Normally if the President were convicted and removed from office the Vice President would take over. This is the first time we've had both in the crosshairs, though if the timing had been slightly different we might have been there with Nixon (obstruction of justice) and his VP Agnew (bribery).
The new element is that the Speaker of the House would become president.
There are plenty of other narrow-band modes well suited for DX, e.g. PSK31.
A lot of the world, though, doesn't have computers coming out their ears like the rich countries do. But they can turn transmitters on and off.
The reason to learn code today is for contacting a wide range of people in a wide range of countries, while conserving bandwidth and allowing operation under more difficult conditions. Automatic decoding of human-sent Morse code has been suprisingly troublesome compared to using a human brain for the purpose.
They will denounce it with bitter fury. Morse code requirements are a subject that shuts down rational discussion among hams as fast as abortion or the Middle East does among the general population.
>Chances IE7 will have more problems than Firefox on any system because of its integration into the OS.
It has terrible ancestry, but if the sandboxing works there should be fewer problems.
All browsers should be sandboxed: a huge complex program that takes massive amounts of untrusted input from multiple unknown sources, some of it guaranteed to be malicious?
We found a malicious Word document that was written in Portuguese and added detection for it as Trojan.Mdropper.T. The document contains an exploit that drops an executable file, which then installs a downloader threat and opens a clean Word document in an Asian language with some strange predictions about the future. The downloader then downloads a keylogger/infostealer.
It's still correct to say "low risk". There have been very few reported infections. So far.
Yes, that's happening and it's insane, but the only gain from running as a less-privileged user would be to force an attacker to find or use a Windows privilege escalation vulnerability.
>Data used by Microsoft Word to construct a destination address for a memory copy routine
I can't wait to find out what this means. Every file format that creates data structures has "data used... to construct a destination address", in an indirect sense.
Network World reports that the exploit is being used in targeted attacks, for which the source and subject line could be made to appear plausible. If the spoofed From line is one of your coworkers's addresses, and the subject is something of current interest in the company, it would be easy to get fooled.
How will buying a Mac help unless the team that coding Office for the Mac was much more security-conscious than the team that coded Office for Windows? The one thing that Mac has going for it is a good implementation of unprivileged accounts, but OS X has had plenty of privilege escalation bugs, and there's plenty of stuff in $HOME that you wouldn't want disclosed or damaged.
It doesn't take long to put together a spreadsheet to illustrate the tradeoffs. But if you'd like to get one ready-made, I'll email you one if you ask at the disposable email address 2024o2a02@sneakemail.notcxnotorgbutcom. It has color-coded strength results and parametrizable assumptions about the speed of the cracking software and the size of the cracker's botnet.
1. You mean lengthening the password? That adds a factor of 52 to the attacker's workload if the letter is genuinely random. Putting a number in place of a letter, if your password is already alphanumeric, has no effect.
2. It doesn't really help an attacker to know that an eight-character string of letters and numbers has to have at least one number in it. All that would do is allow the attacker to skip the purely alphabetic passwords and they're a tiny fraction of the search space.
>I understand the theory that it makes it tough on the crackers
I understand the theory too but it's still wrong.
The password cracking program has a 0.0N% chance of guessing a password for every second that it runs. If it has to start over with a new password hash, it still has the same chance per second.
Looking at it another way, the new password is just as likely to be closer to the beginning of the cracking program's search space as it is to be further away.
Password rotation fixes a really narrow subset of problems at a heavy cost. It doesn't fix the problem of unhappy ex-employees whose passwords weren't revoked, who can plant back doors to their heart's content during their 30 days. About all it does is devalue old passwords on scraps of paper that get thrown out during office moves.
>I believe that scientists will continue to discover new and exciting things about the physical world
But those will no longer benefit the society where the scientists and we live.
Check Wikipedia for "Lysenko". He had genetic theories that fit the USSR's government's agenda, but which were also uterly bogus. Scientists who kept talking about data instead of toeing the Party line had their careers ruined. Then the government tried to apply his theories to agriculture.
