You're argument is about water systems, which are by nature highly distributed. And I agree that an attack on the water in one city would be more like an inconvenience instead of a catastrophe. I know the systems are constructed to be somewhat redundant in case of a disaster. My city operates at least 14 wells and several water towers. We routinely have one or two down for maintenance, and still provide all the water required, but if we lost four or five wells or two tanks we'd barely have enough capacity remaining to fight fires.
But change that from a single attack on one city's water supply to a deliberate attack on a much more centralized system. Consider that there are only about 150 oil refineries in the U.S. Select a few in a geographically isolated area (look for an area cut off by the Rockies, for example), and consider what happens if we lose four or five of those simultaneously. There aren't enough spare tanker trucks to haul that much fuel to the affected areas. Do this in the dead of winter, and you've got a lot of people freezing in their homes. Or attack a few key nodes in the power grid in the middle of summer, and the elderly will perish due to heat. (Look for last week's news story where an old woman down south reported her central air compressor was stolen on one day, and she was found dead in her home the next due to heat stroke.)
While the attacker can perform penetration and reconnaissance on each plant at his leisure, he can schedule and synchronize the execution of the attacks using the same automation that operates the systems. For someone able to penetrate these systems, that part requires less than skript kiddie level talent.
Our current systems and infrastructure were designed and built with the capability to recover from accidents and failures. They were not designed nor built to withstand a deliberate attack created specifically to cause maximum damage simultaneously. And that's just what one shot in a cyberwar would look like. It won't be random destruction, it will be deliberately focused on a specific target. Perhaps take a couple more shots at the electrical grid, get a chemical plant to vent some toxins, and you've got a country that's destroying itself from within.
As you said, you'd probably respond by yanking all your systems offline as soon as the first attacks occur, and that's certainly appropriate. But then how are they going to be operated? Many of these infrastructure systems are remotely run today because they are operating remote equipment. There is no human capacity to have a technician to sit in and monitor every power substation, or every transformer or switch. There simply aren't enough people trained to be on-site technicians to respond to problems.
There's a reason the military formed the USCYBERCOM. They realized that computer security issues represent actual risks to our country. They may be new at this, they may be disorganized, they may not be very effective today, but they have certainly recognized the vulnerabilities and are preparing their defenses.
There's a huge dependency chain you're not considering. Every valve, every sensor, every motor controller has a function and was put there for a reason: to make the systems work.
Want to stuff up an HVAC system? It's as simple as closing the drain valve or shutting off the power to the drain pump. If the drains back up, the drain-blocked sensor trips and the system tells the cooling unit to shut down. You've now temporarily disabled one of the cooling units to a building. Now repeat the attack and disable all the cooling units in the building, which should be easy because they're all on the same network.
While the HVAC systems may have some redundancy, they're not infinitely capable of cooling an entire building with a single functioning unit. Think of them like RAID drives. You can afford to lose one, but as soon as you lose two or more, you've got real problems.
In the case of a building, this leads to a condition called thermal runaway. The HVAC systems aren't just there to keep the office dwellers cool. They're cooling the heat emitted by the hundreds of light fixtures and desktop computers. I can count 240 ceiling light fixtures on my floor alone, each containing two 32 watt bulbs, which is 15kWh of heat energy that has to be removed. In a data center, they're pushing hard to remove the heat generated by dozens of server racks each consuming several kilowatts.
Consider that nobody is sitting in each building monitoring the electrical and heat systems. There's a central group that monitors all our building sites, watching for and responding to alarms, and they troubleshoot and dispatch technicians as needed. That means all these systems are online. And online means they're exposed to attacks.
And our offices are no different than anyone else's. Building managers around the country run their buildings and businesses the same way.
Our modern infrastructure is based on these systems, and just keeping these systems functional takes a lot of effort. Keeping these systems safe from malicious attackers is critically important.
The GP's comment about phone switches failing is based on real world failures of those systems. Something as simple as a ventilator failing to open causes a chain reaction that ends up causing overheat damage to all kinds of systems. And that's just one very, very tiny aspect of the attack surface.
I don't think you have a good appreciation for just how remotely-controlled our nation is. Everything in your infrastructure is dependent upon computers and digital signaling. The electric plants and the power grid? All SCADA controlled. The water in your tap? The chances are high that your city's water pumps are under SCADA control. The sewage treatment plants? SCADA. The traffic signals? SCADA. Your office building's lighting, entry control, elevators, and HVAC systems? SCADA. The trains you rode in to work on? SCADA. Do you work in a factory? The conveyor belts, valves, pumps, heaters, chillers, and all the things that make your factory produce goods are likely SCADA controlled. And this is true for every major city in this country.
And if you're living in a small town where you think nobody has upgraded their infrastructure since the 1950s, you could still be impacted. The gas station? The pumps are probably operated by SCADA systems, and may even be remotely upgradeable by the corporation whose name is on the sign. If not, I can assure you the trucks won't leave the refinery with the gas you want to buy if the refinery's SCADA systems are damaged. In that case your town is probably less than 10,000 gallons away from no fuel at all.
