This is a rather bad assesment of the likely outcome. Let's ignore outside powers for a second, and just look at China versus Taiwan. The former has about 30 times the population and (guessing) probably five or six times the economic output. However, China's air force is not terribly modern and, most critically, they have practically no navy. Since the two are separated by a good chunk of ocean, the only way China could conquer the country is by sending soldiers over on boats. They don't have enough boats.
China's saber-rattling is just bluster. They could probably gain air superiority and bomb everything into tiny pieces, but that kind of runs counter to their stated goal of reunification. They don't threaten a massive bombing campaign, they threaten invasion. They don't have what it takes to actually pull one off, though.
It already looks bad, now enter the external powers. Particularly the United States. The US has very strong treaties and military ties with Taiwan. We have not hesitated to send a carrier battle group into the area before when things heated up. China sells us things for cheap, but if the US failed to defend Taiwan after promising to do so, our alliances with the rest of the world wouldn't be worth the paper they were written on.
China's leaders may be overly powerful and overly willing to exercise that power, but they are rational. They know that their nice lives will be rather disrupted during a gigantic slug-fest involving China, Taiwan, and whatever US carrier battle groups and long-range bomber wings are able to make it to the party in time.
Taking all of this into account, I don't worry when I read these stories. Both sides are run by rational people. Rational people don't start wars they can't win for stupid reasons.
Unless explicitly stated otherwise, the words "I think" are added to every sentence in a forum like slashdot. Please obtain clue. For someone with a four-digit user number, I expect more.
However, I always get the feeling that most of his major characters (including the ones you mention) are just aspects of the author. This isn't a feeling I get from other authors.
Don't get me wrong, I actually like quite a bit of Heinlein (the stuff he wrote before his brain stopped getting enough blood). But, particularly (not only) in the later books, it just feels like a crowd of clones, the same person at different stages of life.
There's enough out there, like stuff that Heinlein's friends wrote, to know what the man was like.
Once is not a crime. But when nearly every single major character in every single novel the guy ever published is just a thinly veiled version of the author, it gets old. I think the reviewer put that statement in just to confirm that, yes, he did it in this one too.
I will happily blame the politicians. Even if they aren't the ones deciding to skip all of the security, they are the ones making all of the useless rules in the first place. And I don't think that they would be making such useless rules if they were also subjected to them, particularly since politicians travel by air more often than other people.
The problem isn't really one-size-fits-all requirements. The problem is that the people who decide these things have decided that making people feel safe is more important than making them be safe. There are a dozen freight-train sized holes in airport security today which any intelligent person can discover from simply flying a few times, and could exploit with little effort. Meanwhile, security guards are patting down grandmothers and confiscating miniature swiss-army knives. But since the people who make these rules never have to deal with the consequences, they have no incentive to get rid of the inconveniences that only make people feel safe, and replace them with things which are simultaneously more convenient and more secure. This is not an oxymoron; nearly any imaginable setup would be more secure than what we have today. The only thing today's security setup can really stop are crazies who try to bring a duffel bag full of AK-47's or dynamite onto the plane. It won't stop anybody with half a brain, and as we have seen, there are quite a few people who have half a brain and want to do harm.
Hah, very good point. Funny how most things in politics seem to work out that way. Everybody ends up blaming the person or group they want to and nothing is ever decided or finished.
"[NASA deputy administrator] Gregory testified that at the time of X-38?s cancellation, it appeared to NASA that the Crew Return Vehicle would not be ready until 2008. Cost also entered into the equation, Gregory said, with some estimates coming back as high as $3 billion to $5 billion, a figure several times larger than NASA's earlier $1.2 billion estimate."
In other words, it was unbelievably late and unbelievably over budget; that is, typically (post-Apollo) NASA. In my searches, I ran across articles from 1998 and 1999 talking about the X38 project, and how it was going to fly by 2002 or 2003. Apparently that was somewhat unrealistic, or NASA badly mismanaged the project.
