And it adds up. Besides the "date", admittedly a bit of a stretch as you note, there are also references to "Myrtus" within a path left in the code. Myrtus, a type of myrtle, is possibly a biblical reference to the Book of Esther (Esther was originally called Hadassah - similar to the Hebrew word for myrtle) in which Jewish forces, after unraveling a Persian attack plan, stage a preemptive and successful assault against their adversaries. There is also the level of knowledge required for the targeting of Stuxnet, including highly specific details about its intended target that would have required internal knowledge of the kind that is likely to require espionage to acquire. Finally, there is also a cut-off date of June 24, 2012 when Stuxnet will go dormant. While not unheard of in the world of more conventional botnets, this is decidedly unusual and further points to a nation state's involvement.
Taking all that together, I think it's fairly reasonable to limit the list of suspects to those countries with a reason to be wary of Iran's nuclear program - of which there are, admittedly, quite a few. However, Israel does have a track record for being decidedly unsubtle when it is being proactive about such things, viz the 2007 air raid on one of Syria's nuclear facilities, or the murder of Mahmoud_al-Mabhouh.
No, not confusing it - just using the OP's parallel with the WTO protests, which all mutated into riots a good deal quicker than the Austerity protests in Barcelona which were peaceful until well into the afternoon. In both cases, protest and riot, the net result is effectively nil, and if anything will have made the situation worse in the case of Barcelona et al. The WTO continues to operate as it always has, and the Spanish government will enact austerity measures because like every other nation in Spain's situation no one has yet come up with a better solution to the problem of burgeoning national debts. Being able to mount an effective protest, or riot for that matter, is kind of moot when no one is listening.
As for things getting worse, at dawn yesterday many of the streets around Placa Catalunya and La Ramblas still bore extensive graffiti, residue from fires, vandalized ATMs, broken windows and strewn litter. Today, apart from a few bits of graffiti, it's all gone and it's business as usual; the 29th might as well never have happened, with one exception. There's going to be a bill for all that extra policing, fire fighting and maintenance work (possibly at overtime rates since much of it seems to have been done overnight), and ultimately it's getting added onto the Spanish national debt.
Unfortunately I believe that the lawyers recently had their long-held position at the head of the queue usurped by the bankers, so it might take a while before we can get around to Zuckerberg.
Besides, aren't the geek supposed to inherit the earth or something?
No, I don't think they have. I am currently in Barcelona and got to see the protests here first hand a couple of nights ago; up close and personal with camera in hand, both from within the ranks of the rioters and those of the police and fire brigade, dodging riot batons and thrown bottles and masonry accordingly. It's not the first riot I've witnessed like this, and it probably won't be the last, but the organization has been pretty much the same every time.
The initial setup, performed by a trade union here in Barcelona, does indeed take organization, but the vandalism, thrown rocks, burning barricades and all the other mindless acts that occur is always totally anarchic. You might get a few people come together to build a barricade, trash a police car, set fire to garbage cans etc., but there is absolutely no organization and absolutely no overall strategy other than to cause mayhem. The rioters build on each others daring and gain confidence from each other to do ever more destructive feats of violence but that's about it. Eventually, they have the capability and numbers to overwhelm the police - they probably outnumbered them 10:1 in Barcelona - but they can't. They can't do it because they have no overall strategy and leadership; just anarchy. Even if they did have the leadership, riots are extremely fluid situations that no not allow for much prior planning and there is no ready way to co-ordinate that kind of mob mentality into an effective force.
There was a screenshot posted that was purported to be the Bushehr plant's control systems shortly after the claims that it was the target of Stuxnet first appeared. SIMATIC WinCC is Siemens' SCADA front-end tool for Windows clients, so either this image is of another nuclear plant or Bushehr does indeed use Siemens software.
In any event, in the early analyses of Stuxnet, that the target was Bushehr was speculative based on:
The high number of infections in Iran
That the software was so complicated and targeted at very specific PLCs within a Siemens SCADA environment implying a particular installation was being targeted
That the second point above in turn implied that a nation state that had acquired inside knowledge about the target was behind the worm, although which one wasn't even speculated at
Bushehr was believed to have experienced some kind of technical issue within a suitable time frame
Assuming the screenshot and target of Stuxnet are both Bushehr, then I don't actually know which is worse; that someone would trust apparently pirated software to run a nuclear plant, or that someone would deliberately try to disrupt the operations of one...