We know messing with SCADA impacts the real world. These systems electronically incorporate many of the limits that keep them working. Do you know what stops a frequency controlled motor rated for 1,760 RPM from spinning up to 20,000 RPM, and burning out its bearings? Settings programmed by software. Do you know what happens when a sewage control plant's lift pumps stop pumping sewage? It overflows into a nearby river. Do you know what happens to the turbine in a nuclear power-plant generator when the temperature, speed, and pressure sensors report "all normal" while the steam valves are opened to full? Iran was not too far from finding out due to the activity of the stuxnet worm, because that was one of the payloads it was programmed to deliver. The estimate was that the shaft and generator would have exploded with the force equivalent to a direct bomb hit on the building.
While you may think it's not going to impact you because your building, or your town, or your factory doesn't have these systems, just wait until the trucks don't show up with your food and fuel.
Your personal ability to surf the web and register for classes is probably not the primary target of a cyberwar opponent. Taking down an ISP or two and preventing home internet services for a week would be a show that might get mentioned on the evening news, but would not really damage our economy. The GP posted some poor examples, and you fell for his trolling.
Real cyberwar would likely be attacks taking place on targets anywhere in our infrastructure. Perhaps the attackers could disrupt the cellular network, which would shut down all kinds of businesses. They could take out some key backbone network providers: look at the problems businesses are having with their internet connectivity now that the Verizon workers are on strike. They could take down the stock exchange servers, preventing trading and causing panic in the marketplace; and if movie plots are to be believed, they could cash in on the timing of the predicted fluctuations, wiping out real banks in the process.
Many years ago when mainframe computers roamed the earth, I read an estimate that an average business could survive relatively well without its computer systems for a day or three, but seven days would cause lasting damage, and an outage of longer than 15 days would cause them to go bankrupt. Well, the network itself is just as critical in today's distributed environment, but our dependencies upon that information have grown exponentially since that estimate was made. You can't put diesel fuel in a truck's fuel tank without a computer authorization to turn on the pumps. FedEx and UPS couldn't ship a single package without their systems. Retail stores couldn't tell you what they sold, what to reorder, or even authorize your debit card to buy your groceries. Passengers and luggage would back up in terminals around the globe if the flight systems went down.
And none of this is talking about attacks on SCADA systems. An attacker could shut down chemical, electrical, or even nuclear facilities. They could damage gas pipelines, or luggage belts in airports, or even cause the stoplights on streets to fall back to default blinking red mode. Just think about throwing all of Chicago or New York into an uncontrollable gridlock. Look at Stuxnet for an example.
Sure, taking out a handful of random routers is going to do nothing. But taking out the specific handful of routers that send traffic to FedEx corporate headquarters or to Comdata's fuel control systems would have a bit more of an impact.
Thanks for the spoiler douche... I haven't seen the show yet, just put it in my Netflix queue a month or so ago, and now at least one episode is already ruined!!
grumble grumble grumble
More spoilers: Lucifer kidnaps Boxey and tries to force Adama to surrender the fleet, but Daggit helps him escape while Starbuck and Apollo fly in to rescue him.
Look, the show was over 30 years ago. If you haven't seen it by now, it's not our problem.
For exapmple, many of the hacked sites (not all though) use themes that include a timthumb.php file that is known to have a security hole that allows attackers to upload.php files to a server.
Emphasis added to make it clear: timthumb is NOT the source of the fail if it's not present on all the infected sites, or at least it's not the ONLY source.
A Singleton is Global State in Sheep’s Clothing. Static methods are also as problematic as globals. It's just that some people don't see the problems with them when they're not labeled "globals".
It's still an interesting concept, and while not of widespread utility, it could be valuable in certain applications.
Perhaps there is some accounting, banking, auction, or currency escrow function, where you want some untrusted party to deposit funds into an account, but not be able to access the balance. Or voting, where you want to see proof that your vote was tallied without revealing who you voted for.
Sure, these are probably the "simplistic demo" cases you were mentioning, but there could be a real class of problems that nobody's yet identified. That's kind of the thing with research like this. Novel things are created, then knock around for a bit until someone figures out that they solve their problem. Or not.
Of course, I also believe candidate's names should be eliminated from the ballot. Just a list of offices, followed by blank lines. Every vote is a write in. If you don't know you're guy well enough to spell his name, the rest of us shouldn't be abuse by your opinion.
Ooo, disenfranchise the stupid! Again, it has a lot of initial appeal, but then you get a lot of people who are just barely bright enough to realize they've been shut out of the process. They turn ugly (well, uglier) and start taking things by force as they realize they have no say at all.
Besides, our election judges are already arguing over the meaning of a too-scribbled-in blob, or a not-scribbled-in-enough blob, or a hanging chad, or the confusion caused by a butterfly ballot. Do you really think they'll be fair in how they count handwriting?
Heh, the highly relevant Slashdot cookie below reads: "Democracy becomes a government of bullies, tempered by editors. -- Ralph Waldo Emerson"
Term limits aren't quite the panacea you're thinking they are. If a politician isn't running for the same office, he's still running for a different one. There's still pandering, nepotism, and corruption, it's just harder to keep track of when the players keep moving.
Politicians are not always the corruptors here, they're often just the corruptees. The system of money and lobbyists corrupts. And yes, a corrupt politician spreads corruption among his colleagues like a disease. Does that mean replacing them all is the cure?
Besides, the whole idea is that a politician should represent his constituency, which means answering to the voters. Without an upcoming election to keep him in check, what's to stop him from voting for cthulu?