NASA had a choice of things to cancel. They chose to cancel the X-38, which had already had test flights, to develop an Orbital Space Plane instead, which hasn't even been designed.
Bush may have cut the budget, but he didn't kill the project. At most, he put it out of its misery.
I suppose that you don't expect presidents and prime-ministers to go around carrying badges on the straps around their necks, and walk through the metal-detector gates a few times.
You know, if there was some kind of law that said all those powerful politicians have to wait in line and go through the security screenings just like us "little people", I bet airport security would be a lot better and more convenient than it is right now. I thought the President was a person, just like you and me. So if I have to wear a badge and go through a metal detector, I think He (whoops, I mean "he") should to.
Politicians making decisions that have no effect on themselves piss me off to no end.
That last comment was pure stupidity on my part. Please just replace "completely agree" with "think". Reading too much into things, I guess.
Can you please give me a pointer to some evidence for your statement that Bush ordered the downsizing of the ISS? The ISS was operational before he got into office, and it never had a crew greater than 3. As I said, having a larger crew requires enough lifeboat capacity for that crew. Soyuz doesn't have enough. You can't dock two of them at the station, either. The Shuttle obviously can carry enough, but it isn't designed to stay in space long enough for it to be usable as a lifeboat. Therefore, a larger crew requires a vehicle which hasn't been constructed yet. The ball was dropped (nay, shattered) on the projects to construct said vehicle before Bush was in office. So I really have no idea how Bush could have ordered the reduced crew on the ISS when there has never been any way to have a larger crew anyway.
There is an enormous difference between this hole and a hole that is exploitable from anywhere on the internet in an automatic fashion, the way the Windows RPC vulnerability is/was.
In order to exploit this vulnerability, you must:
1) Get on somebody's local network. 2) Have a machine on that network which is using DHCP. 3) Be able to respond to DHCP packets with the appropriate settings that will exploit the vulnerability, faster than the real DHCP server can. 4) Do all of this when somebody actually reboots their machine.
None of this is particularly hard, I agree. Of these, 3 is the easiest, and 2 is close behind (I don't use DHCP on my wireless network, but I'm sure most people do). 1 is not too hard as you pointed out. 4 is an issue of timing; you just have to be lucky.
You are correct that this is not enormously difficult to exploit. However, an attacker still needs to know where the vulnerable machine is, get on its local network (which means either physical access to the building, just being close enough to be within wireless range, depending on whether they use wireless), or having already gained access on another machine on that network, and then exploit the bug.
Compare this to the RPC vulnerability: to exploit, send a correctly-formed packet to the vulnerable machine. Instant root results.
The RPC vulnerability takes literally seconds to exploit, and can be done in an automatic fashion. One worm can use it to break into millions of computers.
This Mac OS X DHCP vulnerability exists only during a small window of time, and only if you're on the same network. There is no reasonable way to write a worm to take advantage of it, it's something that has to be done manually.
Are Macs perfectly secure? No. Are they a hell of a lot more secure than Windows? Yes. If Macs had the same market share that Windows has, you would not see the worm-of-the-month that we see constantly in today's world.
it seems far more constructive to discuss the merits here (which I am sure he will read)...
Heehee, (giggle), that was a good one.
Get real. This guy's job is to generate ad revenue by bringing in eyeballs. Writing an inflammatory article does just that. Having done so, he goes home. He doesn't give a shit whether he's right or wrong, and he certainly won't be following up the "community's" response. He will laugh all the way to the bank, however.
I said nearly the same thing about Linux last time somebody spouted junk about Linux not really being any more secure:
When OS X has a vulnerability, it shows up in a few specialty news sites, a few people tsk, and maybe a few people even get hacked.
When Windows has a vulnerability, it shows up as a worm that takes over millions of machines in a matter of hours and cripples the entire internet.
The OS X vulnerability in the article isn't even a remote vulnerability. You need access to the machine's local network to pull at off, and you need to do it when the machine boots.
