Computer code (at least in the case of compiled languages) is not the final product. One needs a compiler to produce the final product just as one needs a construction crew to finish a bridge. The code is merely a blueprint, a very detailed one, but nonetheless just a set of instructions.
And luckily for us, construction crews are not yet illegal, nor do you have to have a licence to own one. You do need to have a licence to use one to construct a bridge though (usually), even on your own property (building codes).
I wonder how long until you have to have a licence of programming ability and submit your 'blueprints' to a central authority before building a program?
Combined with a big mp3 drive, you can just hit the "music" button without taking your eyes off the road to fiddle with the radio to find the right music for your current mood.
Why shoul you hit the 'music' button when the car can tell from your mood that you feel like music and turn it on for you.
For that matter, why turn the stearing wheel at all - the car should detect you getting aggitated as it's about to hit things, and turn one way or the other. If you get less aggitated, it must have turned the right way - otherwise reverse direction. Easy see.
(ok, so maybe I've read too much about neural net training - not so safe training a car system by having it crash millions of cars until it gets it right)
Are we building fortresses to protect ourselves against black-hats who don't exist, or are there really people that talented and that dangerous out there?
Two things:
1) If we didn't build fortesses to protect against these black-hats, then there certainly would be these sorts of attacks, because they would be easier (lower barrier to entry).
2) Consider the possibility, motivation, expected return:
Is it possible for these black hats to exist? yes
Is there a financial incentive to do this? yes
Is the expected return greater than the cost? yes
Given the above, I would say it's almost certain these sorts of people exist. Of course you don't hear about them, because they're good at what they do. Industrial espionage existed before computers, and will continue to exist. Computers just make it easier (in some ways) than it was before.
The way I see it is that the have *already* threatened him.
And they won't threaten *him* again, he's too high
profile. It's the next person who'll suffer if Felten
doesn't get this case through. And the next person
may not have a good lawyer or the resources to defend
themselves.
So the obvious solutions then, If you come up with anything that you want published that you might be sued under the DMCA for, just send it to Prof Felten and ask him to publish
A good system would be to have an API called AppSupportsFileType(const TCHAR* szFileExt) which would then add the file extension to the Registry if it didn't already exist and add the application information to a "Supported by" list.
You mean like the Mac has had for ages (well, every app exported the list of file types it supported in the Resource Fork). It meant that when you wanted to associate a specific extention on DOS disks to a specific application, you could select any application which supported that type (after mapping the 3 letter code to the Mac's 32 bit - encoded as 4 bytes - usually printable - type).
Years ago, when recumbent cycle 'technology' wasn't as well known as it is now, I had the opportunity to ride both recumbent bicyles and tricycles created by a company called Greenspeed here in Melbourne, Australia.
My experience with the bicycles was less than perfect - it takes a slightly different balancing technique to ride with your centre of gravity lower than the centre of the wheels. The handlebars are also beneath the seat, rather than up in front. I'm told a couple of weeks experience would be plenty to feel at home though.
On the other hand, the trike is a joy to ride. Not quite as fast (if you're going for the speed record) but fantastic for cornering. I hit a corner a lot faster than I'd dare on a 2 wheel device, and it swung around without even lifting a wheel. Truly a fantastic piece of machinery.
At AU$ 3,750 for the economy model, these things aren't cheap - but hey, I can drool.
The Resource Kit and Technet subscriptions aren't fixes (fixes are free), so your rant is unfounded. These items contain wads of documentation, best practices and other useful tools for a sysadmin and are well worth the money spent.
I think the important phrase here is Total Cost Of Ownership.
Something Microsoft frequently uses to justify choosing their overpriced products instead of free alternatives is the cost of administrating, maintaining, and of course cleaning up after virusware. I don't think I've ever seen a Microsoft advertisement suggest that I need a Resource Kit and Technet subscription as part of the TCO.
From the pictures of the PowerPlay III PDA (claims to be "Palm IIIxe Compatible") it looks like maybe it's compatible in that it looks the same.
Seriously though, it looks like they've created a very small embedded OS based on the Linux Kernel, and written apps that are approximately similar to those available on the Palm. It also looks like they're the same processor and hardware design, so it's quite probably Palm-OS compatible - they're just running their own OS instead.
There are Screen Shots available for apps that look remarkably like the screens on my Handspring running PalmOS.
