Slashdot Mirror


User: jd

jd's activity in the archive.

Stories
0
Comments
13,841
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,841

  1. Re:Then use IPv6. on Hackers Broke Into FAA Air Traffic Control Systems · · Score: 1

    Well, yes, arguably you are correct on all points.

    Ok, for the absolutely rigorous, there ARE pared-down versions of Linux which are considered "carrier-grade" and even one or two that are "FCC-approved" for limited applications. It's also hard to get a general-purpose OS to respect Hard Real-Time, the best you can really get is Soft Real-Time.

    But aside from a couple of minor exceptions and a quibble over the real-time, yes, mission-critical systems should NOT be on the Internet. They should not even have USB slots or any other form of support for removable drives if they're running an insecure OS.

    And, yes, I'd agree entirely that rolling your own under such circumstances is the wisest option.

    However, the FCC wants open protocols and appears to want open networks. If we've got this as an a-priori constraint (and it's a typical PHB-sort of a-priori constraint), then the next step is to establish how to get it secure enough that even the morons running/ruining the FAA would be challenged to screw things up further.

  2. Re:Then use IPv6. on Hackers Broke Into FAA Air Traffic Control Systems · · Score: 1

    That's very true. As things stand, though, that could potentially happen through computer misuse and (to judge from TFA) the level of security breeches already makes this a practical possibility.

    It's a question of choosing the least-worst option, since all options are going to have problems. The solution they are actually migrating to (a totally insecure option) is the worst possible world, so all others will be at least equal and probably better.

    Now, there are many approaches to Active IDS, some more likely to meet your requirements than others. Let's say, for example, that all authorized connections must use strong authentication and must use IPSEC (or S/WAN, or some other authenticated encrypted communication system of your choosing). The IDS can then look for any other type of connection and slam the door on it.

    eg: It's unlikely that a legit connecting server is going to do a portscan or use source-based routing. Those would be obvious ones for an Active IDS to look for. If you require SASL2 for authentication, then any stream that doesn't start with a layer 7 connection showing a suitable authentication request is much more likely rogue than innocent.

    Equally, if you mandate that all FCC computers must be Unix/Linux, then any passive OS fingerprint showing that an incoming connection is from a Windows box is also going to be a hostile. (The same is true in reverse. If you mandate Windows, and passive fingerprinting shows the remote connection is from OS/X, you know immediately that it's not from one of the Good Guys.)

    So, I think Active IDS can get zero false positives (although it may get non-zero false negatives under some circumstances), if the specification for how things are done is good enough and actually followed.

  3. Re:No, use IBM's SNA . . . on Hackers Broke Into FAA Air Traffic Control Systems · · Score: 1

    JCL? You want the FAA to be prosecuted for crimes against humanity? You're sick! That's even more perverted than networking using X.25 PADs!

  4. Re:Fans are disconnected on Reviews: Star Trek · · Score: 1

    I am not a true fanatic. Honest. EXTERMINATE!!! . Ok, ok, I tend to look at DW as being a fundamentally good show with a lot of very bad writers but some true gems that really showed how the series could work. Which is really not that different from how you see it, in that we both agree on the scriptwriting.

    Yes, Dr Who has been retconned a lot. Part of the blame for that is poor scriptwriting, part of the blame is the lack of a comprehensive show bible, and part of the blame is JNT and his Evil Twin RTD. (In this case, JNT is the Other Evil Twin, not the Good Twin. There is no Good Twin.)

    I actually quite liked many of the Hartnell stories. The "good guys" often had a touch of evil, the "bad guys" often had a touch of good, there was little in the way of Deus Ex Machina and the historic stories had quite a bit more credibility than, say, the historic stories of the past few seasons.

    There were some truly, truly horrible episodes, sure. I hear they considered using "The Gunfighters" at Gitmo, but ruled it out as too cruel.

    I actually prefer the Daleks from "Dalek Invasion of Earth" and "Power of the Daleks" to the ones from Genesis onwards - much more evil, much more manipulative, but also much more practical. They were concerned with accomplishing the task at hand, conquering the universe was a mere inevitability of their superiority (complex). The later Daleks are far too easily distracted and therefore far less menacing. It's hard to be menaced by something that gets distrac....ooooh, shiny!

