The TSA actually had Johns Hopkins produce a number of extensive, publicly-available engineering safety reports.
I've gone through the math (I used to work at an X-ray facility), and you should be worried at something like five minutes of exposure. So if the machine seems to lock up, I recommend exiting the device.
Software of course could hurt you, but there are so many places that software errors could kill you that a little perspective is necessary.
I have read that letter, and it's one of the ones I refer to when I say that the authors are either ignorant of the facts or intentionally ignore them. I've also read the responses from the manufacturer, the original inventor, and various government agencies. I've also read the engineering safety reports. The cancer risk of low-flux ionizing radiaiton, including X-rays, is actually pretty well-studied.
I would generally agree with you that we should default to (b), except that this isn't a helpful strategy without some quantitative information. There are poisons, radiation sources, and other qualitatively-dangerous things everywhere.
Of course, if they weren't tested to be sure the radiation is below certain limits, I'd agree that you shouldn't just trust them. But then, I was already familiar with dosing concerns for Compton backscatter X-ray scanning and know that you need to pay attention to resolution and frequency of exposure, since resolution can change exposure by many orders of magnitude.
They'd go off from standing outside. But there are certainly X-ray flux detectors that will trigger from a backscatter scan. Not sure how easy it would be to integrate into a shirt.
Unfortunately, the garish burn paper I'm familiar with is not nearly sensitive enough. It'd be neat to have a patch of green that turns pink when you get scanned, but it took a few seconds at dangerous, if not lethal, doses to get that effect.
Experts have written to the US Government with concerns only to be answered with "it is too low power!"
Sort of. There are actually extensive reports and tests.
But the fact is that these machines cause cancer, the only question is how much cancer and if we're happy with killing one additional person every year, ten, or over a hundred?
If I remember the math right, it's a couple per year. Everything causes cancer, though -- going outside, staying in the basement, grilling a steak, flying. The question is how much and how that compares to the baseline risk of cancer if you engage in no risky behaviors and are exposed to no risk environments. The answer, for backscatter X-ray machines, is "negligible".
I'd be very concerned if I was a frequent flier.
So would I. The increased cancer risk from being on the airplane is about a hundred times greater than the risk from the backscatter X-ray. I'm boned whether they get rid of the X-rays or not.
It's not massive. The radiation per unit volume is about two orders of magnitude higher for skin deposition than if you calculate it as being absorbed equally throughout the body. The total radiation is extremely small, many orders of magnitude less than a medical transmission X-ray.
They're orders of magnitude weaker than medical X-rays, so being imaged five times in a day is far, far less than receiving even one medical X-ray.
It's also not unknown and uncontrolled. It's unknown to you and uncontrollable by you, which is relevant but not the same. At the minimum, for safety considerations, they'd need to tightly control the emissions and frequency of use. It's even acceptably safe to be imaged dozens of times a day (the amount of radiation used is very low), but it's not safe enough for, say, constant exposure to the scanning beam or, say, ten thousand scans.
It's not a medical device. Something does not become a medical device just by virtue of using X-rays. Nor does it become a medical device by virtue of producing images of humans. It's only because it appears to be similar to a medical transmission X-ray that you call it that -- but it's not. The X-ray flux, energy, and scanning method are dramatically different from medical X-rays.
I'm not so sure of that. I've read a lot of the complaints that purport to come from researchers "in the field", and while they are in fact from researchers and even from researchers in related fields, they usually aren't really from researchers in the field. More to the point, though (since oncologists are reasonably allowed to have opinions about radiation devices), they seem to be written by researchers who either are ignorant of the facts or intentionally ignore the facts. There's a lot of "we don't know" about information that we do, in fact, know about. The effects of radiation are rather well-studied and the radiation from these devices is well-measured. Even if the data about both of those is off by an order of magnitude, this type of X-ray scanner presents negligible risk. The only real reasons people are uneasy about their health effects are (a) they don't like the scanners on other grounds as well and (b) it contains the word "X-ray", which, like "nuclear" or "radiation", makes it automatically bad regardless of quantitative data.
