if you overwrite your Linux kernel with a botched version, your system's hosed
Actually, that depends on the distribution. For example, when I "yum update" the kernels on my Fedora Core 2/3 machines, the grub configuration does NOT mark the new kernel as the default. When the machine is rebooted, if the new kernel doesn't work, just reboot again and the old kernel is used, automatically. In the case of these 60,000 PCs, when they malfunctioned the employees could have just rebooted (which they probably tried anyway), and they would be back in service. It never would have made the news.
Once you are satisfied that the new kernel functions as it should, you can just update the default kernel in the grub configuration. And, to answer your next question, this can be done via the GUI by using the "Applications->System Settings->Bootloader" menu entry. Of course, it can be scripted and done remotely as well (it's how I upgrade my machines).
That's one of the reasons there are many different Linux distributions; different people/organizations consider different things important or critical. Pick the distribution that does what you want.
Vendors that are OEMing components have a choice of components, just as consumers have a choice of vendor. If there is sufficient backlash against a component choice that limits consumers' ability to use the products they purchase, vendors will begin to select more "open" component manufacturers.
No matter what your choice of OS, this is a good thing. It prevents the premature obsolescence caused by vendors dropping support after a few months - I've seen this happen in Windows XP and MacOS. While this situation may prevent a Linux user from purchasing and using a given product, it also makes other OS users subject to abandonment.
Consumer protection groups are apparently powerless to protect consumers from this type of fraud, at least for now. The best thing we as technically informed individuals can do it make sure that the word gets out on products in this category.
If the products are not attractive to consumers because of their limited support life or OS choice restrictions, then vendors will put pressure on the supply channel to change the status quo.
I use Firefox on my PC, which create a "bookmarks.html" file in the "~/.mozilla/firefox/utwnmzil.default/" directory. I have a cron job that periodically scp's this to a web server. My bookmarks are then available to me (or anyone I tell) anywhere, and I can secure them any way I choose.
Setting up an account with an outside service for this purpose seems unnecessary.
(adjust/dev/sda to the actual device on your system). Why won't Apple release the firmware files so we can upgrade our iPods like everyone else? Instead, it's necessary to hack the firmware files out of the Windows updater, a really annoying process.
The greatest possibility I see for this is mischief...
Since the devices are writable, why not just create a small device that writes some small amount of gibberish (pwn3d!) to the RFID tag. Since the tag is cryptographically signed, this will invalidate the tag.
The next time the passport is shown to a duly authorized agent, the invalid passport will cause the unfortunate innocent passport holder to be delayed, interogated, and probably strip searched and given an anal probe.
From the perspective of those that don't like Americans, there's probably nothing better than getting Americans harrassed by their own government (and tying up security resources in the bargain).
Eventually, the government will need to make accomodatations for passports that have been hacked this way. An invalid signature with the scratchpad containing 'pwn3d!' will be recognized as valid but maliciously damaged. It's either that or dedicate continuously increasing resources to harrassing American citizens.
So now the bad guys just copy an RFID, update the picture, put 'pwn3d!' in the scratchpad area and they are cleared. Simple.
The EPA numbers are the source for the calculations in the report linked to earlier. From that link:
"For a large number of coal samples, according to Environmental Protection Agency figures released in 1984, average values of uranium and thorium content have been determined to be 1.3 ppm and 3.2 ppm, respectively. Using these values along with reported consumption and projected consumption of coal by utilities provides a means of calculating the amounts of potentially recoverable breedable and fissionable elements."
From there, it's simple multiplication to derive the total emmision, for the elements in question.
"Burning fossil fuels may emit trace amounts of "radioactive" elements, but this is NOT a concern versus the issues with NO2, Sulfur Dioxide, Mercury, etc."
145,230 tons of Uranium (containing 1031 tons of uranium-235) and 357,491 tons of Thorium released into the air and water is not exactly trace.
Yes, there are also heavy metal poisons released from fossil fuel plants, and they are a concern too.
