Once you've got your data, you don't necessarily have to hold on to your Apple IIs (I still have mine...).
Apple Emulators are pretty good (just do a google). I actually run one regularly enough on my PDA (an Ipaq pocket PC), and can run Apple Adventure, Beagle Brothers software, 6502 Assembler, etc... There are also several available for running under Windows...
"I wouldn't classify it as a failure on the part of the security industry. Hackers are just getting a little smarter."
Actually, if your software undergoes proper requirements analysis, software specification and analysis (along w/ ambiguity analysis), proper analytical development methods, etc... your code -should- generally work. Do it right, and you can define your software behaviors. You don't leave it to the cleverness of the hackers.
-Most- successful attacks against software are not totally innovative. They usually rely on known methods and avenues of attack.
Actually, if he's as sharp as he should be, he should be able to employ Church's thesis, or any problem polynomial-reducible to the halting problem to sit-back and enjoy the logic;-)
... Pretty nice idea, but it made me wonder about the push to get expectent mothers to take excessive amounts of folic acid (folate). Does that make them more prone to cancer by giving the cancer cells extra food?...
My understanding is that folic acid is recommended for pregnant women due to the very significant benefit in directly causing a big reduction in birth defects:
But, I think that there may actually be room for active-response systems. Also, properly employed, they would be perfectly legal.
There is no reason that such tools be deployed in public networks. Some organizations have networks (including large and complex networks) that are completely and totally privately owned, and totally segregated from public networks. Such organizations may (subject to appropriate risk - reviews) make judicious use of passive and even active response systems.
There are other ways to communicate than IPv4. There are indications in messages that active-response systems can't work becaus of spoofing. Suitable integrity and encryption methods can be used to validate source and ip address data.
There may be more modest active-response methods that may be more generally useful. For example, if traffic is located from a hostile system, the source of the traffic may be back-tracked, and shut off near its source. Not easy - and not necessarily today - but there could be places where such approaches may be deployed.
Although the prospective students have been penalized by Stanford, there is something that I don't quite understand.
It seems that Stanford made this information (acceptance status) available by entering a (guessable) address.
Until this information was issued formally to the student, Stanford apparently considered this information confidential.
By not utilizing an effective password / security system, Stanford then effectively made this information publicly available.
One could argue that any student would have a right / entitlement to know what information on himself / herself was being made publicly available - especially if the information were supposed to have been confidential.
It is arguable that Stanford effectively violated the privacy of the students, but is prepared to punish the (prospective) students for obtaining the information it made publiclay available.
So if I have an idea, never share it with anyone and never act on it or put it into any real tangible form and someone else has the same idea and acts on it, they're a thief and I'm a victim?
Didn't Leibnitz and Newton come up with similar ideas and methods of calculation for Calculus - independently, and at about the same time? And they didn't steal....
I'm not sure about the best way to achieve the VGA part, but the newer Ipaqs - including the Ipaq 4500 series have built-in 802.11b. They can also run familiar linux - BUT - I don't know if they will run Linux and use the built-in wireless (I have only run Linux on Ipaqs of lower models - 3700/3900 series, using an Orinoco card in the expansion slider for it).
The book (something like) how to do everything with your Ipaq... mentions PCMCIA cards for VGA output, but I know there are models (possibly not ipaq) with the capability built-in.
One way for computer-generated strong password to be used is to have the computer generate maybe 5 - and have the user select the one he (ok - or she) finds most appealing.
For what it's worth, after you are assigned passwords on a few systems this way, it can be almost impossible to keep them straight in your head. If you're only dealing with users with accounts on one system - this isn't too bad.
Other options include things like (radius?)server systems - where you carry a dongle around which always spits out numbers every x seconds. The system maintains a similar, running count. What makes this system work is that these numbers are pseudo-random, with a good measure of randomness. When you login, you must also supply the number. Unless the device is stolen, your login can't be used.
Another option is through the use of programs like OPIE - One Time Passwords in Everything - a one-time password list can be generated for users. One a user uses a password, it gets crossed off the list, and the user goes to the next password. Even if the user is shoulder-surfed or the connection is sniffed, it doesn't help someone else get access to the account. Of course, the downside is if the list gets lost or left behind somewhere...
I'm also pretty sure that you can pretty quickly turn up source code.
Also, if I remember, the optimal strategy (or play characteristics) are well-defined recursively. You can also present the notion of a seemingly simple problem having a precise mathematical-solution.
You might even like to go with Towers of hanoi, a code example, and a mention of recursion. The kids will not have seen recursion before - but - a few might latch onto the notion, and want to learn more about the math.
I like removable primary drives, and slidable-drives on notebooks. They work great...
