It's well written, and has lots of examples of exactly how this vulnerability can be exploited. In short, I could probably sit down and in a single afternoon, write a set of scripts for a webserver and DNS server, post it on a $30/month "virtual host" server, and take out an ad for $100, and end up with a powerful DDOS attack on my host of choice.
All done in less than 24 hours.
Screw the "cyber-terrorists" in Russia, this is REALLY BIG, and is one of many REALLY BIG problems that can be exploited! And the fact that we're here, reading and posting here, is demonstration of the fact that the many vulnerabilities of the Internet are NOT being exploited to anything like their real potential...
So think about it: while we here at Slashdork might know as many as a dozen exploitable vulnerabilities like this one that would be nearly impossible to close, how many of us have actually DONE any of these?
And that, folks, is why security will NEVER be 100% technical, and there will always be a social mechanism involved - there really is an amazing amount of security in simply knowing that if you do, really bad stuff could really happen to you.
Not will happen, not even likely to happen. Just could happen is enough.
Besides, there's a funny paradox at work here: those who have the skills to pull off an attack like this also have the skills to earn an income that's legitimate, without all the risks. I'm tempted from time to time to make use of my skills in a bad way when I think about how easy it is for me to wreak havoc - but the risks of doing so have always stopped me far short. I enjoy my day job, since its nature is fundamentally altruistic. So I'm harmless.
As a case in point, I was chatting with my flight instructor and a staff member at the local FBO (an airport for small planes) and the staff member mentioned something about an annoying ex-boyfriend who kept calling her.
Without thinking, I mentioned the possibility of writing a quick script to send him 100,000 text messages that would say "Leave me the freak alone!". I imagined a two-line script that would take all of about 10 seconds to write, and I could use the hotspot at the FBO to do it.
100,000 isn't even a particularly big number for me - I routinely deal with datasets in the millions of records - so it didn't really occur to me right away what a blow that would be. But 100,000 times 5 cents adds up to $5,000 worth of text messages! And I'm sure that his cell company would limit the number of messages to be sent, but it's pretty certain that quite a few WOULD get through.
It was surprising to me what a staggering blow this would be. I was actually a bit embarrassed at having mentioned it.
Don't underestimate the power of social mechanisms to ensure our security!
Some vendor comes up with an implausible-sounding "weapon" based on what is little more than a glorified LED flashlight, now available online for about $20. They describe how it's a "non-lethal weapon", and need bajillions of BUXORZ to "ensure adequate performance".
Forgive me if I'm a bit the skeptic... but what really makes we want to puke about this is just what an incredibly OBVIOUS waste of money this is! How much money are we going to pay to have somebody put together a blinky-circuit and some $0.05 LED lights together with a soldering iron to make a flashlight to let their kids play with?
Perhaps the most dazzling display of 'tardedness I've seen this month!
OHZZ NOES! THEY ST0RM TRUOPORZ COMING WITH DE LITES!@!!@!@!@# CLOSE YER EYEZ!!!
I always put this thought experiment before people: If you had a spaceship that could instantly take you to anywhere in the universe, where would you go?
Sure, you'd probably drop by a few nebulae and stars and even planets, but after you've seen a few, where to then? You could travel to other planets for lifetimes and still not run across intelligent life on other planets. It's not that truly interesting things aren't out there, it's just that the universe isn't very conducive to producing life-bearing planets.
This is truly an interesting thought-experiment, and one that I'll use in the future. But there's a fundamental problem that comes up anytime you try to antipate either not-yet understood knowledge or beyond-self intelligence - our inherent inability to comment on either.
This results in an interesting negative pattern that's hard to grasp, but after some thought makes perfect sense - people are amazingly bad at evaluating what they don't know.
I wish I could find the reference, but there was a study in England (if I recall correctly) where people were asked to evaluate their own skill level in several, technically proficient areas. And then, they were given tests to identify their actual skill level. And the result was really quite startling: The people who did best on the proficiency tests tended to evaluate themselves as performing the poorest, until the very best of best. And even those who scored highest on the proficiency test rated themselves as less competent than those who score the very worst on proficency.
To put it briefly, the better you think you are at something, the worse you likely are at it.
And this reveals an interesting shortcoming in humanity - our unique inability to guage knowledge/skills outside our personal experience. We really have no effective way to estimate the amount information in areas outside our personal past experience. So in your thought experiment, we imagine seeing the crab nebula up close, as a brighter, sharper, higher-resolution picture of the crab nebula we already know. But since we aren't actually there, we have no idea what we'd actually see there with this newfound resolution, what new, interesting, or exciting developments may exist that we simply can't see. So what we imagine is a higher-detailed picture of the same-old same-old, failing to account for information currently missing. And thus, we utterly fail to picture what is REALLY there, and so your thought experiment consistently fails to deliver what it pretends to - an estimation of what the actual value of an "instant-travel spaceship" could actually be.
Further complicating matters is that we don't have spaceships that can instantly take us anywhere in the universe, and according to the laws of physics as we know them, it's likely that other intelligent beings don't either. Maybe they have travelled lifetimes and they just haven't run across us yet.
Never underestimate the power of the technology singularity. We are advancing faster every year, and the rate at which our advancement advances also climbs year after year. We are fast developing exo-biological intelligence, and the pattern of our civilization will very soon zip right past the limitations of biological growth.
Plants and trees convert sunlight to usable energy at a very poor efficiency - somewhere around 2%. Solar panels today work at upwards of 18%, and there's no reason to see that trend falter as production costs continue to drop while demand continues to climb. We are in the middle of a watershed event that is just as dramatic and just as devastating as the conversion to photosynthesis and oxygen about 3 billion years ago.