In my capacity as a Certified Solution Architect(tm), I often warned that The Cloud was suitable only for dynamic workloads. But did you listen? Oh, no, you just went and let your static workloads build up in the Cloud, increasing TCO and, now, bringing down Disaster on your heads!
Let me see if I understand you. Static buildup in the clouds caused a sudden discharge redistributing the static to a different cloud with its own static buildup, which then failed to discharge its duties after being charged by the other cloud's discharge.
Of course, the question is now around that missing abstraction. Do you trust me? Is that really Slashdot's address? Is it a rick-roll, a goatse, or a virus-laden fake? What most people don't consider is just how much they trust their DNS providers, but they do so with no authentication on that service. Many of the ways in the article are the ways that malware uses to subvert your relationship to your real DNS server.
I get what you're saying, although we seem to invest a lot of energy just to produce one high energy weapon anyway. And for fun, I'm going to pretend like this simple math counts for something.
Let's start with some values scraped off various wiki pages. 1 kWh = 3.6 megajoules. 1 kiloton of TNT == 4.184 terajoules == 4,184,000 megajoules. Therefore a terawatt/hour is roughly comparable to a kiloton of TNT.
I'm basing the following guesses on Iran's enrichment program, which has come to light recently due to Stuxnet. The centrifuges they use spin for months refining the uranium, and the motor controllers they use are rated for delivering more than 10 kWh of electrical power, which I'll round down. They actually have over a thousand centrifuges in their array, but let's simplify that to 1,000 centrifuges == 1,000 motor controllers * 10 kWh/motor == 10,000 kWh. Refining the uranium for three months (a guess) takes 3*24*30 = 2,160 hours * 10,000 kWh, or about 21,600,000 kWh * 3.6 mJ/kWh = 77,760,000 megajoules = 78 tJ to separate an unknown quantity of weapons-grade U238. Let's guess that it's enough to make a 10 kiloton warhead. A 10 kT warhead is equivalent to 4.2 tJ/kT * 10kT, or 42 terajoules.
The simple act of separating that much uranium hexafluoride took roughly the same amount of energy than the warhead will produce. And that doesn't count any of the other energy expended, such as mining the uranium, refining the ore, transportation, construction, etc.
Are there more efficient ways to refine uranium, and are there other/better ways to produce the fissile materials, such as breeder reactors? Sure. Can these be enhanced with more of Mother Nature's finest deuterium to yield megatons instead of kilotons? Again, sure. But I'd say that until you get to hydrogen bombs, the amount of energy poured into the device and getting it there still exceeds the yields. If a government wants to blow someone up, they have proven they will expend tremendous amounts of resources to do so.
I'd love to be able to run those equivalent numbers for conventional munitions. How much energy do we spend producing TNT? I'm guessing it's many thousands of times cheaper than creating nuclear weapons, but obviously has much lower yields.
Bottom line: for a weapons manufacturer, I don't think the amount of energy put in matters nearly as much as the energy density of the warhead.
That's how you get research for peaceful purposes also. The ugly secret of humans is that porn and war drive many new technologies, if not most. Rather than fight it, take advantage of it.
Sure we can manufacture it, but that costs a lot more energy than is contained in the antimatter produced, which kind of defeats the purpose.
That's not really the purpose.
Think about the energy it takes to deliver a couple dozen 1,000 pound bombs to a chunk of desert: you have to make the explosives, build the bomb casings, build a jet to fly the things to whereverstan, pummel a suitable piece of ground into a landing strip, defend it with a bunch of very expensive people (including air conditioning their tents), pour tens of thousands of pounds of Jet-A into the aircraft and send it off to dodge enemy defenses, then finally drop the ordnance. Sure, most of that is reused for each weapon delivered. But the bottom line is you spend trillions of dollars and hundreds of millions of pounds of fuel to deliver a few hundred thousand pounds of explosives. "Cost effective" and "energy efficient" don't seem to be their primary design goals.
What you really want is a weapon that delivers a LOT of energy all at once to the target. Small weapons with big relative yields are preferred, so energy density is key. An atomic bomb that weighs in at less than a thousand pounds has an energy density equivalent to 20,000,000 pounds of TNT. If they didn't have the side effect of toxic radiation, they'd probably be dropping them everywhere instead of conventional munitions.
I should think long-term storage isn't nearly as big a problem as battlefield delivery. You have to send the entire containment package to the target, because if the particles hit either their container or the atmosphere before arriving downrange, the bad things happen to the wrong people. That means the containment package has to withstand the G forces of launch and trajectory. It might work for a guided dropped bomb, but perhaps not a missile warhead and probably not an artillery shell.
If these could serve as fuel, you just know that every alien civilization with space travel capabilities is already harvesting these as they go. This could serve as evidence that the earth has never been visited by extra-terrestrials, or if a significant fraction of the expected particles are missing, it's possible evidence that we were once visited.
What are the chances Uncle Charlie's sniffers are going to pick up his slightly-out-of-band 100mW unlicensed RF emissions at a trade show booth during the three days of the show? In the extremely unlikely event that he got busted, he could probably even convince the investigator that it was ignorance: "It wasn't working so I just clicked every box I could find on my WiFi settings until it worked." "OK, well don't do that again, it's illegal."