Here and in the old USSR this was part of a larger problem, one of people being promoted based on their Party loyalty rather than their performance or their talent.
This was moderated funny, but back when dollars were worth a lot more than they are now, there were such things as thousand dollar bills. If they existed today there would be lots of demand for them. The highhest denomination is $100 to make it awkward to do big transactions with cash.
They should learn from two or three good episodes of Andromeda.
Putting a society back together after embittering losses gives your stories scope for Roddenberrish idealism _and_ gritty drama _and_ thought-provoking moral dilemmas. How many eggs will the Captain break in order to build a safe egg crate for the other eggs? What unexpected opposition will there be? What hidden social problems of the shiny TNG Federation have unearthed themselves?
Then hire real writers. Somewhere out there, there's a struggling young writer with the vision and talent of a Stracxynski.
>bugs were sometimes not correctly fixed or were re-introduced. This was often not noticed because there was no test-rig for exploits and the idea of having one was categorically rejected.
If that's accurate, and if there wasn't some unimaginable compelling reason, any security person would be unhappy.
>like gyroscopes. How are we going to make an organic version of that?
You've been carrying around examples your entire life. Fluid-filled loops, one for each axis, little hairs along the inside to detect fluid rotation.
Try this. Sit up straight in a swivel chair, kick it into a spin, maintain the spin until you get used to it. Then quickly lean forward. You will then know exactly how a gyroscope feels when you try to tilt it. Have a bucket handy or do it on an empty stomach.
Besides, look how well organic technology worked for the Vorlons and the Shadows. Unless you're going to argue that it's a bad idea because they were both fictional and they both lost.
There's a cross-window injection problem, which could let sleazebuckets.com (if you're viewing them at the same time as you visit your bank) place a popup on top of yourbank.com. This kind of problem is not new. On the one hand that means Microsoft really should have prevented it, on the other hand it means that it's already best practice to have nothing else open when visiting a sensitive site.
There's an address bar integrity problem which "could allow phishing". Again, MS should have used their experience to head this off, but normal good practice by the user will avoid the problem.
The last will read content from another site, but only if Javascript is running.
I've had to advise people that there was no way of using IE6 safely. So far IE7 is looking better than that.
>To get decent densities for storage you are working with either very high pressures or liquified H2.
Fortunately there are other options now, including easily reversible adsorption reactions. Energy density is still an issue, none of them remotely approach the energy density of gasoline.
First I'd heard of N2O as a fuel! Thank you. But doesn't the "high flame temperature" give you NOx just like it does in lightning bolts, gas engine cylinders, and other hot things?
>if you're trying to connect buildings together that are farther apart than that, you do have a physical security problem you'll need to manage at your repeater locations.
In quantum terms, a repeater is the same as a measurement. If they can run through repeaters, they're not relying on quantum physics for security. If their claims are correct, they're limited to the length of unrepeated fiber.
Problem is, even without the trivial attack that Shamir proposed a decade ago, it's hard to see what real security need this technology answers. It does low bit rate secure key distribution. There are already secure key exchange algorithms, and if you don't trust those you can put a DVD of key material into the next armored car run, and if you don't thing armored cars are secure enough you can put it in a tamper-resistant container inside a box full of decoys, and if you don't trust that then buy insurance.
Aircraft mechanics: look at a part and call up the service procedures video while you're looking at the real part.
Drivers of anything that has a blind spot at the rear, to watch the backup camera.
Drivers at night, to watch the car's infrared camera without defocusing from the road.
Parents: watch the nannycam in real time.
Anybody with a swimming pool at home.
Police: the police dog already has a harness, sometimes with a light so you can keep track of the dog as it follows a trail. Add an image-stabilized camera, and you're watching video aimed by someone with senses vastly better than your own.
Slashdot Mirror
Normally if the President were convicted and removed from office the Vice President would take over. This is the first time we've had both in the crosshairs, though if the timing had been slightly different we might have been there with Nixon (obstruction of justice) and his VP Agnew (bribery).
The new element is that the Speaker of the House would become president.
There are plenty of other narrow-band modes well suited for DX, e.g. PSK31.
