since the method appears to rely on physically moving the particles to adjust to different wavelengths of light, there is an inherent lag time. It would be great for slow-moving but not permanent displays like billboards, airport schedules, and clocks.
The speed of chemistry is far faster than human conception of time. Typical enzymes can act hundreds of thousands, sometimes millions, of times per second, and that's an active process involving multiple-trigger deformation of a molecule. The distance these particles would be moving is on par with the brownian motion that we're so used to thinking of as instantaneous heat.
Chemistry's involved lag is not something you or I will ever see.
Whereas I don't know a whole lot about the technology involved, I hasten to point out that actual chameleons have no trouble with brown, and that if this is a purely reflective surface, just putting little gaps in the color and providing a black background may be enough.
I am so glad I'm (barely) old enough to predate the notion of PC and cellphone reliance. Nobody could remember this crap before cell phones either; if one takes a look at a sitcom, a the design of personal paper phonebook (they had those before cells,) or even just uses common sense, one will be presented with a world where not a whole lot has changed.
The only difference is that now we're used to being reminded infallibly by our machines, and are aghast at the idea that back in the day, people used to just forget this stuff.
Have we all really forgotten the standard issue sitcom theme where the husband comes home to an angry wife, and starts guessing what he forgot? Birthday? Anniversary? There's a reason that plot goes back past 1998.
Indeed. I learned it by rote. (For what it's worth, I had already learned that by rote long before I made my career choice, and I'm willing to bet most actual physicists did too. Try using examples a little higher up the chain. Also a dictionary.)
Well, getting "interviewed" by the commission, or having to submit pictures of the office and the list of employees to obtain such insignificant quantity of radioactive material could well be argued to be unduly burdensome.
I think that even on SlashDot you'll have a hard time finding someone who'll claim it is unduly burdensome for the nuclear regulatory commission to interview its customers.
The same place they were for the other seventy-nine. The reason you haven't heard of them isn't because they aren't around and it isn't because they aren't doing their job. It's because the vast bulk of people just never research what's going on deeply enough to have even a passing familiarity with the groups involved. GAO's been around since 1921. They were hugely involved with The New Deal. Presidents Hoover and Roosevelt tried to get rid of the GAO, but failed. Why? Because they're deeply influential and hugely involved with the history of this nation.
It never ceases to amaze me how SlashDotters confuse "I haven't heard of it" with "it hasn't been succeeding."
It's not clear from what you said whether you mean dirty bombs as a whole are a fraudulent concept, or whether the material involved in this situation could not be used to create a dirty bomb. Please clarify: is the fabrication to which you refer about this situation, or about the fundamental concept of dirty bombs?
The amount of Americium and Cesium that would be obtained in one of the moisture density devices is so small that you would need THOUSANDS, maybe hundreds of thousands of them to make any kind of 'dirty bomb'.
This would only be true under the relatively unlikely situation that the terrorists were trying to make the bomb entirely out of the salting material, which they aren't. The salt doesn't need to be in much presence; nuclear explosions do a pretty good job of vaporizing and dispersing elements.
The amount of Americium in one analyzer is about the size of a pin head, barely visible to the human eye.
And way, way more than enough to salt a bomb. By the way, maybe you should try reading the article: "But he said the danger associated with the amount of radioactive material the auditors were trying to buy should not be overstated." In fact, the people demonstrating the flaw in control are just as aware that the test they made isn't a nuclear threat as you, some random SlashDot goon, are. That's not actually the point. That said, if you'd bother to check your math, the amount of Americum required is about three quarters of the volume of alpha emitter that was released in the Goiania accident, and the Goiania accident was just two guys carrying around one tiny container of dust. Turns out that a nuclear weapon does a better job of dispersing material than do two excited dudes who don't know why it's bad that their stuff glows in the dark.
By the by, that accident contaminated 250 people, and that's in a weird little rural village with a population of less than nothing. If you just move that to two dudes walking around New York City with an object like that, you're looking at probably several thousand deaths. If you took that capsule and put it on top of a relatively high roof (say, an apartment building or a hotel,) then set up a simple oscillating desktop fan, you're looking at more deaths than any terrorist attack in US history (maybe in global history, not really sure.)