As an aside, the privacy concerns don't bother me personally, but they seem like a legitimate complaint, not counting hyperbole ("child porn"). However, I think these devices fail any objective cost-benefit analysis. They're far from infallible and they're expensive.
You're off by so many orders of magnitude, it hurts.
The chance of generating that particular e-mail, if it's 2 KiB, is 1 in 2^16384. (That's not really the number you want -- you want the chance of generating a similarly-incriminating e-mail. They're roughly equally improbable, though.)
So that's 1 in 2^16384 compared to 2^30 copies of the e-mail that would fit on the drive.
If the prosecution scoured every drive ever made for a random sequence of bits that looked like that e-mail, they'd never find it.
Plus, the expert witness generally has a better and less technical answer. Defense lawyers don't ask technical questions like that: the expert witness will undoubtedly have an answer, and you'll bore the jury to tears, which they hate.
The first three major steps are in increasing order of stupidity.
SQL injection on a CMS, especially a homebrew one, is a common enough problem. You should probably assume your CMS has an SQL injection vulnerability in it and plan accordingly.
Having unsalted, single-MD5 passwords is just bad. It's far too easy to instead use MD5 with a large salt, which really make the problem much better. Unless you have a high volume of logins, though, you might as well go overboard and use SHA1-based PBKDF2 with, say, 20 bytes of salt. Why not? It's trivial to code.
Using the same password for your CMS (remember, you should assume it has vulnerabilities) and for your corporate e-mail is critical mistake.
No, the mercury vapor is probably below the threshold you can smell it. The smell of a burnt-out CFL is burnt-out electronics (the ballast). If one died on you early and smelled like that, it's either faulty or you bought a cheap CFL with bad electronics.
The only real danger would be if he continued to be associated with Wikileaks after the law is passed, assuming Wikileaks continues to host the material and that hosting it is considered publication.
Without reading the article, most libraries out there now use ePub-format books and something like Adobe Digital Editions for DRM, which is already cracked. (In the sense that you can acquire the decryption keys. It shouldn't be surprising that decrypting the books is easy.)
Despite the fact that everyone says it's so, that's no longer the case on modern drives. The signal is so weak compared to the noise that you're looking at something like less than a 1% chance per bit of extracting the original bit instead of a random bit -- particularly useless since you don't know which bits it was successful on.
No, that's only for attempting to perform a secure erase of a single file. The results for trying to secure-erase single files are so bad (and since there is no ATA command to securely erase only particular blocks on a drive) that it is unsafe to write data to an SSD and then hope to reliably remove that data from the drive without zeroing the entire drive.
If you'll RTFA carefully, though, you'll note that for all but one drive they tested, zeroing the entire drive was reliable. One drive had about 1% of the original data remaining after 20 passes. One drive was entirely erased in one pass. The other drives were entirely erased within 2 passes.
So, zeroing an entire SSD works as long as you use more than one pass. Zeroing individual files on an SSD doesn't work.
This means that if you look at the exact value rather then the interpretation you can make a guess at what values it has been before.
In theory, maybe. In practice, it's simply not possible. The conventional wisdom that you need to overwrite multiple times, or with patterns, or with random noise, or anything other than just a single pass of zeros is nothing but a myth.
Even the IBM people have answered this. The only reason that the game boils down to buzzing in first is that the computer is able to answer Jeopardy's questions within 3 seconds. That's really the interesting part. The Jeopardy game is just a demonstration that the computer is able to come up with answers to arbitrary questions (phrased in a particularly computer-unfriendly fashion) within a short period of time and estimate its uncertainty well enough to avoid penalties for wrong answers.
Slashdot Mirror
The TSA actually had Johns Hopkins produce a number of extensive, publicly-available engineering safety reports.
I've gone through the math (I used to work at an X-ray facility), and you should be worried at something like five minutes of exposure. So if the machine seems to lock up, I recommend exiting the device.
Software of course could hurt you, but there are so many places that software errors could kill you that a little perspective is necessary.