That's not quite what I meant though. One aspect of the vetting is to determine whether the subject might be blackmailed over their sexual orientation, so which of these candidates is statistically the least susceptible to such blackmail:
Candidate A, who is openly gay
Candidate B, who claims to be heterosexual and nothing to contradict this was found in vetting
Candidate A clearly cannot be blackmailed over a threat to expose their sexual preferences, but Candidate B could be either telling the truth or has just managed keep a non-heterosexual lifestyle completely separate from their more public lifestyle. Statistically Candidate A poses the lower risk, but somehow I doubt that is the way many employers who employ vetting are going to see this.
I guess it kind of depends on whether or not you have anything about yourself that you would prefer your employer not to know and could potentially be blackmailed over. Would, for instance, an openly gay person who could therefore not be blackmailed over being outed fare any better than someone who claimed to be heterosexual but could, conceivably, still be in the closet?
OK, but what's the average return on investment for a successful patent troll lawsuit?
Turning that 90% figure on its head, if the average ROI for buying up a patent and sucessfully suing some suitably wealthy potential infringers in court is more than nine times the outlay then unfortunately being a patent troll is still a viable business model.
I'll give him the benefit of the doubt in that the use of the term "desktop" means just that and excludes mobile devices that might be connected up to uncontrolled and potentially insecure networks, but even so this is still dumb. There are plenty of security applications out there, on all OS platforms, that allow centrally managed security policies to be pushed out to clients, so why wouldn't you use one if you have the budget and know how? For instance, if you know the IPs of your IT/management workstations (you did put them all in the same subnet, right?), then why on earth wouldn't you lock down access to your client based remote admin tools to just that subnet? Equally, why would you want your desktops to be able to connect to any other key server (DNS, SMTP, Proxy...) other than the official ones?
Oh, right. You want to have a major clean up operation and all the business disruption that entails on your hands the next time some worm using a 0-day exploit manages to get inside your network and runs rampant. That's an approach that is (allegedly) working out real well for the techs at Iran's Bushehr nuclear plant right now...
This is just like his previous ideas of having passengers standing up for the flight or (so far at least) pay-for use toilets. There's no way it would ever fly (pun intended), but it does get RyanAir a lot of free publicity in the press and TV news. Congratulations, you just gave him some more!
That said, flip this on its head and have the co-pilot assuming the role of a flight attendant or purser while the plane is on auto-pilot probably would be within regulations, although without quite the same degree of cost savings. That kind of makes sense as the chances are that when two pilots are required in the cockpit the fasten seatbelts light will be on anyway, so having one less attendant won't matter.
The fine structure constant is given as being equal to "e^2/hc", so if the FSC is not a constant then one (or more) of the other values must also be a variable. Take your pick between:
If any of those constants turned out to in fact be variable, or even a "constant" which has varied over the lifetime of the universe, then the implications would be profound to say the least.
Not sure about the Hubble's image processing, but I had some dealings with satellite images several years ago. Our images were created from a combination of a high resolution monochrome image to provide detail then a sequence of lower resolution colour images potentially ranging from UV through to IR. The images were then combined, the colour spectrum compressed and/or shifted to fit within the range visible to the human eye before being output as high-resolution (for the time) colour images.
You are assuming that is all that he managed to take in bribes. For all we know, the money in the shoe boxes was the contents of his last briefcase full of used, non-sequential notes and he just hadn't had a chance to transfer it to a better location before he was arrested. If he's been doing this long enough, it's entirely possible that he could have taken several million dollars by now...
I don't actually think there is an easy, one-size-fits-all solution to this problem without a radical shakeup of how Windows handles DLLs. If you insist on applications each installing their own versions of each DLL then you end up with a potential nightmare when there is a flaw found in some versions of a given DLL like with atl.dll a while back. At least you'd know which apps are vulnerable, but that's not going to be much help when one of those is essential to your business and the app breaks if you update the DLL manually.
A simple fix would be for a programmer to have their app at initialization checksum any dll it uses.
Bad idea. That would likely create more problems than it solves and bring back the worst of DLL hell, especially for frequently updated and used DLLs and also given how badly certain vendor's individual development teams seem to communicate with each other. Say App_A installs v1.0.1 of a DLL in a shared location, then later App_B then comes along and updates this to v1.0.2 - congratulations; you just broke App_A. OK, there's a fix for that, but only if you can call the awful kludge that is WinSxS a "fix".
True, but that's splitting hairs. Here we are clearly talking about "running out" in the context of not having it available for our use in some manner and not gone forever. Until we can extract the helium we have used and released into the atmosphere and oceans for reuse, or utilize some other source (the moon?), then the quantity available for our use is indeed running out.