    The same could be said of the Cybermen. Ok, Tenth Planet was pretty bad, but the idea of actually exploring not just when an idea turns sour but the technological and psychological consequences of sliding to the extreme end of the curve... (an idea that Cyberman-creator Dr. Kit Peddler later explored in more depth in Doomwatch) ...that makes for some damn good story ideas.

    Well, at least better story ideas than a girl who turns people into crayon drawings, or kids who can invent FTL technology by eating school dinners. Those sorts of fluff-stories don't have the same impact on the audience as a story that leaves you feeling "something like this could happen, and might well HAVE happened".

    (Nobody ever got chills down their spines over having had an extra portion of chips - unless at McDonalds, and that's for entirely different reasons. On the other hand, I could see people watching a Doomwatch episode that mirrored that day's newspaper headlines and wondering if investing in a nuclear bunker might not be such a bad idea.)

    Now, I certainly acknowledge there was a hell of a lot of really bad stuff for the show, and a hell of a lot of really bad ideas. The Vorvoids were a Really Bad Idea, in the 1066 And All That sense, as was the Rani, as was Twin Dilemma, as was the mere existence of Pip and Jane Baker. If they could have saved Dalek Masterplan and burned Silver Nemesis instead, I would be happy for the exchange.

    Other things were merely implemented badly. I think BBV's "Summoned By Shadows" shows an excellent alternative version of Peri and the 6th Doctor, one that might have revived ratings rather than sent them through the floor, out the other side of the planet and into orbit around a passing black hole.

    Sure, I actually prefer other SciFi series to Dr Who, overall. "Sapphire and Steel" and "Blake's 7" (minus the 4th season) were much stronger in a lot of ways, IMHO. I've a fondness for "The Omega Factor", and consider "Children of the Stones" to be an inspired piece of drama, albeit for a younger audience. (As, indeed, were "Moondial" and "Codename: Icarus", both of which I consider good enough to recommend to anyone.)

    "The Tomorrow People", IMHO, was in much the same boat as Dr Who - great idea, but hampered by poor writing and poor implementation in many places. Still, the great stories really were great and the research into some of the historical trivia was excellent by television standards.

    There's a few clip

  5. Re:Fans are disconnected on Reviews: Star Trek · · Score: 1

    I'm not old, I'm well-preserved.

  6. Re:First MD5 and now this on Preparing To Migrate Off of SHA-1 In OpenPGP · · Score: 1

    Essentially, that's exactly what a stream cipher is. A OTP is just a random bit stream as long as the message which you XOR with the message. A stream cipher is a pseudo-random bit stream as long as the message which you XOR with the message.

  7. Then use IPv6. on Hackers Broke Into FAA Air Traffic Control Systems · · Score: 4, Insightful

    It's non-proprietary, the applications should work just fine, but most skript-kiddies don't have any idea on how to set up the necessary tunnels. It's also designed from the start to be secure, IPv4 has had all security back-ported in.

    Also, use Active IDS, not passive. It's no good telling the operators that the last three planes crashed into a mountain because a system cracker decided it would be fun to use the radar computer for a game of Netrek. You're much better off by detecting the intrusions in real-time and countering them right then. Particularly if actual mission-critical systems are being broken into.

    Third, Stop Using Windows! Gaah! The chances are that the software can be modded to work under Linux or OpenBSD just fine.

  8. Re:What's a Trekie? on Reviews: Star Trek · · Score: 1

    This is the most reliable analysis of what a Trekkie is that I know of.

  9. Re:Fans are disconnected on Reviews: Star Trek · · Score: 1

    Excellent points, all of which could be said of other franchises which are being milked (Doctor Who being an obvious example). The story is being sacrificed for the flash-bang effects.

    I also question some of the attitudes towards the little story telling there is in modern SciFi. I'm sure that if "Eastenders In Space" was actually what people wanted to see, there'd be a story of London getting blasted into space.

    Given that there is no evidence of London (or, indeed, the Rover's Return, Emmerdale, or any other soap location) getting the Space: 1999 treatment, I would argue that there is actually no demand for Soap In Space, that what people actually want IS the mix of science and philosophy that makes the genre unique.

    (The other argument for the modern style is that audiences aren't interested in plot or motivation, they're there for T & A. This is doubtless why Eldorado, a soap that had nothing else, was a complete flop with lower ratings than the BBC2 test card.)

