Most of the OS on a machine is well-known, especially in the sort of environment in which you could mandate things like FDE. Given that, a determined attacker would have hundreds of megabytes of known plaintext to use as a crib in breaking the encryption.
Of course, you could put the OS on its own unencrypted partition, and encrypt the others, but it's hard to provide enough space for things like application upgrades without leaving enough room for the "savvy" user to put sensitive data on the "fast" partition.
Basically, you keep coming back to the fact that it's really hard to find a reliable technical solution (mandatory encryption) to a behavioral problem (users handling sensitive data carelessly).
9/11 wasn't about box cutters. It was about the fact that standard operating procedure in a hijacking was to appease the hijackers until the plane was on the ground. The important lesson was learned right away, and the fourth plane was demoted from a force multiplier to a murder scene. The specific means by which they took over the planes are, in a very real sense, beside the point.
If somebody is committed to detonating a bomb on a plane, and doesn't mind being on board when it happens, there is very little to be done about it.
And yet, how often does it happen? Was it a toothpaste prohibition at Heathrow that prevented this current batch of bombings?
So now, without having set foot on a plane, these terrorists have managed to leave a shockingly large fraction of the population afraid of toothpaste!
Life involves risks, any number of which are more immediate than terrorist bombings. It seems as if the government wants us all living in fear, but I have no intention of doing it. It's just that simple.
Who do we complain to about this? And how quickly will such a complaint turn into a spot on the no fly lists?
I mean, honestly, this is just insane.
I'm trying to put together a coherent thought or two about this, but I just can't wrap my brain around the scale of the disconnect between what they claim they're trying to achieve and the means they're employing. Either they're lying to us about their goals, or they have absolutely no sense of perspective, or they're viciously incompetent. Or some combination of the three. I just can't come up with any other explanations.
Just logging the sudo commands isn't going to give you nearly the auditing ability I suspect you're looking for, and giving them any kind of root-level access to the filesystem is game over.
Even apart from the obvious fact that it's grossly disrespectful of your customers' desire for privacy, this sounds suspiciously like an attempt to rationalize lighter (and thus presumably easier) security for data other than SSN, and that strikes me as a really bad idea.
Just because you have a firewall, that doesn't make it safe to run all the machines behind it wide open and unpatched. In exactly the same way, keeping SSNs (theoretically) well protected doesn't make it safe to leave the rest of your customer's data lying around. Users will download and run strange email attachments, or browse untrusted web sites, and they're past the firewall. By the same token, if you fail to protect "lesser" personal data, it gives an attacker more things with which to correlate SSNs he may have obtained elsewhere, but, hypothetically, without explicit mappings to names.
Privacy is a larger issue than just preventing somebody in <random_city> from being able to impersonate me, and the fact that it is difficult to attach a dollar value to it doesn't mean your customers don't care. Do the right thing, and protect it all.
This is long gone off the front page, so nobody is ever going to see it, but...
The power isn't even remotely the hard part. That's not to say it's easy, but reaction mass is a much bigger issue.
9.8 m/s*s for 86400 seconds is 847 km/s. Assuming you've got some mythical ion drive with vast amounts of thrust and an exhaust velocity of 50 km/s, your delta V is going to be nearly 17 times your exhaust velocity.
And that's a six-nines (0.999999) mass fraction.
Just for the acceleration. The deceleration is the same trick over again, so you're up to 10^12 kg for every kg of rocket, just in reaction mass. Throw in another couple orders of magnitude for the trip into orbit, and, yeah, not going to happen.
There are two factors in an orbit: altitude and velocity. The elevator will take care of the altitude, so essentially all you need to do is get off of the elevator at the right level, and fire a rocket to get you to orbital velocity.
That's why the elevator's center of mass is geostationary -- when you get off at geostationary altitude, you and the elevator already have all the lateral velocity you need.
If I had to hazard a guess, I'd say that the ribbon would end up in a (roughly) catenary shape, so pulling along it imparts both radial and circumfirential velocity, without the need to "push off" sideways from the ribbon.
I don't remember ever hearing that we actually have the technology to produce enough carbon nanotube material to actually build a prototype device of some sort let alone a cable spanning to LEO.
And that's not the only unobtanium he's smoking, either. Notice the nonchalant reference to 3He providing power. How much has been spent on fusion power? And how much of that was for 3He instead of 2H-3H? But, yeah, it'll be there as a side-effect of the $6 billion price tag on the elevator.
I do not know what people are talking about. Russian most certainly has an h. The letter is 'ha' and is written like 'X'. And it is not as strong as people claim it is. Most certainly does not warrant a KH spelling. I do not know how "pizza hut" is spelled in russia, but I will guess that they do not spell it like "picca gat", as the the second word would sound too close to a russian equivalent of "asshole" (person, not actual object).