So be patient, my fellow humans, it may take a few million (or even billion) more years. After all, it's more than just a trip down the road to the chem
But on the other hand, you can also create a lot of jobs by simply throwing rocks at windows and breaking them.
In any economy, there are basically two kinds of jobs:
A) Those that create wealth.
B) Those that consume wealth.
The former are jobs that enable economy to happen in the first place. These are the engineers, the sales clerks, stock boys, programmers, manufacturers, waiters, nannies/housecleaners, and (yes!) marketers. They take something of whatever value, and ADD value to it, making the end result more valuable. Somebody's life is made better as a result. The more of these kinds of "enabling" jobs you can create, the better life is for everybody.
The latter are jobs that take something and give nothing or negative value in return. These are the tort lawyers, prostitutes, lobbyists, drug dealers, anti-virus companies, police, government pencil-pushers, code enforcement officers, tax accountants, etc. At their very best, people occupying these positions mitigate a destructive problem. It may be that they are necessary in response to reality, but the fewer of these positions a society can get away with without the the problems of reality getting out of hand, the better. At their very worst, these "parasitic" positions work directly or indirectly against the health and well-being of society.
By being (IMHO illegally) dominant with a sub-standard product, Microsoft presents a massive parasitic economy. It's equivalent to the IRS in the United States. A booming economy consisting of antivirus, security, backup, utility, and other vendors who economically function much like an "enabler" functions to an alcoholic spouse. Simply by existing, anti-virus vendors not only allow Microsoft to ignore best practices in software, they actually now almost force Microsoft to NEVER FIX the problems that make viruses run rampant!
This hurts everybody, and only benefits the almost mob-like activity of the antivirus vendors. (pay us your "protection money"...)
Yes, I understand that there are certainly dissenting opinions here. But (IMHO) the thing that most Slash-bots complain about is that Microsoft will
A) Pick a feature that's dumb. (like embed a scripting language into an image format, or give a spreadsheet scripting language access to the filesystem)
B) Choose to preserve the dumb feature in spite of known security problems.
C) Treat the resulting backlash as a "PR issue" rather than a technical one.
D) Sometimes, if the backlash gets bad enough, they'll hack in security restrictions in response to specific known implementations that take advantage of the vulnerability rather than fix the vulnerability. EG: fixes that look for a XXX worm trace, rather than fix the thing that XXX worm exploits. (See anti-virus)
Apple is doing the right thing, here, folks! It may or may not be that the feature mentioned is analogous to (A) above. Either way, Apple is chosing security over features, even though features are important.
That's an agreement between you and eBay, presubambly, not you and the bidders.
Have you read the agreement yourself? Sounds like either you have not read the agreement, or.... (moron?) I'm hoping and praying, in the name of intellectual discussion, that it's the first. It's probably clear by the end of very first sentence, which reads:
When a seller lists an item on eBay, and a buyer bids for and wins that item, the seller and buyer have entered into a contract.
I think it's unhealthy to ever assume that a wireless connection will be secure.
A few days ago my business partners and I were in some podunk town not far from Sacramento for a demonstration. The morning demonstration went well, but the potential customer was cool to buying, and so was kind of short. So there we were, all three of us, in some foreign town around lunch time. We found an ice cream shop that served sandwiches and had a wifi hotspot.
So we whipped out our laptops, took over a table, ordered some ice cream and sandwiches, and spent the afternoon at the ice cream shop. At one point, we all noticed that we were all sitting there, just as productive as if we were in the office. It was fun! And, since I've made it policy to ALWAYS enable SSL when it was possible and/or relevant, security was excellent.
We were sharing files on the company file server. (WebDAV over SSL, with a strong password on a non-standard port. Quite secure - never bothered with NFS or SMB)
We were sending/recieving emails like crazy. (IMAPs with SSL - again quite secure)
We were accessing our web-based company application. (https/SSL encrypted, of course!)
Our company network has NO shared resources that aren't also available from the Internet, and every single connection assumes encryption. Our backups are performed off-site and are encrypted. (rsync over SSH)
Welcome to the brave new world! (It was possible in 1997 or so, I think)
These "routers" (which, sometimes, aren't routers at all, and, which, very rarely, are ever used for that purpose if they do have routing functionality) don't provide "DSL+NAT+HUB." Very few of them have built-in DSL modems, and almost none of them use hubs, so far as I know.
I'd suggest crawling out of your mother's basement and actually (gasp!) going into one of the major retail vendors, EG: Office Max/Office Depot/Circuit City/Worst Buy/etc. While not ALL "routers" offer DSL, many do, and I've not seen any particular price difference.
Really! It'd do you good, and some sunlight might be good for the pale skin. Also, you'd get a chance to talk to those mobile carbon units called "people"...
The big difference between a bar and eBay is that the contract is agreed to by both parties as soon as the auction begins.
Your post is a bit confusing so you may already agree with me. But, at stake is whether or not an auction is binding even though money has not changed hands. If I bid on an item at eBay, am I entitled to the item even though the potential seller no longer wants to sell it?
It would take a moron to read eBay's seller agreement as otherwise. If you list an item on eBay, you'd better be ready to sell it under the terms of the agreement.
Hooray for Australia to uphold centuries-old contract law!
Scientists theorize that humans and monkeys may actually be related. This bold theory, which flies into the accepted reality of intelligent design, and has held true since and through the inquisition, has challenged people to think for themselves and maybe even change the channel on late night television.
"I don't know if you could say that it is actually true, since that would imply some kind of verification, like, eh, the Scientific Process, but it is an interesting theory" Said Hu Flung Pu, in response to an unrelated question.