  10. Re:First MD5 and now this on Preparing To Migrate Off of SHA-1 In OpenPGP · · Score: 1

    Enigma was an approximation to a one-time pad (mostly because you could reconnect the plug boards as you liked and re-order the wheels as you liked), but was likewise cracked because of carelessness of use.

  11. Re:First MD5 and now this on Preparing To Migrate Off of SHA-1 In OpenPGP · · Score: 1

    The crypto lounge and hash lounge have a list of known flaws/attacks/documented partial attacks in algorithms. It's a good place to start... ...well, to start being paranoid, anyway, as more than a few of the algorithms listed have this nice skull-and-crossbones by them.

  12. Re:First MD5 and now this on Preparing To Migrate Off of SHA-1 In OpenPGP · · Score: 1

    "Perfect security" varies according to what constitutes "perfect". For example, one-time pads can be considered perfect, if you can guarantee the security of the pads.

    (One suggested method is to use a cosmological source of randomness and transmit encrypted the position of the radiosource. Since any time delay will result in not having the same pad as the people on either side, the pad is essentially guaranteed secure even if the encryption is broken, provided it cannot be decrypted through the attack faster than it can be decrypted normally.)

    This is obviously feasible for, say, GCHQ communicating with the NSA, as they can easily set up small radio observatories at their respective bases. It is equally obviously not feasible for communicating to someone hiking over the Alps, as you can't really fit a decent-sized dish into a backpack.

    For very large collaborative groups, it is feasible to use some form of Byzantine key splitting to ensure the key is safe and to do some encryption/decryption in parallel. This is a very different scenario from one person talking to another directly, where both must have the full key and the algorithm complexity is limited by the fact that single computers aren't very good at parallelizing tasks yet.

  13. Re:What about SSL certificates? on Preparing To Migrate Off of SHA-1 In OpenPGP · · Score: 1

    A good point, especially given that sites upgraded to SHA-1 from MD5 after the debacle over forged certificates. They're not going to want to upgrade again, especially to something obscure.

  14. Re:Well that's unfortunate on Preparing To Migrate Off of SHA-1 In OpenPGP · · Score: 1

    If they pay me another $560k, I'll upgrade them to SHA-2 or Midnight Blue. (Either that, or I'll figure out how to Seuss the names of hashes.)

  15. Re:Insurance? on Your Commuting Costs By Car Vs. Train? · · Score: 1

    Those, plus damage to roads (you pay less for road maintenance when only cycles are on it), health impacts (cycles improve your physical condition and cycle-cycle collisions are less likely to cause serious injury or death), other environmental considerations (car smog is nasty, waste oil and hazardous chemicals cost money to handle correctly).

    There are other impacts. Parking space is land that can't be used for anything else. Train stations (and indeed the trains themselves) may have secondary sales (eg: food) that wouldn't otherwise happen. Depending on the nature of the train system, the lines may be multi-role (allowing for goods trains and passenger trains on the same line) - this may attract business in a way that a car park wouldn't, under some circumstances.

    All in all, the calculation of the impact of a train system is not trivial. There are a huge number of variables. Under some circumstances, train systems can save vastly more money than the estimate given. Under other circumstances, I imagine the savings might be less.

    What would be interesting would be to see a comparison of different approaches to rail in different regions of the US and in different countries, to see just what sort of savings are possible and just how much variation there really is as a result of implementation details.

  16. Re:How about threads? on New Firefox Project Could Mean Multi-Processor Support · · Score: 1

    You think that's bad? A friend of mine routinely runs 400+ tabs. (She is forced to use Firefox 1.x as nothing newer is capable of handling this kind of number.) Can you imagine the resource hit that would take by using processes?

  17. Re:Hm, an idea on NASA Running Low On Fuel For Space Exploration · · Score: 4, Interesting

    Given that nuclear reprocessing plants, such as Sellafield, supplied a lot of weapons material for the British nuclear program, I'd be astonished if these could not extract all of the plutonium needed from those fuel rods that have been recycled this way.

  18. Re:Numismats on eBay Fakes Devalue the Craft of Tomb Robbing · · Score: 1

    Excellent advice, though if you've any links or other info on those characteristics, I'd like to see them. There are some interesting "Celtic" coins on eBay - cheap ones, mind - that I'd like to do some quick-n-dirty validation on.