A lot of the world, though, doesn't have computers coming out their ears like the rich countries do. But they can turn transmitters on and off.
The reason to learn code today is for contacting a wide range of people in a wide range of countries, while conserving bandwidth and allowing operation under more difficult conditions. Automatic decoding of human-sent Morse code has been suprisingly troublesome compared to using a human brain for the purpose.
They will denounce it with bitter fury. Morse code requirements are a subject that shuts down rational discussion among hams as fast as abortion or the Middle East does among the general population.
>Chances IE7 will have more problems than Firefox on any system because of its integration into the OS.
It has terrible ancestry, but if the sandboxing works there should be fewer problems.
All browsers should be sandboxed: a huge complex program that takes massive amounts of untrusted input from multiple unknown sources, some of it guaranteed to be malicious?
>Yes, encryption can hide the payload. But, you can still prohibit non-SSH/HTTPS/SFTP streams from originating.
Skype, at least on my machine, seems to be willing to talk over HTTPS.
I believe the usualy reliable Otter is a couple of days out of date here.
Targeted attacks using the Word vulnerabilities
Panda reports attack code which they call iTable.A
For what it's worth, Symantec reports wild occurrences of Word exploits.
It's still correct to say "low risk". There have been very few reported infections. So far.
>Oh, give me a break. If that were the case, they would be pusing to prevent the FCC from having anything to do with the carriers at all.
There's been a steady trend to remove consumer protection. About the only blip in the opposite direction was number portability.
Open competition to attract informed consumers leads to a strong economy but definitely creates "risks to profit".
Yes, that's happening and it's insane, but the only gain from running as a less-privileged user would be to force an attacker to find or use a Windows privilege escalation vulnerability.
>Data used by Microsoft Word to construct a destination address for a memory copy routine
... to construct a destination address", in an indirect sense.
I can't wait to find out what this means. Every file format that creates data structures has "data used
Network World reports that the exploit is being used in targeted attacks, for which the source and subject line could be made to appear plausible. If the spoofed From line is one of your coworkers's addresses, and the subject is something of current interest in the company, it would be easy to get fooled.
How will buying a Mac help unless the team that coding Office for the Mac was much more security-conscious than the team that coded Office for Windows? The one thing that Mac has going for it is a good implementation of unprivileged accounts, but OS X has had plenty of privilege escalation bugs, and there's plenty of stuff in $HOME that you wouldn't want disclosed or damaged.
It doesn't take long to put together a spreadsheet to illustrate the tradeoffs. But if you'd like to get one ready-made, I'll email you one if you ask at the disposable email address 2024o2a02@sneakemail.notcxnotorgbutcom. It has color-coded strength results and parametrizable assumptions about the speed of the cracking software and the size of the cracker's botnet.
1. You mean lengthening the password? That adds a factor of 52 to the attacker's workload if the letter is genuinely random. Putting a number in place of a letter, if your password is already alphanumeric, has no effect.
2. It doesn't really help an attacker to know that an eight-character string of letters and numbers has to have at least one number in it. All that would do is allow the attacker to skip the purely alphabetic passwords and they're a tiny fraction of the search space.
>I understand the theory that it makes it tough on the crackers
I understand the theory too but it's still wrong.
The password cracking program has a 0.0N% chance of guessing a password for every second that it runs. If it has to start over with a new password hash, it still has the same chance per second.
Looking at it another way, the new password is just as likely to be closer to the beginning of the cracking program's search space as it is to be further away.
Password rotation fixes a really narrow subset of problems at a heavy cost. It doesn't fix the problem of unhappy ex-employees whose passwords weren't revoked, who can plant back doors to their heart's content during their 30 days. About all it does is devalue old passwords on scraps of paper that get thrown out during office moves.
Password authentication sucks irretrievably anyway.
>I believe that scientists will continue to discover new and exciting things about the physical world
But those will no longer benefit the society where the scientists and we live.
Check Wikipedia for "Lysenko". He had genetic theories that fit the USSR's government's agenda, but which were also uterly bogus. Scientists who kept talking about data instead of toeing the Party line had their careers ruined. Then the government tried to apply his theories to agriculture.