Major Windows vulnerabilities, on the other hand, let anybody who can ping the machine take it over completely and at will. You don't even need to be that smart; a small computer program can do it automatically.
especially after President Bush lowered ISS's crewsize from ~7 to 3
Why do people have to blame everything they don't like on President Bush?
The ISS has a "normal" crew size of 7, this is true. However, it's necessary to have a lifeboat attached to the station at all times that is capable of carrying the entire crew back to Earth should something bad happen. This was supposed to be done by one of NASA's X-projects, but NASA fumbled the ball very badly. Until and unless a better vehicle is created, the lifeboat is a Russian Soyuz craft, with seats for 3. As long as the lifeboat is Soyuz, the ISS will always have a maximum crew of 3. Even more fun, until NASA can get back in the business of resupplying the station, instead of making the Russians do it all, the crew is limited to 2 because of how much stuff they can ship.
None of this has anything to do with Bush. This is NASA's own fault, and they were screwing this one up long before Bush got near the White House.
And I completely agree that the ISS is a total waste of time and effort.
It's covered in RFC 1738. Look for section 3.1 Common Internet Scheme Syntax.
Basically, it allows you to specify a username and possibly a password as part of a URL. http://w:x@y.com says to connect to y.com with username w, password x. The URL http://w@x.com means to connect to x.com with username w. This is not in particularly common use for HTTP, but it can be useful for sites that use HTTP authentication.
Web servers ignore the username and password if you connect to a page that doesn't require authentication, so for most sites, everything before the @ is simply ignored.
So this really is part of a standard, and it exists for a good reason. It's not a redirection at all, but simply a part of the URL standard that isn't used often enough for people to know what it means. The whole spoofing this is a completely unintended consequence of that.
It's not crude at all, it's very elegant. An RTG is basically a nuclear battery. It has no moving parts, there's nothing to break or go wrong. It just produces a nice, steady stream of electricity for the probe to use.
It is inefficient in terms of how much energy it gets from the nuclear materials, but that's not all that counts. There is also weight efficiency, which is good because there are no control rods or anything like that, and making things light is very important when you're flinging them into the outer reaches of the solar system with chemical rockets.
Done a lot better moneywise? They sold their teetering company for twenty billion dollars! Imagine that number, try to hold it in your head: twenty billion dollars. It's hard to see any way a browser company could have done any better than that.
Any chances the RIAA helped fund Ahhhnold's campaign?
Well, duh, let's see. Arnold is worth several hundred million dollars, which presumably funded his campaign. Where did that enormous amount of money come from? Could it have come from his movie career? Salaries from movie companies?
One of the big impacts on the Florida outcome was the state law that prohibits someone who has ever been convicted of a fellony from ever voting.
As far as I'm aware, this exists in (nearly?) every state in the country. Its intent has nothing to do with racism. Rather, politicians tend to have powers over the prison system. To prevent abuse of these powers (say, granting a pardon in exchange for voting), felons can't vote. It's also a traditional punishment. You lose part of your life, by going to prison, and you lose your right to vote. I'd love to know if I'm wrong, but this is as far as I know a very common thing.
I hold the opinion that the reason our laws force politicians to go through so much crap (raising money, trying to get reelected, etc. etc. etc.) is to keep them so busy that they can't do any actual damage while they're in office. Any change in the system that makes elected officials accomplish less is a giant plus in my book. If term limits make things work so badly that nothing can get done, then I think we should implement them everywhere as quickly as possible!
Slashdot Mirror
This is a rather bad assesment of the likely outcome. Let's ignore outside powers for a second, and just look at China versus Taiwan. The former has about 30 times the population and (guessing) probably five or six times the economic output. However, China's air force is not terribly modern and, most critically, they have practically no navy. Since the two are separated by a good chunk of ocean, the only way China could conquer the country is by sending soldiers over on boats. They don't have enough boats.