Just pay the patent examiners a bonus based on how many patents they successfully manage to reject, including any appeals that might be raised against the rejection by the original submitter. It'll incentivize the patent examiners to get through the backlog, and, if the bonuses are funded by an extra "patent examination fee" that is only refundable in the event of a succesful application, it'll cut down on the frivolous patent submissions at no extra cost to the taxpaper as well.
There have been computer games that let you play as the "bad guys" almost as long as there have been computer games, in eras ranging from pre-historic times, through to the World Wars, Cold War, Vietnam and even fictional SciFi enemies such as the Sith. Sometimes being the bad guys and blowing of steam is also a heck of a lot of fun! The only thing that seems to have changed is that as modern society has had increasingly immediate access to current events, the period between the event and the entertainment based on it has reduced. Well, guess what? If you fight a war for a longer period than that grace period, then you are going to start seeing entertainment while the combat is still on-going.
Besides, one of the tenets of the military is "know your enemy"; I'm pretty sure Sun Szu's "Art of War" is still going to be required reading at West Point, and the like. If the simulation is good enough, then why not use it to train the troops in Red Team / Blue Team exercises. Surely, it's better that people get their asses kicked and then learn from their mistakes in a simulator than getting their asses kicked on a battlefield and not getting the chance.
The pilots kind of revoked their own licenses. Permanently. All of the crew perished in the crash.
The thing that bugs me is that flight systems on passenger jets are multiply redundant and their are strict rules about what can and can't be done when there is a system failure. For instance there are usually at least three autopilot systems, and if only one is indicating a fault then the flight crew has to perform all flight operations manually. WTF happened with regulatory control that didn't enforce that this kind of redundancy and human oversight applied to critical systems on the ground as well?
I think that directly soldering the device to motherboards is more likely to be restricted to devices that are more economical to just replace when they fail; stuff like MP3 players, phones and thumb drives[1]. Anything larger than that and you'd have to be a pretty dumb manufacturer or working to very tight space constraints not to see the potential revenue that might come from putting the chip on a daughter board to create higher spec systems and end-user upgrades.
[1] This doesn't preclude sending the thing to some 3rd world country to be recycled, only that the costs of skilled labour for the a repair exceed the manufacturing cost.
The latest preview builds of IE9 are scoring in the mid 90's on the ACID3 test, so it is probably fair to say that the final release should play nicely with web pages that have been built using open standards and lack IE specific hacks.
That is not the same thing as saying that it won't come with a lot of legacy baggage and proprietary extensions to try and lure developers into another re-run of the IE6/ActiveX fiasco that we are all still paying for today, a decade later. The only thing that is going to kill that is when corporates are unable to legally install IE6 compatible versions of Windows and have no choice but to retire the existing desktop systems that do.
Slashdot Mirror
Try a court of law. There's a reason for my use of the word circumstantial before the word evidence.
And it adds up. Besides the "date", admittedly a bit of a stretch as you note, there are also references to "Myrtus" within a path left in the code. Myrtus, a type of myrtle, is possibly a biblical reference to the Book of Esther (Esther was originally called Hadassah - similar to the Hebrew word for myrtle) in which Jewish forces, after unraveling a Persian attack plan, stage a preemptive and successful assault against their adversaries. There is also the level of knowledge required for the targeting of Stuxnet, including highly specific details about its intended target that would have required internal knowledge of the kind that is likely to require espionage to acquire. Finally, there is also a cut-off date of June 24, 2012 when Stuxnet will go dormant. While not unheard of in the world of more conventional botnets, this is decidedly unusual and further points to a nation state's involvement.
Taking all that together, I think it's fairly reasonable to limit the list of suspects to those countries with a reason to be wary of Iran's nuclear program - of which there are, admittedly, quite a few. However, Israel does have a track record for being decidedly unsubtle when it is being proactive about such things, viz the 2007 air raid on one of Syria's nuclear facilities, or the murder of Mahmoud_al-Mabhouh.
No, not confusing it - just using the OP's parallel with the WTO protests, which all mutated into riots a good deal quicker than the Austerity protests in Barcelona which were peaceful until well into the afternoon. In both cases, protest and riot, the net result is effectively nil, and if anything will have made the situation worse in the case of Barcelona et al. The WTO continues to operate as it always has, and the Spanish government will enact austerity measures because like every other nation in Spain's situation no one has yet come up with a better solution to the problem of burgeoning national debts. Being able to mount an effective protest, or riot for that matter, is kind of moot when no one is listening.