That amount of alpha emitters nice and charged/distributed by a thermonuclear explosion? Yeah, you're just wrong about thinking that's not terrifying.
The point is that the NRC is supposed to investigate everyone. Nobody should have been able to get anything, no matter how innocuous. The purpose of the exercise wasn't to attempt to acquire a dangerous level of material, but simply to show that virtually no effort was required to circumvent these regulations. Amusingly, the reason this worked is almost certainly because there was someone like you at the helm, making nasty comments about how harmless the materials are, and deciding to save themselves some time and just pass the damn thing.
The reality of it is that I can take Americium and hold it in my hands.
Yep. Cobalt too. That really doesn't have much to do with the danger involved. Many extremely dangerous things can be held in your hands, including C4 and U238. I'd ask what your point was, but I think you were just trying to pretend that fissile alpha emitters aren't dangerous because one of the situations that doesn't poison you to death is being in contact with the material.
Or did you think the bomb salts were about something other than chemical toxicity?
But he said the danger associated with the amount of radioactive material the auditors were trying to buy should not be overstated.
Well, if they took the time to powder the Americum first, they could just use a traditional chemical explosive to distribute it. Timothy McVeigh managed. Turns out that normal bombs aren't that hard to make. Sure, that wouldn't matter much with Americum, but Americum has the exact same okay process as the other materials the NRC stores, including thorium and polonium. Get those as powders in a traditional bomb, and you've got a several mile cloud of you're-dead-in-three-days.
Chances are if he says the bomb is made out of marshmallows and pixie dust, the NSA won't go after him; since that's about as accurate as the explanation he gave, I'm willing to bet that he's in the clear.
Sigh. Dirty bombs aren't unrefined uranium; they're refined and seperated as heavily as any other bomb. Dirty bombs are salted bombs, not bombs that were made poorly. Using the wrong uranium isotope would have a tremendous impact on the bomb's ability to blow up in the first place (or were we confused about why the uranium deposits in the ground don't blow up on their own?)
Citing Wikipedia, the world's primary repository of half-knowledge, the apparent traditional list of salts for a bomb is this: americium-241, californium-252, caesium-137, cobalt-60, iridium-192, plutonium-238, polonium-210, radium-226 and strontium-90. I can tell you from personal knowledge that p238 is an extremely poor choice for a salt due to its half life (hundreds of thousands of years - we do want to colonize Russia after we're done nuking it back into the stone age.) It's also interesting that they misspelled cesium.
Cobalt 60 is the canonical bomb salt (hence "cobalt bomb.")
Next time you want to converse about nuclear physics, think real hard; if you learned it from Anne Coulter or Action Comics, chances are you'll look smarter staying quiet.
I don't think you're understanding the problem. It has nothing to do with "running scripts". And your solution is basically to remove external URL handlers completely.
Er, no, it most certainly is not; I write several applications which are critcially dependant on HKLU protocol handlers. At no point did I advocate the removal of the tool, nor in fact did I advocate anything similar to what you describe. That you should suggest I don't understand the problem, then go on to be this confused about the nature of my solution, is simply remarkable.
The actual problem is that the Firefox main executable has command-line options which have an unintended side effect of being able to run external programs.
I'll say it again. If this was really the problem, then IE would not be the only gateway to this bug; you would be able to trigger this from Opera, Safari/Windows, from various instant messengers and so forth. That said, you cannot. Why? Because all of the programs named except IE do the exact same very simple thing that prevents the problem from occurring. It doesn't require "removing external url handlers completely;" it just requires handling them sensibly.
So, let's try this again. Maybe you'll listen this time. "Do I know what protocol that is? No? Then don't let it run applications." That isn't at all the same thing as removing protocol handlers entirely. Protocol handlers can explicitly name applications and then IE knows what they are; this requires user interaction, which you know if you've ever installed Yahoo Messenger. There has been a system in place for this since Windows 98, and everybody uses it but IE.
