open c:\windows\cookies select a cookie to kill...such as jlvadmin@ad[1].txt press Shift-Del to delete it (this keeps it from going in the trash first) answer "yes" to the question that pops up, which is, "Are you sure you want to delete 'jlvadmin@ad[1].txt'?"
Go check out IE4. Shift delete or not, the file manager used to scream(yes, exclamation points) "You are trying to delete a Cookie!! Are you sure?" for EVERY file you had selected. You either clicked yes or no for every single cookie; it was a modal dialogue that couldn't be cancelled en masse.
In short, it sucked.
I wasn't aware they had gotten rid of that.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I just read this as saying that the US & Europen region DVDs won't have Japanese soundtracks. Presumably there has been/will be a Japanese region disc, with Japanese audio.
No, read it again. They don't want Japanese audio because A) Discs are cheaper to export and then reimport than they are two just buy new and B) You can't buy them new because there's no legitimate product out on the market.
They've actually got the chutzpah to give Mononoke to everyone else in the world except the country that spawned it and the fans that supported it. The mind boggles. It'd be like holding the Superbowl in Australia and broadcasting it everywhere except the States, where Americans would be stuck deciding who's the next schmuck to get kicked off the island.
"Either block all cookies or allow them all or get nagged every five seconds for each individual cookie."
Getting nagged every time is an intentional tactic to make you accept all cookies. What appears to be badly programmed and incompetently designed is actually intentionally annoying--they're spoofing privacy and inconvenience and trackability as ease of use. That's actually interesting.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Unless you wipe out your cookie folder(yes, the one that says OH MY GOD DEAR GOD NO YOU'RE DELETING A COOKIE NO NO NO YOU REALLY DONT WANT TO DO THIS NOOOO care of Microsoft), cookies still function whether or not they've been "disabled" by the browser.
This behavior occurs in both Netscape and Internet Explorer, and of course completely contradicts expected behavior.
Browsers recently joined Crypto code in my eyes as things that companies have serious trouble being able to do securely once they get too big. Mozilla's hiring(they sent me a letter, not that I'm looking for new work). The thought of a functional browser that I can easily patch to not violate my privacy is more than tempting...we may really need Mozilla more for its security considerations than even for its standards compliance.
The bottom line may just be that browser makers are just be too vulnerable to the demands of unethical marketers. The spasms that Windows goes into when you try to delete a cookie; that cookies are still served even if they're disabled in the browser...these just aren't accidental bugs, and shouldn't be treated as such.
Thoughts?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
> many modern devices use a single laser beam to judge distances, why not this robot?
Lasers don't necessarily do all that well when teh surface in question doesn't reflect red light. Taking samples from three different bands, over expansive fields of view, allows albedo calculations off multiple points to be made in a vast array of conditions.
Besides, there is even a solution to the problem that doesn't involve an extra camera. You could simply look at the frames from a few seconds ago, and compute the disparity using them. The old frames will be displaced along the other dimension if the robot has moved forward.
I wonder what a person would do faced with a perfectly horizontally symmetrical scene...move their head and eyes around in an attempt to establish binocular disparity?
Among other things, consider the problem with disparity: Looking down gives you horizontal disparity, i.e. the image from one eye is shifted slightly from the image of the other.
Problem is, stairs are horizontally aligned, so there's no "bright line edges" to detect distance from.
Instead, you have to do what the brain does, and search for texture disparity. Good luck; we don't even have compression algorithms that approximate high frequency textures(Perlin Noise isn't hugely flexible nor reversible from real life textures, though I'd wager it could be). To do good binocular disparity on a texture, we need the ability to say, "If the texture was 5 feet away, the two surfaces would differ by x. If the texture was 10 feet away, the two surfaces would differ by y. Now, lets compare these two intrinisically noisy images across multiple texture sizes and detect where in between 5 and 10 feet we are."
