Sometimes, hardware containing sensitive information is stolen by people who are only interested in the resale value of the hardware and are not aware of the presence of this information. In this case, isn't it preferrable to keep a low profile and refrain from discussing possible breaches of security in the public?
My usual thought when I hear of stories such as this one is that there are accomplices at the location. There's no way that total outsiders could have pulled out such a theft.
The usual suspects are the cleaning personnel, but I'd also add the security guards. At my workplace and other locations, there have been thefts of electronic hardware during the night by someone who had the keys. Who goes around the offices at night when nobody's there? The guards.
In this case, those who stole the hardware are probably outsiders extensively briefed by insiders about the location of the systems and the security procedures in place.
A bike is very light and uses very little metal compared to a car, with comparable life times. I doubt very much that bike production is of sizeable ecological impact compared to other productions.:-)
Note that in France you can use signs in English or any other language at your choice - the only requirement is that if they are for commercial/advertisement purposes, you should provide a translation into French (generally a footnote). This is because of legal requirements on advertisements.
I'm quite amazed by these allegations... See, I work for a national laboratory in France, so I know quite a bit what it is to work as a scientist, and I can tell you that I can introduce new terminology without having some kind of government approval! (hey, I do science, I don't design government forms!). I publish what I want, basically.
I publish my papers in English not because of some terminology problems but because of very simple realities: if I publish in French, I reduce my readership to French-speaking countries; furthermore, the selectivity of the journals or conferences in which I publish will be lower, thus less considered scientifically.
The problem with French terminology is when people insist on translating English words in their own way. For the same English phrase, you get several French ones, depending on who thought it was a good idea to do in this or that way. The official terminology commission would perhaps be of some help with settling on a common word if it knew anything about science.
For me, the problem arises when we write our official reports. Since these are official government reports, they must be written in French (if only because citizens must be able to read reports about government activities). We have our moments of "how the heck do we translate 'branching-time logic' into French?".
Apart from that, the point is that: - this terminology commission acts on official government communication; private corporations or individuals may follow its advice if they feel like it; - anyway, except for public relations and administrative services, few people in government give a damn about it; we also ignore official rules on WWW sites.
Who talks about freedom? This so-called "ban" is not a ban. It's an update on the guidelines governing official government-issued texts.It does not concern private entities.
I hope for your credibility that your other examples of "why the French government knows Jack about freedom" are not equally baloney. What are they?
They also have administrations dealing with how forms and other official documents are written (see that fine print at the bottom of forms... isn't it a task of OMB to ensure that all government forms are written in a certain fashion?). I suspect they also have terminology commissions.
Hey, I can't believe this went as a Slashdot story... I've seen it first-hand three times before, and actually participated twice!
You can do ice cream or sherbet that way. For ice cream, you can make crÃme anglaise; for sherbet, use some fruit juice and pureed fruit. Pour the liquid nitrogen on it. It makes lots of white "smoke", very much like a sorcerer's cauldron in the movies (actually, that's how they used to make such effects).
You have to mix very carefully so as not to leave very cold blocks inside.
The ice cream we did was real good (French vanilla crÃme anglaise, served with microwaved almonds). It was very creamy - I have the impression that the nitrogen makes very small ice crystals and that, furthermore, it leaves small bubbles of air inside the cream. By the way, commercial ice cream makers do incorporate gas into the cream (two reasons: it makes it "lighter" and more palatable, and it reduces the mass of costly material per liter!).
Fly by wire systems are very large networks of numerical filters with feedback. I would not be surprised if they included such constraints. Still, as you rightly point out, such constraints are hard to "get right".
As far as I know, Airbus had a large success with the A300 because 1/ contrary to is Boeing competitor, it could load standard cargo pallets 2/ it used less gas, in an era where airlines were still hit with high oil prices.
Airbus tend introduced the first fly-by-wire airliner (the A320). It took years before Boeing caught up with the B777. This probably means that Airbus leads the way at least in some areas.