And he'd have to know his venue. At DEFCON, of course, he's very likely to encounter federales of every stripe, including the FCC. But at Joe's Semi-Annual Southeastern Minnebraska's Trade Show and Tractor Swap, he probably won't be tweaking anyone's noses.
I set off a false alarm the last time I flew, and got all the patting and stroking. But I couldn't figure out how much to tip for the service.
Actually I was so pissed off I was practically yelling at them. It was after the 3rd leg of an international flight, I'd been going for 24 hours straight, I was stinky and sweaty and the useless idiots at O'Hare delayed me so long I missed the connection for the 4th leg. I want the TSA budget cut in half, and I want this cowardly bullshit to end.
The backscatter scanners have actually lowered my personal safety. First, what was our ratio of hijacked flights to non-hijacked flights after 9/11? Zero. The system worked. By adding backscatter scanners, they decreased zero by how much? That's right, ZERO. Backscatter scanners are by definition 100% ineffective. They wasted $370 million dollars of my tax money on lining some corrupt politicians and manufacturer's pockets, instead of spending that money on real transportation safety features, like erecting stoplights at the 370 most dangerous uncontrolled intersections in America. I'm at much more risk of a car accident than I am of any kind of hijacking or bombing. They need to fix my real problems, not the imaginary ones they use to get votes from fucking cowards...mumble...god-damn politicians...grumble...
And my original reply was that I thought your idea of "i'd rather be poor and free than a wealthy slave" was naive and sloganesque. Now I realize it was simply spoken out of ignorance.
Forgive me for trying to engage you in rational thought. I won't make that mistake again.
Wow, that was a disturbingly hate-filled diatribe, with no point at all. Are you attacking me for pointing out something like "America isn't as free as you idealistically claim it to be"? All I said originally was "there are rules" and you jumped on me as if I was burning the Stars and Stripes at a NASCAR race.
I'm in no way suggesting Belarus and the US are identical in terms of freedoms or restrictions placed on those freedoms. I am saying that you can't claim America is "ideologically free" when there are indeed limits on that freedom.
The limits around ideas such as freedom are better defined by"areas", not "lines". But in conflict with this is the idea that our laws have defined fairness to be based on lines, not areas. Court cases push these boundaries around, claiming one particular activity is permitted while another is not. And different courts can give different results in similar cases, leaving the area looking a bit scarred at the end of the day. But no, our "free" area is still quite wide open in comparison to a dictatorship.
I think the "freedom area" here in the USA is about as good and as big as they get, and is even quite well defined and protected by the Constitution. But there's always someone trying to change its boundaries in order to box out an unpopular opponent, to keep a particular minority opinion away from them. And there are people who are more than willing to abuse it completely for their own petty ends. I want them punished harshly, as they're the biggest threat to our freedoms.
i am not talking free as in the teenage idiotic definition of freedom: freedom from responsibility
i am talking free as in the adult intelligent definition of freedom: an open participant in the formation of your government and the right to speak whatever is on your mind and criticize anything and anyone you want without fear of official repercussions
By that definition Germany is not free, because a particular political party has been officially banned. I'm not suggesting for a minute that that particular group of people should rise to power again, but it's an example of a now enlightened country learning a lesson on "freedom" the hard way, and placing limits on themselves so they don't repeat the horrific mistakes of the past. If you stand in a German town square and say that former leader should be honored and there should be a return to his prior ways, you will be officially arrested and jailed for such speech. They have rules, yet I consider them a free country.
Here in America, we have always held that permitting such speech, even hate speech, is an absolute right. I suppose this allows the extremist elements to blow off steam safely, because they usually appear as stupid to most people as they generally are. But there is a always a significant percentage of any population of people who have proven themselves happy to follow the voices of various extremists. In many examples throughout history, religious leaders have been able to rally many of the faithful to their cause. In the 1920's Germany's extremism began as a secular movement, but it was based on strong biases against various sets of minorities, especially minority religions. The American right wing became as powerful as they have only because a few decades ago they aligned themselves with the group of religions that most citizens follow to some degree; although they occasionally are forced to acknowledge the establishment clause, they have come close to creating their own tyranny of the majority. And they are still trying, with laws attacking the practices of minority people they don't approve of.
Freedom of speech is necessary, of course. Women would not have the vote without it. Homosexuality would have remain outlawed without it (and there are still many official biases against it, including the "defense of marriage" bill.)
Even still, there are blatant examples of the authorities attempting to use their position of authority to twist the laws to silence critics. They couldn't arrest anyone for publicly speaking ill of them, but these people have used a cyberstalking statute to get a judge to order a subpoena to identify their anonymous critic. Therefore, all you have to do now is "offend" the wrong official and they'll find a way to throw you in jail. I can only hope the ACLU can convince the Department of Justice to bring these corrupt officials up on charges of abuse of power, otherwise there will be no end to the number of petty officials suppressing free speech across this country.
So, is any country really a "free" country? I think there's always a line.
Slashdot Mirror
You're argument is about water systems, which are by nature highly distributed. And I agree that an attack on the water in one city would be more like an inconvenience instead of a catastrophe. I know the systems are constructed to be somewhat redundant in case of a disaster. My city operates at least 14 wells and several water towers. We routinely have one or two down for maintenance, and still provide all the water required, but if we lost four or five wells or two tanks we'd barely have enough capacity remaining to fight fires.
