Determining the number of steps required to complete a computation is similar in many ways to determining whether or not a given computation will loop infinitely -- it absolutely impossible to develop a general algorithm to detect all infinite loops, as we know from the entscheidungsproblem.
For similar reasons, it impossible to develop a general algorithm that can predict the number of steps for any possible computation, and it is very difficult to predict the number of steps to completion for all but the simplest computations. For more complicated computations, heuristics are required to estimate the completion time.
Estimating by file size and number of files tends to work pretty well when you have that information available to your program, but it does require some effort to take this data and use it to develop an estimation for time to completion, many programmers are too lazy to even bother.
Why would you use vi bindings in Emacs? Why not just use vim? ViperMode is especially terrible, it doesn't implement the function of vi's "f" or "t" commands, which I use only a million times every day.
I have a hard time believing that Santorum actually expected to have a chance at this stage. My mother is a Neo-conservative Christian party-line voter, and even she is considering voting for Obama again; and not because she likes him. The entire GOP lineup is a mess.
Wow, neo-conservative christians hate mormons that much? So much that they would actually consider voting Democrat if given the choice? That's hard to believe.
Also, it seems tapes are always trying to catch-up with improved hard disk technology, but they never do. Sure, 8 terabytes seems good now, so the "next generation" of tapes will be able to backup data from 8 1TB hard disks, which might be OK until about 5 years from now when 8 terabyte hard disks come out. Then all of a sudden a simple RAID-1 array of 8TB disks is as large as your next generation tape used to be, and has the advantage of both random-access and redundancy. So for all your investment in tapes, it turns out it may have been easier to just upgrade your RAID disk arrays with larger disks.
Really, tapes have a niche for storing data that no one will ever need to read once it is written, which is common in industries that have regulations requiring them to store records for a certain period of time before deleting them.
Does using the tablet have smooth and instant responsiveness? At the end of the day, that's all that matters. Tegra 100 or ipad 100 won't matter if the OS that uses it isn't smooth and keeps up with the user interactions. Consumers just care about experience, how they get there isn't of interest to anyone other than nerds.
At the end of the day, if it only lasts for 30 minutes on a full battery charge, then your smooth and responsive tablet with it's watt-guzzling high memory bandwidth is worthless, and consumers will care very much about that.
The article focused on how often or for how many minutes certain files and programs on the lost phones were accessed. 57% of the time the "stored passwords" file was accessed, and 66% of the time, a "Login/Password" screen was accessed which had the password auto-completed so anyone could have access to the account, for whatever service it was (not mentioned in the article).
What they didn't check for was how many people were like you:
I always look for a contact named ME, HOME, MOM, WIFE, ICE, etc. so that I can find out who the phone belongs to and get it properly returned.
So this research is a bit spurious: in their analysis they make NO attempt to isolate cases of natural and innocent curiosity with cases of malicious intent, they just assume all access of the device was malicious. But looking at a passwords file may well have just been someone thinking "what kind of password does this guy use?", and not someone looking to steal their identity. If I find a phone, I am very curious to know what kind of horrible things might have happened to this person if a criminal had found this phone instead of me.
He is mounting "/dev/sdb1" to "/tmp". Most Linux systems mount the in-memory only "tmpfs" to "/tmp", so data written to it is in memory only. Unless the pages comprising "tmpfs" are swapped to disk, none of this information should ever even touch the hard disk. But the way he set it up, "/dev/sdb1" will capture all terminal data. Why would you even set it up this way to begin with? It's not the default setup.
This is pretty stupid. Not a security vunerability, just another thing to be careful of -- never mount a physical disk to "/tmp".
If someone exposes your dishonest scheme, lie, lie, lie, lie, and lie some more, repeat the same lies over and over again in every venue and on every news network so often that people start to think you are telling the truth. Accuse everyone else of being dishonest, accuse everyone else of conspiring against you, tell everyone who will listen, and if anyone who listens actually believes your lies, praise them for being fair and balanced.
