Presumably, if you had physical access to the drive, wouldn't you have more time to crack it than two hours?
And presumably, you would consider the contents sufficiently important that you could practice cracking on a few spare copies. I have serious doubts that with sufficient time, physical access could be prevented, self-destruct mechanism or no. Self-destruct mechanisms require power, in the form of batteries or capacitors. Detecting separation of the case is one thing, detecting a very fine hole strategically drilled to disable the internal power supply (after a non-destructive x-ray inspection to figure out exactly where the hole should be placed) is quite another. Once the self-destruct mechanism has been disabled, you can do whatever you want to the stick, and, therefore, have complete access.
When the HVAC went out in the studios, he got up from his job as a call screener for one of our talk shows and said, "it's just too hot. I'll be back tomorrow" -- which left us scrambling for someone to cover his slot.
He still calls from time to time and is amazed that we won't hire him. No, I'm not kidding.
Serious question: did you let him back to finish his internship, and if so, why?
The people who work there already have this figured out, as you say, by replacing hardware every 6 to 12 months. So, buy identical copies of an inexpensive flash-based laptop and swap the drive each time you lose a chassis. Blowing out the chassis with compressed air frequently should help. If you're in an industrial setting, compressed air should be easy to come by, otherwise, a filling station should have some) frequently should help.
I'd worry more about my lungs in an environment like that, though. You get more-or-less only one set of those, and definitely can't clean them easily.
Until he installs an infitite tape, this is computationaly equivalent to a Finite Automata.
If you're going to be pedantic, then get it right --- the machine is computationally equivalent to a finite automaton.
What I find tickling about this implementation is the clear evidence of an embedded FSM emulating the programmed TM. Since the erase, write, and read portions of the head are physically displaced, the interpreter needs to shift the tape back and forth to execute a simple TM operation like "read symbol at current location" or "write a 1 at current location". Then, of course, there are the much more complicated portions of the FSM that perform optical character recognition, or actuate the marker to draw a zero or one symbol (too cool!). Still, a very, very nifty machine, and quite a creative solution to the problem of an erasable tape that is human and machine readable at the same time!
Yet "oceanographer Sugata Hazra, a professor at Jadavpur University in Calcutta" said "What these two countries could not achieve from years of talking, has been resolved by global warming." One would think that a university professor would have a slightly better grasp of the numbers than that. It helps nothing to make clearly false claims about the effects of climate change.
Agreed. Loss of a small island mass is more likely to be due to water-based excavation below the surface and the resultant settling of the land mass. We don't know, for example, that this island is on bedrock. If it is a silt deposit, then there's no reason to assume it has permanence in anything but the shortest time spans. That part of the world is one huge river delta, lending credence to the silt deposit idea.
A couple of web clicks, and WIkipedia's introductory, summary sentence says it all: "South Talpatti Island as it was known in Bangladesh, or New Moore Island or Purbasha as it was known in India, was a small uninhabited offshore island that emerged in the Bay of Bengal in the aftermath of the Bhola cyclone in 1970 and disappeared at some later point." Therefore we can conclude that it was unlikely to be Global Warming / Climate Change, or whathaveyou in this case, but, rather, normal above and below-surface erosion and settling. It would appear that Prof. Hazara has made a naive mistake.
whether a tree is organized democratically or under some other management and governance mechanism depends on the whims and ideals of that particular project's leader.
Do you not see the absurdity in your above statement? If the manner in which a project is governed "depends on the whims and ideals of that particular project's leader," than it is NOT democratic. Even if the dictator has chosen for the time being to abide by the will of the majority, he still has the power and authority to unilaterally discard that policy as soon as he and the majority disagree.
Sorry, I should have been more clear about that: it depends on the whims and ideals of the leadership as the organization is created. Naturally, governance can change, but if, at some point, the people in charge of a project agree to create a democratic governance, then that presumably includes the potential for replacing the leadership.
Having just finished establishing the governance for a non-profit, these sorts of issues have been on my mind of late.