No. As others have pointed out, Cyrillic 'X' is not used as an equivalent to English 'H'. Trying to pronounce it as 'H' is probably the single most obvious sign of a native English speaker with bad pronuciation. The 'G' sound is routinely used in place of 'H' in foreign words.
So, yeah, it comes out sounding funny, but transliteration is a mess anyway, and the sort of marketing types who get wigged out about branding and name recognition and such deserve to be made to look silly from time to time. Like the ultra-plural Dunkin Donuts ended up with because they weren't willing to drop the 's'...
Run out and buy stock in those noise cancelling headphones.
Everybody keeps saying that, and is totally missing the point. Those headphones cancel periodic noise (engines, slipstream, etc.), not more
complex waveforms like voice. The absence of background noise would actually make it easier to hear obnoxious cell phone conversations.
Call be paranoid, but that's quite a few figures there without citations:)
Regardless...
The bandwidth will depend on flight time. Since such an aircraft is usually used for long haul international flights, we'll assume it is flying from London to New York.
The 747-300 has a longe range cruising speed of 898 km/h, and the distance between London and New York is 5560.7 Km, so the flight duration is
6.1923 hours = 22,292 seconds.
Wrong distance. Bandwidth, in this context, is the amount of data crossing any given plane per unit time. Start the clock when the nose of the 747 breaks the plane, and stop it when the tail passes. At 900 km/h, 70.5m (according to some KLM affiliate) is about 0.28s
Consider that the freight version accomodates 110 metric tons of cargo, and you're looking 20.2 PB. In 0.28s, that's 71.6 PB/s, which is rather beyond impressive.
I'll leave the volume of 4.3 million DVDs as an exercise for the reader...
Like that stupid Cheerios ad except instead of some middle-aged sad sack saying "I lowered my cholesterol," it would be a bunch of hopeless geeks running around muttering "cat/proc/cpuinfo".
IHBT, but I've been on the front lines of this whole offshore development thing for a while now, and I'm willing to take just about any opportunity to vent about it...
Sure, it's creative. But it's low-end because I can find hundreds of folks in India that can do the same job that you do for less money.
That's entirely possible, given that 100 people is one part in ten million of their population. My ego isn't quite huge enough to believe that I'm that good. But I will go out on a limb and claim that you'd spend a hell of a lot more time than it's worth looking before you found them.
But I'm pretty good. Maybe even better than a hundred randomly selected Indian developers, but I don't need to be that much better to justify my job.
<rant>
The salaries will be, at the very least, a tenth of mine, and probably closer to a quarter. But that's before overhead like flying people back and forth in a vain effort to retain some semblance of order. That's before the added cost of having somebody sane and responsible back here having to spend their time babysitting.
I don't have any hard numbers for this, but let's say that, between base salary and overhead, the cost of an Indian developer is a third of my cost.
Still sound like a good idea?
Maybe, but there's more. I interviewed, as did the other local developers. It gives us a way (to be sure, not a foolproof way, but, still, a way) to weed out the really low-grade folks. If all they're going to be is a source of billable hours, how worried do you think some outsourcing company is going to be about maximizing a given employee's productivity?
So, in a fairly real sense, what you're likely to get really is a random sampling of programmers. How many applicants does a company generally interview for each developer position? How's that 3-to-1 for a developer you really can't vet looking now?
And, yeah, you could, in principle, move around from one outsourcing company to another until you find one you like, but that means sinking the costs of training and acclimating new developers into your environment over and over again.
</rant>
Replacing me (and not just replacing my HR data) with developers in India would be really expensive. The fact that I sound like a union rep from the UAW circa 1985 doesn't make it any less true.
Sure, both this and supercavitation are cool, but they aren't going to play well together. The whole point of supercavitation is that it keeps (liquid) water away from the hull. This guy pretty much needs to inhale as much water as it can get.
You might be able to get away with mounting a ring of jets around the hull near the aft along with (or in place of) the control surfaces, but I'm guessing you'd still get into trouble with the extra turbulence.
I think I read that something like 89% of new vehicles sold in the US now come with a slushbox. I have never owned one, nor do I want one. Especially in a car with no torque.
For what it's worth, a torque converter can actually be helpful in a torque-challenged car, since the converter actually delivers more torque when the engine is moving faster than the tires. You begin to lose out when you get up to speed, but (at least as of mid-50s american steel), from a stop, you actually end up with twice the nominal torque at the back wheels. That's (one of) the reasons that, in this day and age of five-speed manuals everywhere, many automatics are still three-speed.
Of course, manuals are just a lot more fun, but in an appropriately ponderous old american boat, a slushbox isn't entirely without merit:)
Slashdot Mirror
Imperial March
How big is "a load" of diesel?
I mean, honestly, how many ships these days have to refuel for transatlantic trips?