For example-
One notebook that I like to use for experimentation is an older (PIII, 700 MHZ) HP Omnibook 6000. I have one drive that I use for home and general work using installed programs that I semi-regularly use.
The drive and its caddy slide out (it's held in my two screws normally, but I removed them). I have another drive in a caddy that I slide in when I want to install an O/S to just experiment with.
On occassion, I will want to run network tools, and absolutely not risk corrupting my current environments. Then, I slide out the drive, and put in my Knoppix CD (I do plan to take a look at Ubunto). So, I am running Linux with no primary hard disk, and only the CD-ROM. If I want to move data, it can be done across a network, or I can plug in a USB-thumbdrive, or other removable storage.
Many modern notebook computers have drives that can slide right out, and you can slide another drive right in. Some don't. Some have a panel underneath the compouter that you have to open, and there may be a relatively weak cable connecting the drive. These configurations are less reliable if you will regularly slide drives in and out - they are really intended to be upgradable, but not subject to heavy changes in disk drive units.
You can also get removable drives on rails for your desktop systems.
One of the best books ever written on Software Engineering is the Mythical Man Month, by brooks. In it, he also discusses the causes of failure (and some approaches to their solution) of large-scale software projects. If I remember correctly, the basis for this was his work on the IBM Sytem 360/370 Operating System.
He also discussed how many software projects fail. Many project still fail. Many software people [and managers] don't or won't understand formal models, specification methods, and critical review mechanisms. It can be hard to develop good software with proper requirements, specifications, and controls - even in your own building. Moving development half-of-a-world-away doesn't get rid of the fundamentals of software engineering.
You can outsource software - but it's still your job to know and specify what you want built, to ensure that your 'partner' in the project is up to the task, and that milestones are developed and followed. Don't do this, and you won't be any better than if you threw out the money on the project right here at home.
Interesting part of this question - it asks how would you survive (not escape). Is it implicit that you would actually want to leave the island?
You have everything you need for basic survival - multiple food sources. Volcanic soil - implicitly suitable for farming. Materials suitable for building a shalter.
One approach is to stay put, and start building with the coconut trees. This could be a business and lifestyle opportunity. You could have your own private Island !
The next boats that approach are welcome to have their people disembark. Estasblish your location, sell coconut and even home-made products (soap from coconut, etc...). Claim the Island, and start some basic trading for / aquiring what is necessary to build a small resort.
I've never met anyone for business outside of the office complexes or at conferences. This approach seemed a little alien (and very interesting) to me.
I have a question - if you have regular meetings with people that you are doing consulting projects with, and want to meet with a prospective client or possible supplier of some component, how do they react to meeting yourself and colleagues in a coffee house insted of a "regular office"?
Does anyone (the subjects of this article, or anyone else with experience) have any comments? I am genuinely interested.
Hash functions f(x) = y generally contain values of x (inputs) that produce 'collissions'
That is -
f(x) = y and f(x') = y does not imply that x = x' for some x,x'
You are right - the resultant values (y) are not unique.
In general, a 'good' has function means that for x and another value, with a small difference from x, produces a 'big' difference in the hash value (y).
I can see integrated fire-control and logic systems in all kinds of small-arms. I'm not sure that this is entirely a good thing, but I can forsee it happening.
The engineering in the future (and in the present) will have to be damned-well engineered. If it isn't, be prepared for guns to catch computer-viruses, share data, and fail for no apparent reason. Guns might even fire for no apparent reason if their electronic - ignition or interlock systems are undermined or are improperly upgraded.
I did a presentation a while back touching on some of these ideas. Anyone interested is invited to look at my presentation:
Slashdot Mirror
Once you've got your data, you don't necessarily have to hold on to your Apple IIs (I still have mine...).
Apple Emulators are pretty good (just do a google).
I actually run one regularly enough on my PDA (an Ipaq pocket PC), and can run Apple Adventure, Beagle Brothers software, 6502 Assembler, etc... There are also several available for running under Windows...
"I wouldn't classify it as a failure on the part of the security industry. Hackers are just getting a little smarter."
Actually, if your software undergoes proper requirements analysis, software specification and analysis (along w/ ambiguity analysis), proper analytical development methods, etc... your code -should- generally work. Do it right, and you can define your software behaviors. You don't leave it to the cleverness of the hackers.
-Most- successful attacks against software are not totally innovative. They usually rely on known methods and avenues of attack.
http://www.iamsam.com/
Actually, if he's as sharp as he should be, he should be able to employ Church's thesis, or any problem polynomial-reducible to the halting problem to sit-back and enjoy the logic ;-)
... Pretty nice idea, but it made me wonder about the push to get expectent mothers to take excessive amounts of folic acid (folate). Does that make them more prone to cancer by giving the cancer cells extra food? ...