I don't _need_ the source to Linux. Hell, I've never even looked at it, but it sure is nice to know I can
I have an NEC Versa Note laptop. It contains a built-in network adaptor which claims to be a Tulip based 21143 card. The driver which comes with Linux doesn't detect dumb old 10mbit hubs properly - certainly not my one at home anyway. Works fine with more recent switches though.
If I didn't have the source, I could have done nothing. As it is, I've discovered a state that only occurs when I'm on the home network and patched the driver so it works, for me, in the situations where I need it.
I couldn't have done that under Windows. So yes, despite being an ordainary user, I have benefitted from having access to the source code for my operating system (and a 3 year Uni degree in software engineering with C++ as one of the languages and an emphesis on learning C as well).
The attacks that are foiled are almost never newsworthy. Keep that in mind before you knee-jerk react and point the finger at our intelligence community.
I don't see where you obtained the idea that I'm pointing the finger at the intelligence community. I think they do a very good job with the resources they have.
On the other hand, I don't think they should be given unreasonable amounts of power over ordainary citizens (disclaimer, I'm from Australia, and I don't want either myself _or_ my USian friends being spied on unreasonably) - especially when said power will just force the terrorists to become smarter.
And the terrorists will become smarter. Until thought becomes a crime (I hope never) it will always be possible for one person to plan something like this.
Until private communication between people becomes a crime, it will always be possible to form a cell-based terrorist organisation.
The attacks that are foiled are almost never newsworthy. Keep that in mind before you knee-jerk react and point the finger at our intelligence community.
I said a single slashdot post could contain 10 digits of data. Yes, I do think that's all that's necessary to give the destination of an attack - 5 decimal digits == 16 bit binary value. This is enough to give a co-ordinate to enough accuracy to target a nuclear bomb.
Remember I said just a single slashdot post. Imagine hundreds of messages stashed into trolling f1rst p0sts. Who would know except those planning the attack? Sure if the intelligence people know to watch that person then they wouldn't have much chance, but that applies anyway.
My point. It is possible to transfer data without acting 'suspciously' - even in an environment where encryption is banned. It's even possible to do so without leaving 'proof' level evidence. It's just so much harder that only terrorists will attempt it.
That's right - if you make encryption harder then only terrorists will be using it - and then they'll be easier to target by the intelligence agencies. This means they'll stop using encryption and start using stenography or similar.
End result:
* innocent people lose advantages of encryption.
* un-committed terrorists don't bother any more because it's too hard to plan.
* committed terrorists - the really dangerous ones - continue to operate, while improving their weaponry.
I just had an extensive argument on IRC regarding this. Basically I posed this hypothetical situation: A terrorist is using email to plan to nuke Los Angeles. Suppose that a carnivore-like system were able to detect this and avert it. Given that the system is not abused, I repeat, given that its not abused (no fair saying "but it will be") would you give up email privacy in exchange for Los Angeles?
Suppose that pigs can fly...
"Given that the system is not abused" - where are you giving that from? If there's one thing that history tells us about these systems, they are abused.
The other part of your hypothetical.
"that a carnivore-like system were able to detect this and avert it" - do you seriously believe that the terrorists are not going to be able to get messages past such a system and yet you'll still have the freedom to freely send messages? The only way to keep on top of new techniques is to severly restrict the noise ratio on data channels, and this means restrictions on internet use. There are no ways to stop low bandwidth information transfer.
Even something as simple as either looking at or not looking at a site like slashdot once a day gives you one bit a day of data transfer. It would be easy to hide a short message in a single slashdot post - even something as simple as choice of punctuation, spelling errors, etc - if agreed on without going through the carnivore net - would be enough to give maybe 10 digits of data in a post this long.
I'm amazed that slashdot readers can believe that such a system wouldn't be abused - I mean how likely is that that the RIAA wouldn't push for this to be used to monitor 'illegal' behaviour as well.
I think the better way to help security is to make it less necessary. If the systems, on a low level, don't allow destruction then the hacker will only be able to fiddle.
This is very very dangerous - it's a lot better for a hacker to destroy than to fiddle (ObOntopic: as per the Yahoo stories). If the story is gone then you know something is wrong, but if the details are subtly changed, who is to know?
Better, more wide-spread version control would be good, for instance. That protects against not just maliciousness, but unintentional mistakes as well (which are more common).