I have read that letter, and it's one of the ones I refer to when I say that the authors are either ignorant of the facts or intentionally ignore them. I've also read the responses from the manufacturer, the original inventor, and various government agencies. I've also read the engineering safety reports. The cancer risk of low-flux ionizing radiaiton, including X-rays, is actually pretty well-studied.
I would generally agree with you that we should default to (b), except that this isn't a helpful strategy without some quantitative information. There are poisons, radiation sources, and other qualitatively-dangerous things everywhere.
Of course, if they weren't tested to be sure the radiation is below certain limits, I'd agree that you shouldn't just trust them. But then, I was already familiar with dosing concerns for Compton backscatter X-ray scanning and know that you need to pay attention to resolution and frequency of exposure, since resolution can change exposure by many orders of magnitude.
You could probably put one together for the $200-300 price point. Existing dosimeters aren't nearly sensitive enough, though.
http://www.fda.gov/Radiation-EmittingProducts/RadiationEmittingProductsandProcedures/SecuritySystems/ucm227201.htm
http://www.tsa.gov/research/reading/index.shtm
Look at, in particular, the radiation safety engineering assessments.
They'd go off from standing outside. But there are certainly X-ray flux detectors that will trigger from a backscatter scan. Not sure how easy it would be to integrate into a shirt.
Unfortunately, the garish burn paper I'm familiar with is not nearly sensitive enough. It'd be neat to have a patch of green that turns pink when you get scanned, but it took a few seconds at dangerous, if not lethal, doses to get that effect.
Experts have written to the US Government with concerns only to be answered with "it is too low power!"
Sort of. There are actually extensive reports and tests.
But the fact is that these machines cause cancer, the only question is how much cancer and if we're happy with killing one additional person every year, ten, or over a hundred?
If I remember the math right, it's a couple per year. Everything causes cancer, though -- going outside, staying in the basement, grilling a steak, flying. The question is how much and how that compares to the baseline risk of cancer if you engage in no risky behaviors and are exposed to no risk environments. The answer, for backscatter X-ray machines, is "negligible".
I'd be very concerned if I was a frequent flier.
So would I. The increased cancer risk from being on the airplane is about a hundred times greater than the risk from the backscatter X-ray. I'm boned whether they get rid of the X-rays or not.
It's not massive. The radiation per unit volume is about two orders of magnitude higher for skin deposition than if you calculate it as being absorbed equally throughout the body. The total radiation is extremely small, many orders of magnitude less than a medical transmission X-ray.
They're orders of magnitude weaker than medical X-rays, so being imaged five times in a day is far, far less than receiving even one medical X-ray.
It's also not unknown and uncontrolled. It's unknown to you and uncontrollable by you, which is relevant but not the same. At the minimum, for safety considerations, they'd need to tightly control the emissions and frequency of use. It's even acceptably safe to be imaged dozens of times a day (the amount of radiation used is very low), but it's not safe enough for, say, constant exposure to the scanning beam or, say, ten thousand scans.
It's not a medical device. Something does not become a medical device just by virtue of using X-rays. Nor does it become a medical device by virtue of producing images of humans. It's only because it appears to be similar to a medical transmission X-ray that you call it that -- but it's not. The X-ray flux, energy, and scanning method are dramatically different from medical X-rays.
I'm not so sure of that. I've read a lot of the complaints that purport to come from researchers "in the field", and while they are in fact from researchers and even from researchers in related fields, they usually aren't really from researchers in the field. More to the point, though (since oncologists are reasonably allowed to have opinions about radiation devices), they seem to be written by researchers who either are ignorant of the facts or intentionally ignore the facts. There's a lot of "we don't know" about information that we do, in fact, know about. The effects of radiation are rather well-studied and the radiation from these devices is well-measured. Even if the data about both of those is off by an order of magnitude, this type of X-ray scanner presents negligible risk. The only real reasons people are uneasy about their health effects are (a) they don't like the scanners on other grounds as well and (b) it contains the word "X-ray", which, like "nuclear" or "radiation", makes it automatically bad regardless of quantitative data.
