So why not propose to kill HST, generate a huge outrage against not only that, but also the money-sucking ISS, and then sit back and "let the people speak" and wash our hands of the whole sordid affair. Europe, Japan, Canada, and everybody else in on the ISS boondoggle get to go suck eggs, while the Americans save themselves a boatload of money, kill off a particularly useless program, and wind up looking like heros for doing it
Do you think the Europeans and Japanese are all that keen on the ISS program at this point?
If the US backs out they might only be too pleased to do so as well.
"The top priority after November is going to be executing Bin Laden and sorting out the CIA. Fixing NASA as well is not going to be ralistic."
I think we would need to catch Bin Laden before we execute him.... just a thought.
Catching Bin Laden is only a means to his end.
We are going to have to seriously try to catch him before that happens.
I think the problem is that we're one shuttle short, the gov't doesn't want to spend money building yet another when they're so badly obsolete, and there are too many more important tasks to give time and space for a Hubble mission.
More important tasks? Like what?
The space station is a much lower science priority than Hubble. Hubble is the only telescope with a view that is not clouded by the atmosphere. There are some ground based telescopes that come close to Hubble in some areas, but it is still the gold standard.
The economist has done several articles on the space station, they can't see the point, neither can I.
Lets face it, the tax cuts served two purposes for the Bush administration, buy off support of the richest in America and to run the finances of the nation into the ground so far that we would have to cut spending. This Mars crap is just that, a canard to distract the populace and make Bush look like a visionary.
I don't think the issue is actually cost here, the issue is that the shuttle is too unsafe to fly for any reason at all. Clearly if it is safe enough to fly thirty odd missions for the space station it is safe enough to do one mission to save Hubble.
If the issue is cost, it is not Bush behind it. Bush is not Reagan. Reagan cut spending to pay for his tax cuts. Bush has not cut anything, has not vetoed any bill however pork laden. The current plot is to have him veto the highways bill so he looks tough on spending safe in the knowledge he will be overridden.
Hubble is the biggest contribution NASA has made to science in the past decade. There is more science comes out of Hubble each week than will ever come out of the space station. If the issue was cash it would be because the NASA brass either think they can get Congress to pay for an extra mission to save Hubble or they are so committed to the space station they will defend it at all costs.
The Mars crap is an obvious canard, its the 'vision thing'. Like dressing Bush up in a flight suit and landing on the deck of the US Lincoln. It is a typical election pledge and you can tell it is bogus because there is no extra money in the budget to pay for it. The unreported part of the speech gave the end of life date for the shuttle.
The shuttle is not going to fly before the election. Karl Rove is not going to risk having it blow up on the launchpad and have Bush be blamed for an election stunt that cost others lives. To lose one shuttle is a misfortune, two...
So far the shuttle has cost 16 lives. Both disasters showed that the management had failled. The top priority after November is going to be executing Bin Laden and sorting out the CIA. Fixing NASA as well is not going to be ralistic.
As luck would have it, Darlin' Darl the Dark, does not have any vested stock options to sell at this time. He draws a realtively small, (about 160K), salary and his stock options are held up pending a string of profitable quarters.
That is not an obstacle. Turning that type of situation into liquid cash is what private bankers are for. Daryl will have a fancy derivative collar.
The big news the Slashdot post seems to have missed is that:
SCO HAS DROPPED THEIR TRADE SECRET CLAIM
Bigger news is that IBM did not file to dismiss. I certainly don't think they are going to fold, quite the opposite. I think they have deliberately not filed the routine motion because they think that they might soon be in a position to get it granted for real, they don't want the judge getting used to batting them away.
Some SCO speak:
"With respect to the overriding issue, that SCO failed to identify
line-for-line code copying", Heise claimed "that has not and is not
what the case is about". (Again, very surprised looks in the
audience).
The judge did not buy that. SCO is still on the hook. The judge raised the issue of strict compliance which means more games from sco and the case goes out.