Other theories include the idea that George W. Bush is actually a lizard man from the planet Betelguese, and the idea that if enough people think happy thoughts, Tom Cruise might renounce Scientology.
The KDE developers have been reminding people that KDE4 is not KDE 4.0. KDE 4.0 will be the first release in the KDE4 series. All the promised features won't be there in the initial version, and some of them will have to wait until KDE 4.1 or KDE 4.2. It never hurts to remind this, for all the people who have very high expectations.
Yes folks! Brought to you by the same guys who brought us USB "High Speed" and USB "Full Speed", as well as the single-core "Core2" chip, not to be confused with the "Core2 Duo" chip, which actually is dual-core. (It's obvious - you have to look for TWO words that mean two before you actually get TWO. Sort of a "2+2=2, for extremely low values of 2" kinda thang)
Given this scenario, most people would call it "KDE 4.0 Pre" or "KDE 4.0 alpha" or something like that... but that would make SENSE so let's not confuse the issue, shall we? This is KDE4, but it's NOT KDE 4.
Challenge: 2 bln people in the relatively civilized world have, or will have in the near future, serveral of these items:
- Home computer
- Work computer
- Laptop (private or work)
- Cellphone(s)
- Net connected appliances (TiVo, net music players, IP phones, home surveillance, alarms)
Each ideally needs its own address, and it's not hard to see how 4 bln addresses will be used up.
NONE of these appliances require a public IP address. Let's break it down, shall we?
1) Home computer - What makes you think this requires a public IP address? Go to your local tech store and you'll find lots of "home routers" that provide DSL+NAT+HUB for $39. Somehow, having as many as 128 computers connected behind a single IP works fine, and there's no particular reason why that single IP must itself be public.
2) Work computer - same as Home computer above, only doubly so, since a work computer often has financial and/or sensitive information.
3) Laptop (private or work) - laptops get whatever IP that they can access at the hotel, board room, public hotspot, etc. It's rarely public, and since you can never assume a public IP, there's no value in a public IP anyway.
4) Cellphone(s) - why would this need an IP at all? So you can "look at dar EntarWeb!(TM)" ???". Cellphones use a proprietary packet system (EG: CDMA) that does not need to directly match an IP address in any form.
5) Net connected appliances (TiVo, net music players, IP phones, home surveillance, alarms) - TiVo is for the home, and would use private NAT IP. Music players PLAY music, and thus have no need for a public IP. Home surveillance cameras typically upload their pictures to a server, and thus have no need for a public IP. Alarms work just like home surveillance cameras.
But, what I find most interesting is that you don't mention the single case where a public-routable IP address is actually most important - SERVERS!!!
Servers must be seen. They are accessed from XYZ connections and IPs through whatever layers of NAT and so on. They are the gateway through which all other connections depend. And the case that we'll have more than 2 BILLION servers is a very hard one to make. ALL of the aforementioned consumer devices can be accessed with port forwarding through a server if direct access is needed. And with port forwarding, you have (2 BILLION * 65535) TCP connections possible - a very, very, very large number.
Is IPV4 limited? Yes. Will the cost of those limitations be exceeded by the cost of replacing IPV4. Not anytime soon, I'm afraid. So go pound sand.
Finally, it is common for programmers to try to avoid a subset of the problems in an area because it gives them the ability to write something "correct." Certainly a very satisfying experience for a programmer. However, that is exactly why it can be a bad idea to let a programmer rewrite a messy module. Very soon you can find the users of that module asking why a laundry list of things don't work anymore and an idealist developer trying to argue that they shouldn't... And it is exactly those idealists that like to rewrite working code. As a software engineer primarily responsible for a large development codebase, I'm going to argue with you.... There is NEVER a good reason for messy code.
In every case that I've ever seen, messy code is a sign of any or all of these following:
A) Problem is not well understood or thought out.
B) Solution inadequately engineered for the problem.
C) Programmer hiding ignorance and/or incompetence.
D) Evidence of "thrashing" - missing something fundamental in how something works or is supposed to work.
And I say this despite the fact that I wrote the majority of the code I oversee. If you pay to have "messy" code rewritten and the rewritten result doesn't do as well as the original, it's because the rewriter didn't understand the problem, or didn't understand his/her tools. When code is well written, it will solve problems not even anticipated by the designer, simply by being properly segmented, layered, and well laid out! New features will be *easy* to add, bugs will be immediately apparent.
As you will find with most people at SlashDot, you may be your parent's computer genius, but you can easily find yourself out of your league here quickly.
Really? On Slashdot? I tend to find myself perpetually surprised at the level of idiocy and stupidity displayed here. What keeps me coming back is that at least it's entertaining!
That is like saying Germany should have recounted all the construction, development and wealth of the Hitler era. If you drive on any part of the autobahn constructed during his reign, then clearly you must be a nazi, right?
I where you're going with the bad car analogy, but you didn't take it far enough. What difference does it make if I drive on the Autobahn in a VW Bug vs. a Ferrari? What about a hay truck?
why allow what would be "just" a hardware theft with use of encryption turn into a hardware, data, and possibly identity theft? There's more sense to this than many people might realize. One of my software products tracks personal student information. Because of the potentially sensitive nature of student information, the product uses a file format that's been encrypted with libmcrypt, providing strong encryption. The product is also password-protected, so you can't use it without a program-level login and password as well as appropriate operating-system level permissions.
Thus, if one of the users of the system loses their laptop or it gets stolen, that fact does not, in and of itself, connote any particular breach of information security - and this is a fact that we clearly make during our sales pitch. And this pitch works, too!
Encryption is not a bad thing, any more than a hammer is. Use it where it's wise to do so, and fight it where it hurts. (EG: DRM)
Honestly - why does ANYONE use backup systems that aren't encrypted?