As an aside, the privacy concerns don't bother me personally, but they seem like a legitimate complaint, not counting hyperbole ("child porn"). However, I think these devices fail any objective cost-benefit analysis. They're far from infallible and they're expensive.
You're off by so many orders of magnitude, it hurts.
The chance of generating that particular e-mail, if it's 2 KiB, is 1 in 2^16384. (That's not really the number you want -- you want the chance of generating a similarly-incriminating e-mail. They're roughly equally improbable, though.)
So that's 1 in 2^16384 compared to 2^30 copies of the e-mail that would fit on the drive.
If the prosecution scoured every drive ever made for a random sequence of bits that looked like that e-mail, they'd never find it.
Plus, the expert witness generally has a better and less technical answer. Defense lawyers don't ask technical questions like that: the expert witness will undoubtedly have an answer, and you'll bore the jury to tears, which they hate.
A single round of unsalted MD5. Bad idea.
The first three major steps are in increasing order of stupidity.
SQL injection on a CMS, especially a homebrew one, is a common enough problem. You should probably assume your CMS has an SQL injection vulnerability in it and plan accordingly.
Having unsalted, single-MD5 passwords is just bad. It's far too easy to instead use MD5 with a large salt, which really make the problem much better. Unless you have a high volume of logins, though, you might as well go overboard and use SHA1-based PBKDF2 with, say, 20 bytes of salt. Why not? It's trivial to code.
Using the same password for your CMS (remember, you should assume it has vulnerabilities) and for your corporate e-mail is critical mistake.
No, the mercury vapor is probably below the threshold you can smell it. The smell of a burnt-out CFL is burnt-out electronics (the ballast). If one died on you early and smelled like that, it's either faulty or you bought a cheap CFL with bad electronics.
Alternately, an IQ above 84.
Why would they bother? Overclockers are the same people who buy Intel chips twice as often as everyone else.
Are you referring to the IRS whose constitutionality is established by the 16th Amendment?
The only real danger would be if he continued to be associated with Wikileaks after the law is passed, assuming Wikileaks continues to host the material and that hosting it is considered publication.
Without reading the article, most libraries out there now use ePub-format books and something like Adobe Digital Editions for DRM, which is already cracked. (In the sense that you can acquire the decryption keys. It shouldn't be surprising that decrypting the books is easy.)
It's the one most likely to contain the "Seattle Times" newspaper.
Despite the fact that everyone says it's so, that's no longer the case on modern drives. The signal is so weak compared to the noise that you're looking at something like less than a 1% chance per bit of extracting the original bit instead of a random bit -- particularly useless since you don't know which bits it was successful on.
They made an FPGA board that interacts with the flash chips directly, bypassing the translation layer (FTL).
No, that's only for attempting to perform a secure erase of a single file. The results for trying to secure-erase single files are so bad (and since there is no ATA command to securely erase only particular blocks on a drive) that it is unsafe to write data to an SSD and then hope to reliably remove that data from the drive without zeroing the entire drive.
If you'll RTFA carefully, though, you'll note that for all but one drive they tested, zeroing the entire drive was reliable. One drive had about 1% of the original data remaining after 20 passes. One drive was entirely erased in one pass. The other drives were entirely erased within 2 passes.
So, zeroing an entire SSD works as long as you use more than one pass. Zeroing individual files on an SSD doesn't work.
That was their question, too, and they address it in the paper.
This means that if you look at the exact value rather then the interpretation you can make a guess at what values it has been before.
In theory, maybe. In practice, it's simply not possible. The conventional wisdom that you need to overwrite multiple times, or with patterns, or with random noise, or anything other than just a single pass of zeros is nothing but a myth.
Even the IBM people have answered this. The only reason that the game boils down to buzzing in first is that the computer is able to answer Jeopardy's questions within 3 seconds. That's really the interesting part. The Jeopardy game is just a demonstration that the computer is able to come up with answers to arbitrary questions (phrased in a particularly computer-unfriendly fashion) within a short period of time and estimate its uncertainty well enough to avoid penalties for wrong answers.