As for subsidies, let us set the record straight:
* Boeing is a major US military contractor. It is well known that US military procurement is a major source of corporate pork (as well as pork for the various constituencies of the US senators).
In contrast, Airbus is not, at present, a military contractor. It has projects for a A400M military transportation plane, but so far this plane only exists in paper; furthermore I doubt it will be as profitable as the huge array of military jets that are sold by Boeing. One of the Airbus parent companies (EADS) has some military businesses (missiles) but it is smaller than Boeing's.
* Airbus does not get straight subsidies. Instead, it gets refundable loans. Arguably, these loans save Airbus money because it gets them at prices inferior to commercial loaners and it does not risk not being able to repay them.
* Airbus also benefits from government-financed research and development. I think this is also true of Boeing (watch the DARPA research grants).
The Airbus that fell over Brooklyn was a A300. The A300 is an old design which, as far as I know, does not have fly-by-wire controls (they were introduced on the A320, a later model).
The fly-by-wire controls of the A320, A330 and A340 have hard limits imposed by the computerized controller. This means that the system will refuse to exceed the manufacturer's limits, no matter what the pilot does. In comparison, the fly-by-wire controls on the B777 have "soft" limits - the pilot can exceed them by pulling harder. Whether soft or hard limits are better has been for long a point of argument: basically, some say that hard limits are better because the pilot is not allowed to destroy the plane, even if acting erratically under the stress of an emergency, while some say soft limits would allow the pilot to get out of acute emergencies.
Now, guess what? I heard from people in the air industry that the "composite" materials some blamed for the failure of the rudder were not used on the A300, which is too old of a design!:-)
Your boat is subject to the legislation of its country of registration when it's in the international waters, as far as I know.
Of course, if this country is Panama, Liberia or similar, then you don't risk much enforcement in any matter!:-)
(Note that if some major country went in and sunk your boat, then I don't see what could happen next... I don't see Panama or Liberia going to war.:-) )
Somebody from INRIA (a computer science institute) told me that their accounting services run an old COBOL program to process the pay. The engineers who wrote the code are now retired...
Most mathematicians and computer scientists use a program called TeX to typeset their papers. TeX takes a.tex file as input and spits out a.dvi file, which can be postprocessed by drivers to produce PostScript or PDF files. TeX was written by professor Donald Knuth of Stanford University; the current version is still essentially similar to the 1983 version!
TeX has a horrible syntax and funky limitations, but there are so many available packages for it (such as LaTeX and the associated packages) as well as external applications (BibTeX) and tons of mathematical files made for it that it just cannot be replaced.
Some crazy people even use TeX to typeset a newspaper and a personnel directory.
The study contends that so far the weakness of LCD displays (they don't age well with hours of use) didn't matter that much, because for many usages (such as projecting slides in corporate or other meetings), the projector is considered obsolete for other concerns before the LCD panel has aged.
This is probably true. LCD projectors have had tremendous improvements in the field of resolution, size and weight. Projectors bought 8 years ago for a premium are now dinosaurs, probably not in use anymore.
Furthermore, as hardware ages, there are more things that can go wrong than just the LCD. Projectors used in meetings here and there get moved from room to room, building to building; they are far more likely to endure failure from repeat mechanical stress than from LCD burning.
So the question is: provided that the evolution of resolution, weight and size slows down significantly (probable soon for weight and size), which rules out obsolescence, do projectors designed for occasional use fail because of LCD burning before failing for other reasons?
Obviously, a very different issue is projectors set in fixed locations (little stress) but used constantly or at least very often, for long stretches.
Good static analysis techniques would allow this optimization. What's implement in the.net runtime sounds pretty much syntactic; there are semantical methods that are more powerful.
Advanced compilers for FORTRAN/C/C++ often do
more complex optimizations such as software pipelining, vectorization and loop movements.