Actually, the parent was right. Burning fossil fuels like coal releases large amounts of radioactive waste into the air and water. In fact, coal burning plants release many times more radiation than all the nuclear reactors in the world (yes, even including the "accidents"). See this report from the Oak Ridge National Laboratory for details.
Time-lapse DCS-1000W is a Linux bash script which allows the D-Link DCS-1000W 802.11b wireless camera to operate as a time-lapse security camera. It captures images at 5 second intervals, date and time stamps them, and converts them to a time-lapse MPEG1 movie.
In reality, it simply gets an image from any web-enabled camera, does robust error correction for 24x7x365 operation, and creates a daily movie of the resulting images.
It's open source, and they can easily modify it any way they need to (or ask me to incorporate the changes they need).
I use Linux (currently Fedora Core 2, Yellowdog 3.01) on all my PCs, both Mac and X86/X86_64. I had used OSX for a while, but I didn't like the user interface, just as I didn't like the WinXP user interface. In addition, OSX tried to hide too much from the user; while that made it easy to do simple things, complex things were much more difficult (for example, running a bash script from an icon, without opening a terminal window). Yes there were ways around it, but they increased the complexity for no particular reason. I also like X, and use it extensively to run applications remotely. Having to go though the additional setup and unique administration for X on WinXP and Mac OSX also increased the complexity for me.
For example, the hard drive in my laptop died, and it will take a couple of weeks to get a warranty replacement. I just booted a Knoppix CD, and mounted an old 16MB flash with a saved configuration and persistent home directory. My day-to-day use of the system is completely unchanged. This is something I can't do with OSX or WinXP, but it's important to me.
Obviously, other folks will have differing experiences and preferences, and that's OK. Linux works best for me, and that's why I use it.
My wife just got a new iPod for her birthday. I noticed that when resetting, the screen sometimes turns blue and shows yellow stripes for a few seconds, even though the user interface is monochrome. I wondered why Apple would put a color screen on a monochrome device, perhaps now we know.
...I never put the Palm in the cradle any more, so it never get's a chance to recharge
Get a Power To Go and you can recharge while mobile. I frequently use it to keep my PDA fully charged, so that I can leave without worring that I have enough of a charge.
It's also great when traveling; you can watch a few full length movies or listen to MP3s all day on your PDA, without a cord.
CA has changed quite a bit as a company. One of our core values that we each have to learn is that our customers come first.
I've no doubt that CA has changed, otherwise they wouldn't still be in business. The problem is that too many people remember bad experiences (as you can see by reading through this thread). Companies rarely realize that a few bad decisions can taint them for decades.
That's what prompted my original post. If CA can become "good" after being "bad", they can become "bad" again at anytime. Open sourcing (with an OSI license) products is a way to insure that CA can't go back on their word (the software set free can't be retracted). It's a stong PR move, and if continued (e.g., followed up with additional products, and funding for open source projects) could change the minds of even old-timers like me.
But is that what CA is trying to do? Or are they just thinking that they'll dump some source that doesn't make them any money, as a way to jump on the Linux bandwagon? Their motivation and plans are as important as their actions.
My friends and I have been going to the movies for quite a while. By unanimous vote, Miss Firecracker holds the title of worst movie, followed closely by Cyborg.
After all these years, the memory is still burned into our brains. Make it stop!
Even with BT encryption, BT is considered weak. Remember that BT devices are low-power, which means that they likely don't have the computational resources for strong encryption.
Since a BT keyboard tends to remain in the same general location, and a malicious listener can be a considerable distance away undetected, spending even a few days to crack the encryption is entirely reasonable. Wardriving tools for BT exist in the wild.
It's not as easy (or even possible in most cases) to add additional layers of strong encryption to BT as it is for WiFi. So while WiFi can also be cracked, cracking a transported VPN isn't currently feasible. BT has no such option, and once cracked anything typed (userid, password, bank account numbers, PINs, private correspondence, etc.) are easily read, in real-time.
NFC is very short range wireless (a few centimeters, so it's effectively a touch). More info here, and here.
You can consider it an evolution in the user interface of existing wireless systems, like BT or WiFi.