The second rule of PR is... lie, lie, lie, lie, and lie some more, repeat the same lies over and over again in every venue and on every news network so often that people start to think you are telling the truth. Accuse everyone else of being dishonest, accuse everyone else of conspiring against you, tell everyone who will listen, and if anyone who listens actually believes your lies, praise them for being fair and balanced.
I'd give Explorers two thumbs up, except that I think they belong up the bigoted Boy Scouts of America's ass.
That is so true. I was lucky, the Boy Scouts weren't as bad as they are now. Even so, the small college town I grew up in was so full of liberals, bigotry simply isn't an issue in our local troops. Discrimination may be the official policy of the Boy Scouts nowadays, but as long as there are liberals who know that it is wrong and who know how much of a positive influence the Scouts are to kids, discrimination will be hard to enforce.
Still, it would be nice if there were a more open, secular, perhaps even co-ed version of the scouts that were as popular. They exist, but not everywhere like the Boy Scouts do.
I had a similar experience in Boy Scouts. Someone in the Boy Scouts had the bright idea to send around invitations to a computer and software oriented extra-cirricular program, some guys at the local community college allowed us to use their computer lab. We learned things like how to put together a computer from components, and how to install MS-DOS from floppy disk. I was in the C programming group, and we learned the basics of the C language. The computer lab guys set us up with the Borland C compiler and we were off writing programs with "conio.h" for inventing fancy command-line programs.
Unfortunately, it was difficult to maintain interest after a while. We just ran out of ideas. Putting together a comptuer is so easy, even kids can do it in just a few hours, and so everyone shifted to the programming group where there weren't enough skilled instructors to teach everyone. Then, once you get the syntax down, programming is easy, but the more complex ideas related to computer science, like algorithms and data structures, are a bit too difficult for kids to understand. Even I didn't get it at the time.
If we had more skilled teachers, it might have worked out better. But that is always the problem, isn't it? How do find skilled teachers?
Do you wonder why we the people don't propose our own laws, rather than just react whenever these bills slouch toward Congress to be born?
No, I DO NOT wonder why people don't do this. How can you ensure a democracy if everyone participating is anonymous? How can you ensure that one person has exactly one vote? How do you prevent criminals from influencing policy by voting hundreds of times for their own laws?
As it is now, wealthy people can make any laws they want, but it still requires the complicated process of bribing elected law makers with high-paying consulting jobs. If you take money out of the equation, anyone who figures out how to game your voting system will easily pass any laws they want by simply creating a huge number of sock-puppet voters.
I hate how money, rather than common sense and compromise, has more influence over law, but a digital democracy simply won't work unless you can uniquely identify voters with sensitive personal data which no one wants (nor should they have to) provide to anyone anyway.
If the signatures need to be verified by a signature authority controlled by the attackers, it would be much easier to find out who is issuing the commands, just trace all communications back to the signature authority. And a communication to the signature authority would happen every time a command message needs to be verified by one of the nodes.
Otherwise, the commands must be self-signed, so an ordinary man-in-the-middle attack on any one the nodes could reveal the signature to you. You could do it as soon as you are able to capture a signed command message to any one of the nodes, which are probably broadcast like chunks of a bit torrent -- if so, then these messages are pretty easy to find once you have enough nodes because the signed command message will be replicated so often. Then, just decrypt the signature with the private key you extracted from one of the nodes, and start issuing your own self-signed command messages.
But I have never done anything like that before, it is probably much more difficult than I am making it sound.
But on the other hand, you still need to issue commands to the C&C. If you can figure out the communication protocol used to assign C&C powers to a node, then security researchers can easily toss-out the command to become a C&C to all nodes and then sink-hole it.