Version control is better, but you still have to notice that the malicious change has been added, and then find who did it (or at least who the attacker was pretending to be) and remove it.
To use CVS as an example - if somebody has made a malicious change at -r1.4, you have to check out -r1.3 and also take a diff from -r1.4 and -rHEAD, then apply that diff to -r1.3 and hope nothing breaks, if it does then you have to work out what was depending on the malicious code, and hope that they didn't hide the malicious code along with a bunch of architectural changes that everyone assumed were legit because they helped.
(in which case you need to reverse engineer their changes and throw out the bad bits).
This takes a lot of time with code, and is almost impossible for things like masses of data with only occasional bits modified, and that within parameters.
Can you imagine what would happen to a mining company if someone managed to change their survey data so they dug a mine in the wrong place? Not a massive change probably (low order bits on GPS data or similar), but enough to cost millions of dollars.
On the other hand if the data is deleted then you know it's gone and can try to recreate from backups.
The biggest danger is that small changes will go un-noticed until the backup loops are over-written and there's enough real work done since the last clean offsite backup (surely everyone keeps at least one every few months) that it takes more work to recreate everything than to throw it away.
Debian testing is two weeks behind unstable, and tends to be quite good.
...though I was stupid enough to try to use it on a production server back when apache/php4 caused great mess due to library incompatabilities.
The main problem I have with Debian is that packages sometimes change which one is in charge of a file without conflicting, and it apt doesn't offer any nice way to deal with two packages wanting to own the same file unless one of them offers a redirect or they call it a conf-file.
Back on topic, I've just started using KDE again on my new laptop, having not been too impressed a couple of years ago when I last looked. KDE is getting _very_ nice (though you'll probably want to cut back on the eye-candy and gratuitously large real-estate grab the bar at the bottom makes on the default setup).
Apart from Konquerer being a bloatedly slow pig on Celeron 366 with 96Mb of memory, it rocks. Yay KDE.
arena from 64MB to 128MB, but at $20USD for 128MB who cares?
I hardly call a $20 upgrade an "expensive and pointless consumer hardware upgrade".
It's not expensive, and it's certainly not pointless as any system would run better with the more memory.
In a modern computer with a couple of spare SDRAM slots it's a $20 upgrade, sure, but you're talking a machine which is already within the spec for the latest version of Windows in every other regard
What about my laptop with two memory slots each with a 32Mb chip already in it, and memory at closer to $100 per 64Mb chip - I have to buy $200 worth of memory, not $20 worth - not to mention throw away the two chips I have.
What about older hardware (i.e. Pentium 166 with 72pin memory sockets).
Just because the most recent hardware upgrades cheaply doesn't mean older machines do, and it's people with older machines who are more likely to have to upgrade even to _read_ documents created by people with newer machines. This is the real side-effect of Microsoft (and other vendors) changing formats to push sales.
Range of mobility in an enviroment that can kill you will be key. I would hope that they are spending more research in this area. Polarizing suits and cermic wire heaters would seem to be the way to go. The real trick is keeping what is on the inside from leaking to the ourside. Non-porus plastics are available, I would think you could layer those with light sensitice polarizing compunds, beef up the style of artic survival suits heaters and give it a go.
It depends what environment you're planning to go into - for EVA in space there really isn't anything that having active limbs can help with in most emergencies, because there's nothing to hold on to.
On the other hand on a planet (or moon) surface you're right - mobility is vital. Skin tight or assisted suits - and I can see advantages of assisted suits too, why stick with plain old human strength when you can have an exo-skeleton.
Now we just need a cold-war to force a couple of countries to have a pointless posturing fight in which both try to get into space quicker so that we throw some real money at this problem. The advantages in terms of cool new materials with applications back here on earth will make it all worthwhile, but you can't convince investors of that (hang on,.coms but in space. Wonder if that would sell)
Check out the relatively unknown SciFi series called Star Wars. The newer books, telling the story approximately 20 years after the death of the emperor, already include using black holes as offensive and defensive weapons
Of course I wouldn't consider Star Wars to be 'hard SciFi'. Doesn't George Lucas say that the books (I'm presuming you mean the official books here) are second only to the movie in 'correctness' about the Star Wars universe.
Still I'm glad I don't live there, without midichlorines(sp?) in my blood, I'd be one of those extras that get killed off early for effect.
if they really can control them, then this might have some potenial for swallowing up balistic missiles. just a thought.
