No, this research wasn't even published, it's a conference talk and a PR release. Go read the actual link, at the bottom of the long post, where Matthew Francis dishes it out. Here it is again in case you missed it:
A good engineer would know how to load the problem into Matlab (or whatever symbolic solver engineers use), and lean back while it computes the answer.
This. Most of what I'll -- for lack of a better term -- call applications engineering is done this way. You learn the math in high school and college so you understand the problems, not so you can solve them in your head. Even in research fields it's unusual to solve equations of this size by hand.
Figure 8 on Page 6 of the actual paper shows what they're measuring. They're comparing filter materials by Salt rejection % vs Water permeability measured in L/cm2/day/MPa. That unit incorporates all the energy-efficeny goodness you want in a filter without looking at what pump technology is actually used to provide the energy input. It says that more filtered water (L) per square centimeter of filter (/cm2) per day (/day) per MegaPascal of pressure (/MPa, the energy input) is more good. Assuming any particular pump technology would give you a number for MPa/MJ that you could apply, but it doesn't help you understadn the performance of the filter itself. The figure for improvement vs existing technology they actually give is 2-3 orders of magnitude (100-1000x) so TFS is taking the optimistic side.
The bottom line is that this has a huge potential but is still a ways from practical application.
I'm not sure this would work from the perspective of intentionally including it; but I think it would be an interesting way to "flag" accounts for extra verification. People have different typing styles and your natural timing of entry for a password should be computable from logins over time. If the entry is significantly off it can be a yellow flag to indicate that maybe it isn't you entering the password. Combine that with some other factors (e.g. IP history, user agent strings) and you could perhaps identify accounts that are likely compromised and require an extra verification step.
I don't really have time to work this out and try it, but it'd be very interesting to try.
Do note that the "Bulletin of the Atomic Scientists" is a generally an anti-nuclear, scare-mongering publication. These are the people whose count-down to nuclear disaster has been just a few minutes before midnight for decades. Whatever they publish should be viewed with this in mind.
As a strong supporter of nuclear power I feel this attitude is exactly what makes it so easy to scare up opposition to nuclear power. That article was extremely well written and researched. IMO it presented a fairly balanced view of the existing studies and the overall challenges to new research and regulation. Yes their are concerns about low and protracted doses, and yes the industry has tried to downplay and bury that research. Just like the "green power" industry doesn't want anyone to look at the lifecycle costs on those PV cells and LiPo batteries.
The only way to stop fear mongering and get new power plants is with open and honest research - not making attacks on an article that tries to present the facts.
Personally, I think this is a great plan. I'm not sure it'll make me buy an HP instead of a computer from system76, but it's definitely a great idea.
That said, my last call to HP tech support for one of my IPS monitors went pretty well once I got past the first 2 levels of non-English-speaking drones, and their actual rep who came out to my house with the replacement display was fantastic. No dumb questions, good communication, and fast replacement service.
Also I’d personally like to thank you for asking a question that is:
- non-trivial
- can benefit from the vast amount of diversity and experience within the slashdot crowd
- will probably generate interesting stories
- and most importantly, isn’t depressing as hell nor a reminder that everything is falling apart in our industry
This is what "ask slashdot" could be! We really need more of this!
This is so true. I'm glad to see the first ask slashdot in a long time where I'll be reading the all the comments at 0 without having any mod points.
Our current options are a twatwaffle who hasn't even read the fucking Constitution, versus a pretty terrible businessman who hasn't read the Constitution, a Theocratic frothy mixture of lube and fecal material who makes the Ayatollah look like an Atheist, and a douchebag that was kicked out of Congress. There's a slim chance we might get the chance for a crazy old guy who's read the Constitution and therefore will accomplish nothing, because by virtue of understanding the actual powers granted to the Federal government, he scares the fuck out of both Democraps and Republicunts.
That, sir, is the best description of candidates I've read yet.
Gigabit fiber from Verizon? No, I didn't think so.
FWIW, I have Verizon FiOS here, and it's nicer than anything else in the area, but it doesn't hold a candle to what a real high speed connection could look like from Google. Especially since Google owns so much of it's own long-distance backbone, I'm betting their local fiber is going to be wired up pretty well to the rest of the internet tubes.