Further, I am not aware of any way to encrypt communications between the botnet's controllers and the botnet's nodes because every node will need to have the private key to decrypt incoming communications. So anyone can analyze a node and just pick out the private key, and then start issuing commands to it as though they were the operators. It just adds bulk to the botnet code, and doesn't prevent anyone from sink-holing it.
I think the real difficulty is simply containment. If the virus is designed to spread as rapidly as possible, then you need to spend a lot of time finding nodes and taking control of them to shut them down. I think the designers of ZueS are counting on that, and hope sheer numbers will be better than more precise control.
Only a million trillion times faster than it happens in the real world. I for one welcome our sentient viral overlords.
I sympathize with your enthusiasm, but evolution of computer viruses is actually a million trillion times slower than in real life, because the "environment" in which the "random genetic mutations" occur is the much smaller and slower-moving world of man-made software. In real life, you've got a lot more space, time, and degrees of freedom, and the motion of atoms in DNA molecules is much faster than the clock of any computer.
It's unfortunate, but the Pope is way more wealthy than Bill Gates, and as long as he is sending hoards of priests/PR agents to Africa telling everyone "condoms spread AIDS", no amount of money Bill Gates spends is ever going improve things.
I hated Gates, but now that he is using his real monopoly money to do good things, I actually genuinely respect the guy. But I still despise Microsoft and it's crappy software. I would respect Bill Gates even more if he went back to Microsoft and said, "You know what, from now on we are going to open source all Microsoft software, past and present, because people will pay us to use our software, regardless of its license."
Slashdot Mirror
http://en.wikipedia.org/wiki/Entscheidungsproblem
@tian2992 you win this thread.
Determining the number of steps required to complete a computation is similar in many ways to determining whether or not a given computation will loop infinitely -- it absolutely impossible to develop a general algorithm to detect all infinite loops, as we know from the entscheidungsproblem.
For similar reasons, it impossible to develop a general algorithm that can predict the number of steps for any possible computation, and it is very difficult to predict the number of steps to completion for all but the simplest computations. For more complicated computations, heuristics are required to estimate the completion time.
Estimating by file size and number of files tends to work pretty well when you have that information available to your program, but it does require some effort to take this data and use it to develop an estimation for time to completion, many programmers are too lazy to even bother.
Who needs life size, I'd be happy with a Dead or Alive "Ayane" action figure with silicone boobs. I am tired of paying top yen for these figures.
Caffeinated bacon?
Baconated grapefruit?
"Admiral" Crunch?
I had mod points yesterday, now I don't. I would have given them all to you.
Fuck Slashdot's moderator policies.
You mean, enough electricity for 18 time leaps in a Delorian powerd by a flux capacitor.
Just give me a few more months, we'll have a HAL9000 soon enough.
Why would you use vi bindings in Emacs? Why not just use vim? ViperMode is especially terrible, it doesn't implement the function of vi's "f" or "t" commands, which I use only a million times every day.
There are like 20 forks of Firefox for Linux already, I can't even keep track of them all: Iceweasel, Seamonkey, Icecat, Swiftfox, Flock, ...
There are even more based on WebKit.
before the religious conservatives in Iraq decide to start censoring their internet.
I have a hard time believing that Santorum actually expected to have a chance at this stage. My mother is a Neo-conservative Christian party-line voter, and even she is considering voting for Obama again; and not because she likes him. The entire GOP lineup is a mess.
Wow, neo-conservative christians hate mormons that much? So much that they would actually consider voting Democrat if given the choice? That's hard to believe.
Well done. Now, what about the other 200 patents that cover that exact same algorithm?
Also, it seems tapes are always trying to catch-up with improved hard disk technology, but they never do. Sure, 8 terabytes seems good now, so the "next generation" of tapes will be able to backup data from 8 1TB hard disks, which might be OK until about 5 years from now when 8 terabyte hard disks come out. Then all of a sudden a simple RAID-1 array of 8TB disks is as large as your next generation tape used to be, and has the advantage of both random-access and redundancy. So for all your investment in tapes, it turns out it may have been easier to just upgrade your RAID disk arrays with larger disks.