Actually, that shouldn't be impossibly different, but it's a hell of alot harder than poking around for a ping pong ball.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Princess Mononoke is the most popular Japanese movie of all time, bested only by Titanic in terms of tickets sold in Japan.
Now, I want everybody here to consider this:
The United States, which overall had a surprisingly lackluster response to Mononoke's release in theatres, is going to be getting the DVD version first.
Europe, too, will be allowed a viewable copy.
But not Japan. Those people aren't not good enough for their own movie, whose voice actors(consistently better than anyone the rest of the world puts forth for Power Rangers duty) will find themselves stripped out like so much Soviet Revisionism, replaced with the smooth veneer of Hollywood Stardom.
My respect for the Japanese will actually diminish if only me, a twenty one year old white guy sitting in Silicon Valley, sees this as more of a cultural and sociopolitical slap in the face to the millions of Japanese people worldwide than anything George Lucas could have ever done to incur Geek Wrath delaying the Star Wars Episode 1 DVD "a bit longer".
If there's one nice thing we'll get about this, it's that attempting to regionalize markets--particularly through technical means--just became known as an excuse for depriving a culture of its own heritage, and has been exposed as a dramatically anti-consumer tactic.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Most people don't understand the need for data privacy. Even social security numbers are presumed to be pretty public, since we're forced to give them out all the time.
But they started messing with medical sites. Wrong move.
People fear their medical records getting out for all sorts of reasons--not the least of which it the concept of ownership of one's own body. Medicine is probably the one of the least networked industry when it comes to end product status, simply because the end product isn't too comfortable with firewalls being trusted to keep their personal health data secure.
There's an entire host of psychological issues that come once your health status becomes a commodity to be traded; one of the scarier endgames of no health privacy is that, since what is unknown by everyone cannot be unreported to anyone, people will refuse to inform their doctors about their health nor search online for others who have been in their predicament.
DoubleClick's antics, then, will lead to more expensive and less effective medical treatment.
DoubleClick just entered the realm of Life and Death, and that was the biggest mistake they could have ever done. Death is the ultimate liability, and it's guaranteed to happen. Be found liable for a death, and as a company, you may die yourself.
Any physician who works with DoubleClick will violate Do No Harm; I fully expect the AMA to issue a statement to this effect and will be disappointed when they don't.
It truly boggles the mind as to what kind of idiot at DoubleClick came up with the idea of spreading to medicine; when you get email regarding buying a computer while going computer shopping, you might think it's a pleasant coincidence. When you start getting Viagra spam after asking Dr. Koop about Erectile Dysfunction, you feel violated, as well you should.
Have we reached the point where DoubleClick style cross-site spies need to be suppressed, by default, in the browser?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I'm really, really, really starting to like the concept of, at minimum, setuid binaries failing to execute unless they pass an MD5 test executed by the kernel before an execve().
Microsoft is already working with signed drivers and signed packages, and SecureBSD(a new *BSD variant) is advertising binary hashing out-of-the-box. I'm curious what the rest of you think about the kernel attempting to rely on the trust imbued in the first version installed to authenticate future executions of that version.
Best problem I can come up with is that a successful setuid hack could allow the root to reconfigure the kernel to ignore a specific file's changes...at that point, I'm thinking of some form of shared "setuid compile" secret that gets appended to the application for hash purposes...then, all apps get hashed as if they had the secret appended...come in as root and attempt to compile something such that it'll setuid, attempt to install into the kernel DB...and poof. You fail, because you're not consistent with the kernel hash secret.
Thoughts?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Now that GNOME 1.2 is out and getting rave reviews, it woun't be long before more of the distributions make GNOME their default desktop.
I don't know about that. I'm a former member of the GNOME UI team(hi guys), and until Helixcode/Eazel signed up, I honestly didn't have much faith behind there being any real unifying elements to the desktop...we all spent so long arguing about dumb stuff like whether there should be a File menu and (the real important issue) whether GNOME should be doing something or whether that was the job of the Window Manager.