The difference between a military and a militia is training. Yes, tanks and big guns are extremely easy to fire, but do you know how to work together with others to use those weapons to launch a coordinated assault? Have you practiced and trained until you can work with your squad to clear a building without thinking about it?
This is what has fundamentally changed in the American military since Vietnam, we have fully changed from a loose organization of mostly short-term enlistees, draftees, and officers to a core of professional soldiers who will spend 20+ years in the service, and you know what, it works like a sonofabitch. It raises even the average private in the US army to a level 10, 100 times higher than the members of your militia because they can work together as a team. One on one your militia of hunters and private citizens might do alright, but you don't get any bonus from having them together. If I take a bunch of guys from a military unit the whole is going to be much more effective than if they fought individually.
Training is expensive and time consuming - your militia will never have the time or the money to train the way a regular army can.
It seems like the trivial fix here is to sign the code and only allow flashing of signed images after boot. It would be nice to be able to flash anything during boot for hacking/testing/whatever, but anyone using the windows-based flash software is likely to be okay with just signed code from the manufacturer.
Isn't this what those TPM chips were designed for in the first place before they hijacked into being tools for draconian DRM?
That seems weird though, since they talk about recovering copper and copper is mostly going to be in the compressor and coils. I guess they mean in whatever earlier step removes them.
Shredding the materials and degassing/compressing the foam. It doesn't sound like they're doing anything about refrigerant recovery, but they talk about the foam processing reducing greenhouse emissions.
they only ever make money on the first share issue (or subsequent rights issues) and the current market value of their stock doesn't have any influence on the funds they have available to do business.
The corporation only makes money on the issues, but the executives make money from selling their stock options, which are generally the largest part of their compensation package.
Aside from that the corporation does have an interest in stock prices because the investor care about stock price, and the investor elect the board, who then appoint the executives. Why do you think Brian Moynihan is in such a panic over BofA's stock price crash?
This is exactly why people in offices use faxes. Most office workers can barely use e-mail, and can't install printers, much less scanners. Think about all the sales people you've ever talked to in restaurants, schools, supply warehouses, etc. These are the people that use fax everyday because 90% of the time it just works.
Google's biggest mistake was using the Java language. That has always been a legal time bomb, since it was never made an open standard.
True, since Oracle is the only company targeting Google specifically
Now the patent trolls are going after them with overly broad patents (yet another indication of the broken patent system), primarily due to the success of Android.
I don't think they're targeting Android so much as other phone manufacturers. I think we'll see that most of Motorola's patents relate to phone hardware - they really haven't done much in the phone software space. They're talking about doing more of this to help make their phones stand out compared to other Android phones - either by driving up competitor's prices or forcing them to drop features. This is actually a fairly reasonable use of the patent system since Motorola actually makes phones using their patents - it isn't "trolling" as we usually discuss it here.
10 or 15 years ago this would have been a big issue, but these days I just can't see it.
Given the near-total disregard for security I feel in most mobile network operators, I think anything that draws attention to how laughably easy it is to intercept cell data is worth talking about. Most people just assume that their cell data is secure, when every year at DEFCON we see more exploits.. and they never seem to get patched.
With how ridiculously easy it is to encrypt internet traffic you'd think they could at least deploy some patches to fix some of these attacks... rogue towers anyone? They still don't use signed certificates for towers?
Apple has been on a monopolistic roll lately. I wonder how many sharks at the DOJ are sharpening their teeth? An antitrust case against Apple would really be fun to watch - all those fanboys squirming.
The summary is kind of slanted. Apple already knew who had lost the phone - they knew from the day after when they wiped it - Gizmodo just made that name public and did so in a fairly classy way. As a lot of comments on Gizmodo have pointed out, the public naming of the engineer isn't going to do anything more to hurt him, and could protect him a little from Steve Jobs firing him.
Actually, TFA didn't say exactly, but it sounds like these SIP attacks are brute-force attempts to authenticate and initiate a session. Presumably they want to spam-call numbers on PBX without paying long distance.
Slashdot Mirror
No, this research wasn't even published, it's a conference talk and a PR release. Go read the actual link, at the bottom of the long post, where Matthew Francis dishes it out. Here it is again in case you missed it:
http://galileospendulum.org/2014/01/02/no-dark-matter-is-not-messing-up-gps-measurements/
I wonder if it would be possible to configure the phone's wifi to remain passive until it detects the beacon from a known access point?