No, it's not crap. What you're proposing is a combination of NFC (Near Field Communications) and BT, where the NFC is used for key exchange. Very large keys are not needed for sufficiently strong security.
My garage door opener has a conceptually similar technology... Instead of setting little DIP switches for the key, you "train" (synchronize) the opener to recognize each remote. It's a very intuitive user interface.
With a good sized dish, you can probably monitor anyone in your neighborhood typing on a BT keyboard. Encryption doesn't do any good, if the clear text data is compromised.
Eye exercises can be beneficial, for mild correction. I use stereograms and eye muscle relaxation as an exercise to help me maintain flexibility. I also periodically stop work and look at something distant to relax my eyes.
Here's some unscientific anecdotal evidence...
I have two brothers. The three of us have had the same vision prescription all our lives (we used different eye doctors, and yet we had the same astigmatism and correction factor for each eye). We could swap eyeglasses accidentally and never notice.
About 10 years ago (I'm now 48), I started using the sterograms and regular rest breaks. My vision started to improve, theirs continued to get worse. They wear their glasses all the time now. I rarely do (sometimes at night, when my eyes are tired).
My astigmatism is gone -- my eye doctor said he never had a patient have an astigmatism correct itself.
Was it the exercises and breaks? I don't know. I do know that it's hard to convince people to do this. Friends and family have asked about the technique, and when I explain it, they concentrate (instead of relaxing) for a few minutes or go through a stereogram book and tell me it doesn't work. When I started, I used a digital clock (which was too out of focus to read the time) across our darkened bedroom as a benchmark. It took six months before I could read the time. Now I can make out the individual segments of the display.
It's certainly not a quick fix, but it is easy. Relax (don't concentrate or try to focus). Blink your eyes a few times (like you're trying to clear some fogging on your eye). Practice looking at stereograms, switching focus from the 3D image to the text (back and forth). When working on a monitor or watching TV or reading a book, get into the habit of glancing away to a distant object (like looking in a side view mirror while driving) every few minutes. Find a benchmark (like my digital clock), and check the quality of your vision every month or so. That's it.
Much of your vision quality is actually in your brain (it's the part that removes blood vessels overlaying your retina and backfills the image in realtime). Another significant part is the mechanics in the eye that flex to adjust focus. The exercises I've been doing appear to address both. YMMV, but it works for me.
Yes, and no. AT&T used to be called a "natural monopoly", because only one company could own the set of phone wires that you were using. Even now that's true, it's just a mini-monopoly.
The owning company (the regional Bell operating company, RBOC) is required to lease access to the wires, but regulation in the area has been poor. As a result, the RBOC can charge other companies (like AT&T) such a high rate that offering competing service isn't cost effective.
The end result is that we still have monopolies controlling the phone lines, we just don't have any "central intelligence" overseeing the service.
The only way out now is VoIP, but you and I know that VoIP doesn't require a "phone company". As long as you have even dial-up Internet access, you can already call any (similarly knowledgeable) individual in the world, free. That make the long-term prospects for any business or residential voice telephone company bleak.
Cellular service still has life, because of the additional value -- no wired connection. Wired Internet still has value, because of the high bandwidth. When AT&T sold off cellular and cable, it cut off its legs and stabbed itself in the heart.
After working there 21 years, it was easy to see that the company had become just a shadow of its former self. There's not much left other than the name. People still associate the name with the 1.1 million employee behemoth that it used to be. Back in the day, doing things right was the way things got done. Now, at less than 60k employees, saying its done is job one, and making it work (or not) is an afterthought. It's really sad.
I already watch movies on my Palm Tungsten C (with mmplayer that I rip from DVDs I've purchased (Dark City and the Southpark movie are loaded as we speak).
I think anyone that tried to convince a jury that I shouldn't be allowed to watch a movie I bought on a device I bought would be laughed out of court.
I see this current activity as damage control, public relations, and possibly a backdoor into monitoring/ratings. After all, if they can show that x people watched the movie on their portable player, and were forced to view the commercial attached to it, they can get revenue from that commercial.