Meanwhile, KDE was and probably still is the most integrated environment for Linux at the moment, and KDE2 is rumbling like nothing I've ever seen on the Linux platform.
*Sigh* The sad part is that we're struggling just to get to the point where Win95 has always been... the ironic part is Konquerer:-)
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
>I've done some implant work and talked with some >of the engineers who worked on retinal implants. >The implant goes in front of the photoreceptors. >Of course. It cannot fit behind.
So it goes in front of the photoreceptors but behind the two nerve layers that are overlaid upon them? Or does it sit atop the retina itself, directly stimulating ganglion w/o the benefit of the horizontal/amacrine/bipolar cells?
Among (far too many) other interests, human perception is a major fascination of mine. I had the good fortune to take a perception class last quarter, and we studied much of how the visual system functions. Here's a bit of what's going on:
Most of vision is not, in fact, provided by the whole of the retina. The fovea, which is (optimally) the direct point of focus for light reaching the back of the eye, is also about the size of a pinhead--yet, it contains about half of our photoreceptors. We actually see very little of a scene at any given time; our eyes essentially "paint the fovea" with a strip of images in normal viewing and jitter around for focused viewing, such that the brain has a large amount of content to stitch together and the photoreceptors/neurons don't tire from lack of signal change.
We filter out constant signals automatically, like the hum of your PC you just noticed when I brought it up.
What my major concern is, I can't particularly figure out where this implantation is taking place, in terms of thickness. The nerves that actually carry the visual system through the optic nerve to the striate cortex are in front of, not behind, the existing photoreceptors. You've got two layers of nerves sitting in front of the photoreceptors, and they're placing the chip behind? This makes me wonder whether they're trying to stimulate or amplify existing photoreceptor activity--which leads to all sorts of questions regarding intensity, variance, signal matching, and so on. Did they solve the electrical potential problem? Supposedly you can't interface an electrode with a nervous system for too long, or you kill the nerve. Maybe the size of the implant helps here too--it's not impossible to imagine that this little fleck of a chip is being placed among photoreceptors?
Does anybody know more about this system? I'm getting really burnt on stories about interesting tech with no quality links. *sigh*
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Single Point Of Failure Isn't More Secure
on
Tripwire Going GPL
·
· Score: 3
Corporate IT managers and security administrators use good judgment everyday by deploying best-of-breed security products. Good security policy dictates that one purchases software or downloads software from the actual security vendor's site and not from "spurious sites" on the Internet.
Actually, this isn't technically correct.
They're essentially arguing that a "single point of failure increases security". In some practical senses, it does, because then attacks are always detected and have own group that owns stopping them. When the job is distributed, no single group can track the attacks.
But ahhhh, no single group can independantly attack either. Consider the situation where you have ten previous versions "out there". Distributing the load of archiving old versions means that you can't infect old versions yourself, and that (assuming the source and two mirrors) any attack that hit only one site would be detected and "outvoted" by the other two--for past, present, and future revisions. Total control in the hands of the original authors does imply a single point of attack, trojanization, and hash coverup.
Of course, the tools aren't available to cross check hashes against multiple sites...I'd love to see install-ssh retrieve ssh from one of ten sites, and then download hashes from two others. This changes the attack profile to within my perimeter(can spoof the content of all hosts) instead of from the central server's perimeter(which I have no control of.)
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Those are the most disgusting charts I've ever seen:
Tom can say what he will about RDRAM, and nVidia, and 3Dfx, and whatnot. I'll be amused, but I'm not going to get pissed.
These charts piss me off.
Half a frame per second lost from AGP Fast Writes in one game does not a half-chart spanning differential make.
Graphing two values against eachother is meaningless if the scale is not consistent from graph to graph, you just end up with "more" vs. "less" being visually amplified, without "perceptably equal" even being an option.
Fifty Pixels Of Hype over.5 FPS? Are you kidding? (No, I didn't count exactly fifty pixels. So sue me.)
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
A skilled administrator will use SSH. An unskilled administrator will use Telnet.