Open source is democratic: one can join different trees or start your own copy, but individual trees (flavors of the project) are not democratic.
I believe the last three words should instead read, "may or may not be democratic," as whether a tree is organized democratically or under some other management and governance mechanism depends on the whims and ideals of that particular project's leader.
I've never had my desk crash, losing all pieces of paper on it. Contrast that to Windows.
When push comes to shove, I can always get a paper form to the person that needs it. Contrast that to relying on an Exchange server.
When a form needs authorization, having the right person sign it with a pen always works. Contrast that to trying to get digital signatures to work.
Speed, too. It takes how long to sign a document, either digitally or by imposing a scanned signature, as compared with raising a pen and making your scrawl?
I have to send scanned, signed papers around my institution pretty frequently. It's almost faster to carry a signed piece of paper to my boss's office two buildings over than it is to do it all electronically. If his office was just a few doors down from mine, I would NEVER do it electronically.
sounds like a safety law suit jackpot and not a patent thing.
Definitely. I haven't read the Saw Stop patent, but I can think of three completely different ways to implement the same basic idea of stopping the saw blade quickly. None are as good as Saw Stop (which is frelling brilliant and definitely non-obvious), but not implementing what might be considered basic safety technology (like a deadman's switch on a lawnmower, for example) can reasonably drive liability. The unusual part of this case is that we are on the cusp of adoption of this particular -- but important, IMO -- safety technology.
In the article, Saw Stop claims to have sold 20,000 units with their proprietary brake technology, and to have saved 700 fingers. That is an insane injury rate, and if correct, shows how inherently dangerous table saws really are. There's a solution to this safety issue, but Ryobi fully aware of the problem apparently chose not to license said solution. Therefore they are liable. I'm certain there's more to it than that (and, naturally, I'm not a lawyer), but there would seem to be a thread of logical reasoning in the decision.
Experience is not what you take college classes to obtain. Experience happens after graduation, or outside of the classroom. The intellectual frameworks of subjects and mechanisms for reasoning within those frameworks are what tertiary education provides.
In college, it does not matter so much that you have or have not done something, but how well you did that thing. Grades are a vital, and important part of that evaluation. Just saying that something was achieved or some act performed does not indicate how well it was done. Were the problem set answers copied from the answer key? Were they copied from another student? From sources on the Web? Was there original thought and effort put into it? How is not having an evaluation of the finesse and skill used on an assignment going to provide the necessary feedback to teach the students how to think? College, after all, is not so much learning specific subjects, although that is certainly an important part of it, but teaching the students how to use their brains. Without the assessments of grades, this becomes a far less efficient process. Frankly, Sheldon, the professor in charge of this class, is pandering, and is doing nothing to improve the already lightweight reputation of Indiana University. We are talking about a class in game design, after all, not embedded control design, or real time systems, or higher order languages, or advanced algorithms.
Your email is not a letter. It is a selection of bits.
You cannot control what happens to those bits once you have hit the "Send" button any more than the BPI can control what happens to the bits of the most recently ripped JLS / Coldplay track. You're effectively suggesting that we legislate DRM for our email.
Do you know how daft that sounds?
Please. With that reasoning, your letter is not a letter, it is a selection of scrawled marks on scraps of dried tree pulp. You cannot control what happens to those scraps once you have placed them in a mailbox. Your interpretation is daft.
BUT, there's a fantastic section of our legal system that says everyone -- but EVERYONE -- has to back off on doing anything other than touching said scraps for the purposes of delivery to you, except under direct court order. Once you have possession of the scraps, these protections fade as you, presumably, have control of the disposition of your own property. There is an exception where privacy is not expected, namely post cards where the information is out in the open, but scraps that are hidden from view by an envelope are protected.
In my opinion, the same protections should be extended to email, but the court clearly thinks otherwise. Without an envelope, the thinking goes, email is more like a post-card. So, start using the electronic equivalent of an envelope: encrypt your email.