Not that I follow any particular religion, or claim to be even passably knowledgeable on any, but let's not forget the great crime of Satan: providing man with knowledge (at the cost of leaving the blissful ignorance of the garden of Eden).
I don't even remember him being responsible for any deaths in the bible (though the "other guy" sure racked them up).
Slashdot Mirror
Actually, that depends on the distribution. For example, when I "yum update" the kernels on my Fedora Core 2/3 machines, the grub configuration does NOT mark the new kernel as the default. When the machine is rebooted, if the new kernel doesn't work, just reboot again and the old kernel is used, automatically. In the case of these 60,000 PCs, when they malfunctioned the employees could have just rebooted (which they probably tried anyway), and they would be back in service. It never would have made the news.
Once you are satisfied that the new kernel functions as it should, you can just update the default kernel in the grub configuration. And, to answer your next question, this can be done via the GUI by using the "Applications->System Settings->Bootloader" menu entry. Of course, it can be scripted and done remotely as well (it's how I upgrade my machines).
That's one of the reasons there are many different Linux distributions; different people/organizations consider different things important or critical. Pick the distribution that does what you want.
Vendors that are OEMing components have a choice of components, just as consumers have a choice of vendor. If there is sufficient backlash against a component choice that limits consumers' ability to use the products they purchase, vendors will begin to select more "open" component manufacturers.
No matter what your choice of OS, this is a good thing. It prevents the premature obsolescence caused by vendors dropping support after a few months - I've seen this happen in Windows XP and MacOS. While this situation may prevent a Linux user from purchasing and using a given product, it also makes other OS users subject to abandonment.
Consumer protection groups are apparently powerless to protect consumers from this type of fraud, at least for now. The best thing we as technically informed individuals can do it make sure that the word gets out on products in this category.
If the products are not attractive to consumers because of their limited support life or OS choice restrictions, then vendors will put pressure on the supply channel to change the status quo.
I use Firefox on my PC, which create a "bookmarks.html" file in the "~/.mozilla/firefox/utwnmzil.default/" directory. I have a cron job that periodically scp's this to a web server. My bookmarks are then available to me (or anyone I tell) anywhere, and I can secure them any way I choose.
Setting up an account with an outside service for this purpose seems unnecessary.
Backup firmware: dd if=/dev/sda1 of=ipod-backup-firmware
Install new firmware: dd if=ipod-new-firmware of=/dev/sda1
(adjust /dev/sda to the actual device on your system). Why won't Apple release the firmware files so we can upgrade our iPods like everyone else? Instead, it's necessary to hack the firmware files out of the Windows updater, a really annoying process.
The greatest possibility I see for this is mischief...
Since the devices are writable, why not just create a small device that writes some small amount of gibberish (pwn3d!) to the RFID tag. Since the tag is cryptographically signed, this will invalidate the tag.
The next time the passport is shown to a duly authorized agent, the invalid passport will cause the unfortunate innocent passport holder to be delayed, interogated, and probably strip searched and given an anal probe.
From the perspective of those that don't like Americans, there's probably nothing better than getting Americans harrassed by their own government (and tying up security resources in the bargain).
Eventually, the government will need to make accomodatations for passports that have been hacked this way. An invalid signature with the scratchpad containing 'pwn3d!' will be recognized as valid but maliciously damaged. It's either that or dedicate continuously increasing resources to harrassing American citizens.
So now the bad guys just copy an RFID, update the picture, put 'pwn3d!' in the scratchpad area and they are cleared. Simple.
So... this provides increased security how?
The EPA numbers are the source for the calculations in the report linked to earlier. From that link:
"For a large number of coal samples, according to Environmental Protection Agency figures released in 1984, average values of uranium and thorium content have been determined to be 1.3 ppm and 3.2 ppm, respectively. Using these values along with reported consumption and projected consumption of coal by utilities provides a means of calculating the amounts of potentially recoverable breedable and fissionable elements."
From there, it's simple multiplication to derive the total emmision, for the elements in question.