Really, tapes have a niche for storing data that no one will ever need to read once it is written, which is common in industries that have regulations requiring them to store records for a certain period of time before deleting them.
Does using the tablet have smooth and instant responsiveness? At the end of the day, that's all that matters. Tegra 100 or ipad 100 won't matter if the OS that uses it isn't smooth and keeps up with the user interactions. Consumers just care about experience, how they get there isn't of interest to anyone other than nerds.
At the end of the day, if it only lasts for 30 minutes on a full battery charge, then your smooth and responsive tablet with it's watt-guzzling high memory bandwidth is worthless, and consumers will care very much about that.
The article focused on how often or for how many minutes certain files and programs on the lost phones were accessed. 57% of the time the "stored passwords" file was accessed, and 66% of the time, a "Login/Password" screen was accessed which had the password auto-completed so anyone could have access to the account, for whatever service it was (not mentioned in the article).
What they didn't check for was how many people were like you:
I always look for a contact named ME, HOME, MOM, WIFE, ICE, etc. so that I can find out who the phone belongs to and get it properly returned.
So this research is a bit spurious: in their analysis they make NO attempt to isolate cases of natural and innocent curiosity with cases of malicious intent, they just assume all access of the device was malicious. But looking at a passwords file may well have just been someone thinking "what kind of password does this guy use?", and not someone looking to steal their identity. If I find a phone, I am very curious to know what kind of horrible things might have happened to this person if a criminal had found this phone instead of me.
He is mounting "/dev/sdb1" to "/tmp". Most Linux systems mount the in-memory only "tmpfs" to "/tmp", so data written to it is in memory only. Unless the pages comprising "tmpfs" are swapped to disk, none of this information should ever even touch the hard disk. But the way he set it up, "/dev/sdb1" will capture all terminal data. Why would you even set it up this way to begin with? It's not the default setup.
This is pretty stupid. Not a security vunerability, just another thing to be careful of -- never mount a physical disk to "/tmp".
If someone exposes your dishonest scheme, lie, lie, lie, lie, and lie some more, repeat the same lies over and over again in every venue and on every news network so often that people start to think you are telling the truth. Accuse everyone else of being dishonest, accuse everyone else of conspiring against you, tell everyone who will listen, and if anyone who listens actually believes your lies, praise them for being fair and balanced.
The second rule of PR is...
lie, lie, lie, lie, and lie some more, repeat the same lies over and over again in every venue and on every news network so often that people start to think you are telling the truth. Accuse everyone else of being dishonest, accuse everyone else of conspiring against you, tell everyone who will listen, and if anyone who listens actually believes your lies, praise them for being fair and balanced.
Mod parent up, please.
I think what you are trying to say is, it won't help the people who really need help? Anyway, you're a great writer, and this was an awesome post.
I'd give Explorers two thumbs up, except that I think they belong up the bigoted Boy Scouts of America's ass.
That is so true. I was lucky, the Boy Scouts weren't as bad as they are now. Even so, the small college town I grew up in was so full of liberals, bigotry simply isn't an issue in our local troops. Discrimination may be the official policy of the Boy Scouts nowadays, but as long as there are liberals who know that it is wrong and who know how much of a positive influence the Scouts are to kids, discrimination will be hard to enforce.
Still, it would be nice if there were a more open, secular, perhaps even co-ed version of the scouts that were as popular. They exist, but not everywhere like the Boy Scouts do.
I had a similar experience in Boy Scouts. Someone in the Boy Scouts had the bright idea to send around invitations to a computer and software oriented extra-cirricular program, some guys at the local community college allowed us to use their computer lab. We learned things like how to put together a computer from components, and how to install MS-DOS from floppy disk. I was in the C programming group, and we learned the basics of the C language. The computer lab guys set us up with the Borland C compiler and we were off writing programs with "conio.h" for inventing fancy command-line programs.