This won't stop the paranoid from preventing their children from being immunized because some of these same people have interesting theories about how the vaccines are deliberately nefarious in other ways (going as far on out there as mind control, etc). These people and their little theory have done more to damage public health in a short amount of time than a lot of other things...
And it won't stop me, as a parent making healthcare decisions for my children, or as an individual making decisions about my own healthcare, from refusing any injection that contains thimerisol. I take reasonable precautions to avoid ingesting heavy metals, including having them injected into my body. Every vaccine that I have been offered or required to take since I've realized that thimerisol contains mercury, is also available in single-use vials that are essentially mercury-free (and with a single-use vial, you have a much lower chance of getting cross-contamination from something even worse). My children and I get vaccinated, just not with vaccines containing known neurotoxins. Our pediatrician and my personal physician agree with this stance.
A lot of security theater is out there, but one thing is for certain: you can dramatically lower your risk just by thinking for a minute before you click on some link/email/app/etc.
Yes, true, but the article is about corporate IT security, where it must be assumed that employees will not be circumspect as you suggest, and the network protected nevertheless.
The man that told Star Trek fans to "get a life" and who wanted to put as much distance between himself and the role of Kirk as humanly possible? I could see Koenig, but Shatner?
I smell a "there's money in it, and those Sci-Fi geeks gobble up anything Star Trek, let's cash in".
The biggest clue is in the phrase, "... with a passion for the arts," which for all the world sounds like a lame attempt to bring the patina of respectability to an obviously idiotic idea.
Anyone who's been in a bar fight knows that whether they are sturdier or not, full ones make much better blunt instruments due to their higher mass.
And yet, if you had taken the time to find the cited article, you would have learned that EMPTY bottles are significantly sturdier. The reasons why are left as an exercise to the reader. Being sturdy has an impact (pun intended) on their utility in blunt-force attacks (again, intended), but mass is arguably more important. Both empty and full bottles were found to have breaking thresholds higher than the human cranium, and so could be used to cause serious injury.
It's actually not that absurd a scientific question, given that the answer has important legal and forensic implications. And no, Virginia, the bottles you see used in Hollywood movie bar fights are not actually made of glass.
As the linked article points out, this so-called news is just lazy journalism of a long-ago announced planned shutdown for routine maintenance and upgrading.
This should never have made it to the front page here. Is it too much to ask that the editors at Slashdot at least GLANCE at the linked articles?
If this person is important to you (ie, a relative, family friend), then set up a CD-R with A/V and malware detection on it such that it autoruns, and mail them a new, fresh copy once per month that includes the latest A/V definitions. Hell, include a defrag as part of the autorun process. What does this person do for updates to Windows? I'm betting nothing. Include those too.
90% of maintaining my computer semi-literate parents' and relatives' computers is basically this: (1) update antivirus, (2) run A/V, (3) update Windows, (4) defrag.
Too late. These are already in use. The "poo powder" is some kind of fungus that reacts w/the heat and liquid and gives off gas that kills the bacteria, so you can toss the bag in a trash can, landfill etc.
If you read the article (I know, I know) the Pee-Poo was designed to fit within the existing habits of some of the developing world where people already use plasic bags to dispose of their excrement, tossing it into open spaces. A standing toilet (like The Pett) would require more room and a change in behavior. The Pee-Poo just means buying special-purpose plastic bags, with the side benefit that (a) the waste is sterlized, and (b) it potentially can be reused as fertilizer if the community can organize and plan at those sorts of timescales. I'd be interested to see what sort of testing they did to ensure that these bags do, in fact, sterilize their contents. The Pee-Poo article was short on that detail.
Please: Caltech, not Cal Tech. Caltech (or, just Tech) is not part of the UC system. Yes, one writes or says, "Cal Berkeley" or just "Cal" for many of the UC schools or even some of the State schools, but the California Institute of Technology is an independent, private university. As such, Caltech has chosen to use one word, not two, in its official nickname.
IANAL, but I have researched this subject for my own work-product. The ownership of work produced on contract depends highly on the terms of the contract but nominally is considered work for hire, and, therefore, belongs to the client. If the contract does not stipulate otherwise, then the client owns the work-product.