Perhaps you should spend a little more time becoming familiar with how Windows works before telling other people that they don't understand the problem. I wrote an article about this problem and submitted it to CERT and SlashDot almost ten years ago.
This is old news. Please give more credit to your fellow slashdotter; they're not as stupid as you seem to believe.
And Firefox installs an unsafe command-line-based URL handler
There is no such thing. That's why there's only one path to exploit this handler - through IE. The reason that nothing else can trigger this flaw is that the flaw is not in the URL handler, but rather in IE's interpretation thereof.
Re:Laughing? A less happy feeling
on
Firefox Quickies
·
· Score: 1
Yeah, here's the problem: just because you say English works that way doesn't mean that it actually does. See, if you go into court, and say "the law is defined by what I want, not what's on the law books," they'll laugh at you all the way to jail. Just like, in fact, I'm laughing at you all the way to the submit button.
When you can point to an actual language authority making any such absurd claim, lemme know. By the way, some other dude on SlashDot or GeoCities or IBoughtAnOfficialLookingDomain.org doesn't count.
This is, of course, ridiculous. There is no point at which the way in which a protocol handler should disable IE's security path; it's worth noting that the Yahoo Instant Messenger protocol handler ym:// has a very similar flaw. This isn't the registrant's fault. This is the fault of IE allowing any protocol handler to do whatever it likes. Whereas it's openly silly that Firefox should have created such a handler, to suppose that IE is not responsible for security checking its interpretation of the behavior of other applications is what caused most of IE's security problems in the first place.
If the problem was Firefox, then this would work in Opera too.
Re:SOMEONE is a little sensitive.
on
Firefox Quickies
·
· Score: 2, Insightful
Responding to yourself as if someone had given you guff over your choice of operating system?... Karma troll much?
Re:Laughing? A less happy feeling
on
Firefox Quickies
·
· Score: 1
Yes and terrorists are too stupid to use a rental car or steal a license plate or make up a fake one.
Indeed, because rental cars and fake license plates are immune to cameras, and police usually wait several days to try to track people, most commonly through their DMV records.
The reason Microsoft couldn't reasonably do Aero under DirectX9 has to do with baselines. One of the biggest advantages of DirectX 10 has less to do with what it is and more to do with what it isn't: old. Microsoft needed a way to do two things: 1) make sure that people weren't trying to run Aero on 386es, and 2) a simply way to tell non-technical people whether or not their hardware was up to modern spec.
Does DirectX9 have all the capabilities needed to run something like Aero? Yes, but DirectX9 also runs on systems which would drag under the demands of something like Aero. Microsoft has a vested interest in preventing their new software from running on hardware which will struggle with Aero, because then there'll be a lot of people complaining about how (insert the bad side of slow Aero here.)
DirectX10 has a much higher minimum bar to entry. If your stuff is DirectX10 ready, it's almost certainly Aero ready. That's why they made the requirement - they didn't want old hardware making their shiny new product look like crap. (That it forces new hardware purchase, which gets OEMs and VARs to support the new OS, certainly helps.)
If you look at it from a business perspective at the same time that you look at it from a technical and an "oh god I have to deal with stupid users" perspective, you'll start to see why just using the DirectX name to set the new low watermark was actually a relatively simple way for Microsoft to flatten several problems at once.
Slashdot Mirror
Chemistry's involved lag is not something you or I will ever see.
Whereas I don't know a whole lot about the technology involved, I hasten to point out that actual chameleons have no trouble with brown, and that if this is a purely reflective surface, just putting little gaps in the color and providing a black background may be enough.
I am so glad I'm (barely) old enough to predate the notion of PC and cellphone reliance. Nobody could remember this crap before cell phones either; if one takes a look at a sitcom, a the design of personal paper phonebook (they had those before cells,) or even just uses common sense, one will be presented with a world where not a whole lot has changed.
The only difference is that now we're used to being reminded infallibly by our machines, and are aghast at the idea that back in the day, people used to just forget this stuff.
Have we all really forgotten the standard issue sitcom theme where the husband comes home to an angry wife, and starts guessing what he forgot? Birthday? Anniversary? There's a reason that plot goes back past 1998.