The trust you should have in the compiler depends on how the analysis method is constructed. I don't have too much trust in analysis methods based on recognizing "loose patterns" in code, because they may end up recognizing as optimizable code that should not be optimized away. Semantic method are more robust. Also, such methods can be tested by looking at the results of the analyses, not just the optimization. For instance, in your case, the method would have PROVED that the constraint i
I agree with the safer programming languages (such as Java or OCaml). I agree with the better tools. I agree with dynamic checks, stack guards and whatever. Let's add for good measure static analysis.
But why UML? UML is a modeling language. What the above solutions are trying to catch are implementation issues.
If you're trying to catch issues at the design level, you need much more than a modeling language in which to write vague descriptions. You need tools that can show that your implementation corresponds to the design. You need tools that are capable of dealing with issues such as interlocking threads.
Re:the largest security hole is the client machine
on
The Virus Did It
·
· Score: 1
Maybe I expressed myself badly.
Much of the attention on the security of online transactions has focused on the design of protocols (and cryptographic primitives). You may then add bugs in the implementations.
What I'm concerned about is the security of information not in the client software (Internet Explorer, Outlook Express...) but on the client machine as a whole.
It's not just the holes in Internet Explorer and Outlook Express. It's the myriad utilities, gadgets, games, toolbars and whatever that many Windows users install on their machines.
Any of these can easily contain a virus.
the largest security hole is the client machine
on
The Virus Did It
·
· Score: 4, Interesting
The more it goes, the more I think that the main issue of online security is not the protocols (SSL, SET...) but the security of the endpoints, and particularly of the clients.
I would not be surprised if we found a virus that searches through the local (and even LAN-accessible) documents for interesting keywords or types of information, then somehow manages to send this information back to some spying agency. In fact, I think this has probably already been done.
Imagine the potential:
economic espionage
blackmail (emails showing that he has a mistress / has taken illegal bribes...)
Of course, most corporate networks are firewalled. Still, lots of binary data is exchanged. You just have to hide yours in the flux... Do you really think this would be noticed in the middle of a virus attack?. Traffic analysis would be thwarted by the viral attack sending information in many directions, with no obvious destination. Onion peel routing and distribution through Usenet or WWW bulletin boards could do the rest - untracable information.
This is the umpteenth time where I hear that some funding for just about ANYTHING is cancelled because of the "recent world events".
Usually, it involves "economic problems" - "no, we cannot fund your students' association this year... because... because of the recent world events and their consequences on the economy".
You then have the security problems - "no, I won't cross the Atlantic to go to your meeting because... because... because of the recent world events".
In short, the "recent world events" have been used as an excuse for tight-fistedness and laziness.
As for DARPA, I know that the "war on error" has been used as a pretext to fund projects for which the link to terror is, shall we say, a bit remote. I know of some DARPA-funded projects that are really about model-checking hybrid systems using semialgebraic sets, but have been packaged as studying anthrax.
Perhaps we shouldn't make too much out of this decision by the DARPA bureaucracy. I suspect Mr De Raadt would have had much success if the project had no been so blatantly international and if his sponsors had packaged it as "preventing terrorist hackers from crashing safety-critical systems".
(I'm seeking a grant under this last pretext, somehow.)
I was commenting the French case. The French constitutional right of free speech comes from the 1789 Declaration of the Rights of Man and the Citizen, which states that "[...] any Citizen can thus speak, write, print freely [...]", and from other sources such as the European Declaration on Human Rights.
Ok, there have been self-funded multimillionnaires... Still, it is very unlikely that the quality of the democratic debate is improved if somebody, just because he is rich, can buy 20-second TV ads.
France has a system of "official campaign": on top of their own campaign expenses (spending limits), all candidates are awarded some equal time on TV (there's a procedure to weed out candidates with not enough grassroot support). That way, even poor candidates can get themselves heard.
I'm extremely skeptical about donations from big corporations. I take them as legal corruption.
Slashdot Mirror
Sometimes, hardware containing sensitive information is stolen by people who are only interested in the resale value of the hardware and are not aware of the presence of this information. In this case, isn't it preferrable to keep a low profile and refrain from discussing possible breaches of security in the public?