145,230 tons of Uranium (containing 1031 tons of uranium-235) and 357,491 tons of Thorium released into the air and water is not exactly trace.
Yes, there are also heavy metal poisons released from fossil fuel plants, and they are a concern too.
Actually, the parent was right. Burning fossil fuels like coal releases large amounts of radioactive waste into the air and water. In fact, coal burning plants release many times more radiation than all the nuclear reactors in the world (yes, even including the "accidents"). See this report from the Oak Ridge National Laboratory for details.
In reality, it simply gets an image from any web-enabled camera, does robust error correction for 24x7x365 operation, and creates a daily movie of the resulting images.
It's open source, and they can easily modify it any way they need to (or ask me to incorporate the changes they need).
Finally! A scientific explanation for all those voices in my head.
I use Linux (currently Fedora Core 2, Yellowdog 3.01) on all my PCs, both Mac and X86/X86_64. I had used OSX for a while, but I didn't like the user interface, just as I didn't like the WinXP user interface. In addition, OSX tried to hide too much from the user; while that made it easy to do simple things, complex things were much more difficult (for example, running a bash script from an icon, without opening a terminal window). Yes there were ways around it, but they increased the complexity for no particular reason. I also like X, and use it extensively to run applications remotely. Having to go though the additional setup and unique administration for X on WinXP and Mac OSX also increased the complexity for me.
For example, the hard drive in my laptop died, and it will take a couple of weeks to get a warranty replacement. I just booted a Knoppix CD, and mounted an old 16MB flash with a saved configuration and persistent home directory. My day-to-day use of the system is completely unchanged. This is something I can't do with OSX or WinXP, but it's important to me.
Obviously, other folks will have differing experiences and preferences, and that's OK. Linux works best for me, and that's why I use it.
My wife just got a new iPod for her birthday. I noticed that when resetting, the screen sometimes turns blue and shows yellow stripes for a few seconds, even though the user interface is monochrome. I wondered why Apple would put a color screen on a monochrome device, perhaps now we know.
Get a Power To Go and you can recharge while mobile. I frequently use it to keep my PDA fully charged, so that I can leave without worring that I have enough of a charge.
It's also great when traveling; you can watch a few full length movies or listen to MP3s all day on your PDA, without a cord.
I've no doubt that CA has changed, otherwise they wouldn't still be in business. The problem is that too many people remember bad experiences (as you can see by reading through this thread). Companies rarely realize that a few bad decisions can taint them for decades.
That's what prompted my original post. If CA can become "good" after being "bad", they can become "bad" again at anytime. Open sourcing (with an OSI license) products is a way to insure that CA can't go back on their word (the software set free can't be retracted). It's a stong PR move, and if continued (e.g., followed up with additional products, and funding for open source projects) could change the minds of even old-timers like me.
But is that what CA is trying to do? Or are they just thinking that they'll dump some source that doesn't make them any money, as a way to jump on the Linux bandwagon? Their motivation and plans are as important as their actions.
CA has burned a lot of bridges in the past with customers. Is this an attempt to change CA's image, and/or repair some of that historical damage?
After all these years, the memory is still burned into our brains. Make it stop!
Since a BT keyboard tends to remain in the same general location, and a malicious listener can be a considerable distance away undetected, spending even a few days to crack the encryption is entirely reasonable. Wardriving tools for BT exist in the wild.
It's not as easy (or even possible in most cases) to add additional layers of strong encryption to BT as it is for WiFi. So while WiFi can also be cracked, cracking a transported VPN isn't currently feasible. BT has no such option, and once cracked anything typed (userid, password, bank account numbers, PINs, private correspondence, etc.) are easily read, in real-time.
NFC is very short range wireless (a few centimeters, so it's effectively a touch). More info here, and here. You can consider it an evolution in the user interface of existing wireless systems, like BT or WiFi.
No, it's not crap. What you're proposing is a combination of NFC (Near Field Communications) and BT, where the NFC is used for key exchange. Very large keys are not needed for sufficiently strong security.