:
My understanding is that folic acid is recommended for pregnant women due to the very significant benefit in directly causing a big reduction in birth defects
http://www.drdonnica.com/today/00007974.htm
(You can do a quick google for more)
This is in very modest amounts - the benefit is great, even for a modest abmount (I don't know the recommended number of units / day)
Disclaimer: I am not a doctor, physician, or in any medical-related field.
This reminds me of the old 'Blitzkrieg Server' article in Signal magazine some years ago...
s _n114/ai_20783335
(Links follow for a brief description):
http://www.findarticles.com/p/articles/mi_m0CGN/i
http://attrition.org/errata/www/pd.001.html
But, I think that there may actually be room for active-response systems. Also, properly employed, they would be perfectly legal.
There is no reason that such tools be deployed in public networks. Some organizations have networks (including large and complex networks) that are completely and totally privately owned, and totally segregated from public networks. Such organizations may (subject to appropriate risk - reviews) make judicious use of passive and even active response systems.
There are other ways to communicate than IPv4. There are indications in messages that active-response systems can't work becaus of spoofing. Suitable integrity and encryption methods can be used to validate source and ip address data.
There may be more modest active-response methods that may be more generally useful. For example, if traffic is located from a hostile system, the source of the traffic may be back-tracked, and shut off near its source. Not easy - and not necessarily today - but there could be places where such approaches may be deployed.
Sam Nitzberg
dontspamthis_______sam@iamsam.com
http://www.iamsam.com/
http://www.nitzbergsecurityassociates.com/
Thorem 4.5.3 covers this.h eory-bk-fourse5.html
http://www.cse.ohio-state.edu/~gurari/theory-bk/t
Just read up to Th. 4.5.3.
QED.
Although the prospective students have been penalized by Stanford, there is something that I don't quite understand.
It seems that Stanford made this information (acceptance status) available by entering a (guessable) address.
Until this information was issued formally to the student, Stanford apparently considered this information confidential.
By not utilizing an effective password / security system, Stanford then effectively made this information publicly available.
One could argue that any student would have a right / entitlement to know what information on himself / herself was being made publicly available - especially if the information were supposed to have been confidential.
It is arguable that Stanford effectively violated the privacy of the students, but is prepared to punish the (prospective) students for obtaining the information it made publiclay available.
It's a cookbook !!!!
So if I have an idea, never share it with anyone and never act on it or put it into any real tangible form and someone else has the same idea and acts on it, they're a thief and I'm a victim?
Didn't Leibnitz and Newton come up with similar ideas and methods of calculation for Calculus - independently, and at about the same time? And they didn't steal....
I'm not sure about the best way to achieve the VGA part, but the newer Ipaqs - including the Ipaq 4500 series have built-in 802.11b. They can also run familiar linux - BUT - I don't know if they will run Linux and use the built-in wireless (I have only run Linux on Ipaqs of lower models - 3700/3900 series, using an Orinoco card in the expansion slider for it).
The book (something like) how to do everything with your Ipaq... mentions PCMCIA cards for VGA output, but I know there are models (possibly not ipaq) with the capability built-in.
They use liquid sodium metal...
;-)
I'll just have to take this idea with a grain of salt
One way for computer-generated strong password to be used is to have the computer generate maybe 5 - and have the user select the one he (ok - or she) finds most appealing.
For what it's worth, after you are assigned passwords on a few systems this way, it can be almost impossible to keep them straight in your head. If you're only dealing with users with accounts on one system - this isn't too bad.
Other options include things like (radius?)server systems - where you carry a dongle around which always spits out numbers every x seconds. The system maintains a similar, running count. What makes this system work is that these numbers are pseudo-random, with a good measure of randomness. When you login, you must also supply the number. Unless the device is stolen, your login can't be used.
Another option is through the use of programs like OPIE - One Time Passwords in Everything - a one-time password list can be generated for users. One a user uses a password, it gets crossed off the list, and the user goes to the next password. Even if the user is shoulder-surfed or the connection is sniffed, it doesn't help someone else get access to the account. Of course, the downside is if the list gets lost or left behind somewhere...
Heck, I've got a fan for my ALU ;-)
"I defy anybody to tell me why is it more secure to not run as root. Nobody really has a good answer.
PRINCIPLE OF LEAST PRIVILEGE
The game is called NIM. You can do a quick google:
m e+ in+BASIC
http://www.google.com/search?hl=en&lr=&q=nim+ga
I'm also pretty sure that you can pretty quickly turn up source code.
Also, if I remember, the optimal strategy (or play characteristics) are well-defined recursively. You can also present the notion of a seemingly simple problem having a precise mathematical-solution.