Full disclosure: I'm not very familiar with the physical layer of 802.11 networks, please point out if this is impossible.
A good engineer would know how to load the problem into Matlab (or whatever symbolic solver engineers use), and lean back while it computes the answer.
This. Most of what I'll -- for lack of a better term -- call applications engineering is done this way. You learn the math in high school and college so you understand the problems, not so you can solve them in your head. Even in research fields it's unusual to solve equations of this size by hand.
Figure 8 on Page 6 of the actual paper shows what they're measuring. They're comparing filter materials by Salt rejection % vs Water permeability measured in L/cm2/day/MPa. That unit incorporates all the energy-efficeny goodness you want in a filter without looking at what pump technology is actually used to provide the energy input. It says that more filtered water (L) per square centimeter of filter (/cm2) per day (/day) per MegaPascal of pressure (/MPa, the energy input) is more good. Assuming any particular pump technology would give you a number for MPa/MJ that you could apply, but it doesn't help you understadn the performance of the filter itself. The figure for improvement vs existing technology they actually give is 2-3 orders of magnitude (100-1000x) so TFS is taking the optimistic side.
The bottom line is that this has a huge potential but is still a ways from practical application.
I'm not sure this would work from the perspective of intentionally including it; but I think it would be an interesting way to "flag" accounts for extra verification. People have different typing styles and your natural timing of entry for a password should be computable from logins over time. If the entry is significantly off it can be a yellow flag to indicate that maybe it isn't you entering the password. Combine that with some other factors (e.g. IP history, user agent strings) and you could perhaps identify accounts that are likely compromised and require an extra verification step.
I don't really have time to work this out and try it, but it'd be very interesting to try.
That's fantastically insightful and informative, and I just spent my mod points :(
Do note that the "Bulletin of the Atomic Scientists" is a generally an anti-nuclear, scare-mongering publication. These are the people whose count-down to nuclear disaster has been just a few minutes before midnight for decades. Whatever they publish should be viewed with this in mind.
As a strong supporter of nuclear power I feel this attitude is exactly what makes it so easy to scare up opposition to nuclear power. That article was extremely well written and researched. IMO it presented a fairly balanced view of the existing studies and the overall challenges to new research and regulation. Yes their are concerns about low and protracted doses, and yes the industry has tried to downplay and bury that research. Just like the "green power" industry doesn't want anyone to look at the lifecycle costs on those PV cells and LiPo batteries.
The only way to stop fear mongering and get new power plants is with open and honest research - not making attacks on an article that tries to present the facts.
Do all of those companies actually manufacture their own printers? I thought Dell just re-branded other printers.
Personally, I think this is a great plan. I'm not sure it'll make me buy an HP instead of a computer from system76, but it's definitely a great idea.
That said, my last call to HP tech support for one of my IPS monitors went pretty well once I got past the first 2 levels of non-English-speaking drones, and their actual rep who came out to my house with the replacement display was fantastic. No dumb questions, good communication, and fast replacement service.
Also I’d personally like to thank you for asking a question that is:
- non-trivial
- can benefit from the vast amount of diversity and experience within the slashdot crowd
- will probably generate interesting stories
- and most importantly, isn’t depressing as hell nor a reminder that everything is falling apart in our industry
This is what "ask slashdot" could be! We really need more of this!
This is so true. I'm glad to see the first ask slashdot in a long time where I'll be reading the all the comments at 0 without having any mod points.
Our current options are a twatwaffle who hasn't even read the fucking Constitution, versus a pretty terrible businessman who hasn't read the Constitution, a Theocratic frothy mixture of lube and fecal material who makes the Ayatollah look like an Atheist, and a douchebag that was kicked out of Congress. There's a slim chance we might get the chance for a crazy old guy who's read the Constitution and therefore will accomplish nothing, because by virtue of understanding the actual powers granted to the Federal government, he scares the fuck out of both Democraps and Republicunts.
That, sir, is the best description of candidates I've read yet.
Gigabit fiber from Verizon? No, I didn't think so.
FWIW, I have Verizon FiOS here, and it's nicer than anything else in the area, but it doesn't hold a candle to what a real high speed connection could look like from Google. Especially since Google owns so much of it's own long-distance backbone, I'm betting their local fiber is going to be wired up pretty well to the rest of the internet tubes.