Linksys is a great nationwide wireless ISP, but their reliability often suffers. For example, when I try to access the linksys network from my home, I get something like this:
[grunt@turing ~]$ ping slashdot.org PING slashdot.org (66.35.250.151) 56(84) bytes of data. From 192.168.1.1 icmp_seq=1 Destination Host Unreachable From 192.168.1.1 icmp_seq=2 Destination Host Unreachable From 192.168.1.1 icmp_seq=3 Destination Host Unreachable From 192.168.1.1 icmp_seq=4 Destination Host Unreachable From 192.168.1.1 icmp_seq=6 Destination Host Unreachable From 192.168.1.1 icmp_seq=7 Destination Host Unreachable From 192.168.1.1 icmp_seq=8 Destination Host Unreachable
Not having a fax is not an indicator that you are a crappy outfit, it's simply an indicator that you started the company in the last 15 years, you know, after the Internet and email:)
Except that an E-Fax is all-but FREE and is 100% compliant with all that IntarWEB stuff too...
Our company fax is an E-Fax line sent to an email address with a MIME-parser behind it that strips out the fax and saves it as both a TIFF and a PDF on a database-driven, password-protected website.
Upshot? We can all get faxes from anywhere via the Internet on the super-duper-cheap without tying up an actual phone line, and still receive those oh-so-important orders, and we never lose a fax. No fax line at all strongly implies illegitimacy...
With OLPC, there will be more computers out there than ever before. Many of these laptops will be used to create wealth, some of which will be used to buy "normal" laptops that are faster. This, in turn, will push the upper end of chip development towards faster and cheaper.
Put another way: There are BAZILLIONS of cheap, ARM-based CPUs out there running everything from microwaves to kiddie toys. Have they put an end to Moore's law?
What actually MIGHT put an end to Moore's law is the actual quantum limits to computation. And we *will* hit those limits if we don't blow ourselves up first. But that's a ways off, and we may find some way past those limits as well. (EG: using other, N-dimensional space or something exotic that we can't even imagine yet)
To the best of my understanding, civilian flight-control RADAR isn't an "active" system. It doesn't put out a whole lot of power and look for reflections, like a military system does. It's just a receive-only system, which listens to the signals being transmitted by the planes' transponders. If a plane changes its transponder code, it effectively "becomes" a different flight (with everything that entails: the ATC would think that it's a different type of plane, etc.). Short of going and looking up in the air, there's really nothing to prevent that, aside from whatever anti-tampering provisions the transponders themselves have.
Your understanding is only partly right.
Especially near large airports (EG: San Fransisco, LAX, etc) in what's called "Class B" or "Class C" (verbally, Bravo and Charlie) airspace, they definitely have active RADAR and plane sequencing. Your plane is not required to broadcast anything (other than the verbal microphone) for them to know that you are there. However, to enter these airspaces, you have to have something called a transponder, called "Mode C" which broadcasts your altitude.
Here's how the sequence works:
1) Pilot announces to the controlled airspace his call sign, type of plane, and intent BEFORE entering the controlled (Bravo or Charlie) airspace.
2) Air traffic control acknowledges the communication, grants permission to enter the airspace (if needed) and tells the pilot to "squack" {some 4 digit number}
3) Pilot enters 4 digit code into the transponder, which broadcasts the code along with the indicated altitude of the plane. Thereafter, ATC knows where you are and pretty accurately what altitude you are at.
However, they also know what transponder code you were just using - so if you were to switch to something else, they'd know roughly where you were and they'd know that you did it. But they don't know what plane you are in, or even what kind of plane you're in other than what you announce.
And there are many facets of aviation that honestly strike me as insecure. For example, it takes a simple hand-held radio to effectively disable radio communication merely by continuously broadcasting. It's called "stepping on" other radio communication, and the effect usually sounds like a nasty squeal.
But then, too, the air traffic system is designed to let pilots do what they want, more like a public highway is for cars. What's to stop you from changing your license plate but a screw driver? Aviation really isn't much different - the whole point of the nation's system of airports and traffic control is to facilitate aviation, not to restrict it.
All that said, I'm wary of the GPS-based system being proposed. If the GPS units effectively replaced the transponder, then I'm good with that. That's a move that makes good sense and doesn't overall jeopardize safety.
I replace my laptops every 2-3 years, and I still have to replace hinges. I'm not nice to my laptops - they are used in my lap, on a reclining chair, at work, in my travel bag, at Starbucks, and I don't type gently.
So I *ALWAYS* buy a Dell with the "super-duper-extra, we-don't-care-whose-fault-it-was" warrantee that would cover my laptop if I were to accidently run it over with an SUV, wash it through a dishwasher or drop it over the side of a boat into the ocean as long as I can recover it....
And, I've always come out ahead on the deal...
PS: and for those times when I have to ship it back, Fedora Core Linux does an awfully good job letting me plug the HDD into a cheap-o desktop computer so that I can still do some work (with limited mobility) while they get it fixed and back to me on a 3-day turnaround.
Sorry, I'm failing to see why sending snail mail spam is ok, but email and SMS spam, unsolicited telephone marketting, etc are bad. On the surface, they are the same. But the key difference is this: the $0.41. By its very definition, the product being pitched has to have enough desirability to be marketable with a per-impression cost of $0.41.
Compare that with spam pump-n-dump / p3n1z pi11z emails which offer products of no or negative value which are only profitable at the expense of the gross majority of recipients.
The former by definition are almost always "legitimate" businesses, while a large percentage of the latter are actually illegal.