But change that from a single attack on one city's water supply to a deliberate attack on a much more centralized system. Consider that there are only about 150 oil refineries in the U.S. Select a few in a geographically isolated area (look for an area cut off by the Rockies, for example), and consider what happens if we lose four or five of those simultaneously. There aren't enough spare tanker trucks to haul that much fuel to the affected areas. Do this in the dead of winter, and you've got a lot of people freezing in their homes. Or attack a few key nodes in the power grid in the middle of summer, and the elderly will perish due to heat. (Look for last week's news story where an old woman down south reported her central air compressor was stolen on one day, and she was found dead in her home the next due to heat stroke.)
While the attacker can perform penetration and reconnaissance on each plant at his leisure, he can schedule and synchronize the execution of the attacks using the same automation that operates the systems. For someone able to penetrate these systems, that part requires less than skript kiddie level talent.
Our current systems and infrastructure were designed and built with the capability to recover from accidents and failures. They were not designed nor built to withstand a deliberate attack created specifically to cause maximum damage simultaneously. And that's just what one shot in a cyberwar would look like. It won't be random destruction, it will be deliberately focused on a specific target. Perhaps take a couple more shots at the electrical grid, get a chemical plant to vent some toxins, and you've got a country that's destroying itself from within.
As you said, you'd probably respond by yanking all your systems offline as soon as the first attacks occur, and that's certainly appropriate. But then how are they going to be operated? Many of these infrastructure systems are remotely run today because they are operating remote equipment. There is no human capacity to have a technician to sit in and monitor every power substation, or every transformer or switch. There simply aren't enough people trained to be on-site technicians to respond to problems.
There's a reason the military formed the USCYBERCOM. They realized that computer security issues represent actual risks to our country. They may be new at this, they may be disorganized, they may not be very effective today, but they have certainly recognized the vulnerabilities and are preparing their defenses.
There's a huge dependency chain you're not considering. Every valve, every sensor, every motor controller has a function and was put there for a reason: to make the systems work.
Want to stuff up an HVAC system? It's as simple as closing the drain valve or shutting off the power to the drain pump. If the drains back up, the drain-blocked sensor trips and the system tells the cooling unit to shut down. You've now temporarily disabled one of the cooling units to a building. Now repeat the attack and disable all the cooling units in the building, which should be easy because they're all on the same network.
While the HVAC systems may have some redundancy, they're not infinitely capable of cooling an entire building with a single functioning unit. Think of them like RAID drives. You can afford to lose one, but as soon as you lose two or more, you've got real problems.
In the case of a building, this leads to a condition called thermal runaway. The HVAC systems aren't just there to keep the office dwellers cool. They're cooling the heat emitted by the hundreds of light fixtures and desktop computers. I can count 240 ceiling light fixtures on my floor alone, each containing two 32 watt bulbs, which is 15kWh of heat energy that has to be removed. In a data center, they're pushing hard to remove the heat generated by dozens of server racks each consuming several kilowatts.
In a data center, a loss of HVAC can result in the self-protective shutdown of the servers in 120 seconds. http://www.activepower.com/fileadmin/documents/white_papers/WP_105_Data_Center_Thermal_Runaway.pdf
Consider that nobody is sitting in each building monitoring the electrical and heat systems. There's a central group that monitors all our building sites, watching for and responding to alarms, and they troubleshoot and dispatch technicians as needed. That means all these systems are online. And online means they're exposed to attacks.
And our offices are no different than anyone else's. Building managers around the country run their buildings and businesses the same way.
Our modern infrastructure is based on these systems, and just keeping these systems functional takes a lot of effort. Keeping these systems safe from malicious attackers is critically important.
The GP's comment about phone switches failing is based on real world failures of those systems. Something as simple as a ventilator failing to open causes a chain reaction that ends up causing overheat damage to all kinds of systems. And that's just one very, very tiny aspect of the attack surface.
I don't think you have a good appreciation for just how remotely-controlled our nation is. Everything in your infrastructure is dependent upon computers and digital signaling. The electric plants and the power grid? All SCADA controlled. The water in your tap? The chances are high that your city's water pumps are under SCADA control. The sewage treatment plants? SCADA. The traffic signals? SCADA. Your office building's lighting, entry control, elevators, and HVAC systems? SCADA. The trains you rode in to work on? SCADA. Do you work in a factory? The conveyor belts, valves, pumps, heaters, chillers, and all the things that make your factory produce goods are likely SCADA controlled. And this is true for every major city in this country.
And if you're living in a small town where you think nobody has upgraded their infrastructure since the 1950s, you could still be impacted. The gas station? The pumps are probably operated by SCADA systems, and may even be remotely upgradeable by the corporation whose name is on the sign. If not, I can assure you the trucks won't leave the refinery with the gas you want to buy if the refinery's SCADA systems are damaged. In that case your town is probably less than 10,000 gallons away from no fuel at all.
We know messing with SCADA impacts the real world. These systems electronically incorporate many of the limits that keep them working. Do you know what stops a frequency controlled motor rated for 1,760 RPM from spinning up to 20,000 RPM, and burning out its bearings? Settings programmed by software. Do you know what happens when a sewage control plant's lift pumps stop pumping sewage? It overflows into a nearby river. Do you know what happens to the turbine in a nuclear power-plant generator when the temperature, speed, and pressure sensors report "all normal" while the steam valves are opened to full? Iran was not too far from finding out due to the activity of the stuxnet worm, because that was one of the payloads it was programmed to deliver. The estimate was that the shaft and generator would have exploded with the force equivalent to a direct bomb hit on the building.