The problem with a small black hole that eats up a balistic missile is that it suddenly becomes a much bigger black hole.
From the site may be able to produce miniature black holes on demand.
Notice they say miniature black holes - I'm presuming these are the sort of thing that you look at with a microscope (or not in this case since there won't be any light escaping...), not the sort of thing that captures a balistic missile.
Of course is you can manouver one of these things into the way of a balistic missile, then hold it in place against the kinetic energy imparted by said missile, you already have the technology required to stop the missile, so the black hole itself is rather pointless.
Pity really, it sounds like a good plot for a SciFi story.
If your dad were buried in the rubble right now, or part of the burning wreckage at the pentagon, wouldn't you be insulted by this?
If it was my dad buried in the rubble right now, I'd:
a) Not be reading slashdot, I'd be out there helping or at least donating blood.
b) Happy that other people were getting on with their lives rather than stopping everything to watch over my shoulders like vultures and revel in my misery.
If on the other hand I was someone from another part of the world, I'd:
a) Not stop my entire life every time there was an act of terrorism or racism or un-democratic election somewhere in the world.
b) Be sorry for your dad, but not any more than I am for all the other people who die in less middle-class white newsworthy places.
As secure as your admin, unfortunately. Any OS can be compromised with enough stupid mistakes, and almost any OS can be secured with enough cluefulness.
While the admin does make a difference, it's also true that some Operating Systems lend themselves to security more than others.
To draw a parallel with Programming Languages, it's very easy in C to create buffer overflows, especially if you use the standard libraries and strcpy, etc rather than strncpy. This doesn't mean that it's impossible to write code without buffer overflows in C, just harder.
Contrast this with *watch out for the flames* a langauge like Java where strings are presented as a more abstract data type and memory allocation is taken care of. It's a lot harder to accidently create buffer overflows in Java.
Even good programmers create buffer overflows when using C, because it's a language that lends itself to buffer overflows. Even good admins leave security holes in some operating systems (naming no names) because they don't have a clean, consistant way of being made secure, and obscure changes to one part of the system can open up holes that wouldn't have otherwise existed somewhere remote (configuration wise).
Of course I'd like to think that I'm a good admin, and that being a good admin I recommend Operating Systems that are easier to secure properly so that my human failings are less likely to cause problems. A good admin who is listened to on security policy will choose a good Operating System, as well as secure it.
I know that back when I was young and stupid I wrote something that looked a lot like:
next unless m/^(\d{9}\.\d{3}) +(\d+) (\d{1,3}\.\d{1,3}....
Thinking that that would be more accurately
representing what's in the file. Luckily I know for a fact that that tool is no longer in use (a pity, it did very nice nearly-real-time accounting of user per user (mapped to logins with Samba per IP) from ipchains and squid logs).
Hopefully it will be mainly little tools written by college students with a perl manual and no clue *raises hand* that break, and not anything that's in serious production.
My tool would of course just skip every line, and hence it would look like there was no use. Because ipchains traffic would still be recorded it might even take some time for the admin to notice a problem.
This works because the/bin/ls line with the pattern above will only get sockets that you can read, which means either owned by you or you are root (lucky you). It grabs the first one, which is fine for non-root users, though not wonderful if you're root - then again root shouldn't be doing this anyway.
It works from the console too!
P.S. - remember to nuke that agent when you've finished, otherwise anyone else who can get in as you has privs on every box that trusts you.
Looking at all the smooth pine-wood (probably treated) which it was made with, and I imagine modern machine made nails, etc - it's not necessarily going to be historically accurate. I doubt the same strengths were available when you split the wood yourself or made nails on the blacksmith's anvil.
On the other hand, there are some cool things (like compressed air launchers) that can be done these days with very little in the way of tools. A friend of mine made a deoderant powered spud gun out of bits of pipe. Of course he always stank, maybe he should have used the deoderant on himself instead?
Slashdot Mirror
Computer code (at least in the case of compiled languages) is not the final product. One needs a compiler to produce the final product just as one needs a construction crew to finish a bridge. The code is merely a blueprint, a very detailed one, but nonetheless just a set of instructions.
And luckily for us, construction crews are not yet illegal, nor do you have to have a licence to own one. You do need to have a licence to use one to construct a bridge though (usually), even on your own property (building codes).
