery the size of a pice of bubblegum that holds enough charge to support constant use for up to 48 hours. PSP will, obviously, have more electronics to power, but a 3-hour battery is well within the range of possibility.
Slower load times, cart over disc usage. We'll see if they can work around that.
Note the use of mini-discs. The load times are going to be on par with what you see from the Gamecube, which is not much at all.
By the look of comments so far, there seem to be quite a few people with malfunctioning sarcasm sensors today.
No. I think that the author was trying to be sarcastic but a lot of people agree that UF is crap exactly for the same reasons the review's author gives.
Every web comic I've ever been to has seen the artist grow and get increasingly better as time progressed. Illiad... I just don't know what's retarding his growth, artistically, but the look of the comic alone is of such repetitive, low quality that any good writing is being horribly overshadowed by the bad art.
And I think Illiad misses the funny more often than not as well. There's only so many jokes you can make about geek-dom before it's gets really old. It's like when your cousin Bob starts spouting "floppy/hard drive" jokes thinking he's discovered an untapped resource for hilarity.
There's the antiquated comparison between UF and Penny Arcade that seems to come up every time and gets ignored every time because it's been said before.
But I just want to point out that Penny Arcade actually does go outside the realm of gaming. In fact there have been several weeks in a row where little actual gaming-related comics are written.
I don't see that in UF at all. No attempt at broadening the subject matter or expanding into new perspectives.
There's just no growth and without growth things get boring.
Ufck.
I moved from Linux to Windows.
Reverse that.
I moved from Windows to Linux.
I moved from Linux to Windows. I've read articles about others who made or at least tried to make the switch.
I notice Roblimo had some arguments in there that seemed to mirror much of my own, and others, experiences with moving to Linux.
First is Roblimo's argument about X-Chat vs. mIRC. He mentions how difficult it is for him to add a new network to mIRC. I had the same problem, in reverse, with moving to Linux. I found adding a network in mIRC incredibly simple and easy while X-Chat seemed to be overly difficult. I also hated the user interface and found it counter-intuitive. Exactly the opposite of what Roblimo says in his article.
The copy/paste thing. Being rooted in Windows for a long time I was quite familiar with CTRL-C / CTRL-V. It tooks a complete rewiring of my thought process (which has yet to fully mature) to even think about being able to paste without having to explicitly copy first. Just highlight and press the middle button? Eh-GADS!
Anyways, there were many many other similarities (in reverse) with my conversion to Linux and Roblimo's look at Windows XP.
My point being that I hope perhaps Roblimo learned (doesn't seem like he did) and others will acknowledge that moving between platforms is not something that's easy in any direction.
And you would have thought people would understand that by now. Just look at Window/Mac conversions during the 90s.
"How the hell do I right click?!"
"Who the hell needs more than one mouse button?!"
It's like trying to convert anything else that's deeply ingrained in one's personal life. It takes a lot of time to get familiar with the new surroundings. One day or one week or even one month's worth of experience in the new platform simply is not enough to make a solid argument on which platform is better.
I've been on Linux about 2 years now and I still don't get the VI(M) advocates out there. I can't stand working in VI. Yet there are those who would sooner give up a loved one then their copy of VI.
I'll try to keep an open mind... but that whole VI thing is just damn hard to comprehend.
For those of you comparing the maximum sentences for robbery, theft, arson, assualts and so on to this guy's maximum sentence, I'd like to point something out.
What's more harmful to society? The murder of a single person or 160,000 bounced e-mails?
The point here is how poorly constructed these laws are. They are built upon antiquated views that simply don't realize the limits these laws can be taken to; as we now see in this case.
It should not be a per-email offense, it should be a per-incident offense with a bit of leeway in sentencing to handle light (a few dozen spoofed mails) to heavy (a few million spoofed mails) incidents.
Did this guy do something wrong? Yeah. But does it warrant 500 years in prison and millions of dollars in fines? No way.
This should fall under existing harrassment laws and this spoofed e-mail law be nixed.
I wonder what would have happened if this guy put 10,000 letters into the mail system with a bogus address and a return address of these newpaper editors?
Does that mean that unless i put a "no trespassing" sign on my door you can come into my house uninvited? Even though the street from which you entered is public property?
Poor analogy.
A better (and more timely) analogy would be if you are handing out candy from your front door during Halloween, can someone try going to the side door and look for more candy?
Why is it when I access a web site I don't need to get explicit permission to access it first? IANAL but it's certainly a fuzzy area in terms of legality.
You could argue that because a computer is set up on a public network and listening on a port specifically used for the common task of transmitting information via HTTP that the server operator would have a reasonable expectation that anyone connected to the internet could/will try to access said server.
That to control access to data the server operator needs to either implement some kind of access control mechanism or remove the server from the public network.
NYT did neither. There was an open proxy that Llamo used to get through to NYT's intranet. If he didn't need to get explicit permission to access the NYT website, why does he need to get explicit permission to access this proxy server or the NYT intranet? Especially if he never encounters an "authorized use only" type of message.
Unless you regularly allow public access to your house there is no pre-defined "access allowed" type of environment/paradigm/whatever. That's probably where the case can be made that a person entering your house without permission is committing a crime. The attacker has no reason to believe he has permission to access your house.
But with NYT, they let people access their data all the time. There's a reasonable belief that the NYT has granted permission to access their computers, or so it could be argued anyways.
But as I said, this is a really fuzzy area.
That's why the law governing whether or not a person can walk into your house uninvited, and the law governing computer access are two completely separate laws and any analogy made between computers and personal property (when not in a physical sense) cannot be made.
It proves that he found something he felt was a security problem. It does not imply that he was intruding. It would be the same if I found out that by changing an ID value in the URL I could access others' personal information on /. I would certainly e-mail Taco or whomever and let them know about the vulnerability right away. That does _NOT_ mean I was intruding, does it?