I'll give it to you, that made me laugh. You're right though, my assumptions would be less valid in a country with mandatory service.
The difference between a military and a militia is training. Yes, tanks and big guns are extremely easy to fire, but do you know how to work together with others to use those weapons to launch a coordinated assault? Have you practiced and trained until you can work with your squad to clear a building without thinking about it?
This is what has fundamentally changed in the American military since Vietnam, we have fully changed from a loose organization of mostly short-term enlistees, draftees, and officers to a core of professional soldiers who will spend 20+ years in the service, and you know what, it works like a sonofabitch. It raises even the average private in the US army to a level 10, 100 times higher than the members of your militia because they can work together as a team. One on one your militia of hunters and private citizens might do alright, but you don't get any bonus from having them together. If I take a bunch of guys from a military unit the whole is going to be much more effective than if they fought individually.
Training is expensive and time consuming - your militia will never have the time or the money to train the way a regular army can.
It seems like the trivial fix here is to sign the code and only allow flashing of signed images after boot. It would be nice to be able to flash anything during boot for hacking/testing/whatever, but anyone using the windows-based flash software is likely to be okay with just signed code from the manufacturer.
Isn't this what those TPM chips were designed for in the first place before they hijacked into being tools for draconian DRM?
Good catch, I didn't notice that.
That seems weird though, since they talk about recovering copper and copper is mostly going to be in the compressor and coils. I guess they mean in whatever earlier step removes them.
Shredding the materials and degassing/compressing the foam. It doesn't sound like they're doing anything about refrigerant recovery, but they talk about the foam processing reducing greenhouse emissions.
they only ever make money on the first share issue (or subsequent rights issues) and the current market value of their stock doesn't have any influence on the funds they have available to do business.
The corporation only makes money on the issues, but the executives make money from selling their stock options, which are generally the largest part of their compensation package.
Aside from that the corporation does have an interest in stock prices because the investor care about stock price, and the investor elect the board, who then appoint the executives. Why do you think Brian Moynihan is in such a panic over BofA's stock price crash?
mod parent up
This is exactly why people in offices use faxes. Most office workers can barely use e-mail, and can't install printers, much less scanners. Think about all the sales people you've ever talked to in restaurants, schools, supply warehouses, etc. These are the people that use fax everyday because 90% of the time it just works.
Google's biggest mistake was using the Java language. That has always been a legal time bomb, since it was never made an open standard.
True, since Oracle is the only company targeting Google specifically
Now the patent trolls are going after them with overly broad patents (yet another indication of the broken patent system), primarily due to the success of Android.
I don't think they're targeting Android so much as other phone manufacturers. I think we'll see that most of Motorola's patents relate to phone hardware - they really haven't done much in the phone software space. They're talking about doing more of this to help make their phones stand out compared to other Android phones - either by driving up competitor's prices or forcing them to drop features. This is actually a fairly reasonable use of the patent system since Motorola actually makes phones using their patents - it isn't "trolling" as we usually discuss it here.
10 or 15 years ago this would have been a big issue, but these days I just can't see it.
Given the near-total disregard for security I feel in most mobile network operators, I think anything that draws attention to how laughably easy it is to intercept cell data is worth talking about. Most people just assume that their cell data is secure, when every year at DEFCON we see more exploits .. and they never seem to get patched.
With how ridiculously easy it is to encrypt internet traffic you'd think they could at least deploy some patches to fix some of these attacks... rogue towers anyone? They still don't use signed certificates for towers?
Apple has been on a monopolistic roll lately. I wonder how many sharks at the DOJ are sharpening their teeth? An antitrust case against Apple would really be fun to watch - all those fanboys squirming.
The summary is kind of slanted. Apple already knew who had lost the phone - they knew from the day after when they wiped it - Gizmodo just made that name public and did so in a fairly classy way. As a lot of comments on Gizmodo have pointed out, the public naming of the engineer isn't going to do anything more to hurt him, and could protect him a little from Steve Jobs firing him.
Actually, TFA didn't say exactly, but it sounds like these SIP attacks are brute-force attempts to authenticate and initiate a session. Presumably they want to spam-call numbers on PBX without paying long distance.
You're right, I'm off a year.