Now, if the work-product consists of delivered source code, then the client owns the source code. If the work-product consists of delivered compiled code, then the client owns the compiled code.
Again, IANAL, but my research into this question boils down to something just that simple. The important conclusion is: if you desire a specific disposition of your work-product (like you retain ownership, or retain the ability to sell the same work-product to someone else, or retain the ability to modify it, or release it as open-source, etc.), you should put that in your contracts.
They do not need to time the attack for when the computation is underway. The CPU automatically uses more power during the computation, causing the errors the researchers are interested in.
To make this attack possible, faults with the characteristics de- scribed must be injected in the attacked microprocessor. For this purpose, we exploit a circuit-level vulnerability common in micro- processor design: multiplier circuits tend to be fairly complex, and much effort has been dedicated to developing high performance multipliers, that is, multipliers with short critical path delays. Even so, often the critical path of a microprocessor system goes through the multiplier circuit [12]. If environmental conditions (such as high temperatures or voltage manipulation by an attacker) slow down the signal propagation in the system, it is possible that signals through the critical path do not reach their corresponding registers or latches before the next clock cycle begins. In such situations, one of the first units to fail in computing correct results tends to be the multiplier, because its "margin" of delay is minimal. Note that not all multiplications would be erroneous, only those which required values generated through the critical path.
Assuming that the RSA algorithm is going to burn more power than any other process, and base an attack that is intended to be undetectable on that assumption, is making a big mistake. Far more likely that a voltage tweak is going to affect some other part of the system that uses the multiplier and cause either an application or the kernel to fail. To get around that, the attacker needs to know at least *probably* when the RSA algorithm is going to be on-chip and executing. Unless I'm mistaken, that's kernel-level knowledge which means to exploit this weakness, the system must already have been compromised.
Slashdot Mirror
Presumably, if you had physical access to the drive, wouldn't you have more time to crack it than two hours?
And presumably, you would consider the contents sufficiently important that you could practice cracking on a few spare copies. I have serious doubts that with sufficient time, physical access could be prevented, self-destruct mechanism or no. Self-destruct mechanisms require power, in the form of batteries or capacitors. Detecting separation of the case is one thing, detecting a very fine hole strategically drilled to disable the internal power supply (after a non-destructive x-ray inspection to figure out exactly where the hole should be placed) is quite another. Once the self-destruct mechanism has been disabled, you can do whatever you want to the stick, and, therefore, have complete access.
When the HVAC went out in the studios, he got up from his job as a call screener for one of our talk shows and said, "it's just too hot. I'll be back tomorrow" -- which left us scrambling for someone to cover his slot.
He still calls from time to time and is amazed that we won't hire him. No, I'm not kidding.
Serious question: did you let him back to finish his internship, and if so, why?
The people who work there already have this figured out, as you say, by replacing hardware every 6 to 12 months. So, buy identical copies of an inexpensive flash-based laptop and swap the drive each time you lose a chassis. Blowing out the chassis with compressed air frequently should help. If you're in an industrial setting, compressed air should be easy to come by, otherwise, a filling station should have some) frequently should help.
I'd worry more about my lungs in an environment like that, though. You get more-or-less only one set of those, and definitely can't clean them easily.
Until he installs an infitite tape, this is computationaly equivalent to a Finite Automata.
If you're going to be pedantic, then get it right --- the machine is computationally equivalent to a finite automaton.
What I find tickling about this implementation is the clear evidence of an embedded FSM emulating the programmed TM. Since the erase, write, and read portions of the head are physically displaced, the interpreter needs to shift the tape back and forth to execute a simple TM operation like "read symbol at current location" or "write a 1 at current location". Then, of course, there are the much more complicated portions of the FSM that perform optical character recognition, or actuate the marker to draw a zero or one symbol (too cool!). Still, a very, very nifty machine, and quite a creative solution to the problem of an erasable tape that is human and machine readable at the same time!