An unskilled administrator is a risk. (They're also called 'students', but who's counting?)
People actually shouldn't be telnetting in from the outside world, and I'm starting to flat out distrust wu-ftpd. Banning servers at all on campus would violate the purpose of the university, and the rather nice job market facing college interns and graduates who cut their teeth on their home networks is nothing to sneeze at.
Not particularly sure about my position on this. Comments appreciated.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I'm fully of the opinion that if you have completely incompetent security policies, and those policies lead to direct monetary damage to another party, you should probably be somewhat liable, at least to the degree of your incompetence.
The best example would probably be a fully loaded hospital intranet complete with patient charts and remotely writable data--with no firewall against the Internet. Somebody dies? Somebody is definitely liable.
But this case is bizarrely inappropriate. Nike had a security policy that depended on a shared secret--the name of the user authorized to issue changes. The shared secret was not disclosed by Nike nor discovered by the attackers, but NSI allowed the switch anyway. I find it hard to believe that this was not an automated process--a request to change the domain of a transnational company comes in, and the new IP is to some tiny guy; you can bet no human approved THAT transaction--despite what NSI might have you believe. Therefore NSI is in breach all over the place, and they're liable.
I think the real strategy here is to force Nike to sue NSI...by making Nike do all the legwork of proving that this was Network Solution's fault, suddenly NSI has a very big and very angry enemy indeed. It's co-option of a very large legal department, and in that context, it's a damn brilliant idea.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
You know, of all the guys in the world to be involved with searching through Microsoft's trash, I just can't imagine anyone more appropriate than Larry Ellison.
Gates may have had more money, but that's the past. Ellison is now the richest man in the world, and I can't imagine those documents didn't help. Larry's more than colorful enough to order such stunts; making Bill squirm nervously over the past year would be quite in character:-)
"Samurai in a Leisure Suit" Larry Ellison, covertly monitoring his prey. True or not, it's a hell of an image;-)
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I wasn't the only geek who grew up watching MacGuyver. Essentially, an hour long show(with a great theme song) of Ad Hoc Geekdom saving the world on a regular basis. Great TV; I'm sorry it's gone.
For all the fears about bombmaking information on the Internet, MacGyver in its time never needed to worry it was really teaching kids how to make any form of explosive--while most of the steps were technically accurate(usually), something was always left out so that kids wouln't blow off their fingers and sue the production company.
My question here is, has Microsoft left something out, something minor and non-obvious but critical to successful reimplementation? I'm not accusing them of doing this, but I am interested in what's been removed from the public documentation. Now, it's likely to be nothing--there's more likely more than a few very pissed off Kerberos developers within Microsoft, and I wouldn't be surprised in the least if them and a few "volunteer managers" were starting to get fed up with being used as pawns, particularly with the stock price falling so precipitously. The entire Kerberos debacle was a embarassment for everyone involved and I'm sure MS Upper Management figured that out reasonably quickly.
But still, the question remains: Has anything substantive been removed from these pubic documents?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Ahem. Signing your work as a programmer to the GPL does not reduce your rights to that work, whereas signing your work as a programmer to your company DOES.
What's key, though, is if you GPL'd and released your code(legally) first, and then later your company or some company you started working for wanted to integrate your code in a manner that caused even you to lose your rights over the code, that'd actually be doable. You can renounce your claim over your own code if you like--the GPL doesn't make you, though.
However, even if you have no rights over your code, everyone else who you GPL'd that code to does.
This isn't too complex of a concept, I don't think?
Slashdot Mirror
open c:\windows\cookies
select a cookie to kill...such as jlvadmin@ad[1].txt
press Shift-Del to delete it (this keeps it from going in the trash first)
answer "yes" to the question that pops up, which is, "Are you sure you want to delete 'jlvadmin@ad[1].txt'?"
Go check out IE4. Shift delete or not, the file manager used to scream(yes, exclamation points) "You are trying to delete a Cookie!! Are you sure?" for EVERY file you had selected. You either clicked yes or no for every single cookie; it was a modal dialogue that couldn't be cancelled en masse.