It's not even that good. The tensile strength is ~130 MPa. It's the Young's modulus that's 32 GPa.
So we're still short a factor of 500x from space-elevator-grade unobtanium.
Most of the OS on a machine is well-known, especially in the sort of environment in which you could mandate things like FDE. Given that, a determined attacker would have hundreds of megabytes of known plaintext to use as a crib in breaking the encryption.
Of course, you could put the OS on its own unencrypted partition, and encrypt the others, but it's hard to provide enough space for things like application upgrades without leaving enough room for the "savvy" user to put sensitive data on the "fast" partition.
Basically, you keep coming back to the fact that it's really hard to find a reliable technical solution (mandatory encryption) to a behavioral problem (users handling sensitive data carelessly).
Spiritual event or window manager? One of them has a familiar symbol...
But, hey, every story needs an icon, right?
And now I'm feeding the trolls...
9/11 wasn't about box cutters. It was about the fact that standard operating procedure in a hijacking was to appease the hijackers until the plane was on the ground. The important lesson was learned right away, and the fourth plane was demoted from a force multiplier to a murder scene. The specific means by which they took over the planes are, in a very real sense, beside the point.
If somebody is committed to detonating a bomb on a plane, and doesn't mind being on board when it happens, there is very little to be done about it.
And yet, how often does it happen? Was it a toothpaste prohibition at Heathrow that prevented this current batch of bombings?
So now, without having set foot on a plane, these terrorists have managed to leave a shockingly large fraction of the population afraid of toothpaste!
Life involves risks, any number of which are more immediate than terrorist bombings. It seems as if the government wants us all living in fear, but I have no intention of doing it. It's just that simple.
Who do we complain to about this? And how quickly will such a complaint turn into a spot on the no fly lists?
I mean, honestly, this is just insane.
I'm trying to put together a coherent thought or two about this, but I just can't wrap my brain around the scale of the disconnect between what they claim they're trying to achieve and the means they're employing. Either they're lying to us about their goals, or they have absolutely no sense of perspective, or they're viciously incompetent. Or some combination of the three. I just can't come up with any other explanations.
kittens
But, apparently, you don't <3 preview...
Just logging the sudo commands isn't going to give you nearly the auditing ability I suspect you're looking for, and giving them any kind of root-level access to the filesystem is game over.
Figure that any chmod u+s is suspicious and will get caught?
Figure you'd notice their subsequent use of whatever new sudo permissions they just gave themselves?
And, look at that, suddenly their UID is 0.
The list goes on...
Even apart from the obvious fact that it's grossly disrespectful of your customers' desire for privacy, this sounds suspiciously like an attempt to rationalize lighter (and thus presumably easier) security for data other than SSN, and that strikes me as a really bad idea.
Just because you have a firewall, that doesn't make it safe to run all the machines behind it wide open and unpatched. In exactly the same way, keeping SSNs (theoretically) well protected doesn't make it safe to leave the rest of your customer's data lying around. Users will download and run strange email attachments, or browse untrusted web sites, and they're past the firewall. By the same token, if you fail to protect "lesser" personal data, it gives an attacker more things with which to correlate SSNs he may have obtained elsewhere, but, hypothetically, without explicit mappings to names.
Privacy is a larger issue than just preventing somebody in <random_city> from being able to impersonate me, and the fact that it is difficult to attach a dollar value to it doesn't mean your customers don't care. Do the right thing, and protect it all.
This is long gone off the front page, so nobody is ever going to see it, but...
The power isn't even remotely the hard part. That's not to say it's easy, but reaction mass is a much bigger issue.
9.8 m/s*s for 86400 seconds is 847 km/s. Assuming you've got some mythical ion drive with vast amounts of thrust and an exhaust velocity of 50 km/s, your delta V is going to be nearly 17 times your exhaust velocity.
And that's a six-nines (0.999999) mass fraction.
Just for the acceleration. The deceleration is the same trick over again, so you're up to 10^12 kg for every kg of rocket, just in reaction mass. Throw in another couple orders of magnitude for the trip into orbit, and, yeah, not going to happen.
Unless you sprung for extra storage, the space on your PDA is measured in tens of megabytes. On an iPod, it's measured in tens of gigabytes.
No reason it has to be a sub. The supercarriers have 5k+ crew on board.
That's why the elevator's center of mass is geostationary -- when you get off at geostationary altitude, you and the elevator already have all the lateral velocity you need.
If I had to hazard a guess, I'd say that the ribbon would end up in a (roughly) catenary shape, so pulling along it imparts both radial and circumfirential velocity, without the need to "push off" sideways from the ribbon.
It's not even the quantity, it's the fact that we haven't been able to assemble macroscopic quantities of them that have anything like the strength of a single nanotube. Weave them at all, and you end up with lateral forces that tear them apart. The highest quality nanotube sheets to date ... are still far from the >100 GPa needed for a space elevator.