The same place they were for the other seventy-nine. The reason you haven't heard of them isn't because they aren't around and it isn't because they aren't doing their job. It's because the vast bulk of people just never research what's going on deeply enough to have even a passing familiarity with the groups involved. GAO's been around since 1921. They were hugely involved with The New Deal. Presidents Hoover and Roosevelt tried to get rid of the GAO, but failed. Why? Because they're deeply influential and hugely involved with the history of this nation.
It never ceases to amaze me how SlashDotters confuse "I haven't heard of it" with "it hasn't been succeeding."
It's not clear from what you said whether you mean dirty bombs as a whole are a fraudulent concept, or whether the material involved in this situation could not be used to create a dirty bomb. Please clarify: is the fabrication to which you refer about this situation, or about the fundamental concept of dirty bombs?
This would only be true under the relatively unlikely situation that the terrorists were trying to make the bomb entirely out of the salting material, which they aren't. The salt doesn't need to be in much presence; nuclear explosions do a pretty good job of vaporizing and dispersing elements.
And way, way more than enough to salt a bomb. By the way, maybe you should try reading the article: "But he said the danger associated with the amount of radioactive material the auditors were trying to buy should not be overstated." In fact, the people demonstrating the flaw in control are just as aware that the test they made isn't a nuclear threat as you, some random SlashDot goon, are. That's not actually the point. That said, if you'd bother to check your math, the amount of Americum required is about three quarters of the volume of alpha emitter that was released in the Goiania accident, and the Goiania accident was just two guys carrying around one tiny container of dust. Turns out that a nuclear weapon does a better job of dispersing material than do two excited dudes who don't know why it's bad that their stuff glows in the dark.
By the by, that accident contaminated 250 people, and that's in a weird little rural village with a population of less than nothing. If you just move that to two dudes walking around New York City with an object like that, you're looking at probably several thousand deaths. If you took that capsule and put it on top of a relatively high roof (say, an apartment building or a hotel,) then set up a simple oscillating desktop fan, you're looking at more deaths than any terrorist attack in US history (maybe in global history, not really sure.)
That amount of alpha emitters nice and charged/distributed by a thermonuclear explosion? Yeah, you're just wrong about thinking that's not terrifying.
The point is that the NRC is supposed to investigate everyone. Nobody should have been able to get anything, no matter how innocuous. The purpose of the exercise wasn't to attempt to acquire a dangerous level of material, but simply to show that virtually no effort was required to circumvent these regulations. Amusingly, the reason this worked is almost certainly because there was someone like you at the helm, making nasty comments about how harmless the materials are, and deciding to save themselves some time and just pass the damn thing.
Yep. Cobalt too. That really doesn't have much to do with the danger involved. Many extremely dangerous things can be held in your hands, including C4 and U238. I'd ask what your point was, but I think you were just trying to pretend that fissile alpha emitters aren't dangerous because one of the situations that doesn't poison you to death is being in contact with the material.
Or did you think the bomb salts were about something other than chemical toxicity?
Well, if they took the time to powder the Americum first, they could just use a traditional chemical explosive to distribute it. Timothy McVeigh managed. Turns out that normal bombs aren't that hard to make. Sure, that wouldn't matter much with Americum, but Americum has the exact same okay process as the other materials the NRC stores, including thorium and polonium. Get those as powders in a traditional bomb, and you've got a several mile cloud of you're-dead-in-three-days.
It turns out that the peo
Chances are if he says the bomb is made out of marshmallows and pixie dust, the NSA won't go after him; since that's about as accurate as the explanation he gave, I'm willing to bet that he's in the clear.
Sigh. Dirty bombs aren't unrefined uranium; they're refined and seperated as heavily as any other bomb. Dirty bombs are salted bombs, not bombs that were made poorly. Using the wrong uranium isotope would have a tremendous impact on the bomb's ability to blow up in the first place (or were we confused about why the uranium deposits in the ground don't blow up on their own?)