In short, it sucked.
I wasn't aware they had gotten rid of that.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
I just read this as saying that the US & Europen region DVDs won't have Japanese soundtracks. Presumably there has been/will be a Japanese region disc, with Japanese audio.
No, read it again. They don't want Japanese audio because A) Discs are cheaper to export and then reimport than they are two just buy new and B) You can't buy them new because there's no legitimate product out on the market.
They've actually got the chutzpah to give Mononoke to everyone else in the world except the country that spawned it and the fans that supported it. The mind boggles. It'd be like holding the Superbowl in Australia and broadcasting it everywhere except the States, where Americans would be stuck deciding who's the next schmuck to get kicked off the island.
Ye gads, there'd be riots.
--Dan
"Either block all cookies or allow them all or get nagged every five seconds for each individual cookie."
Getting nagged every time is an intentional tactic to make you accept all cookies. What appears to be badly programmed and incompetently designed is actually intentionally annoying--they're spoofing privacy and inconvenience and trackability as ease of use. That's actually interesting.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Unless you wipe out your cookie folder(yes, the one that says OH MY GOD DEAR GOD NO YOU'RE DELETING A COOKIE NO NO NO YOU REALLY DONT WANT TO DO THIS NOOOO care of Microsoft), cookies still function whether or not they've been "disabled" by the browser.
This behavior occurs in both Netscape and Internet Explorer, and of course completely contradicts expected behavior.
Browsers recently joined Crypto code in my eyes as things that companies have serious trouble being able to do securely once they get too big. Mozilla's hiring(they sent me a letter, not that I'm looking for new work). The thought of a functional browser that I can easily patch to not violate my privacy is more than tempting...we may really need Mozilla more for its security considerations than even for its standards compliance.
The bottom line may just be that browser makers are just be too vulnerable to the demands of unethical marketers. The spasms that Windows goes into when you try to delete a cookie; that cookies are still served even if they're disabled in the browser...these just aren't accidental bugs, and shouldn't be treated as such.
Thoughts?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
> many modern devices use a single laser beam to judge distances, why not this robot?
Lasers don't necessarily do all that well when teh surface in question doesn't reflect red light. Taking samples from three different bands, over expansive fields of view, allows albedo calculations off multiple points to be made in a vast array of conditions.
--Dan
Besides, there is even a solution to the problem that doesn't involve an extra camera. You could simply look at the frames from a few seconds ago, and compute the disparity using them. The old frames will be displaced along the other dimension if the robot has moved forward.
I wonder what a person would do faced with a perfectly horizontally symmetrical scene...move their head and eyes around in an attempt to establish binocular disparity?
--Dan
You ask why it's not easy to find stairs.
Among other things, consider the problem with disparity: Looking down gives you horizontal disparity, i.e. the image from one eye is shifted slightly from the image of the other.
Problem is, stairs are horizontally aligned, so there's no "bright line edges" to detect distance from.
Instead, you have to do what the brain does, and search for texture disparity. Good luck; we don't even have compression algorithms that approximate high frequency textures(Perlin Noise isn't hugely flexible nor reversible from real life textures, though I'd wager it could be). To do good binocular disparity on a texture, we need the ability to say, "If the texture was 5 feet away, the two surfaces would differ by x. If the texture was 10 feet away, the two surfaces would differ by y. Now, lets compare these two intrinisically noisy images across multiple texture sizes and detect where in between 5 and 10 feet we are."
Actually, that shouldn't be impossibly different, but it's a hell of alot harder than poking around for a ping pong ball.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
This is absolutely amazing.
Princess Mononoke is the most popular Japanese movie of all time, bested only by Titanic in terms of tickets sold in Japan.
Now, I want everybody here to consider this:
The United States, which overall had a surprisingly lackluster response to Mononoke's release in theatres, is going to be getting the DVD version first.