While you may think it's not going to impact you because your building, or your town, or your factory doesn't have these systems, just wait until the trucks don't show up with your food and fuel.
Your personal ability to surf the web and register for classes is probably not the primary target of a cyberwar opponent. Taking down an ISP or two and preventing home internet services for a week would be a show that might get mentioned on the evening news, but would not really damage our economy. The GP posted some poor examples, and you fell for his trolling.
Real cyberwar would likely be attacks taking place on targets anywhere in our infrastructure. Perhaps the attackers could disrupt the cellular network, which would shut down all kinds of businesses. They could take out some key backbone network providers: look at the problems businesses are having with their internet connectivity now that the Verizon workers are on strike. They could take down the stock exchange servers, preventing trading and causing panic in the marketplace; and if movie plots are to be believed, they could cash in on the timing of the predicted fluctuations, wiping out real banks in the process.
Many years ago when mainframe computers roamed the earth, I read an estimate that an average business could survive relatively well without its computer systems for a day or three, but seven days would cause lasting damage, and an outage of longer than 15 days would cause them to go bankrupt. Well, the network itself is just as critical in today's distributed environment, but our dependencies upon that information have grown exponentially since that estimate was made. You can't put diesel fuel in a truck's fuel tank without a computer authorization to turn on the pumps. FedEx and UPS couldn't ship a single package without their systems. Retail stores couldn't tell you what they sold, what to reorder, or even authorize your debit card to buy your groceries. Passengers and luggage would back up in terminals around the globe if the flight systems went down.
And none of this is talking about attacks on SCADA systems. An attacker could shut down chemical, electrical, or even nuclear facilities. They could damage gas pipelines, or luggage belts in airports, or even cause the stoplights on streets to fall back to default blinking red mode. Just think about throwing all of Chicago or New York into an uncontrollable gridlock. Look at Stuxnet for an example.
Sure, taking out a handful of random routers is going to do nothing. But taking out the specific handful of routers that send traffic to FedEx corporate headquarters or to Comdata's fuel control systems would have a bit more of an impact.
Thanks for the spoiler douche... I haven't seen the show yet, just put it in my Netflix queue a month or so ago, and now at least one episode is already ruined!!
grumble grumble grumble
More spoilers: Lucifer kidnaps Boxey and tries to force Adama to surrender the fleet, but Daggit helps him escape while Starbuck and Apollo fly in to rescue him.
Look, the show was over 30 years ago. If you haven't seen it by now, it's not our problem.
With a Cell Phone Cannon, of course.
for sticking with my RAZR! BWAHAHAHAH...
Psht. Last year a guy at DEFCON demoed a fully functional GSM MITM. That meant he is certainly capable of hijacking your puny RAZR's voice calls.
For exapmple, many of the hacked sites (not all though) use themes that include a timthumb.php file that is known to have a security hole that allows attackers to upload .php files to a server.
Emphasis added to make it clear: timthumb is NOT the source of the fail if it's not present on all the infected sites, or at least it's not the ONLY source.
A Singleton is Global State in Sheep’s Clothing. Static methods are also as problematic as globals. It's just that some people don't see the problems with them when they're not labeled "globals".
It's still an interesting concept, and while not of widespread utility, it could be valuable in certain applications.
Perhaps there is some accounting, banking, auction, or currency escrow function, where you want some untrusted party to deposit funds into an account, but not be able to access the balance. Or voting, where you want to see proof that your vote was tallied without revealing who you voted for.
Sure, these are probably the "simplistic demo" cases you were mentioning, but there could be a real class of problems that nobody's yet identified. That's kind of the thing with research like this. Novel things are created, then knock around for a bit until someone figures out that they solve their problem. Or not.
Of course, I also believe candidate's names should be eliminated from the ballot. Just a list of offices, followed by blank lines. Every vote is a write in. If you don't know you're guy well enough to spell his name, the rest of us shouldn't be abuse by your opinion.
Ooo, disenfranchise the stupid! Again, it has a lot of initial appeal, but then you get a lot of people who are just barely bright enough to realize they've been shut out of the process. They turn ugly (well, uglier) and start taking things by force as they realize they have no say at all.
Besides, our election judges are already arguing over the meaning of a too-scribbled-in blob, or a not-scribbled-in-enough blob, or a hanging chad, or the confusion caused by a butterfly ballot. Do you really think they'll be fair in how they count handwriting?
Heh, the highly relevant Slashdot cookie below reads: "Democracy becomes a government of bullies, tempered by editors. -- Ralph Waldo Emerson"
Term limits aren't quite the panacea you're thinking they are. If a politician isn't running for the same office, he's still running for a different one. There's still pandering, nepotism, and corruption, it's just harder to keep track of when the players keep moving.
Politicians are not always the corruptors here, they're often just the corruptees. The system of money and lobbyists corrupts. And yes, a corrupt politician spreads corruption among his colleagues like a disease. Does that mean replacing them all is the cure?
Besides, the whole idea is that a politician should represent his constituency, which means answering to the voters. Without an upcoming election to keep him in check, what's to stop him from voting for cthulu?