My usual thought when I hear of stories such as this one is that there are accomplices at the location. There's no way that total outsiders could have pulled out such a theft.
The usual suspects are the cleaning personnel, but I'd also add the security guards. At my workplace and other locations, there have been thefts of electronic hardware during the night by someone who had the keys. Who goes around the offices at night when nobody's there? The guards.
In this case, those who stole the hardware are probably outsiders extensively briefed by insiders about the location of the systems and the security procedures in place.
A bike is very light and uses very little metal compared to a car, with comparable life times. I doubt very much that bike production is of sizeable ecological impact compared to other productions. :-)
Note that in France you can use signs in English or any other language at your choice - the only requirement is that if they are for commercial/advertisement purposes, you should provide a translation into French (generally a footnote). This is because of legal requirements on advertisements.
I'm quite amazed by these allegations... See, I work for a national laboratory in France, so I know quite a bit what it is to work as a scientist, and I can tell you that I can introduce new terminology without having some kind of government approval! (hey, I do science, I don't design government forms!). I publish what I want, basically.
I publish my papers in English not because of some terminology problems but because of very simple realities: if I publish in French, I reduce my readership to French-speaking countries; furthermore, the selectivity of the journals or conferences in which I publish will be lower, thus less considered scientifically.
The problem with French terminology is when people insist on translating English words in their own way. For the same English phrase, you get several French ones, depending on who thought it was a good idea to do in this or that way. The official terminology commission would perhaps be of some help with settling on a common word if it knew anything about science.
For me, the problem arises when we write our official reports. Since these are official government reports, they must be written in French (if only because citizens must be able to read reports about government activities). We have our moments of "how the heck do we translate 'branching-time logic' into French?".
Apart from that, the point is that:
- this terminology commission acts on official government communication; private corporations or individuals may follow its advice if they feel like it;
- anyway, except for public relations and administrative services, few people in government give a damn about it; we also ignore official rules on WWW sites.
Who talks about freedom? This so-called "ban" is not a ban. It's an update on the guidelines governing official government-issued texts.It does not concern private entities.
I hope for your credibility that your other examples of "why the French government knows Jack about freedom" are not equally baloney. What are they?
The USA has the National Endowment for the Arts to fund artists.
They also have administrations dealing with how forms and other official documents are written (see that fine print at the bottom of forms... isn't it a task of OMB to ensure that all government forms are written in a certain fashion?). I suspect they also have terminology commissions.
Uh?
This commission of terminology gives the official terminology for government-issued official texts. Where do businesses fit?
Hey, I can't believe this went as a Slashdot story... I've seen it first-hand three times before, and actually participated twice!
You can do ice cream or sherbet that way. For ice cream, you can make crÃme anglaise; for sherbet, use some fruit juice and pureed fruit. Pour the liquid nitrogen on it. It makes lots of white "smoke", very much like a sorcerer's cauldron in the movies (actually, that's how they used to make such effects).
You have to mix very carefully so as not to leave very cold blocks inside.
The ice cream we did was real good (French vanilla crÃme anglaise, served with microwaved almonds). It was very creamy - I have the impression that the nitrogen makes very small ice crystals and that, furthermore, it leaves small bubbles of air inside the cream. By the way, commercial ice cream makers do incorporate gas into the cream (two reasons: it makes it "lighter" and more palatable, and it reduces the mass of costly material per liter!).
Fly by wire systems are very large networks of numerical filters with feedback. I would not be surprised if they included such constraints. Still, as you rightly point out, such constraints are hard to "get right".
Who owns SCO? I have the impression that IBM should try buying it, if only to stop it from pissing everybody off.
Hum...
As far as I know, Airbus had a large success with the A300 because 1/ contrary to is Boeing competitor, it could load standard cargo pallets 2/ it used less gas, in an era where airlines were still hit with high oil prices.
Airbus tend introduced the first fly-by-wire airliner (the A320). It took years before Boeing caught up with the B777. This probably means that Airbus leads the way at least in some areas.