I wonder how long until you have to have a licence of programming ability and submit your 'blueprints' to a central authority before building a program?
Combined with a big mp3 drive, you can just hit the "music" button without taking your eyes off the road to fiddle with the radio to find the right music for your current mood.
Why shoul you hit the 'music' button when the car can tell from your mood that you feel like music and turn it on for you.
For that matter, why turn the stearing wheel at all - the car should detect you getting aggitated as it's about to hit things, and turn one way or the other. If you get less aggitated, it must have turned the right way - otherwise reverse direction. Easy see.
(ok, so maybe I've read too much about neural net training - not so safe training a car system by having it crash millions of cars until it gets it right)
Two things:
1) If we didn't build fortesses to protect against these black-hats, then there certainly would be these sorts of attacks, because they would be easier (lower barrier to entry).
2) Consider the possibility, motivation, expected return:
Given the above, I would say it's almost certain these sorts of people exist. Of course you don't hear about them, because they're good at what they do. Industrial espionage existed before computers, and will continue to exist. Computers just make it easier (in some ways) than it was before.
Andrew Tridgell and the Samba Team.
;)
Bruce Perens (hey, I'm using Busybox a lot at the moment).
.. don't even get me started on the names behind such famous products as the *BSD's, Apache, KDE, Gnome, Postfix, GIMP...
(and no, it's not because I'm too lazy to STFW to find out who they actually are
And they won't threaten *him* again, he's too high
profile. It's the next person who'll suffer if Felten
doesn't get this case through. And the next person
may not have a good lawyer or the resources to defend
themselves.
So the obvious solutions then, If you come up with anything that you want published that you might be sued under the DMCA for, just send it to Prof Felten and ask him to publish
Thankyou,
A good system would be to have an API called AppSupportsFileType(const TCHAR* szFileExt) which would then add the file extension to the Registry if it didn't already exist and add the application information to a "Supported by" list.
You mean like the Mac has had for ages (well, every app exported the list of file types it supported in the Resource Fork). It meant that when you wanted to associate a specific extention on DOS disks to a specific application, you could select any application which supported that type (after mapping the 3 letter code to the Mac's 32 bit - encoded as 4 bytes - usually printable - type).
Years ago, when recumbent cycle 'technology' wasn't as well known as it is now, I had the opportunity to ride both recumbent bicyles and tricycles created by a company called Greenspeed here in Melbourne, Australia.
My experience with the bicycles was less than perfect - it takes a slightly different balancing technique to ride with your centre of gravity lower than the centre of the wheels. The handlebars are also beneath the seat, rather than up in front. I'm told a couple of weeks experience would be plenty to feel at home though.
On the other hand, the trike is a joy to ride. Not quite as fast (if you're going for the speed record) but fantastic for cornering. I hit a corner a lot faster than I'd dare on a 2 wheel device, and it swung around without even lifting a wheel. Truly a fantastic piece of machinery.
At AU$ 3,750 for the economy model, these things aren't cheap - but hey, I can drool.
The Resource Kit and Technet subscriptions aren't fixes (fixes are free), so your rant is unfounded. These items contain wads of documentation, best practices and other useful tools for a sysadmin and are well worth the money spent.
I think the important phrase here is Total Cost Of Ownership.
Something Microsoft frequently uses to justify choosing their overpriced products instead of free alternatives is the cost of administrating, maintaining, and of course cleaning up after virusware. I don't think I've ever seen a Microsoft advertisement suggest that I need a Resource Kit and Technet subscription as part of the TCO.
From the pictures of the PowerPlay III PDA (claims to be "Palm IIIxe Compatible") it looks like maybe it's compatible in that it looks the same.
Seriously though, it looks like they've created a very small embedded OS based on the Linux Kernel, and written apps that are approximately similar to those available on the Palm. It also looks like they're the same processor and hardware design, so it's quite probably Palm-OS compatible - they're just running their own OS instead.
There are Screen Shots available for apps that look remarkably like the screens on my Handspring running PalmOS.
I don't _need_ the source to Linux. Hell, I've never even looked at it, but it sure is nice to know I can
I have an NEC Versa Note laptop. It contains a built-in network adaptor which claims to be a Tulip based 21143 card. The driver which comes with Linux doesn't detect dumb old 10mbit hubs properly - certainly not my one at home anyway. Works fine with more recent switches though.