My garage door opener has a conceptually similar technology... Instead of setting little DIP switches for the key, you "train" (synchronize) the opener to recognize each remote. It's a very intuitive user interface.
With a good sized dish, you can probably monitor anyone in your neighborhood typing on a BT keyboard. Encryption doesn't do any good, if the clear text data is compromised.
Eye exercises can be beneficial, for mild correction. I use stereograms and eye muscle relaxation as an exercise to help me maintain flexibility. I also periodically stop work and look at something distant to relax my eyes.
Here's some unscientific anecdotal evidence...
I have two brothers. The three of us have had the same vision prescription all our lives (we used different eye doctors, and yet we had the same astigmatism and correction factor for each eye). We could swap eyeglasses accidentally and never notice.
About 10 years ago (I'm now 48), I started using the sterograms and regular rest breaks. My vision started to improve, theirs continued to get worse. They wear their glasses all the time now. I rarely do (sometimes at night, when my eyes are tired).
My astigmatism is gone -- my eye doctor said he never had a patient have an astigmatism correct itself.
Was it the exercises and breaks? I don't know. I do know that it's hard to convince people to do this. Friends and family have asked about the technique, and when I explain it, they concentrate (instead of relaxing) for a few minutes or go through a stereogram book and tell me it doesn't work. When I started, I used a digital clock (which was too out of focus to read the time) across our darkened bedroom as a benchmark. It took six months before I could read the time. Now I can make out the individual segments of the display.
It's certainly not a quick fix, but it is easy. Relax (don't concentrate or try to focus). Blink your eyes a few times (like you're trying to clear some fogging on your eye). Practice looking at stereograms, switching focus from the 3D image to the text (back and forth). When working on a monitor or watching TV or reading a book, get into the habit of glancing away to a distant object (like looking in a side view mirror while driving) every few minutes. Find a benchmark (like my digital clock), and check the quality of your vision every month or so. That's it.
Much of your vision quality is actually in your brain (it's the part that removes blood vessels overlaying your retina and backfills the image in realtime). Another significant part is the mechanics in the eye that flex to adjust focus. The exercises I've been doing appear to address both. YMMV, but it works for me.
"Monopolies suck."
Yes, and no. AT&T used to be called a "natural monopoly", because only one company could own the set of phone wires that you were using. Even now that's true, it's just a mini-monopoly.
The owning company (the regional Bell operating company, RBOC) is required to lease access to the wires, but regulation in the area has been poor. As a result, the RBOC can charge other companies (like AT&T) such a high rate that offering competing service isn't cost effective.
The end result is that we still have monopolies controlling the phone lines, we just don't have any "central intelligence" overseeing the service.
The only way out now is VoIP, but you and I know that VoIP doesn't require a "phone company". As long as you have even dial-up Internet access, you can already call any (similarly knowledgeable) individual in the world, free. That make the long-term prospects for any business or residential voice telephone company bleak.
Cellular service still has life, because of the additional value -- no wired connection. Wired Internet still has value, because of the high bandwidth. When AT&T sold off cellular and cable, it cut off its legs and stabbed itself in the heart.
After working there 21 years, it was easy to see that the company had become just a shadow of its former self. There's not much left other than the name. People still associate the name with the 1.1 million employee behemoth that it used to be. Back in the day, doing things right was the way things got done. Now, at less than 60k employees, saying its done is job one, and making it work (or not) is an afterthought. It's really sad.
I think anyone that tried to convince a jury that I shouldn't be allowed to watch a movie I bought on a device I bought would be laughed out of court.
I see this current activity as damage control, public relations, and possibly a backdoor into monitoring/ratings. After all, if they can show that x people watched the movie on their portable player, and were forced to view the commercial attached to it, they can get revenue from that commercial.
Not that I follow any particular religion, or claim to be even passably knowledgeable on any, but let's not forget the great crime of Satan: providing man with knowledge (at the cost of leaving the blissful ignorance of the garden of Eden).
:-)
I don't even remember him being responsible for any deaths in the bible (though the "other guy" sure racked them up).
Doesn't sound like such a bad sort after all.