Europe, too, will be allowed a viewable copy.
But not Japan. Those people aren't not good enough for their own movie, whose voice actors(consistently better than anyone the rest of the world puts forth for Power Rangers duty) will find themselves stripped out like so much Soviet Revisionism, replaced with the smooth veneer of Hollywood Stardom.
My respect for the Japanese will actually diminish if only me, a twenty one year old white guy sitting in Silicon Valley, sees this as more of a cultural and sociopolitical slap in the face to the millions of Japanese people worldwide than anything George Lucas could have ever done to incur Geek Wrath delaying the Star Wars Episode 1 DVD "a bit longer".
If there's one nice thing we'll get about this, it's that attempting to regionalize markets--particularly through technical means--just became known as an excuse for depriving a culture of its own heritage, and has been exposed as a dramatically anti-consumer tactic.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
I was waiting for that.
Most people don't understand the need for data privacy. Even social security numbers are presumed to be pretty public, since we're forced to give them out all the time.
But they started messing with medical sites. Wrong move.
People fear their medical records getting out for all sorts of reasons--not the least of which it the concept of ownership of one's own body. Medicine is probably the one of the least networked industry when it comes to end product status, simply because the end product isn't too comfortable with firewalls being trusted to keep their personal health data secure.
There's an entire host of psychological issues that come once your health status becomes a commodity to be traded; one of the scarier endgames of no health privacy is that, since what is unknown by everyone cannot be unreported to anyone, people will refuse to inform their doctors about their health nor search online for others who have been in their predicament.
DoubleClick's antics, then, will lead to more expensive and less effective medical treatment.
DoubleClick just entered the realm of Life and Death, and that was the biggest mistake they could have ever done. Death is the ultimate liability, and it's guaranteed to happen. Be found liable for a death, and as a company, you may die yourself.
Any physician who works with DoubleClick will violate Do No Harm; I fully expect the AMA to issue a statement to this effect and will be disappointed when they don't.
It truly boggles the mind as to what kind of idiot at DoubleClick came up with the idea of spreading to medicine; when you get email regarding buying a computer while going computer shopping, you might think it's a pleasant coincidence. When you start getting Viagra spam after asking Dr. Koop about Erectile Dysfunction, you feel violated, as well you should.
Have we reached the point where DoubleClick style cross-site spies need to be suppressed, by default, in the browser?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Lemme tell you something.
I'm really, really, really starting to like the concept of, at minimum, setuid binaries failing to execute unless they pass an MD5 test executed by the kernel before an execve().
Microsoft is already working with signed drivers and signed packages, and SecureBSD(a new *BSD variant) is advertising binary hashing out-of-the-box. I'm curious what the rest of you think about the kernel attempting to rely on the trust imbued in the first version installed to authenticate future executions of that version.
Best problem I can come up with is that a successful setuid hack could allow the root to reconfigure the kernel to ignore a specific file's changes...at that point, I'm thinking of some form of shared "setuid compile" secret that gets appended to the application for hash purposes...then, all apps get hashed as if they had the secret appended...come in as root and attempt to compile something such that it'll setuid, attempt to install into the kernel DB...and poof. You fail, because you're not consistent with the kernel hash secret.
Thoughts?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Now that GNOME 1.2 is out and getting rave reviews, it woun't be long before more of the distributions make GNOME their default desktop.
:-)
I don't know about that. I'm a former member of the GNOME UI team(hi guys), and until Helixcode/Eazel signed up, I honestly didn't have much faith behind there being any real unifying elements to the desktop...we all spent so long arguing about dumb stuff like whether there should be a File menu and (the real important issue) whether GNOME should be doing something or whether that was the job of the Window Manager.
Meanwhile, KDE was and probably still is the most integrated environment for Linux at the moment, and KDE2 is rumbling like nothing I've ever seen on the Linux platform.