I feel like we're playing tennis, and I've only just noticed your aren't holding a racket. Were we playing tennis? I thought I'd mentioned "economics" a few times....
if you want to make billions, you need a monopoly, oligopoly or cartel. You mean like Apple did with their iPod? Because they've sold zillions of them, and of course, there was no anyothercompetitionout there, was there?
But you will never be rich if you have any significant competition. Which is just silly. But hey, don't take it from me, a mere CIO of a million-dollar startup software company growing at about 70% annually. Shucks, my word probably doesn't mean a gosh-blessed thing. Why not listen to somebody who is really rich like Paul Graham?
Personally, I think these are just excuses you use to make it ok to not get rich, even though you'd like to be. It does take hard work, dedication, close attention, and more than just a few hard knocks. But I can assure you, it's way more fun when you let go of the excuses!
Slashdot Mirror
Did you read the abstract?
It's well written, and has lots of examples of exactly how this vulnerability can be exploited. In short, I could probably sit down and in a single afternoon, write a set of scripts for a webserver and DNS server, post it on a $30/month "virtual host" server, and take out an ad for $100, and end up with a powerful DDOS attack on my host of choice.
All done in less than 24 hours.
Screw the "cyber-terrorists" in Russia, this is REALLY BIG, and is one of many REALLY BIG problems that can be exploited! And the fact that we're here, reading and posting here, is demonstration of the fact that the many vulnerabilities of the Internet are NOT being exploited to anything like their real potential...
So think about it: while we here at Slashdork might know as many as a dozen exploitable vulnerabilities like this one that would be nearly impossible to close, how many of us have actually DONE any of these?
And that, folks, is why security will NEVER be 100% technical, and there will always be a social mechanism involved - there really is an amazing amount of security in simply knowing that if you do, really bad stuff could really happen to you.
Not will happen, not even likely to happen. Just could happen is enough.
Besides, there's a funny paradox at work here: those who have the skills to pull off an attack like this also have the skills to earn an income that's legitimate, without all the risks. I'm tempted from time to time to make use of my skills in a bad way when I think about how easy it is for me to wreak havoc - but the risks of doing so have always stopped me far short. I enjoy my day job, since its nature is fundamentally altruistic. So I'm harmless.
As a case in point, I was chatting with my flight instructor and a staff member at the local FBO (an airport for small planes) and the staff member mentioned something about an annoying ex-boyfriend who kept calling her.
Without thinking, I mentioned the possibility of writing a quick script to send him 100,000 text messages that would say "Leave me the freak alone!". I imagined a two-line script that would take all of about 10 seconds to write, and I could use the hotspot at the FBO to do it.
100,000 isn't even a particularly big number for me - I routinely deal with datasets in the millions of records - so it didn't really occur to me right away what a blow that would be. But 100,000 times 5 cents adds up to $5,000 worth of text messages! And I'm sure that his cell company would limit the number of messages to be sent, but it's pretty certain that quite a few WOULD get through.
It was surprising to me what a staggering blow this would be. I was actually a bit embarrassed at having mentioned it.
Don't underestimate the power of social mechanisms to ensure our security!
So, let me get this straight...
Some vendor comes up with an implausible-sounding "weapon" based on what is little more than a glorified LED flashlight, now available online for about $20. They describe how it's a "non-lethal weapon", and need bajillions of BUXORZ to "ensure adequate performance".
Forgive me if I'm a bit the skeptic... but what really makes we want to puke about this is just what an incredibly OBVIOUS waste of money this is! How much money are we going to pay to have somebody put together a blinky-circuit and some $0.05 LED lights together with a soldering iron to make a flashlight to let their kids play with?
Perhaps the most dazzling display of 'tardedness I've seen this month!
OHZZ NOES! THEY ST0RM TRUOPORZ COMING WITH DE LITES!@!!@!@!@# CLOSE YER EYEZ!!!
sigh...
I hereby theorize that cramming peanuts into your arsehole will cause levitation.
Well, I tested your theory, three times.
And I've documented the effects, three times.
I got the same results every time.
No levitation, but I won't be able to sit down for a week.
Sure, you'd probably drop by a few nebulae and stars and even planets, but after you've seen a few, where to then? You could travel to other planets for lifetimes and still not run across intelligent life on other planets. It's not that truly interesting things aren't out there, it's just that the universe isn't very conducive to producing life-bearing planets.
This is truly an interesting thought-experiment, and one that I'll use in the future. But there's a fundamental problem that comes up anytime you try to antipate either not-yet understood knowledge or beyond-self intelligence - our inherent inability to comment on either.
This results in an interesting negative pattern that's hard to grasp, but after some thought makes perfect sense - people are amazingly bad at evaluating what they don't know.
I wish I could find the reference, but there was a study in England (if I recall correctly) where people were asked to evaluate their own skill level in several, technically proficient areas. And then, they were given tests to identify their actual skill level. And the result was really quite startling: The people who did best on the proficiency tests tended to evaluate themselves as performing the poorest, until the very best of best. And even those who scored highest on the proficiency test rated themselves as less competent than those who score the very worst on proficency.
To put it briefly, the better you think you are at something, the worse you likely are at it.
And this reveals an interesting shortcoming in humanity - our unique inability to guage knowledge/skills outside our personal experience. We really have no effective way to estimate the amount information in areas outside our personal past experience. So in your thought experiment, we imagine seeing the crab nebula up close, as a brighter, sharper, higher-resolution picture of the crab nebula we already know. But since we aren't actually there, we have no idea what we'd actually see there with this newfound resolution, what new, interesting, or exciting developments may exist that we simply can't see. So what we imagine is a higher-detailed picture of the same-old same-old, failing to account for information currently missing. And thus, we utterly fail to picture what is REALLY there, and so your thought experiment consistently fails to deliver what it pretends to - an estimation of what the actual value of an "instant-travel spaceship" could actually be.