    Related to this, I'm working with archaeologists in England. Because of help I've got via Slashdot and some archaeological science mailing lists, they now regard me as the coin guru. (Urk!) The site is poorly-understood and some coins have been allegedly found by metal detectorists nearby that are hard to explain. I need whatever info I can get my hands on on how to spot fake coins and understand the significance of any real ones. Help would be gratefully appreciated!

  19. Re:Numismats on eBay Fakes Devalue the Craft of Tomb Robbing · · Score: 1

    Yeah, if you took them to court for selling you improperly-made forgeries, I doubt the judge would offer a whole lot of sympathy.

  20. Re:Not Illegal But Definitely Misleading on eBay Fakes Devalue the Craft of Tomb Robbing · · Score: 1

    Depends on the artifact. I wouldn't trust unknown sellers of artifacts on eBay, especially if the object is too worn or too lacking in detail to verify if it's genuine.

    On the other hand, there are fairly large-scale coin dealers on eBay who have a lot to lose if they're accused of fakery. Again, though, that doesn't make them honest. You should still do whatever checks you can, though that's often going to be hard, particularly for coins. Often they are not going to have good documentation (most hoards are found by farmers and metal detectorists, not archaeologists) and unless you've a source of high-energy neutrons handy, you can't use isotope ratios to date the metal.

    In a few cases, say silver coins from Iron Age Norfolk, the sheer number of genuine articles is so overwhelming that those specific finds are even exempted from Britain's Treasure Trove laws. The market for those can be considered as glutted as any archaeological market ever is. I'd probably trust those, within reason. "Ring coins" from Europe, which are just, well, iron rings with no details, could be mass-produced on any wire-making machine. They quite likely are.

    Rarer stuff or anonymous sellers for ancient material? Nah. I wouldn't trust them at all. I didn't mind buying an R1155 radio off an anonymous seller because there's no demand for fake R1155s and the cost of the forgery would exceed the money you could sell one for. But valuables? Never go near eBay for anything worth something.

  21. Re:Not Illegal But Definitely Misleading on eBay Fakes Devalue the Craft of Tomb Robbing · · Score: 2, Interesting

    A 100% genuine fake is still 100% genuine.

  22. Re:If was the Li's formula on The Coder Behind the Mortgage Meltdown · · Score: 1

    There are some really really bad jokes that could be made of the function name. Only problem is that nobody on Slashdot has been outside the basement long enough to get them.

  23. Re:Requirements? on The Coder Behind the Mortgage Meltdown · · Score: 1

    According to TFA, a bottle of vodka and the moving violation ticket after he totaled his car.

  24. Re:Not One Person's Fault on The Coder Behind the Mortgage Meltdown · · Score: 2, Insightful

    Code reviews aren't as common as you might think, but it is certainly true that the claims don't stand up to scrutiny. Nobody with that little experience is going to be able to write heavy-duty software, for a start. Teams write super-massive projects, not individuals, for another. Enough vodka to total the car is enough vokda to total the specs in your mind, so at best he's flippant as well as economic with the truth.

    However, when you dig deeper into the article, you run into other questions. He talks of the software being developed over periods of economic instability. True enough, but the software was presumably not responsible for that instability, and he gives no indication that the causes for said instability were ever removed. So was his software the piledriver that smashed the economic landscape, or merely one straw amongst millions, whose combined weight broke the camel's back?

    (If one straw amongst millions, then no straw, not even the last one placed, is any more or less responsible than any other. You'd have to divide his responsibility between each and every straw that factored in.)

    But there are some definite bugs. He talks of basic calculus. Ok, that's fair enough, but you need more than basic calculus if you want to factor in the effect of the observer on the system. Once the observer's mass becomes comparable to that of the system as a whole, the numbers become considerably trickier. We see no evidence that he's using anything more than simple numerical methods, first-order calculus and (from his references to offal) the SIMPLEX method. Completely inadequate for an n-body problem in dynamics.

    Now, it seems certain that n-body maths were not present in the simulating software, or we wouldn't be in this mess, but it's clear that the software was more advanced than an O-Level project. That gap is not covered by TFA - whether because he's being selective on what he says or because he's just too small a cog to be of importance is unclear - but it's a gap I'd consider more important than anything revealed by TFA.

  25. Re:CRA on The Coder Behind the Mortgage Meltdown · · Score: 1

    I took "galactic" to mean there's a supermassive black hole at the centre.