If I didn't have the source, I could have done nothing. As it is, I've discovered a state that only occurs when I'm on the home network and patched the driver so it works, for me, in the situations where I need it.
I couldn't have done that under Windows. So yes, despite being an ordainary user, I have benefitted from having access to the source code for my operating system (and a 3 year Uni degree in software engineering with C++ as one of the languages and an emphesis on learning C as well).
The attacks that are foiled are almost never newsworthy. Keep that in mind before you knee-jerk react and point the finger at our intelligence community.
I don't see where you obtained the idea that I'm pointing the finger at the intelligence community. I think they do a very good job with the resources they have.
On the other hand, I don't think they should be given unreasonable amounts of power over ordainary citizens (disclaimer, I'm from Australia, and I don't want either myself _or_ my USian friends being spied on unreasonably) - especially when said power will just force the terrorists to become smarter.
And the terrorists will become smarter. Until thought becomes a crime (I hope never) it will always be possible for one person to plan something like this.
Until private communication between people becomes a crime, it will always be possible to form a cell-based terrorist organisation.
The attacks that are foiled are almost never newsworthy. Keep that in mind before you knee-jerk react and point the finger at our intelligence community.
I said a single slashdot post could contain 10 digits of data. Yes, I do think that's all that's necessary to give the destination of an attack - 5 decimal digits == 16 bit binary value. This is enough to give a co-ordinate to enough accuracy to target a nuclear bomb.
Remember I said just a single slashdot post. Imagine hundreds of messages stashed into trolling f1rst p0sts. Who would know except those planning the attack? Sure if the intelligence people know to watch that person then they wouldn't have much chance, but that applies anyway.
My point. It is possible to transfer data without acting 'suspciously' - even in an environment where encryption is banned. It's even possible to do so without leaving 'proof' level evidence. It's just so much harder that only terrorists will attempt it.
That's right - if you make encryption harder then only terrorists will be using it - and then they'll be easier to target by the intelligence agencies. This means they'll stop using encryption and start using stenography or similar.
End result:
* innocent people lose advantages of encryption.
* un-committed terrorists don't bother any more because it's too hard to plan.
* committed terrorists - the really dangerous ones - continue to operate, while improving their weaponry.
Is it really worth it? I think not.
If you had ever taken a statistics course you'd know that 94% of all statistics are useless
And the other 6% of statistics are made up the spot!
Surely you mean the other 8% of statistics?
I just had an extensive argument on IRC regarding this. Basically I posed this hypothetical situation: A terrorist is using email to plan to nuke Los Angeles. Suppose that a carnivore-like system were able to detect this and avert it. Given that the system is not abused, I repeat, given that its not abused (no fair saying "but it will be") would you give up email privacy in exchange for Los Angeles?
Suppose that pigs can fly...
"Given that the system is not abused" - where are you giving that from? If there's one thing that history tells us about these systems, they are abused.
The other part of your hypothetical.
"that a carnivore-like system were able to detect this and avert it" - do you seriously believe that the terrorists are not going to be able to get messages past such a system and yet you'll still have the freedom to freely send messages? The only way to keep on top of new techniques is to severly restrict the noise ratio on data channels, and this means restrictions on internet use. There are no ways to stop low bandwidth information transfer.
Even something as simple as either looking at or not looking at a site like slashdot once a day gives you one bit a day of data transfer. It would be easy to hide a short message in a single slashdot post - even something as simple as choice of punctuation, spelling errors, etc - if agreed on without going through the carnivore net - would be enough to give maybe 10 digits of data in a post this long.
I'm amazed that slashdot readers can believe that such a system wouldn't be abused - I mean how likely is that that the RIAA wouldn't push for this to be used to monitor 'illegal' behaviour as well.
I think the better way to help security is to make it less necessary. If the systems, on a low level, don't allow destruction then the hacker will only be able to fiddle.
This is very very dangerous - it's a lot better for a hacker to destroy than to fiddle (ObOntopic: as per the Yahoo stories). If the story is gone then you know something is wrong, but if the details are subtly changed, who is to know?
Better, more wide-spread version control would be good, for instance. That protects against not just maliciousness, but unintentional mistakes as well (which are more common).
Version control is better, but you still have to notice that the malicious change has been added, and then find who did it (or at least who the attacker was pretending to be) and remove it.