China's saber-rattling is just bluster. They could probably gain air superiority and bomb everything into tiny pieces, but that kind of runs counter to their stated goal of reunification. They don't threaten a massive bombing campaign, they threaten invasion. They don't have what it takes to actually pull one off, though.
It already looks bad, now enter the external powers. Particularly the United States. The US has very strong treaties and military ties with Taiwan. We have not hesitated to send a carrier battle group into the area before when things heated up. China sells us things for cheap, but if the US failed to defend Taiwan after promising to do so, our alliances with the rest of the world wouldn't be worth the paper they were written on.
China's leaders may be overly powerful and overly willing to exercise that power, but they are rational. They know that their nice lives will be rather disrupted during a gigantic slug-fest involving China, Taiwan, and whatever US carrier battle groups and long-range bomber wings are able to make it to the party in time.
Taking all of this into account, I don't worry when I read these stories. Both sides are run by rational people. Rational people don't start wars they can't win for stupid reasons.
Unless explicitly stated otherwise, the words "I think" are added to every sentence in a forum like slashdot. Please obtain clue. For someone with a four-digit user number, I expect more.
I was somewhat exaggerating for effect.
However, I always get the feeling that most of his major characters (including the ones you mention) are just aspects of the author. This isn't a feeling I get from other authors.
Don't get me wrong, I actually like quite a bit of Heinlein (the stuff he wrote before his brain stopped getting enough blood). But, particularly (not only) in the later books, it just feels like a crowd of clones, the same person at different stages of life.
There's enough out there, like stuff that Heinlein's friends wrote, to know what the man was like.
Once is not a crime. But when nearly every single major character in every single novel the guy ever published is just a thinly veiled version of the author, it gets old. I think the reviewer put that statement in just to confirm that, yes, he did it in this one too.
I will happily blame the politicians. Even if they aren't the ones deciding to skip all of the security, they are the ones making all of the useless rules in the first place. And I don't think that they would be making such useless rules if they were also subjected to them, particularly since politicians travel by air more often than other people.
The problem isn't really one-size-fits-all requirements. The problem is that the people who decide these things have decided that making people feel safe is more important than making them be safe. There are a dozen freight-train sized holes in airport security today which any intelligent person can discover from simply flying a few times, and could exploit with little effort. Meanwhile, security guards are patting down grandmothers and confiscating miniature swiss-army knives. But since the people who make these rules never have to deal with the consequences, they have no incentive to get rid of the inconveniences that only make people feel safe, and replace them with things which are simultaneously more convenient and more secure. This is not an oxymoron; nearly any imaginable setup would be more secure than what we have today. The only thing today's security setup can really stop are crazies who try to bring a duffel bag full of AK-47's or dynamite onto the plane. It won't stop anybody with half a brain, and as we have seen, there are quite a few people who have half a brain and want to do harm.
Hah, very good point. Funny how most things in politics seem to work out that way. Everybody ends up blaming the person or group they want to and nothing is ever decided or finished.
Bush simply cut the budget, it was NASA's decision to axe the X-38 project (the lifeboat) to save money. And why did they choose that?
This Space.com article sheds some light:
"[NASA deputy administrator] Gregory testified that at the time of X-38?s cancellation, it appeared to NASA that the Crew Return Vehicle would not be ready until 2008. Cost also entered into the equation, Gregory said, with some estimates coming back as high as $3 billion to $5 billion, a figure several times larger than NASA's earlier $1.2 billion estimate."
In other words, it was unbelievably late and unbelievably over budget; that is, typically (post-Apollo) NASA. In my searches, I ran across articles from 1998 and 1999 talking about the X38 project, and how it was going to fly by 2002 or 2003. Apparently that was somewhat unrealistic, or NASA badly mismanaged the project.
NASA had a choice of things to cancel. They chose to cancel the X-38, which had already had test flights, to develop an Orbital Space Plane instead, which hasn't even been designed.