Unfortunately, it was difficult to maintain interest after a while. We just ran out of ideas. Putting together a comptuer is so easy, even kids can do it in just a few hours, and so everyone shifted to the programming group where there weren't enough skilled instructors to teach everyone. Then, once you get the syntax down, programming is easy, but the more complex ideas related to computer science, like algorithms and data structures, are a bit too difficult for kids to understand. Even I didn't get it at the time.
If we had more skilled teachers, it might have worked out better. But that is always the problem, isn't it? How do find skilled teachers?
Do you wonder why we the people don't propose our own laws, rather than just react whenever these bills slouch toward Congress to be born?
No, I DO NOT wonder why people don't do this. How can you ensure a democracy if everyone participating is anonymous? How can you ensure that one person has exactly one vote? How do you prevent criminals from influencing policy by voting hundreds of times for their own laws?
As it is now, wealthy people can make any laws they want, but it still requires the complicated process of bribing elected law makers with high-paying consulting jobs. If you take money out of the equation, anyone who figures out how to game your voting system will easily pass any laws they want by simply creating a huge number of sock-puppet voters.
I hate how money, rather than common sense and compromise, has more influence over law, but a digital democracy simply won't work unless you can uniquely identify voters with sensitive personal data which no one wants (nor should they have to) provide to anyone anyway.
If the signatures need to be verified by a signature authority controlled by the attackers, it would be much easier to find out who is issuing the commands, just trace all communications back to the signature authority. And a communication to the signature authority would happen every time a command message needs to be verified by one of the nodes.
Otherwise, the commands must be self-signed, so an ordinary man-in-the-middle attack on any one the nodes could reveal the signature to you. You could do it as soon as you are able to capture a signed command message to any one of the nodes, which are probably broadcast like chunks of a bit torrent -- if so, then these messages are pretty easy to find once you have enough nodes because the signed command message will be replicated so often. Then, just decrypt the signature with the private key you extracted from one of the nodes, and start issuing your own self-signed command messages.
But I have never done anything like that before, it is probably much more difficult than I am making it sound.
But on the other hand, you still need to issue commands to the C&C. If you can figure out the communication protocol used to assign C&C powers to a node, then security researchers can easily toss-out the command to become a C&C to all nodes and then sink-hole it.
Further, I am not aware of any way to encrypt communications between the botnet's controllers and the botnet's nodes because every node will need to have the private key to decrypt incoming communications. So anyone can analyze a node and just pick out the private key, and then start issuing commands to it as though they were the operators. It just adds bulk to the botnet code, and doesn't prevent anyone from sink-holing it.
I think the real difficulty is simply containment. If the virus is designed to spread as rapidly as possible, then you need to spend a lot of time finding nodes and taking control of them to shut them down. I think the designers of ZueS are counting on that, and hope sheer numbers will be better than more precise control.
Only a million trillion times faster than it happens in the real world. I for one welcome our sentient viral overlords.
I sympathize with your enthusiasm, but evolution of computer viruses is actually a million trillion times slower than in real life, because the "environment" in which the "random genetic mutations" occur is the much smaller and slower-moving world of man-made software. In real life, you've got a lot more space, time, and degrees of freedom, and the motion of atoms in DNA molecules is much faster than the clock of any computer.
Mod parent up.
It's unfortunate, but the Pope is way more wealthy than Bill Gates, and as long as he is sending hoards of priests/PR agents to Africa telling everyone "condoms spread AIDS", no amount of money Bill Gates spends is ever going improve things.
I hated Gates, but now that he is using his real monopoly money to do good things, I actually genuinely respect the guy. But I still despise Microsoft and it's crappy software. I would respect Bill Gates even more if he went back to Microsoft and said, "You know what, from now on we are going to open source all Microsoft software, past and present, because people will pay us to use our software, regardless of its license."