Further complicating matters is that we don't have spaceships that can instantly take us anywhere in the universe, and according to the laws of physics as we know them, it's likely that other intelligent beings don't either. Maybe they have travelled lifetimes and they just haven't run across us yet.
Never underestimate the power of the technology singularity. We are advancing faster every year, and the rate at which our advancement advances also climbs year after year. We are fast developing exo-biological intelligence, and the pattern of our civilization will very soon zip right past the limitations of biological growth.
Plants and trees convert sunlight to usable energy at a very poor efficiency - somewhere around 2%. Solar panels today work at upwards of 18%, and there's no reason to see that trend falter as production costs continue to drop while demand continues to climb. We are in the middle of a watershed event that is just as dramatic and just as devastating as the conversion to photosynthesis and oxygen about 3 billion years ago.
So be patient, my fellow humans, it may take a few million (or even billion) more years. After all, it's more than just a trip down the road to the chem
But on the other hand, you can also create a lot of jobs by simply throwing rocks at windows and breaking them.
In any economy, there are basically two kinds of jobs:
A) Those that create wealth.
B) Those that consume wealth.
The former are jobs that enable economy to happen in the first place. These are the engineers, the sales clerks, stock boys, programmers, manufacturers, waiters, nannies/housecleaners, and (yes!) marketers. They take something of whatever value, and ADD value to it, making the end result more valuable. Somebody's life is made better as a result. The more of these kinds of "enabling" jobs you can create, the better life is for everybody.
The latter are jobs that take something and give nothing or negative value in return. These are the tort lawyers, prostitutes, lobbyists, drug dealers, anti-virus companies, police, government pencil-pushers, code enforcement officers, tax accountants, etc. At their very best, people occupying these positions mitigate a destructive problem. It may be that they are necessary in response to reality, but the fewer of these positions a society can get away with without the the problems of reality getting out of hand, the better. At their very worst, these "parasitic" positions work directly or indirectly against the health and well-being of society.
By being (IMHO illegally) dominant with a sub-standard product, Microsoft presents a massive parasitic economy. It's equivalent to the IRS in the United States. A booming economy consisting of antivirus, security, backup, utility, and other vendors who economically function much like an "enabler" functions to an alcoholic spouse. Simply by existing, anti-virus vendors not only allow Microsoft to ignore best practices in software, they actually now almost force Microsoft to NEVER FIX the problems that make viruses run rampant!
This hurts everybody, and only benefits the almost mob-like activity of the antivirus vendors. (pay us your "protection money"...)
A) Pick a feature that's dumb. (like embed a scripting language into an image format, or give a spreadsheet scripting language access to the filesystem)
B) Choose to preserve the dumb feature in spite of known security problems.
C) Treat the resulting backlash as a "PR issue" rather than a technical one.
D) Sometimes, if the backlash gets bad enough, they'll hack in security restrictions in response to specific known implementations that take advantage of the vulnerability rather than fix the vulnerability. EG: fixes that look for a XXX worm trace, rather than fix the thing that XXX worm exploits. (See anti-virus)
Apple is doing the right thing, here, folks! It may or may not be that the feature mentioned is analogous to (A) above. Either way, Apple is chosing security over features, even though features are important.
Have you read the agreement yourself? Sounds like either you have not read the agreement, or.... (moron?) I'm hoping and praying, in the name of intellectual discussion, that it's the first. It's probably clear by the end of very first sentence, which reads: When a seller lists an item on eBay, and a buyer bids for and wins that item, the seller and buyer have entered into a contract.
I think it's unhealthy to ever assume that a wireless connection will be secure.
A few days ago my business partners and I were in some podunk town not far from Sacramento for a demonstration. The morning demonstration went well, but the potential customer was cool to buying, and so was kind of short. So there we were, all three of us, in some foreign town around lunch time. We found an ice cream shop that served sandwiches and had a wifi hotspot.
So we whipped out our laptops, took over a table, ordered some ice cream and sandwiches, and spent the afternoon at the ice cream shop. At one point, we all noticed that we were all sitting there, just as productive as if we were in the office. It was fun! And, since I've made it policy to ALWAYS enable SSL when it was possible and/or relevant, security was excellent.
We were sharing files on the company file server. (WebDAV over SSL, with a strong password on a non-standard port. Quite secure - never bothered with NFS or SMB)
We were sending/recieving emails like crazy. (IMAPs with SSL - again quite secure)
We were accessing our web-based company application. (https/SSL encrypted, of course!)
Our company network has NO shared resources that aren't also available from the Internet, and every single connection assumes encryption. Our backups are performed off-site and are encrypted. (rsync over SSH)
Welcome to the brave new world! (It was possible in 1997 or so, I think)
These "routers" (which, sometimes, aren't routers at all, and, which, very rarely, are ever used for that purpose if they do have routing functionality) don't provide "DSL+NAT+HUB." Very few of them have built-in DSL modems, and almost none of them use hubs, so far as I know.
I'd suggest crawling out of your mother's basement and actually (gasp!) going into one of the major retail vendors, EG: Office Max/Office Depot/Circuit City/Worst Buy/etc. While not ALL "routers" offer DSL, many do, and I've not seen any particular price difference.
Really! It'd do you good, and some sunlight might be good for the pale skin. Also, you'd get a chance to talk to those mobile carbon units called "people"...
Here let me fix that for you...
The big difference between a bar and eBay is that the contract is agreed to by both parties as soon as the auction begins.