In my capacity as a Certified Solution Architect(tm), I often warned that The Cloud was suitable only for dynamic workloads. But did you listen? Oh, no, you just went and let your static workloads build up in the Cloud, increasing TCO and, now, bringing down Disaster on your heads!
Let me see if I understand you. Static buildup in the clouds caused a sudden discharge redistributing the static to a different cloud with its own static buildup, which then failed to discharge its duties after being charged by the other cloud's discharge.
Don't use domain names. The abstraction may be convenient, it may be useful, but it isn't strictly necessary. The IP address works just fine.
http://216.34.181.45/ gets you to Slashdot with no DNS involvement.
Of course, the question is now around that missing abstraction. Do you trust me? Is that really Slashdot's address? Is it a rick-roll, a goatse, or a virus-laden fake? What most people don't consider is just how much they trust their DNS providers, but they do so with no authentication on that service. Many of the ways in the article are the ways that malware uses to subvert your relationship to your real DNS server.
I get what you're saying, although we seem to invest a lot of energy just to produce one high energy weapon anyway. And for fun, I'm going to pretend like this simple math counts for something.
Let's start with some values scraped off various wiki pages.
1 kWh = 3.6 megajoules.
1 kiloton of TNT == 4.184 terajoules == 4,184,000 megajoules.
Therefore a terawatt/hour is roughly comparable to a kiloton of TNT.
I'm basing the following guesses on Iran's enrichment program, which has come to light recently due to Stuxnet. The centrifuges they use spin for months refining the uranium, and the motor controllers they use are rated for delivering more than 10 kWh of electrical power, which I'll round down. They actually have over a thousand centrifuges in their array, but let's simplify that to 1,000 centrifuges == 1,000 motor controllers * 10 kWh/motor == 10,000 kWh. Refining the uranium for three months (a guess) takes 3*24*30 = 2,160 hours * 10,000 kWh, or about 21,600,000 kWh * 3.6 mJ/kWh = 77,760,000 megajoules = 78 tJ to separate an unknown quantity of weapons-grade U238. Let's guess that it's enough to make a 10 kiloton warhead. A 10 kT warhead is equivalent to 4.2 tJ/kT * 10kT, or 42 terajoules.
The simple act of separating that much uranium hexafluoride took roughly the same amount of energy than the warhead will produce. And that doesn't count any of the other energy expended, such as mining the uranium, refining the ore, transportation, construction, etc.
Are there more efficient ways to refine uranium, and are there other/better ways to produce the fissile materials, such as breeder reactors? Sure. Can these be enhanced with more of Mother Nature's finest deuterium to yield megatons instead of kilotons? Again, sure. But I'd say that until you get to hydrogen bombs, the amount of energy poured into the device and getting it there still exceeds the yields. If a government wants to blow someone up, they have proven they will expend tremendous amounts of resources to do so.
I'd love to be able to run those equivalent numbers for conventional munitions. How much energy do we spend producing TNT? I'm guessing it's many thousands of times cheaper than creating nuclear weapons, but obviously has much lower yields.
Bottom line: for a weapons manufacturer, I don't think the amount of energy put in matters nearly as much as the energy density of the warhead.
That's how you get research for peaceful purposes also. The ugly secret of humans is that porn and war drive many new technologies, if not most. Rather than fight it, take advantage of it.
So how do you apply Rule 34 to anti-matter?
Actually, I'm pretty sure I don't want to know.
Sure we can manufacture it, but that costs a lot more energy than is contained in the antimatter produced, which kind of defeats the purpose.
That's not really the purpose.
Think about the energy it takes to deliver a couple dozen 1,000 pound bombs to a chunk of desert: you have to make the explosives, build the bomb casings, build a jet to fly the things to whereverstan, pummel a suitable piece of ground into a landing strip, defend it with a bunch of very expensive people (including air conditioning their tents), pour tens of thousands of pounds of Jet-A into the aircraft and send it off to dodge enemy defenses, then finally drop the ordnance. Sure, most of that is reused for each weapon delivered. But the bottom line is you spend trillions of dollars and hundreds of millions of pounds of fuel to deliver a few hundred thousand pounds of explosives. "Cost effective" and "energy efficient" don't seem to be their primary design goals.
What you really want is a weapon that delivers a LOT of energy all at once to the target. Small weapons with big relative yields are preferred, so energy density is key. An atomic bomb that weighs in at less than a thousand pounds has an energy density equivalent to 20,000,000 pounds of TNT. If they didn't have the side effect of toxic radiation, they'd probably be dropping them everywhere instead of conventional munitions.
I should think long-term storage isn't nearly as big a problem as battlefield delivery. You have to send the entire containment package to the target, because if the particles hit either their container or the atmosphere before arriving downrange, the bad things happen to the wrong people. That means the containment package has to withstand the G forces of launch and trajectory. It might work for a guided dropped bomb, but perhaps not a missile warhead and probably not an artillery shell.
If these could serve as fuel, you just know that every alien civilization with space travel capabilities is already harvesting these as they go. This could serve as evidence that the earth has never been visited by extra-terrestrials, or if a significant fraction of the expected particles are missing, it's possible evidence that we were once visited.
If you hear that I get arrested for trying this next time, please know I bear you no ill will. The laughs will have been worth it.