*Sigh* The sad part is that we're struggling just to get to the point where Win95 has always been... the ironic part is Konquerer
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
>I've done some implant work and talked with some >of the engineers who worked on retinal implants. >The implant goes in front of the photoreceptors. >Of course. It cannot fit behind.
So it goes in front of the photoreceptors but behind the two nerve layers that are overlaid upon them? Or does it sit atop the retina itself, directly stimulating ganglion w/o the benefit of the horizontal/amacrine/bipolar cells?
--Dan
Among (far too many) other interests, human perception is a major fascination of mine. I had the good fortune to take a perception class last quarter, and we studied much of how the visual system functions. Here's a bit of what's going on:
Most of vision is not, in fact, provided by the whole of the retina. The fovea, which is (optimally) the direct point of focus for light reaching the back of the eye, is also about the size of a pinhead--yet, it contains about half of our photoreceptors. We actually see very little of a scene at any given time; our eyes essentially "paint the fovea" with a strip of images in normal viewing and jitter around for focused viewing, such that the brain has a large amount of content to stitch together and the photoreceptors/neurons don't tire from lack of signal change.
We filter out constant signals automatically, like the hum of your PC you just noticed when I brought it up.
What my major concern is, I can't particularly figure out where this implantation is taking place, in terms of thickness. The nerves that actually carry the visual system through the optic nerve to the striate cortex are in front of, not behind, the existing photoreceptors. You've got two layers of nerves sitting in front of the photoreceptors, and they're placing the chip behind? This makes me wonder whether they're trying to stimulate or amplify existing photoreceptor activity--which leads to all sorts of questions regarding intensity, variance, signal matching, and so on. Did they solve the electrical potential problem? Supposedly you can't interface an electrode with a nervous system for too long, or you kill the nerve. Maybe the size of the implant helps here too--it's not impossible to imagine that this little fleck of a chip is being placed among photoreceptors?
Does anybody know more about this system? I'm getting really burnt on stories about interesting tech with no quality links. *sigh*
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Corporate IT managers and security administrators use good judgment everyday by deploying best-of-breed security products. Good security policy dictates that one purchases software or downloads software from the actual security vendor's site and not from "spurious sites" on the Internet.
Actually, this isn't technically correct.
They're essentially arguing that a "single point of failure increases security". In some practical senses, it does, because then attacks are always detected and have own group that owns stopping them. When the job is distributed, no single group can track the attacks.
But ahhhh, no single group can independantly attack either. Consider the situation where you have ten previous versions "out there". Distributing the load of archiving old versions means that you can't infect old versions yourself, and that (assuming the source and two mirrors) any attack that hit only one site would be detected and "outvoted" by the other two--for past, present, and future revisions. Total control in the hands of the original authors does imply a single point of attack, trojanization, and hash coverup.
Of course, the tools aren't available to cross check hashes against multiple sites...I'd love to see install-ssh retrieve ssh from one of ten sites, and then download hashes from two others. This changes the attack profile to within my perimeter(can spoof the content of all hosts) instead of from the central server's perimeter(which I have no control of.)
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
I strongly agree with your point.
Yes. My Jedi Rikert Scale Technique scores another one.
You do realize, incidentally, that one green muppet does not a stylistic monopoly create.
--Dan
I want to see more charts like this. Nice.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Those are the most disgusting charts I've ever seen:
.5 FPS? Are you kidding? (No, I didn't count exactly fifty pixels. So sue me.)
Tom can say what he will about RDRAM, and nVidia, and 3Dfx, and whatnot. I'll be amused, but I'm not going to get pissed.
These charts piss me off.
Half a frame per second lost from AGP Fast Writes in one game does not a half-chart spanning differential make.
Graphing two values against eachother is meaningless if the scale is not consistent from graph to graph, you just end up with "more" vs. "less" being visually amplified, without "perceptably equal" even being an option.
Fifty Pixels Of Hype over
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
A skilled administrator will use SSH.
An unskilled administrator will use Telnet.
An unskilled administrator is a risk. (They're also called 'students', but who's counting?)