Your post is a bit confusing so you may already agree with me. But, at stake is whether or not an auction is binding even though money has not changed hands. If I bid on an item at eBay, am I entitled to the item even though the potential seller no longer wants to sell it?
It would take a moron to read eBay's seller agreement as otherwise. If you list an item on eBay, you'd better be ready to sell it under the terms of the agreement.
Hooray for Australia to uphold centuries-old contract law!
In this case, it might be better to call it a "do not kill" switch.
/. is one of the forbidden...
Bwha ha ha ha ! That's actually funny!
But seriously, don't you wish that you could post a link to an image, like this one of ED 209 of Robo-cop lore...
Alas, when it comes to pics,
This just in...
Scientists theorize that humans and monkeys may actually be related. This bold theory, which flies into the accepted reality of intelligent design, and has held true since and through the inquisition, has challenged people to think for themselves and maybe even change the channel on late night television.
"I don't know if you could say that it is actually true, since that would imply some kind of verification, like, eh, the Scientific Process, but it is an interesting theory" Said Hu Flung Pu, in response to an unrelated question.
Other theories include the idea that George W. Bush is actually a lizard man from the planet Betelguese, and the idea that if enough people think happy thoughts, Tom Cruise might renounce Scientology.
The KDE developers have been reminding people that KDE4 is not KDE 4.0. KDE 4.0 will be the first release in the KDE4 series. All the promised features won't be there in the initial version, and some of them will have to wait until KDE 4.1 or KDE 4.2. It never hurts to remind this, for all the people who have very high expectations.
Yes folks! Brought to you by the same guys who brought us USB "High Speed" and USB "Full Speed", as well as the single-core "Core2" chip, not to be confused with the "Core2 Duo" chip, which actually is dual-core. (It's obvious - you have to look for TWO words that mean two before you actually get TWO. Sort of a "2+2=2, for extremely low values of 2" kinda thang)
Given this scenario, most people would call it "KDE 4.0 Pre" or "KDE 4.0 alpha" or something like that... but that would make SENSE so let's not confuse the issue, shall we? This is KDE4, but it's NOT KDE 4.
Or something.
Challenge: 2 bln people in the relatively civilized world have, or will have in the near future, serveral of these items:
- Home computer
- Work computer
- Laptop (private or work)
- Cellphone(s)
- Net connected appliances (TiVo, net music players, IP phones, home surveillance, alarms)
Each ideally needs its own address, and it's not hard to see how 4 bln addresses will be used up.
NONE of these appliances require a public IP address. Let's break it down, shall we?
1) Home computer - What makes you think this requires a public IP address? Go to your local tech store and you'll find lots of "home routers" that provide DSL+NAT+HUB for $39. Somehow, having as many as 128 computers connected behind a single IP works fine, and there's no particular reason why that single IP must itself be public.
2) Work computer - same as Home computer above, only doubly so, since a work computer often has financial and/or sensitive information.
3) Laptop (private or work) - laptops get whatever IP that they can access at the hotel, board room, public hotspot, etc. It's rarely public, and since you can never assume a public IP, there's no value in a public IP anyway.
4) Cellphone(s) - why would this need an IP at all? So you can "look at dar EntarWeb!(TM)" ???". Cellphones use a proprietary packet system (EG: CDMA) that does not need to directly match an IP address in any form.
5) Net connected appliances (TiVo, net music players, IP phones, home surveillance, alarms) - TiVo is for the home, and would use private NAT IP. Music players PLAY music, and thus have no need for a public IP. Home surveillance cameras typically upload their pictures to a server, and thus have no need for a public IP. Alarms work just like home surveillance cameras.
But, what I find most interesting is that you don't mention the single case where a public-routable IP address is actually most important - SERVERS!!!
Servers must be seen. They are accessed from XYZ connections and IPs through whatever layers of NAT and so on. They are the gateway through which all other connections depend. And the case that we'll have more than 2 BILLION servers is a very hard one to make. ALL of the aforementioned consumer devices can be accessed with port forwarding through a server if direct access is needed. And with port forwarding, you have (2 BILLION * 65535) TCP connections possible - a very, very, very large number.
Is IPV4 limited? Yes. Will the cost of those limitations be exceeded by the cost of replacing IPV4. Not anytime soon, I'm afraid. So go pound sand.
In every case that I've ever seen, messy code is a sign of any or all of these following:
A) Problem is not well understood or thought out.
B) Solution inadequately engineered for the problem.
C) Programmer hiding ignorance and/or incompetence.
D) Evidence of "thrashing" - missing something fundamental in how something works or is supposed to work.
And I say this despite the fact that I wrote the majority of the code I oversee. If you pay to have "messy" code rewritten and the rewritten result doesn't do as well as the original, it's because the rewriter didn't understand the problem, or didn't understand his/her tools. When code is well written, it will solve problems not even anticipated by the designer, simply by being properly segmented, layered, and well laid out! New features will be *easy* to add, bugs will be immediately apparent.
As you will find with most people at SlashDot, you may be your parent's computer genius, but you can easily find yourself out of your league here quickly.
Really? On Slashdot? I tend to find myself perpetually surprised at the level of idiocy and stupidity displayed here. What keeps me coming back is that at least it's entertaining!
Here's a hint: Try browsing at -1...
That is like saying Germany should have recounted all the construction, development and wealth of the Hitler era. If you drive on any part of the autobahn constructed during his reign, then clearly you must be a nazi, right?
I where you're going with the bad car analogy, but you didn't take it far enough. What difference does it make if I drive on the Autobahn in a VW Bug vs. a Ferrari? What about a hay truck?
And what about body rust?