What are the chances Uncle Charlie's sniffers are going to pick up his slightly-out-of-band 100mW unlicensed RF emissions at a trade show booth during the three days of the show? In the extremely unlikely event that he got busted, he could probably even convince the investigator that it was ignorance: "It wasn't working so I just clicked every box I could find on my WiFi settings until it worked." "OK, well don't do that again, it's illegal."
And he'd have to know his venue. At DEFCON, of course, he's very likely to encounter federales of every stripe, including the FCC. But at Joe's Semi-Annual Southeastern Minnebraska's Trade Show and Tractor Swap, he probably won't be tweaking anyone's noses.
I set off a false alarm the last time I flew, and got all the patting and stroking. But I couldn't figure out how much to tip for the service.
Actually I was so pissed off I was practically yelling at them. It was after the 3rd leg of an international flight, I'd been going for 24 hours straight, I was stinky and sweaty and the useless idiots at O'Hare delayed me so long I missed the connection for the 4th leg. I want the TSA budget cut in half, and I want this cowardly bullshit to end.
The backscatter scanners have actually lowered my personal safety. First, what was our ratio of hijacked flights to non-hijacked flights after 9/11? Zero. The system worked. By adding backscatter scanners, they decreased zero by how much? That's right, ZERO. Backscatter scanners are by definition 100% ineffective. They wasted $370 million dollars of my tax money on lining some corrupt politicians and manufacturer's pockets, instead of spending that money on real transportation safety features, like erecting stoplights at the 370 most dangerous uncontrolled intersections in America. I'm at much more risk of a car accident than I am of any kind of hijacking or bombing. They need to fix my real problems, not the imaginary ones they use to get votes from fucking cowards...mumble...god-damn politicians...grumble...
Not a happy ending. No tips were given.
And my original reply was that I thought your idea of "i'd rather be poor and free than a wealthy slave" was naive and sloganesque. Now I realize it was simply spoken out of ignorance.
Forgive me for trying to engage you in rational thought. I won't make that mistake again.
Wow, that was a disturbingly hate-filled diatribe, with no point at all. Are you attacking me for pointing out something like "America isn't as free as you idealistically claim it to be"? All I said originally was "there are rules" and you jumped on me as if I was burning the Stars and Stripes at a NASCAR race.
I'm in no way suggesting Belarus and the US are identical in terms of freedoms or restrictions placed on those freedoms. I am saying that you can't claim America is "ideologically free" when there are indeed limits on that freedom.
The limits around ideas such as freedom are better defined by"areas", not "lines". But in conflict with this is the idea that our laws have defined fairness to be based on lines, not areas. Court cases push these boundaries around, claiming one particular activity is permitted while another is not. And different courts can give different results in similar cases, leaving the area looking a bit scarred at the end of the day. But no, our "free" area is still quite wide open in comparison to a dictatorship.
I think the "freedom area" here in the USA is about as good and as big as they get, and is even quite well defined and protected by the Constitution. But there's always someone trying to change its boundaries in order to box out an unpopular opponent, to keep a particular minority opinion away from them. And there are people who are more than willing to abuse it completely for their own petty ends. I want them punished harshly, as they're the biggest threat to our freedoms.
i am not talking free as in the teenage idiotic definition of freedom: freedom from responsibility
i am talking free as in the adult intelligent definition of freedom: an open participant in the formation of your government and the right to speak whatever is on your mind and criticize anything and anyone you want without fear of official repercussions
By that definition Germany is not free, because a particular political party has been officially banned. I'm not suggesting for a minute that that particular group of people should rise to power again, but it's an example of a now enlightened country learning a lesson on "freedom" the hard way, and placing limits on themselves so they don't repeat the horrific mistakes of the past. If you stand in a German town square and say that former leader should be honored and there should be a return to his prior ways, you will be officially arrested and jailed for such speech. They have rules, yet I consider them a free country.
Here in America, we have always held that permitting such speech, even hate speech, is an absolute right. I suppose this allows the extremist elements to blow off steam safely, because they usually appear as stupid to most people as they generally are. But there is a always a significant percentage of any population of people who have proven themselves happy to follow the voices of various extremists. In many examples throughout history, religious leaders have been able to rally many of the faithful to their cause. In the 1920's Germany's extremism began as a secular movement, but it was based on strong biases against various sets of minorities, especially minority religions. The American right wing became as powerful as they have only because a few decades ago they aligned themselves with the group of religions that most citizens follow to some degree; although they occasionally are forced to acknowledge the establishment clause, they have come close to creating their own tyranny of the majority. And they are still trying, with laws attacking the practices of minority people they don't approve of.
Freedom of speech is necessary, of course. Women would not have the vote without it. Homosexuality would have remain outlawed without it (and there are still many official biases against it, including the "defense of marriage" bill.)
Even still, there are blatant examples of the authorities attempting to use their position of authority to twist the laws to silence critics. They couldn't arrest anyone for publicly speaking ill of them, but these people have used a cyberstalking statute to get a judge to order a subpoena to identify their anonymous critic. Therefore, all you have to do now is "offend" the wrong official and they'll find a way to throw you in jail. I can only hope the ACLU can convince the Department of Justice to bring these corrupt officials up on charges of abuse of power, otherwise there will be no end to the number of petty officials suppressing free speech across this country.
So, is any country really a "free" country? I think there's always a line.