Bush may have cut the budget, but he didn't kill the project. At most, he put it out of its misery.
I suppose that you don't expect presidents and prime-ministers to go around carrying badges on the straps around their necks, and walk through the metal-detector gates a few times.
You know, if there was some kind of law that said all those powerful politicians have to wait in line and go through the security screenings just like us "little people", I bet airport security would be a lot better and more convenient than it is right now. I thought the President was a person, just like you and me. So if I have to wear a badge and go through a metal detector, I think He (whoops, I mean "he") should to.
Politicians making decisions that have no effect on themselves piss me off to no end.
I'd rather go to jail for a crime I didn't commit than have a thousand strangers know that I read Maxim.
That last comment was pure stupidity on my part. Please just replace "completely agree" with "think". Reading too much into things, I guess.
Can you please give me a pointer to some evidence for your statement that Bush ordered the downsizing of the ISS? The ISS was operational before he got into office, and it never had a crew greater than 3. As I said, having a larger crew requires enough lifeboat capacity for that crew. Soyuz doesn't have enough. You can't dock two of them at the station, either. The Shuttle obviously can carry enough, but it isn't designed to stay in space long enough for it to be usable as a lifeboat. Therefore, a larger crew requires a vehicle which hasn't been constructed yet. The ball was dropped (nay, shattered) on the projects to construct said vehicle before Bush was in office. So I really have no idea how Bush could have ordered the reduced crew on the ISS when there has never been any way to have a larger crew anyway.
There is an enormous difference between this hole and a hole that is exploitable from anywhere on the internet in an automatic fashion, the way the Windows RPC vulnerability is/was.
In order to exploit this vulnerability, you must:
1) Get on somebody's local network.
2) Have a machine on that network which is using DHCP.
3) Be able to respond to DHCP packets with the appropriate settings that will exploit the vulnerability, faster than the real DHCP server can.
4) Do all of this when somebody actually reboots their machine.
None of this is particularly hard, I agree. Of these, 3 is the easiest, and 2 is close behind (I don't use DHCP on my wireless network, but I'm sure most people do). 1 is not too hard as you pointed out. 4 is an issue of timing; you just have to be lucky.
You are correct that this is not enormously difficult to exploit. However, an attacker still needs to know where the vulnerable machine is, get on its local network (which means either physical access to the building, just being close enough to be within wireless range, depending on whether they use wireless), or having already gained access on another machine on that network, and then exploit the bug.
Compare this to the RPC vulnerability: to exploit, send a correctly-formed packet to the vulnerable machine. Instant root results.
The RPC vulnerability takes literally seconds to exploit, and can be done in an automatic fashion. One worm can use it to break into millions of computers.
This Mac OS X DHCP vulnerability exists only during a small window of time, and only if you're on the same network. There is no reasonable way to write a worm to take advantage of it, it's something that has to be done manually.
Are Macs perfectly secure? No. Are they a hell of a lot more secure than Windows? Yes. If Macs had the same market share that Windows has, you would not see the worm-of-the-month that we see constantly in today's world.
it seems far more constructive to discuss the merits here (which I am sure he will read)...
Heehee, (giggle), that was a good one.
Get real. This guy's job is to generate ad revenue by bringing in eyeballs. Writing an inflammatory article does just that. Having done so, he goes home. He doesn't give a shit whether he's right or wrong, and he certainly won't be following up the "community's" response. He will laugh all the way to the bank, however.
I said nearly the same thing about Linux last time somebody spouted junk about Linux not really being any more secure:
When OS X has a vulnerability, it shows up in a few specialty news sites, a few people tsk, and maybe a few people even get hacked.
When Windows has a vulnerability, it shows up as a worm that takes over millions of machines in a matter of hours and cripples the entire internet.
The OS X vulnerability in the article isn't even a remote vulnerability. You need access to the machine's local network to pull at off, and you need to do it when the machine boots.