People actually shouldn't be telnetting in from the outside world, and I'm starting to flat out distrust wu-ftpd. Banning servers at all on campus would violate the purpose of the university, and the rather nice job market facing college interns and graduates who cut their teeth on their home networks is nothing to sneeze at.
Not particularly sure about my position on this. Comments appreciated.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Look.
I'm fully of the opinion that if you have completely incompetent security policies, and those policies lead to direct monetary damage to another party, you should probably be somewhat liable, at least to the degree of your incompetence.
The best example would probably be a fully loaded hospital intranet complete with patient charts and remotely writable data--with no firewall against the Internet. Somebody dies? Somebody is definitely liable.
But this case is bizarrely inappropriate. Nike had a security policy that depended on a shared secret--the name of the user authorized to issue changes. The shared secret was not disclosed by Nike nor discovered by the attackers, but NSI allowed the switch anyway. I find it hard to believe that this was not an automated process--a request to change the domain of a transnational company comes in, and the new IP is to some tiny guy; you can bet no human approved THAT transaction--despite what NSI might have you believe. Therefore NSI is in breach all over the place, and they're liable.
I think the real strategy here is to force Nike to sue NSI...by making Nike do all the legwork of proving that this was Network Solution's fault, suddenly NSI has a very big and very angry enemy indeed. It's co-option of a very large legal department, and in that context, it's a damn brilliant idea.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
> what the hell was the purpose of that post other than plastering your name in my face?
/.'s moderators for dropping that to Score: 1.
I put enough time into serious posts to deserve a bit of slack when I find something like "Samurai In a Leisure Suite" Larry funny.
Overall though, I actually credit
Anyway.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Kitani--
;-)
Cheap hacks that don't really work but look pretty for the vast majority of the viewing public?
--Dan
You know, of all the guys in the world to be involved with searching through Microsoft's trash, I just can't imagine anyone more appropriate than Larry Ellison.
:-)
;-)
Gates may have had more money, but that's the past. Ellison is now the richest man in the world, and I can't imagine those documents didn't help. Larry's more than colorful enough to order such stunts; making Bill squirm nervously over the past year would be quite in character
"Samurai in a Leisure Suit" Larry Ellison, covertly monitoring his prey. True or not, it's a hell of an image
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
I wasn't the only geek who grew up watching MacGuyver. Essentially, an hour long show(with a great theme song) of Ad Hoc Geekdom saving the world on a regular basis. Great TV; I'm sorry it's gone.
For all the fears about bombmaking information on the Internet, MacGyver in its time never needed to worry it was really teaching kids how to make any form of explosive--while most of the steps were technically accurate(usually), something was always left out so that kids wouln't blow off their fingers and sue the production company.
My question here is, has Microsoft left something out, something minor and non-obvious but critical to successful reimplementation? I'm not accusing them of doing this, but I am interested in what's been removed from the public documentation. Now, it's likely to be nothing--there's more likely more than a few very pissed off Kerberos developers within Microsoft, and I wouldn't be surprised in the least if them and a few "volunteer managers" were starting to get fed up with being used as pawns, particularly with the stock price falling so precipitously. The entire Kerberos debacle was a embarassment for everyone involved and I'm sure MS Upper Management figured that out reasonably quickly.
But still, the question remains: Has anything substantive been removed from these pubic documents?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Ahem. Signing your work as a programmer to the GPL does not reduce your rights to that work, whereas signing your work as a programmer to your company DOES.
What's key, though, is if you GPL'd and released your code(legally) first, and then later your company or some company you started working for wanted to integrate your code in a manner that caused even you to lose your rights over the code, that'd actually be doable. You can renounce your claim over your own code if you like--the GPL doesn't make you, though.
However, even if you have no rights over your code, everyone else who you GPL'd that code to does.
This isn't too complex of a concept, I don't think?
--Dan
Hmmm. Interesting clarification, much appreciated.
Still, authors can ALWAYS move their own code into private distribution.
--Dan