To use CVS as an example - if somebody has made a malicious change at -r1.4, you have to check out -r1.3 and also take a diff from -r1.4 and -rHEAD, then apply that diff to -r1.3 and hope nothing breaks, if it does then you have to work out what was depending on the malicious code, and hope that they didn't hide the malicious code along with a bunch of architectural changes that everyone assumed were legit because they helped.
(in which case you need to reverse engineer their changes and throw out the bad bits).
This takes a lot of time with code, and is almost impossible for things like masses of data with only occasional bits modified, and that within parameters.
Can you imagine what would happen to a mining company if someone managed to change their survey data so they dug a mine in the wrong place? Not a massive change probably (low order bits on GPS data or similar), but enough to cost millions of dollars.
On the other hand if the data is deleted then you know it's gone and can try to recreate from backups.
The biggest danger is that small changes will go un-noticed until the backup loops are over-written and there's enough real work done since the last clean offsite backup (surely everyone keeps at least one every few months) that it takes more work to recreate everything than to throw it away.
Debian testing is two weeks behind unstable, and tends to be quite good.
...though I was stupid enough to try to use it on a production server back when apache/php4 caused great mess due to library incompatabilities.
The main problem I have with Debian is that packages sometimes change which one is in charge of a file without conflicting, and it apt doesn't offer any nice way to deal with two packages wanting to own the same file unless one of them offers a redirect or they call it a conf-file.
Back on topic, I've just started using KDE again on my new laptop, having not been too impressed a couple of years ago when I last looked. KDE is getting _very_ nice (though you'll probably want to cut back on the eye-candy and gratuitously large real-estate grab the bar at the bottom makes on the default setup).
Apart from Konquerer being a bloatedly slow pig on Celeron 366 with 96Mb of memory, it rocks. Yay KDE.
arena from 64MB to 128MB, but at $20USD for 128MB who cares?
I hardly call a $20 upgrade an "expensive and pointless consumer hardware upgrade".
It's not expensive, and it's certainly not pointless as any system would run better with the more memory.
In a modern computer with a couple of spare SDRAM slots it's a $20 upgrade, sure, but you're talking a machine which is already within the spec for the latest version of Windows in every other regard
What about my laptop with two memory slots each with a 32Mb chip already in it, and memory at closer to $100 per 64Mb chip - I have to buy $200 worth of memory, not $20 worth - not to mention throw away the two chips I have.
What about older hardware (i.e. Pentium 166 with 72pin memory sockets).
Just because the most recent hardware upgrades cheaply doesn't mean older machines do, and it's people with older machines who are more likely to have to upgrade even to _read_ documents created by people with newer machines. This is the real side-effect of Microsoft (and other vendors) changing formats to push sales.
Range of mobility in an enviroment that can kill you will be key. I would hope that they are spending more research in this area. Polarizing suits and cermic wire heaters would seem to be the way to go. The real trick is keeping what is on the inside from leaking to the ourside. Non-porus plastics are available, I would think you could layer those with light sensitice polarizing compunds, beef up the style of artic survival suits heaters and give it a go.
.coms but in space. Wonder if that would sell)
It depends what environment you're planning to go into - for EVA in space there really isn't anything that having active limbs can help with in most emergencies, because there's nothing to hold on to.
On the other hand on a planet (or moon) surface you're right - mobility is vital. Skin tight or assisted suits - and I can see advantages of assisted suits too, why stick with plain old human strength when you can have an exo-skeleton.
Now we just need a cold-war to force a couple of countries to have a pointless posturing fight in which both try to get into space quicker so that we throw some real money at this problem. The advantages in terms of cool new materials with applications back here on earth will make it all worthwhile, but you can't convince investors of that (hang on,
Check out the relatively unknown SciFi series called Star Wars. The newer books, telling the story approximately 20 years after the death of the emperor, already include using black holes as offensive and defensive weapons
Of course I wouldn't consider Star Wars to be 'hard SciFi'. Doesn't George Lucas say that the books (I'm presuming you mean the official books here) are second only to the movie in 'correctness' about the Star Wars universe.
Still I'm glad I don't live there, without midichlorines(sp?) in my blood, I'd be one of those extras that get killed off early for effect.
if they really can control them, then this might have some potenial for swallowing up balistic missiles. just a thought.
The problem with a small black hole that eats up a balistic missile is that it suddenly becomes a much bigger black hole.