Yet "oceanographer Sugata Hazra, a professor at Jadavpur University in Calcutta" said "What these two countries could not achieve from years of talking, has been resolved by global warming." One would think that a university professor would have a slightly better grasp of the numbers than that. It helps nothing to make clearly false claims about the effects of climate change.
Agreed. Loss of a small island mass is more likely to be due to water-based excavation below the surface and the resultant settling of the land mass. We don't know, for example, that this island is on bedrock. If it is a silt deposit, then there's no reason to assume it has permanence in anything but the shortest time spans. That part of the world is one huge river delta, lending credence to the silt deposit idea.
A couple of web clicks, and WIkipedia's introductory, summary sentence says it all: "South Talpatti Island as it was known in Bangladesh, or New Moore Island or Purbasha as it was known in India, was a small uninhabited offshore island that emerged in the Bay of Bengal in the aftermath of the Bhola cyclone in 1970 and disappeared at some later point." Therefore we can conclude that it was unlikely to be Global Warming / Climate Change, or whathaveyou in this case, but, rather, normal above and below-surface erosion and settling. It would appear that Prof. Hazara has made a naive mistake.
whether a tree is organized democratically or under some other management and governance mechanism depends on the whims and ideals of that particular project's leader.
Do you not see the absurdity in your above statement? If the manner in which a project is governed "depends on the whims and ideals of that particular project's leader," than it is NOT democratic. Even if the dictator has chosen for the time being to abide by the will of the majority, he still has the power and authority to unilaterally discard that policy as soon as he and the majority disagree.
Sorry, I should have been more clear about that: it depends on the whims and ideals of the leadership as the organization is created. Naturally, governance can change, but if, at some point, the people in charge of a project agree to create a democratic governance, then that presumably includes the potential for replacing the leadership.
Having just finished establishing the governance for a non-profit, these sorts of issues have been on my mind of late.
Open source is democratic: one can join different trees or start your own copy, but individual trees (flavors of the project) are not democratic.
I believe the last three words should instead read, "may or may not be democratic," as whether a tree is organized democratically or under some other management and governance mechanism depends on the whims and ideals of that particular project's leader.
I've never had my desk crash, losing all pieces of paper on it. Contrast that to Windows.
When push comes to shove, I can always get a paper form to the person that needs it. Contrast that to relying on an Exchange server.
When a form needs authorization, having the right person sign it with a pen always works. Contrast that to trying to get digital signatures to work.
Speed, too. It takes how long to sign a document, either digitally or by imposing a scanned signature, as compared with raising a pen and making your scrawl?
I have to send scanned, signed papers around my institution pretty frequently. It's almost faster to carry a signed piece of paper to my boss's office two buildings over than it is to do it all electronically. If his office was just a few doors down from mine, I would NEVER do it electronically.
You can go into your account settings and set it to not show you his submissions.
I would not be surprised if they keep a metric of who has been blocked the most.
Perfect, thanks! Ah, the quality of Slashdot just went up.
sounds like a safety law suit jackpot and not a patent thing.
Definitely. I haven't read the Saw Stop patent, but I can think of three completely different ways to implement the same basic idea of stopping the saw blade quickly. None are as good as Saw Stop (which is frelling brilliant and definitely non-obvious), but not implementing what might be considered basic safety technology (like a deadman's switch on a lawnmower, for example) can reasonably drive liability. The unusual part of this case is that we are on the cusp of adoption of this particular -- but important, IMO -- safety technology.
In the article, Saw Stop claims to have sold 20,000 units with their proprietary brake technology, and to have saved 700 fingers. That is an insane injury rate, and if correct, shows how inherently dangerous table saws really are. There's a solution to this safety issue, but Ryobi fully aware of the problem apparently chose not to license said solution. Therefore they are liable. I'm certain there's more to it than that (and, naturally, I'm not a lawyer), but there would seem to be a thread of logical reasoning in the decision.
What I want to know is - when will kdawson not be such a tool?