As for things getting worse, at dawn yesterday many of the streets around Placa Catalunya and La Ramblas still bore extensive graffiti, residue from fires, vandalized ATMs, broken windows and strewn litter. Today, apart from a few bits of graffiti, it's all gone and it's business as usual; the 29th might as well never have happened, with one exception. There's going to be a bill for all that extra policing, fire fighting and maintenance work (possibly at overtime rates since much of it seems to have been done overnight), and ultimately it's getting added onto the Spanish national debt.
Unfortunately I believe that the lawyers recently had their long-held position at the head of the queue usurped by the bankers, so it might take a while before we can get around to Zuckerberg.
Besides, aren't the geek supposed to inherit the earth or something?
No, I don't think they have. I am currently in Barcelona and got to see the protests here first hand a couple of nights ago; up close and personal with camera in hand, both from within the ranks of the rioters and those of the police and fire brigade, dodging riot batons and thrown bottles and masonry accordingly. It's not the first riot I've witnessed like this, and it probably won't be the last, but the organization has been pretty much the same every time.
The initial setup, performed by a trade union here in Barcelona, does indeed take organization, but the vandalism, thrown rocks, burning barricades and all the other mindless acts that occur is always totally anarchic. You might get a few people come together to build a barricade, trash a police car, set fire to garbage cans etc., but there is absolutely no organization and absolutely no overall strategy other than to cause mayhem. The rioters build on each others daring and gain confidence from each other to do ever more destructive feats of violence but that's about it. Eventually, they have the capability and numbers to overwhelm the police - they probably outnumbered them 10:1 in Barcelona - but they can't. They can't do it because they have no overall strategy and leadership; just anarchy. Even if they did have the leadership, riots are extremely fluid situations that no not allow for much prior planning and there is no ready way to co-ordinate that kind of mob mentality into an effective force.
In any event, in the early analyses of Stuxnet, that the target was Bushehr was speculative based on:
Assuming the screenshot and target of Stuxnet are both Bushehr, then I don't actually know which is worse; that someone would trust apparently pirated software to run a nuclear plant, or that someone would deliberately try to disrupt the operations of one...
Otherwise known as Zeno's Dichotomy Paradox (often shorted to just "Xeno's Paradox", although he in fact suggested three).
I suppose I should now go and vandalise the article to keep in the spirit of things. Hang on, I'm half way there...
Candidate A clearly cannot be blackmailed over a threat to expose their sexual preferences, but Candidate B could be either telling the truth or has just managed keep a non-heterosexual lifestyle completely separate from their more public lifestyle. Statistically Candidate A poses the lower risk, but somehow I doubt that is the way many employers who employ vetting are going to see this.
I guess it kind of depends on whether or not you have anything about yourself that you would prefer your employer not to know and could potentially be blackmailed over. Would, for instance, an openly gay person who could therefore not be blackmailed over being outed fare any better than someone who claimed to be heterosexual but could, conceivably, still be in the closet?
OK, but what's the average return on investment for a successful patent troll lawsuit?
Turning that 90% figure on its head, if the average ROI for buying up a patent and sucessfully suing some suitably wealthy potential infringers in court is more than nine times the outlay then unfortunately being a patent troll is still a viable business model.
I'll give him the benefit of the doubt in that the use of the term "desktop" means just that and excludes mobile devices that might be connected up to uncontrolled and potentially insecure networks, but even so this is still dumb. There are plenty of security applications out there, on all OS platforms, that allow centrally managed security policies to be pushed out to clients, so why wouldn't you use one if you have the budget and know how? For instance, if you know the IPs of your IT/management workstations (you did put them all in the same subnet, right?), then why on earth wouldn't you lock down access to your client based remote admin tools to just that subnet? Equally, why would you want your desktops to be able to connect to any other key server (DNS, SMTP, Proxy...) other than the official ones?
Oh, right. You want to have a major clean up operation and all the business disruption that entails on your hands the next time some worm using a 0-day exploit manages to get inside your network and runs rampant. That's an approach that is (allegedly) working out real well for the techs at Iran's Bushehr nuclear plant right now...
This is just like his previous ideas of having passengers standing up for the flight or (so far at least) pay-for use toilets. There's no way it would ever fly (pun intended), but it does get RyanAir a lot of free publicity in the press and TV news. Congratulations, you just gave him some more!
That said, flip this on its head and have the co-pilot assuming the role of a flight attendant or purser while the plane is on auto-pilot probably would be within regulations, although without quite the same degree of cost savings. That kind of makes sense as the chances are that when two pilots are required in the cockpit the fasten seatbelts light will be on anyway, so having one less attendant won't matter.
If any of those constants turned out to in fact be variable, or even a "constant" which has varied over the lifetime of the universe, then the implications would be profound to say the least.