Thus, if one of the users of the system loses their laptop or it gets stolen, that fact does not, in and of itself, connote any particular breach of information security - and this is a fact that we clearly make during our sales pitch. And this pitch works, too!
Encryption is not a bad thing, any more than a hammer is. Use it where it's wise to do so, and fight it where it hurts. (EG: DRM)
Honestly - why does ANYONE use backup systems that aren't encrypted?
Linksys is a great nationwide wireless ISP, but their reliability often suffers. For example, when I try to access the linksys network from my home, I get something like this:
[grunt@turing ~]$ ping slashdot.org
PING slashdot.org (66.35.250.151) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=2 Destination Host Unreachable
From 192.168.1.1 icmp_seq=3 Destination Host Unreachable
From 192.168.1.1 icmp_seq=4 Destination Host Unreachable
From 192.168.1.1 icmp_seq=6 Destination Host Unreachable
From 192.168.1.1 icmp_seq=7 Destination Host Unreachable
From 192.168.1.1 icmp_seq=8 Destination Host Unreachable
Stupid linksys admins!
Not having a fax is not an indicator that you are a crappy outfit, it's simply an indicator that you started the company in the last 15 years, you know, after the Internet and email:)
Except that an E-Fax is all-but FREE and is 100% compliant with all that IntarWEB stuff too...
Our company fax is an E-Fax line sent to an email address with a MIME-parser behind it that strips out the fax and saves it as both a TIFF and a PDF on a database-driven, password-protected website.
Upshot? We can all get faxes from anywhere via the Internet on the super-duper-cheap without tying up an actual phone line, and still receive those oh-so-important orders, and we never lose a fax. No fax line at all strongly implies illegitimacy...
With OLPC, there will be more computers out there than ever before. Many of these laptops will be used to create wealth, some of which will be used to buy "normal" laptops that are faster. This, in turn, will push the upper end of chip development towards faster and cheaper.
Put another way: There are BAZILLIONS of cheap, ARM-based CPUs out there running everything from microwaves to kiddie toys. Have they put an end to Moore's law?
What actually MIGHT put an end to Moore's law is the actual quantum limits to computation. And we *will* hit those limits if we don't blow ourselves up first. But that's a ways off, and we may find some way past those limits as well. (EG: using other, N-dimensional space or something exotic that we can't even imagine yet)
To the best of my understanding, civilian flight-control RADAR isn't an "active" system. It doesn't put out a whole lot of power and look for reflections, like a military system does. It's just a receive-only system, which listens to the signals being transmitted by the planes' transponders. If a plane changes its transponder code, it effectively "becomes" a different flight (with everything that entails: the ATC would think that it's a different type of plane, etc.). Short of going and looking up in the air, there's really nothing to prevent that, aside from whatever anti-tampering provisions the transponders themselves have.
Your understanding is only partly right.
Especially near large airports (EG: San Fransisco, LAX, etc) in what's called "Class B" or "Class C" (verbally, Bravo and Charlie) airspace, they definitely have active RADAR and plane sequencing. Your plane is not required to broadcast anything (other than the verbal microphone) for them to know that you are there. However, to enter these airspaces, you have to have something called a transponder, called "Mode C" which broadcasts your altitude.
Here's how the sequence works:
1) Pilot announces to the controlled airspace his call sign, type of plane, and intent BEFORE entering the controlled (Bravo or Charlie) airspace.
2) Air traffic control acknowledges the communication, grants permission to enter the airspace (if needed) and tells the pilot to "squack" {some 4 digit number}
3) Pilot enters 4 digit code into the transponder, which broadcasts the code along with the indicated altitude of the plane. Thereafter, ATC knows where you are and pretty accurately what altitude you are at.
However, they also know what transponder code you were just using - so if you were to switch to something else, they'd know roughly where you were and they'd know that you did it. But they don't know what plane you are in, or even what kind of plane you're in other than what you announce.
And there are many facets of aviation that honestly strike me as insecure. For example, it takes a simple hand-held radio to effectively disable radio communication merely by continuously broadcasting. It's called "stepping on" other radio communication, and the effect usually sounds like a nasty squeal.
But then, too, the air traffic system is designed to let pilots do what they want, more like a public highway is for cars. What's to stop you from changing your license plate but a screw driver? Aviation really isn't much different - the whole point of the nation's system of airports and traffic control is to facilitate aviation, not to restrict it.
All that said, I'm wary of the GPS-based system being proposed. If the GPS units effectively replaced the transponder, then I'm good with that. That's a move that makes good sense and doesn't overall jeopardize safety.
I replace my laptops every 2-3 years, and I still have to replace hinges. I'm not nice to my laptops - they are used in my lap, on a reclining chair, at work, in my travel bag, at Starbucks, and I don't type gently.
So I *ALWAYS* buy a Dell with the "super-duper-extra, we-don't-care-whose-fault-it-was" warrantee that would cover my laptop if I were to accidently run it over with an SUV, wash it through a dishwasher or drop it over the side of a boat into the ocean as long as I can recover it....
And, I've always come out ahead on the deal...
PS: and for those times when I have to ship it back, Fedora Core Linux does an awfully good job letting me plug the HDD into a cheap-o desktop computer so that I can still do some work (with limited mobility) while they get it fixed and back to me on a 3-day turnaround.
Compare that with spam pump-n-dump / p3n1z pi11z emails which offer products of no or negative value which are only profitable at the expense of the gross majority of recipients.
The former by definition are almost always "legitimate" businesses, while a large percentage of the latter are actually illegal.
Personally, I think these are just excuses you use to make it ok to not get rich, even though you'd like to be. It does take hard work, dedication, close attention, and more than just a few hard knocks. But I can assure you, it's way more fun when you let go of the excuses!