Worst Slashdot editor, ever. There's no hope, other than to stop reading Slashdot when he's approving submissions.
Experience is not what you take college classes to obtain. Experience happens after graduation, or outside of the classroom. The intellectual frameworks of subjects and mechanisms for reasoning within those frameworks are what tertiary education provides.
In college, it does not matter so much that you have or have not done something, but how well you did that thing. Grades are a vital, and important part of that evaluation. Just saying that something was achieved or some act performed does not indicate how well it was done. Were the problem set answers copied from the answer key? Were they copied from another student? From sources on the Web? Was there original thought and effort put into it? How is not having an evaluation of the finesse and skill used on an assignment going to provide the necessary feedback to teach the students how to think? College, after all, is not so much learning specific subjects, although that is certainly an important part of it, but teaching the students how to use their brains. Without the assessments of grades, this becomes a far less efficient process. Frankly, Sheldon, the professor in charge of this class, is pandering, and is doing nothing to improve the already lightweight reputation of Indiana University. We are talking about a class in game design, after all, not embedded control design, or real time systems, or higher order languages, or advanced algorithms.
Your email is not a letter. It is a selection of bits.
You cannot control what happens to those bits once you have hit the "Send" button any more than the BPI can control what happens to the bits of the most recently ripped JLS / Coldplay track. You're effectively suggesting that we legislate DRM for our email.
Do you know how daft that sounds?
Please. With that reasoning, your letter is not a letter, it is a selection of scrawled marks on scraps of dried tree pulp. You cannot control what happens to those scraps once you have placed them in a mailbox. Your interpretation is daft.
BUT, there's a fantastic section of our legal system that says everyone -- but EVERYONE -- has to back off on doing anything other than touching said scraps for the purposes of delivery to you, except under direct court order. Once you have possession of the scraps, these protections fade as you, presumably, have control of the disposition of your own property. There is an exception where privacy is not expected, namely post cards where the information is out in the open, but scraps that are hidden from view by an envelope are protected.
In my opinion, the same protections should be extended to email, but the court clearly thinks otherwise. Without an envelope, the thinking goes, email is more like a post-card. So, start using the electronic equivalent of an envelope: encrypt your email.
This won't stop the paranoid from preventing their children from being immunized because some of these same people have interesting theories about how the vaccines are deliberately nefarious in other ways (going as far on out there as mind control, etc). These people and their little theory have done more to damage public health in a short amount of time than a lot of other things...
And it won't stop me, as a parent making healthcare decisions for my children, or as an individual making decisions about my own healthcare, from refusing any injection that contains thimerisol. I take reasonable precautions to avoid ingesting heavy metals, including having them injected into my body. Every vaccine that I have been offered or required to take since I've realized that thimerisol contains mercury, is also available in single-use vials that are essentially mercury-free (and with a single-use vial, you have a much lower chance of getting cross-contamination from something even worse). My children and I get vaccinated, just not with vaccines containing known neurotoxins. Our pediatrician and my personal physician agree with this stance.
A lot of security theater is out there, but one thing is for certain: you can dramatically lower your risk just by thinking for a minute before you click on some link/email/app/etc.
Yes, true, but the article is about corporate IT security, where it must be assumed that employees will not be circumspect as you suggest, and the network protected nevertheless.
The man that told Star Trek fans to "get a life" and who wanted to put as much distance between himself and the role of Kirk as humanly possible? I could see Koenig, but Shatner?
I smell a "there's money in it, and those Sci-Fi geeks gobble up anything Star Trek, let's cash in".
The biggest clue is in the phrase, "... with a passion for the arts," which for all the world sounds like a lame attempt to bring the patina of respectability to an obviously idiotic idea.
Anyone who's been in a bar fight knows that whether they are sturdier or not, full ones make much better blunt instruments due to their higher mass.
And yet, if you had taken the time to find the cited article, you would have learned that EMPTY bottles are significantly sturdier. The reasons why are left as an exercise to the reader. Being sturdy has an impact (pun intended) on their utility in blunt-force attacks (again, intended), but mass is arguably more important. Both empty and full bottles were found to have breaking thresholds higher than the human cranium, and so could be used to cause serious injury.