Citing Wikipedia, the world's primary repository of half-knowledge, the apparent traditional list of salts for a bomb is this: americium-241, californium-252, caesium-137, cobalt-60, iridium-192, plutonium-238, polonium-210, radium-226 and strontium-90. I can tell you from personal knowledge that p238 is an extremely poor choice for a salt due to its half life (hundreds of thousands of years - we do want to colonize Russia after we're done nuking it back into the stone age.) It's also interesting that they misspelled cesium.
Cobalt 60 is the canonical bomb salt (hence "cobalt bomb.")
Next time you want to converse about nuclear physics, think real hard; if you learned it from Anne Coulter or Action Comics, chances are you'll look smarter staying quiet.
I wanted to mark "curb stomp the election" :(
So, let's try this again. Maybe you'll listen this time. "Do I know what protocol that is? No? Then don't let it run applications." That isn't at all the same thing as removing protocol handlers entirely. Protocol handlers can explicitly name applications and then IE knows what they are; this requires user interaction, which you know if you've ever installed Yahoo Messenger. There has been a system in place for this since Windows 98, and everybody uses it but IE.
Perhaps you should spend a little more time becoming familiar with how Windows works before telling other people that they don't understand the problem. I wrote an article about this problem and submitted it to CERT and SlashDot almost ten years ago.
This is old news. Please give more credit to your fellow slashdotter; they're not as stupid as you seem to believe.There is no such thing. That's why there's only one path to exploit this handler - through IE. The reason that nothing else can trigger this flaw is that the flaw is not in the URL handler, but rather in IE's interpretation thereof.
Yeah, here's the problem: just because you say English works that way doesn't mean that it actually does. See, if you go into court, and say "the law is defined by what I want, not what's on the law books," they'll laugh at you all the way to jail. Just like, in fact, I'm laughing at you all the way to the submit button.
When you can point to an actual language authority making any such absurd claim, lemme know. By the way, some other dude on SlashDot or GeoCities or IBoughtAnOfficialLookingDomain.org doesn't count.
This isn't complicated. "Do I know what it is? No? Then it can't run scripts."
This is, of course, ridiculous. There is no point at which the way in which a protocol handler should disable IE's security path; it's worth noting that the Yahoo Instant Messenger protocol handler ym:// has a very similar flaw. This isn't the registrant's fault. This is the fault of IE allowing any protocol handler to do whatever it likes. Whereas it's openly silly that Firefox should have created such a handler, to suppose that IE is not responsible for security checking its interpretation of the behavior of other applications is what caused most of IE's security problems in the first place.
If the problem was Firefox, then this would work in Opera too.
Responding to yourself as if someone had given you guff over your choice of operating system? ... Karma troll much?
Actually, irony is the use of a word to mean something other than its superficial intent.
Gotta catch 'em all? Pr0nkémon?
The reason Microsoft couldn't reasonably do Aero under DirectX9 has to do with baselines. One of the biggest advantages of DirectX 10 has less to do with what it is and more to do with what it isn't: old. Microsoft needed a way to do two things: 1) make sure that people weren't trying to run Aero on 386es, and 2) a simply way to tell non-technical people whether or not their hardware was up to modern spec.
Does DirectX9 have all the capabilities needed to run something like Aero? Yes, but DirectX9 also runs on systems which would drag under the demands of something like Aero. Microsoft has a vested interest in preventing their new software from running on hardware which will struggle with Aero, because then there'll be a lot of people complaining about how (insert the bad side of slow Aero here.)
DirectX10 has a much higher minimum bar to entry. If your stuff is DirectX10 ready, it's almost certainly Aero ready. That's why they made the requirement - they didn't want old hardware making their shiny new product look like crap. (That it forces new hardware purchase, which gets OEMs and VARs to support the new OS, certainly helps.)
If you look at it from a business perspective at the same time that you look at it from a technical and an "oh god I have to deal with stupid users" perspective, you'll start to see why just using the DirectX name to set the new low watermark was actually a relatively simple way for Microsoft to flatten several problems at once.
It's likely that one was incompletely uninstalled, then the other installed to replace it.