From the site may be able to produce miniature black holes on demand.
Notice they say miniature black holes - I'm presuming these are the sort of thing that you look at with a microscope (or not in this case since there won't be any light escaping...), not the sort of thing that captures a balistic missile.
Of course is you can manouver one of these things into the way of a balistic missile, then hold it in place against the kinetic energy imparted by said missile, you already have the technology required to stop the missile, so the black hole itself is rather pointless.
Pity really, it sounds like a good plot for a SciFi story.
If it was my dad buried in the rubble right now, I'd:
a) Not be reading slashdot, I'd be out there helping or at least donating blood.
b) Happy that other people were getting on with their lives rather than stopping everything to watch over my shoulders like vultures and revel in my misery.
If on the other hand I was someone from another part of the world, I'd:
a) Not stop my entire life every time there was an act of terrorism or racism or un-democratic election somewhere in the world.
b) Be sorry for your dad, but not any more than I am for all the other people who die in less middle-class white newsworthy places.
As secure as your admin, unfortunately. Any OS can be compromised with enough stupid mistakes, and almost any OS can be secured with enough cluefulness.
While the admin does make a difference, it's also true that some Operating Systems lend themselves to security more than others.
To draw a parallel with Programming Languages, it's very easy in C to create buffer overflows, especially if you use the standard libraries and strcpy, etc rather than strncpy. This doesn't mean that it's impossible to write code without buffer overflows in C, just harder.
Contrast this with *watch out for the flames* a langauge like Java where strings are presented as a more abstract data type and memory allocation is taken care of. It's a lot harder to accidently create buffer overflows in Java.
Even good programmers create buffer overflows when using C, because it's a language that lends itself to buffer overflows. Even good admins leave security holes in some operating systems (naming no names) because they don't have a clean, consistant way of being made secure, and obscure changes to one part of the system can open up holes that wouldn't have otherwise existed somewhere remote (configuration wise).
Of course I'd like to think that I'm a good admin, and that being a good admin I recommend Operating Systems that are easier to secure properly so that my human failings are less likely to cause problems. A good admin who is listened to on security policy will choose a good Operating System, as well as secure it.
You could just prepend a 0 to the front of the old filenames, and it'll sort them all correctly.
t
See what happens when you don't use leading zeros? *grin*
So you'd recommend using 000000000000000000000000000000000000access_log.tx
just in case then?
Seriously though, in this case there's a known maximum size of that value, and one more 0 would have been enough (at least until we go 64bit time_t)
Jumping down to shorter values though (say 3 digit long), do you write:
23 387 96 1 12 32 43
or
023 387 096 001 012 032 043
or even
00000023 00000387 00000096 00000001 00000012 00000032 00000043
I vote for realising that you have a numeric value and splitting the int off the start and sorting by that. Bit hard in shell scripts though.
next unless m/^(\d{9}\.\d{3}) +(\d+) (\d{1,3}\.\d{1,3} ....
Thinking that that would be more accurately representing what's in the file. Luckily I know for a fact that that tool is no longer in use (a pity, it did very nice nearly-real-time accounting of user per user (mapped to logins with Samba per IP) from ipchains and squid logs).
Hopefully it will be mainly little tools written by college students with a perl manual and no clue *raises hand* that break, and not anything that's in serious production.
My tool would of course just skip every line, and hence it would look like there was no use. Because ipchains traffic would still be recorded it might even take some time for the admin to notice a problem.
SSH_AUTH_SOCK=`/bin/ls
export SSH_AUTH_SOCK
[~]$
This works because the /bin/ls line with the pattern above will only get sockets that you can read, which means either owned by you or you are root (lucky you). It grabs the first one, which is fine for non-root users, though not wonderful if you're root - then again root shouldn't be doing this anyway.
It works from the console too!
P.S. - remember to nuke that agent when you've finished, otherwise anyone else who can get in as you has privs on every box that trusts you.
Looking at all the smooth pine-wood (probably treated) which it was made with, and I imagine modern machine made nails, etc - it's not necessarily going to be historically accurate. I doubt the same strengths were available when you split the wood yourself or made nails on the blacksmith's anvil.
On the other hand, there are some cool things (like compressed air launchers) that can be done these days with very little in the way of tools. A friend of mine made a deoderant powered spud gun out of bits of pipe. Of course he always stank, maybe he should have used the deoderant on himself instead?