It's actually not that absurd a scientific question, given that the answer has important legal and forensic implications. And no, Virginia, the bottles you see used in Hollywood movie bar fights are not actually made of glass.
As the linked article points out, this so-called news is just lazy journalism of a long-ago announced planned shutdown for routine maintenance and upgrading.
This should never have made it to the front page here. Is it too much to ask that the editors at Slashdot at least GLANCE at the linked articles?
As far as news go [this story is] really weak.
One more example of how kdawson's postings are not up to the editorial standards, such as they are, at Slashdot.
Note to self: stop reading Slashdot when kdawson is editing, as the quality goes down and the silliness goes up.
If this person is important to you (ie, a relative, family friend), then set up a CD-R with A/V and malware detection on it such that it autoruns, and mail them a new, fresh copy once per month that includes the latest A/V definitions. Hell, include a defrag as part of the autorun process. What does this person do for updates to Windows? I'm betting nothing. Include those too.
90% of maintaining my computer semi-literate parents' and relatives' computers is basically this: (1) update antivirus, (2) run A/V, (3) update Windows, (4) defrag.
http://www.thepett.com/
http://www.thepett.com/index.php?PageLayout=PRODUCTS&pageID=95
Too late. These are already in use. The "poo powder" is some kind of fungus that reacts w/the heat and liquid and gives off gas that kills the bacteria, so you can toss the bag in a trash can, landfill etc.
If you read the article (I know, I know) the Pee-Poo was designed to fit within the existing habits of some of the developing world where people already use plasic bags to dispose of their excrement, tossing it into open spaces. A standing toilet (like The Pett) would require more room and a change in behavior. The Pee-Poo just means buying special-purpose plastic bags, with the side benefit that (a) the waste is sterlized, and (b) it potentially can be reused as fertilizer if the community can organize and plan at those sorts of timescales. I'd be interested to see what sort of testing they did to ensure that these bags do, in fact, sterilize their contents. The Pee-Poo article was short on that detail.
Yet another fluff piece by kdawson without a shred of credibility. For all we know, he made this up to fill in for a slow news day.
Note to self: stop reading Slashdot when kdawson is editing because the level of interesting content drops through the floor.
Please: Caltech, not Cal Tech. Caltech (or, just Tech) is not part of the UC system. Yes, one writes or says, "Cal Berkeley" or just "Cal" for many of the UC schools or even some of the State schools, but the California Institute of Technology is an independent, private university. As such, Caltech has chosen to use one word, not two, in its official nickname.
IANAL, but I have researched this subject for my own work-product. The ownership of work produced on contract depends highly on the terms of the contract but nominally is considered work for hire, and, therefore, belongs to the client. If the contract does not stipulate otherwise, then the client owns the work-product.
Now, if the work-product consists of delivered source code, then the client owns the source code. If the work-product consists of delivered compiled code, then the client owns the compiled code.
Again, IANAL, but my research into this question boils down to something just that simple. The important conclusion is: if you desire a specific disposition of your work-product (like you retain ownership, or retain the ability to sell the same work-product to someone else, or retain the ability to modify it, or release it as open-source, etc.), you should put that in your contracts.
They do not need to time the attack for when the computation is underway. The CPU automatically uses more power during the computation, causing the errors the researchers are interested in.
- Fault-Based Attack of RSA Authentication, Page 3, Section 4.
Assuming that the RSA algorithm is going to burn more power than any other process, and base an attack that is intended to be undetectable on that assumption, is making a big mistake. Far more likely that a voltage tweak is going to affect some other part of the system that uses the multiplier and cause either an application or the kernel to fail. To get around that, the attacker needs to know at least *probably* when the RSA algorithm is going to be on-chip and executing. Unless I'm mistaken, that's kernel-level knowledge which means to exploit this weakness, the system must already have been compromised.