Major Windows vulnerabilities, on the other hand, let anybody who can ping the machine take it over completely and at will. You don't even need to be that smart; a small computer program can do it automatically.
Which one is more secure?
especially after President Bush lowered ISS's crewsize from ~7 to 3
Why do people have to blame everything they don't like on President Bush?
The ISS has a "normal" crew size of 7, this is true. However, it's necessary to have a lifeboat attached to the station at all times that is capable of carrying the entire crew back to Earth should something bad happen. This was supposed to be done by one of NASA's X-projects, but NASA fumbled the ball very badly. Until and unless a better vehicle is created, the lifeboat is a Russian Soyuz craft, with seats for 3. As long as the lifeboat is Soyuz, the ISS will always have a maximum crew of 3. Even more fun, until NASA can get back in the business of resupplying the station, instead of making the Russians do it all, the crew is limited to 2 because of how much stuff they can ship.
None of this has anything to do with Bush. This is NASA's own fault, and they were screwing this one up long before Bush got near the White House.
And I completely agree that the ISS is a total waste of time and effort.
Back before the advent of Mac OS X, my favourite (and for many years, only) development environment was one variety of Unix or another.
So did he decide to switch to Windows when OS X came out or something? Mac OS X is a UNIX!
It's covered in RFC 1738. Look for section 3.1 Common Internet Scheme Syntax.
Basically, it allows you to specify a username and possibly a password as part of a URL. http://w:x@y.com says to connect to y.com with username w, password x. The URL http://w@x.com means to connect to x.com with username w. This is not in particularly common use for HTTP, but it can be useful for sites that use HTTP authentication.
Web servers ignore the username and password if you connect to a page that doesn't require authentication, so for most sites, everything before the @ is simply ignored.
So this really is part of a standard, and it exists for a good reason. It's not a redirection at all, but simply a part of the URL standard that isn't used often enough for people to know what it means. The whole spoofing this is a completely unintended consequence of that.
I do even better than that. I use a non-default OS.
It's not crude at all, it's very elegant. An RTG is basically a nuclear battery. It has no moving parts, there's nothing to break or go wrong. It just produces a nice, steady stream of electricity for the probe to use.
It is inefficient in terms of how much energy it gets from the nuclear materials, but that's not all that counts. There is also weight efficiency, which is good because there are no control rods or anything like that, and making things light is very important when you're flinging them into the outer reaches of the solar system with chemical rockets.
"Without an ozone layer"? Do you even know what the ozone layer does?
Done a lot better moneywise? They sold their teetering company for twenty billion dollars! Imagine that number, try to hold it in your head: twenty billion dollars. It's hard to see any way a browser company could have done any better than that.
This would be an amazing idea if somebody hadn't already been doing it for the past six years.
Shit. I spent four days solving RSA-577, and now you're telling me it's in the back of the frigging book??
Any chances the RIAA helped fund Ahhhnold's campaign?
Well, duh, let's see. Arnold is worth several hundred million dollars, which presumably funded his campaign. Where did that enormous amount of money come from? Could it have come from his movie career? Salaries from movie companies?
P.S. The RIAA is music. MPAA is movies.
One of the big impacts on the Florida outcome was the state law that prohibits someone who has ever been convicted of a fellony from ever voting.
As far as I'm aware, this exists in (nearly?) every state in the country. Its intent has nothing to do with racism. Rather, politicians tend to have powers over the prison system. To prevent abuse of these powers (say, granting a pardon in exchange for voting), felons can't vote. It's also a traditional punishment. You lose part of your life, by going to prison, and you lose your right to vote. I'd love to know if I'm wrong, but this is as far as I know a very common thing.
I hold the opinion that the reason our laws force politicians to go through so much crap (raising money, trying to get reelected, etc. etc. etc.) is to keep them so busy that they can't do any actual damage while they're in office. Any change in the system that makes elected officials accomplish less is a giant plus in my book. If term limits make things work so badly that nothing can get done, then I think we should implement them everywhere as quickly as possible!