Not sure about the Hubble's image processing, but I had some dealings with satellite images several years ago. Our images were created from a combination of a high resolution monochrome image to provide detail then a sequence of lower resolution colour images potentially ranging from UV through to IR. The images were then combined, the colour spectrum compressed and/or shifted to fit within the range visible to the human eye before being output as high-resolution (for the time) colour images.
You are assuming that is all that he managed to take in bribes. For all we know, the money in the shoe boxes was the contents of his last briefcase full of used, non-sequential notes and he just hadn't had a chance to transfer it to a better location before he was arrested. If he's been doing this long enough, it's entirely possible that he could have taken several million dollars by now...
There might be a reason for that...
That's why I specified "in a shared location". :)
I don't actually think there is an easy, one-size-fits-all solution to this problem without a radical shakeup of how Windows handles DLLs. If you insist on applications each installing their own versions of each DLL then you end up with a potential nightmare when there is a flaw found in some versions of a given DLL like with atl.dll a while back. At least you'd know which apps are vulnerable, but that's not going to be much help when one of those is essential to your business and the app breaks if you update the DLL manually.
Bad idea. That would likely create more problems than it solves and bring back the worst of DLL hell, especially for frequently updated and used DLLs and also given how badly certain vendor's individual development teams seem to communicate with each other. Say App_A installs v1.0.1 of a DLL in a shared location, then later App_B then comes along and updates this to v1.0.2 - congratulations; you just broke App_A. OK, there's a fix for that, but only if you can call the awful kludge that is WinSxS a "fix".
True, but that's splitting hairs. Here we are clearly talking about "running out" in the context of not having it available for our use in some manner and not gone forever. Until we can extract the helium we have used and released into the atmosphere and oceans for reuse, or utilize some other source (the moon?), then the quantity available for our use is indeed running out.
And the helium is retrieved from the atmosphere for reuse by which process, exactly?
Just pay the patent examiners a bonus based on how many patents they successfully manage to reject, including any appeals that might be raised against the rejection by the original submitter. It'll incentivize the patent examiners to get through the backlog, and, if the bonuses are funded by an extra "patent examination fee" that is only refundable in the event of a succesful application, it'll cut down on the frivolous patent submissions at no extra cost to the taxpaper as well.
There have been computer games that let you play as the "bad guys" almost as long as there have been computer games, in eras ranging from pre-historic times, through to the World Wars, Cold War, Vietnam and even fictional SciFi enemies such as the Sith. Sometimes being the bad guys and blowing of steam is also a heck of a lot of fun! The only thing that seems to have changed is that as modern society has had increasingly immediate access to current events, the period between the event and the entertainment based on it has reduced. Well, guess what? If you fight a war for a longer period than that grace period, then you are going to start seeing entertainment while the combat is still on-going.
Besides, one of the tenets of the military is "know your enemy"; I'm pretty sure Sun Szu's "Art of War" is still going to be required reading at West Point, and the like. If the simulation is good enough, then why not use it to train the troops in Red Team / Blue Team exercises. Surely, it's better that people get their asses kicked and then learn from their mistakes in a simulator than getting their asses kicked on a battlefield and not getting the chance.
The pilots kind of revoked their own licenses. Permanently. All of the crew perished in the crash.
The thing that bugs me is that flight systems on passenger jets are multiply redundant and their are strict rules about what can and can't be done when there is a system failure. For instance there are usually at least three autopilot systems, and if only one is indicating a fault then the flight crew has to perform all flight operations manually. WTF happened with regulatory control that didn't enforce that this kind of redundancy and human oversight applied to critical systems on the ground as well?
I think that directly soldering the device to motherboards is more likely to be restricted to devices that are more economical to just replace when they fail; stuff like MP3 players, phones and thumb drives[1]. Anything larger than that and you'd have to be a pretty dumb manufacturer or working to very tight space constraints not to see the potential revenue that might come from putting the chip on a daughter board to create higher spec systems and end-user upgrades.
[1] This doesn't preclude sending the thing to some 3rd world country to be recycled, only that the costs of skilled labour for the a repair exceed the manufacturing cost.
The latest preview builds of IE9 are scoring in the mid 90's on the ACID3 test, so it is probably fair to say that the final release should play nicely with web pages that have been built using open standards and lack IE specific hacks.
That is not the same thing as saying that it won't come with a lot of legacy baggage and proprietary extensions to try and lure developers into another re-run of the IE6/ActiveX fiasco that we are all still paying for today, a decade later. The only thing that is going to kill that is when corporates are unable to legally install IE6 compatible versions of Windows and have no choice but to retire the existing desktop systems that do.