You might even like to go with Towers of hanoi, a code example, and a mention of recursion. The kids will not have seen recursion before - but - a few might latch onto the notion, and want to learn more about the math.
I'd actually like to see the Smithsonian pick them up. The Smithsonian actually has in Washington, DC a rather nice computer exhibit.
I'd like to see these on permanent display by an organization whose sole function is to make great works available to the public.
Sam Nitzberg
I was afraid you were going to write...
/
rm -rf
(OK - I know it's old, but somebody had to say it...)
I like removable primary drives, and slidable-drives on notebooks. They work great...
For example-
One notebook that I like to use for experimentation is an older (PIII, 700 MHZ) HP Omnibook 6000. I have one drive that I use for home and general work using installed programs that I semi-regularly use.
The drive and its caddy slide out (it's held in my two screws normally, but I removed them). I have another drive in a caddy that I slide in when I want to install an O/S to just experiment with.
On occassion, I will want to run network tools, and absolutely not risk corrupting my current environments. Then, I slide out the drive, and put in my Knoppix CD (I do plan to take a look at Ubunto). So, I am running Linux with no primary hard disk, and only the CD-ROM. If I want to move data, it can be done across a network, or I can plug in a USB-thumbdrive, or other removable storage.
Many modern notebook computers have drives that can slide right out, and you can slide another drive right in. Some don't. Some have a panel underneath the compouter that you have to open, and there may be a relatively weak cable connecting the drive. These configurations are less reliable if you will regularly slide drives in and out - they are really intended to be upgradable, but not subject to heavy changes in disk drive units.
You can also get removable drives on rails for your desktop systems.
Sam
One of the best books ever written on Software Engineering is the Mythical Man Month, by brooks. In it, he also discusses the causes of failure (and some approaches to their solution) of large-scale software projects. If I remember correctly, the basis for this was his work on the IBM Sytem 360/370 Operating System.
He also discussed how many software projects fail. Many project still fail. Many software people [and managers] don't or won't understand formal models, specification methods, and critical review mechanisms. It can be hard to develop good software with proper requirements, specifications, and controls - even in your own building. Moving development half-of-a-world-away doesn't get rid of the fundamentals of software engineering.
You can outsource software - but it's still your job to know and specify what you want built, to ensure that your 'partner' in the project is up to the task, and that milestones are developed and followed. Don't do this, and you won't be any better than if you threw out the money on the project right here at home.
Interesting part of this question - it asks how would you survive (not escape). Is it implicit that you would actually want to leave the island?
You have everything you need for basic survival - multiple food sources. Volcanic soil - implicitly suitable for farming. Materials suitable for building a shalter.
One approach is to stay put, and start building with the coconut trees. This could be a business and lifestyle opportunity. You could have your own private Island !
The next boats that approach are welcome to have their people disembark. Estasblish your location, sell coconut and even home-made products (soap from coconut, etc...). Claim the Island, and start some basic trading for / aquiring what is necessary to build a small resort.
Thank you for responding.
I've never met anyone for business outside of the office complexes or at conferences. This approach seemed a little alien (and very interesting) to me.
Best regards-
Sam
I have a question - if you have regular meetings with people that you are doing consulting projects with, and want to meet with a prospective client or possible supplier of some component, how do they react to meeting yourself and colleagues in a coffee house insted of a "regular office"?
Does anyone (the subjects of this article, or anyone else with experience) have any comments? I am genuinely interested.
Thank you,
Sam
Hash functions
f(x) = y
generally contain values of x (inputs) that produce 'collissions'
That is -
f(x) = y and f(x') = y
does not imply that x = x'
for some x,x'
You are right - the resultant values (y) are not unique.
In general, a 'good' has function means that for x and another value, with a small difference from x, produces a 'big' difference in the hash value (y).
I can see integrated fire-control and logic systems in all kinds of small-arms. I'm not sure that this is entirely a good thing, but I can forsee it happening.
g _w eb_viewable/h2k2_arms_nitzberg_files/frame.htm
s _p art
The engineering in the future (and in the present) will have to be damned-well engineered. If it isn't, be prepared for guns to catch computer-viruses, share data, and fail for no apparent reason. Guns might even fire for no apparent reason if their electronic - ignition or interlock systems are undermined or are improperly upgraded.
I did a presentation a while back touching on some of these ideas. Anyone interested is invited to look at my presentation:
http://iamsam.com/papers/H2K2/h2k2_arms_nitzber
http://www.iamsam.com###dont_spam_me_remove_thi
"It would also stop a crackhead from grabbing a cops peace and killing him during a routine traffic stop. "
Not in New Jersey - Police are exempted from being required to use the 'smart guns'