Here and in the old USSR this was part of a larger problem, one of people being promoted based on their Party loyalty rather than their performance or their talent.
This was moderated funny, but back when dollars were worth a lot more than they are now, there were such things as thousand dollar bills. If they existed today there would be lots of demand for them. The highhest denomination is $100 to make it awkward to do big transactions with cash.
They should learn from two or three good episodes of Andromeda.
Putting a society back together after embittering losses gives your stories scope for Roddenberrish idealism _and_ gritty drama _and_ thought-provoking moral dilemmas. How many eggs will the Captain break in order to build a safe egg crate for the other eggs? What unexpected opposition will there be? What hidden social problems of the shiny TNG Federation have unearthed themselves?
Then hire real writers. Somewhere out there, there's a struggling young writer with the vision and talent of a Stracxynski.
>open source programs are inherently insecure
Let's lock this person in a room with the OpenBSD developers.
Not a bad troll though.
>bugs were sometimes not correctly fixed or were re-introduced. This was often not noticed because there was no test-rig for exploits and the idea of having one was categorically rejected.
If that's accurate, and if there wasn't some unimaginable compelling reason, any security person would be unhappy.
>like gyroscopes. How are we going to make an organic version of that?
You've been carrying around examples your entire life. Fluid-filled loops, one for each axis, little hairs along the inside to detect fluid rotation.
Try this. Sit up straight in a swivel chair, kick it into a spin, maintain the spin until you get used to it. Then quickly lean forward. You will then know exactly how a gyroscope feels when you try to tilt it. Have a bucket handy or do it on an empty stomach.
Besides, look how well organic technology worked for the Vorlons and the Shadows. Unless you're going to argue that it's a bad idea because they were both fictional and they both lost.
There's a cross-window injection problem, which could let sleazebuckets.com (if you're viewing them at the same time as you visit your bank) place a popup on top of yourbank.com. This kind of problem is not new. On the one hand that means Microsoft really should have prevented it, on the other hand it means that it's already best practice to have nothing else open when visiting a sensitive site.
There's an address bar integrity problem which "could allow phishing". Again, MS should have used their experience to head this off, but normal good practice by the user will avoid the problem.
The last will read content from another site, but only if Javascript is running.
I've had to advise people that there was no way of using IE6 safely. So far IE7 is looking better than that.
>To get decent densities for storage you are working with either very high pressures or liquified H2.
Fortunately there are other options now, including easily reversible adsorption reactions. Energy density is still an issue, none of them remotely approach the energy density of gasoline.
First I'd heard of N2O as a fuel! Thank you. But doesn't the "high flame temperature" give you NOx just like it does in lightning bolts, gas engine cylinders, and other hot things?
Key exchange in the presence of an eavesdropper is a solved problem already.
Don't waste resources reinforcing the strongest link in a chain.
>if you're trying to connect buildings together that are farther apart than that, you do have a physical security problem you'll need to manage at your repeater locations.
In quantum terms, a repeater is the same as a measurement. If they can run through repeaters, they're not relying on quantum physics for security. If their claims are correct, they're limited to the length of unrepeated fiber.
Problem is, even without the trivial attack that Shamir proposed a decade ago, it's hard to see what real security need this technology answers. It does low bit rate secure key distribution. There are already secure key exchange algorithms, and if you don't trust those you can put a DVD of key material into the next armored car run, and if you don't thing armored cars are secure enough you can put it in a tamper-resistant container inside a box full of decoys, and if you don't trust that then buy insurance.
Aircraft mechanics: look at a part and call up the service procedures video while you're looking at the real part.
Drivers of anything that has a blind spot at the rear, to watch the backup camera.
Drivers at night, to watch the car's infrared camera without defocusing from the road.
Parents: watch the nannycam in real time.
Anybody with a swimming pool at home.
Police: the police dog already has a harness, sometimes with a light so you can keep track of the dog as it follows a trail. Add an image-stabilized camera, and you're watching video aimed by someone with senses vastly better than your own.
Morons addicted to television.