As for subsidies, let us set the record straight:
* Boeing is a major US military contractor. It is well known that US military procurement is a major source of corporate pork (as well as pork for the various constituencies of the US senators).
In contrast, Airbus is not, at present, a military contractor. It has projects for a A400M military transportation plane, but so far this plane only exists in paper; furthermore I doubt it will be as profitable as the huge array of military jets that are sold by Boeing. One of the Airbus parent companies (EADS) has some military businesses (missiles) but it is smaller than Boeing's.
* Airbus does not get straight subsidies. Instead, it gets refundable loans. Arguably, these loans save Airbus money because it gets them at prices inferior to commercial loaners and it does not risk not being able to repay them.
* Airbus also benefits from government-financed research and development. I think this is also true of Boeing (watch the DARPA research grants).
The Airbus that fell over Brooklyn was a A300. The A300 is an old design which, as far as I know, does not have fly-by-wire controls (they were introduced on the A320, a later model).
:-)
The fly-by-wire controls of the A320, A330 and A340 have hard limits imposed by the computerized controller. This means that the system will refuse to exceed the manufacturer's limits, no matter what the pilot does. In comparison, the fly-by-wire controls on the B777 have "soft" limits - the pilot can exceed them by pulling harder. Whether soft or hard limits are better has been for long a point of argument: basically, some say that hard limits are better because the pilot is not allowed to destroy the plane, even if acting erratically under the stress of an emergency, while some say soft limits would allow the pilot to get out of acute emergencies.
Now, guess what? I heard from people in the air industry that the "composite" materials some blamed for the failure of the rudder were not used on the A300, which is too old of a design!
Your boat is subject to the legislation of its country of registration when it's in the international waters, as far as I know.
:-)
:-) )
Of course, if this country is Panama, Liberia or similar, then you don't risk much enforcement in any matter!
(Note that if some major country went in and sunk your boat, then I don't see what could happen next... I don't see Panama or Liberia going to war.
Somebody from INRIA (a computer science institute) told me that their accounting services run an old COBOL program to process the pay. The engineers who wrote the code are now retired...
Most mathematicians and computer scientists use a program called TeX to typeset their papers. TeX takes a .tex file as input and spits out a .dvi file, which can be postprocessed by drivers to produce PostScript or PDF files. TeX was written by professor Donald Knuth of Stanford University; the current version is still essentially similar to the 1983 version!
TeX has a horrible syntax and funky limitations, but there are so many available packages for it (such as LaTeX and the associated packages) as well as external applications (BibTeX) and tons of mathematical files made for it that it just cannot be replaced.
Some crazy people even use TeX to
typeset a newspaper and a personnel directory.
The study contends that so far the weakness of LCD displays (they don't age well with hours of use) didn't matter that much, because for many usages (such as projecting slides in corporate or other meetings), the projector is considered obsolete for other concerns before the LCD panel has aged.
This is probably true. LCD projectors have had tremendous improvements in the field of resolution, size and weight. Projectors bought 8 years ago for a premium are now dinosaurs, probably not in use anymore.
Furthermore, as hardware ages, there are more things that can go wrong than just the LCD. Projectors used in meetings here and there get moved from room to room, building to building; they are far more likely to endure failure from repeat mechanical stress than from LCD burning.
So the question is: provided that the evolution of resolution, weight and size slows down significantly (probable soon for weight and size), which rules out obsolescence, do projectors designed for occasional use fail because of LCD burning before failing for other reasons?
Obviously, a very different issue is projectors set in fixed locations (little stress) but used constantly or at least very often, for long stretches.
Good static analysis techniques would allow this optimization. What's implement in the .net runtime sounds pretty much syntactic; there are semantical methods that are more powerful.
Advanced compilers for FORTRAN/C/C++ often do more complex optimizations such as software pipelining, vectorization and loop movements.