Unless someone gives you PERMISSION to break into something of theirs, IT'S ILLEGAL TO DO SO.
Actually it may not be a clear cut illegal intrusion. If Llamo never encountered an "authorized use only" or "for NYT staff only" message then it can (as has been in the past) argued that Llamo had no reason to believe he was accessing an area of the NYT network he was not suppose to. Given that he was accessing it via the Internet which is a PUBLIC network.
That may be why the NYT is trying to put a dollar figure to the "damage" Llamo caused. Then they can argue property damage.
I realize that NASA may be applying logic about how to make their missions safer, however it appears they are more concerned about protecting themselves, and their bottom line.
I don't think so at all.
Imagine that shuttles are no longer taking cargo into orbit. You now have the payload area to store all sorts of equipment that could be used should a future emergency arise.
In the slew of monday-morning-quarterbacking after the accident it was noted that even if the crew were made aware of the problem right from the start there would have been no way to repair the shuttle. Furthermore there weren't any EVA suits so the astronauts would not have been able to at least confirm the damage to the wing.
With cargo (we're talking BIG cargo, like a satellite or a self-contained lab) on a separate ship, EVA suits, extra oxygen and food, repair parts, etc, could be stored on board the shuttle to allow the astronauts to better handle an emergency.
How is it "evil" to publish a list of IP addresses that match a listing criteria?
...with very little collateral damage.
The devil is in the details. It's not a list of single IP addresses, that's far too large and complex to maintain. What's happening is large blocks (we're talking B class IP blocks here) are getting blacklisted because of the actions of a few individuals.
This does more harm than good especially with colocation services. What happens is one person starts spamming off a machine at a colocation company and SPEWS and other lists will blacklist the whole block that colocation company is on.
That kills mail services to the hundreds of other legitimate companies who are unfortunately on the same block as the one spammer.
Anyone familiar with Something Awful's battle with SPEWS knows this is a very real situation.
So what's a blacklister to do? Maintain a large list of several hundre thousand (at minimum) IP addresses or block B (and even A) class adress blocks to bring that list down to a far more easily maintained list?
That's why it's "evil". It's lazy, inefficient, ineffective, and does more harm than good.
Wait until someone who has a server within the same B class you're on to start spamming and you get put into the blacklist. Then we'll see if you're still singing the praises of blacklists.
Any hopes Slashdot ever had of being a reputable news source... wait, they never had those hopes. News for fanatics, stuff that gets you riled up until you read the article and realize it's not what you thought but hey, buy our T-shirts anyways!
Huzzah!
Why waste time with Slashdot when I can get compoletely fair and unbiased news from far more credible sources.
If that's the case, then they won't be upset even if they lose the right to distribute their software due to the patent claims.
Quite true. But what about SCO's shareholders? I'm willing to bet that a press release stating that SCO has been forced to stop selling software would reflect very badly on the company and send its shares back down to where they were before this whole mess started.
I've heard this comment all the time, too, and I used to think it was true. ...They weren't just taking the pills and sitting on their asses. Come to think of it, I've never met anyone taking those supplements who wasn't also on some kind of exercise program.
I'll just point out that you can't assume this. I've had several friends try to use Stacker 2 without any regular exercise.
Perhaps, given that you seem to be into your body's health and exercising, the only people you talk with in which supplements would come up are those who work out at the same place or share similar interests.
I call double bullsh*t on you.
This is far from being about overthrowing the government.
This is about teaching how to make explosives with the intent be that those who learn how to use that knowledge against the government.
But the real kicker is that, according to the search warrant, Austin was flying under the radar until he defaced a couple web sites. Then an FBI investigator started looking into Austin and found his site raisethefist.com.
From that site Austin secured himself a second charge under 18 USC 842 (p)(2)(A) which makes it unlawful to provide information about explosives when the intent is that such knowledge be used to committ a crime.
Why is it, that when someone describes in layman terms some basic exothermic chemistry, they are public enemy number 1?
When that someone tells you to take the bomb-making knowledge you've just been given and use it in a harmful manner against ANYONE, including police officers as is the case here, then you are committing a crime.
18 USC 842 (p)(2)(A): There it is in black and white.
Warning: IANAL.
First take a look at the search warrant issued against the home of Austin.
What we see here is that he's being suspected of breaking two specific laws.
18 USC 1030 - Computer Fraud
Austin is charged under this because he was suspected of being responsible for several defacements which are detailed in the warrant. Looking at what's in the warrant there seems to be more than enough evidence to support this charge.
18 USC 842(p)(2) - Unlawful Distribution of Information Relating to Explosives, etc...
In the search warrant are several quotes from raisethefist.com in which information about explosives is provided along side some comments that encourage this knowledge be used against police officers.
Here's the exact quote from 18 USC 842 (p)(2)(A):
to teach or demonstrate the making or use of an explosive, a destructive device, or a weapon of mass destruction, or to distribute by any means information pertaining to, in whole or in part, the manufacture or use of an explosive, destructive device, or weapon of mass destruction, with the intent that the teaching, demonstration, or information be used for, or in furtherance of, an activity that constitutes a Federal crime of violence;
Clearly what Austin did, provide information about explosives within the context of causing harm to others with said knowledge, falls under this law.
From the information that I have available it seems very apparent that Austin did commit crimes under current US law.
Now had Austin removed suggestions for use of this bomb making knowledge and just presented it in a separate, straight-forward format, he could not be charged under 18 USC 842.
However, he still defaced some sites and thus is still in violation of 18 USC 1030.
Remember, IANAL, but this seems pretty straightforward to me. No freedom of speech issue here.