And that's not the only unobtanium he's smoking, either. Notice the nonchalant reference to 3He providing power. How much has been spent on fusion power? And how much of that was for 3He instead of 2H-3H? But, yeah, it'll be there as a side-effect of the $6 billion price tag on the elevator.
No. As others have pointed out, Cyrillic 'X' is not used as an equivalent to English 'H'. Trying to pronounce it as 'H' is probably the single most obvious sign of a native English speaker with bad pronuciation. The 'G' sound is routinely used in place of 'H' in foreign words.
Like the Greek hero Gerkules.
No, really. Look it up.
So, yeah, it comes out sounding funny, but transliteration is a mess anyway, and the sort of marketing types who get wigged out about branding and name recognition and such deserve to be made to look silly from time to time. Like the ultra-plural Dunkin Donuts ended up with because they weren't willing to drop the 's'...
I want badly to believe that IHBT, but...
Everybody keeps saying that, and is totally missing the point. Those headphones cancel periodic noise (engines, slipstream, etc.), not more complex waveforms like voice. The absence of background noise would actually make it easier to hear obnoxious cell phone conversations.
Call be paranoid, but that's quite a few figures there without citations :)
Regardless...
Wrong distance. Bandwidth, in this context, is the amount of data crossing any given plane per unit time. Start the clock when the nose of the 747 breaks the plane, and stop it when the tail passes. At 900 km/h, 70.5m (according to some KLM affiliate) is about 0.28s
Consider that the freight version accomodates 110 metric tons of cargo, and you're looking 20.2 PB. In 0.28s, that's 71.6 PB/s, which is rather beyond impressive.
I'll leave the volume of 4.3 million DVDs as an exercise for the reader...
I can't help but think this is nearly as poor a design as the three sea shells...
I can see the ad campaign now...
Like that stupid Cheerios ad except instead of some middle-aged sad sack saying "I lowered my cholesterol," it would be a bunch of hopeless geeks running around muttering "cat /proc/cpuinfo".
I know I would :)
IHBT, but I've been on the front lines of this whole offshore development thing for a while now, and I'm willing to take just about any opportunity to vent about it...
That's entirely possible, given that 100 people is one part in ten million of their population. My ego isn't quite huge enough to believe that I'm that good. But I will go out on a limb and claim that you'd spend a hell of a lot more time than it's worth looking before you found them.
But I'm pretty good. Maybe even better than a hundred randomly selected Indian developers, but I don't need to be that much better to justify my job.
<rant>The salaries will be, at the very least, a tenth of mine, and probably closer to a quarter. But that's before overhead like flying people back and forth in a vain effort to retain some semblance of order. That's before the added cost of having somebody sane and responsible back here having to spend their time babysitting.
I don't have any hard numbers for this, but let's say that, between base salary and overhead, the cost of an Indian developer is a third of my cost.
Still sound like a good idea?
Maybe, but there's more. I interviewed, as did the other local developers. It gives us a way (to be sure, not a foolproof way, but, still, a way) to weed out the really low-grade folks. If all they're going to be is a source of billable hours, how worried do you think some outsourcing company is going to be about maximizing a given employee's productivity?
So, in a fairly real sense, what you're likely to get really is a random sampling of programmers. How many applicants does a company generally interview for each developer position? How's that 3-to-1 for a developer you really can't vet looking now?
And, yeah, you could, in principle, move around from one outsourcing company to another until you find one you like, but that means sinking the costs of training and acclimating new developers into your environment over and over again.
</rant>Replacing me (and not just replacing my HR data) with developers in India would be really expensive. The fact that I sound like a union rep from the UAW circa 1985 doesn't make it any less true.
Bah, expensive overkill. Leapfrog and vertical guidance was just as effective and much cheaper :)
And, if you really wanted to show off, lazyboy could be used to drop hot napalm inside some poor bastard's shields, if you did it just right...
Sure, both this and supercavitation are cool, but they aren't going to play well together. The whole point of supercavitation is that it keeps (liquid) water away from the hull. This guy pretty much needs to inhale as much water as it can get.
You might be able to get away with mounting a ring of jets around the hull near the aft along with (or in place of) the control surfaces, but I'm guessing you'd still get into trouble with the extra turbulence.
For what it's worth, a torque converter can actually be helpful in a torque-challenged car, since the converter actually delivers more torque when the engine is moving faster than the tires. You begin to lose out when you get up to speed, but (at least as of mid-50s american steel), from a stop, you actually end up with twice the nominal torque at the back wheels. That's (one of) the reasons that, in this day and age of five-speed manuals everywhere, many automatics are still three-speed.
Of course, manuals are just a lot more fun, but in an appropriately ponderous old american boat, a slushbox isn't entirely without merit :)