The trust you should have in the compiler depends on how the analysis method is constructed. I don't have too much trust in analysis methods based on recognizing "loose patterns" in code, because they may end up recognizing as optimizable code that should not be optimized away. Semantic method are more robust. Also, such methods can be tested by looking at the results of the analyses, not just the optimization. For instance, in your case, the method would have PROVED that the constraint i
Static analysis method are now used for far more complex tasks, such as proving that a 70000-line C program never accesses arrays out of bounds or encounters arithmetic overflows in any operating context.
Static analysis methods may remove as much as 90% of runtime checks.
...
For instance, such techniques may, on reading code such as:
for(int i=0; ia.length; i++)
{
x = a[i];
}
derive the fact that the check on a[i] is unnecessary because 0=ia.length.
I agree with the safer programming languages (such as Java or OCaml). I agree with the better tools. I agree with dynamic checks, stack guards and whatever. Let's add for good measure static analysis.
But why UML? UML is a modeling language. What the above solutions are trying to catch are implementation issues.
If you're trying to catch issues at the design level, you need much more than a modeling language in which to write vague descriptions. You need tools that can show that your implementation corresponds to the design. You need tools that are capable of dealing with issues such as interlocking threads.
Maybe I expressed myself badly.
Much of the attention on the security of online transactions has focused on the design of protocols (and cryptographic primitives). You may then add bugs in the implementations.
What I'm concerned about is the security of information not in the client software (Internet Explorer, Outlook Express...) but on the client machine as a whole.
It's not just the holes in Internet Explorer and Outlook Express. It's the myriad utilities, gadgets, games, toolbars and whatever that many Windows users install on their machines.
Any of these can easily contain a virus.
The more it goes, the more I think that the main issue of online security is not the protocols (SSL, SET...) but the security of the endpoints, and particularly of the clients.
I would not be surprised if we found a virus that searches through the local (and even LAN-accessible) documents for interesting keywords or types of information, then somehow manages to send this information back to some spying agency. In fact, I think this has probably already been done.
Imagine the potential:Of course, most corporate networks are firewalled. Still, lots of binary data is exchanged. You just have to hide yours in the flux... Do you really think this would be noticed in the middle of a virus attack?. Traffic analysis would be thwarted by the viral attack sending information in many directions, with no obvious destination. Onion peel routing and distribution through Usenet or WWW bulletin boards could do the rest - untracable information.
This is the umpteenth time where I hear that some funding for just about ANYTHING is cancelled because of the "recent world events".
Usually, it involves "economic problems" - "no, we cannot fund your students' association this year... because... because of the recent world events and their consequences on the economy".
You then have the security problems - "no, I won't cross the Atlantic to go to your meeting because... because... because of the recent world events".
In short, the "recent world events" have been used as an excuse for tight-fistedness and laziness.
As for DARPA, I know that the "war on error" has been used as a pretext to fund projects for which the link to terror is, shall we say, a bit remote. I know of some DARPA-funded projects that are really about model-checking hybrid systems using semialgebraic sets, but have been packaged as studying anthrax.
Perhaps we shouldn't make too much out of this decision by the DARPA bureaucracy. I suspect Mr De Raadt would have had much success if the project had no been so blatantly international and if his sponsors had packaged it as "preventing terrorist hackers from crashing safety-critical systems".
(I'm seeking a grant under this last pretext, somehow.)
I was commenting the French case. The French constitutional right of free speech comes from the 1789 Declaration of the Rights of Man and the Citizen , which states that "[...] any Citizen can thus speak, write, print freely [...]", and from other sources such as the European Declaration on Human Rights.
All of them talk of human, not corporate rights.
Ok, there have been self-funded multimillionnaires... Still, it is very unlikely that the quality of the democratic debate is improved if somebody, just because he is rich, can buy 20-second TV ads.
France has a system of "official campaign": on top of their own campaign expenses (spending limits), all candidates are awarded some equal time on TV (there's a procedure to weed out candidates with not enough grassroot support). That way, even poor candidates can get themselves heard.
I'm extremely skeptical about donations from big corporations. I take them as legal corruption.