1. A small group of 100 or so people (Govenrment, individuals, organized crime, etc) with the ability to log into your machine, do whatever they want to with it (Set up a kiddie porn ring, steal your identity, etc.)
That is the sort of thing that black hat hackers tend to do anyway.
If you read the article you will see that the major source of exploits is the full disclosure type security forums. I am not saying full disclosure is entirely bad, just that the people writing viruses and worms are not telling the world it did not know anyway.
The guys (and they were mostly guys) in the article were describing using Visual Basic as the cutting edge of programming. One became recognized as elite because he worked out how to use multithreading. Like don't over-estimate the skills of these guys here.
The point about monoculture is made, but it is a crock. The original Moriss worm attacked multiple host types. There have been several cross platform worms. Microsoft is 90% of the machines out there, so if you write for any other platform you guarantee that your attacks will be an order of magnitude likely to succeed at each link.
x^y tends to infinity with increasing y if x>1 and to zero if x1.
Read the full report, it's on-line. Four senior Computer Security Professors concluded that NO
Internet and PC based voting scheme could be made as secure as current
absentee ballot arrangements. Crypto strength is not the issue at all.
I know who they are, they are a bunch of academics who have never built anything who have established their reputation by playing Casandra. Just because four out of the ten members of the review panel publish a minority report does not mean that their claims are credible. The other six members of the panel disagree with them.
Bruce Schneier does something of the same thing, but there is a major difference. I have never seen Bruce criticise something without offering a fix or making a really serious effort to find one or give as good a description of the problem as he can.
The other difference with Bruce is that whenever he comes after something I did he has always raised the issue in private before going public. He does not always agree but he does not say things like 'there is no technology in existence that can fix it'. The authors of the report just did a hatchet job, they reported to the press first.
The problem here is that the only thing that the Pentagon has learned from this is who not to choose to put on a review panel. The project will continue, they have only cancelled the 2004 trials. Meanwhile Mitchigan is holding the democrat primary via the Web and that will be used to 'prove' the report was bunk.
In the 1990's Matthew Cook served as a research assistant to Stephen Wolfram , where among other things he was directed to develop a proof showing that the Rule 110 cellular automaton is Turing-complete . Under non-disclosure until the publication of Stephen Wolfram's A New Kind of Science, Cook nevertheless presented his proof at a Santa Fe Institute conference.
I have worked in several of the labs where Steve has worked. Does not play well with others is a common conclusion.
The big problem with Steve's book is that he is simply unable to see that a large part of what he is proposing is simply stating existing ideas in a different notation.
Einstein surrounded himself by people who he considered his intellectual peers, people like Kurt Goedel. Steve shut himself up in a room for ten years and basically talked only to the people he felt like. He surrounded himself with a bunch of sycophants in the manner of a pop star - we have all seen what that has done to Michael Jackson. I decided not to read the book after I heard the gushing haigographies given by his employees.
It is not surprising that the book got the reception it did. When I heard Steve talking about it I kept thinking 'hammer, nail'. Steve has been working on finite state automata for years. But the standard model of physics today has at its core an idea that is pretty close to being a collection of finite state machines. It is already known that you can simulate one with the other.
I think that the problem that Steve has created here is that the manner of his presentation closely resembles that of a crank. I get letters from cranks calling themselves the new Einstein and Adam Smith combined, actually everyone who has been published in the letters section of the London Times does.
Steve is incredibly bright, but unfortunately no intelligence in history could match his ego, and his does not either.
I disagree. You can solve all manner of these types of problems using certificates with high encryption strength.
But not the confidence problem.
The problem with SERVE is that it got caught in the crossfire from the Diebold issue. It is an easier target in some ways because people are used to ATMs, they are less used to the Internet.
There is a big difference in the two problems, with Internet voting it is much easier to perform one off frauds that afftect single votes. You can trojan a machine if you know a voter is going to use it. It is actually very hard to preform a fraud on a wide enough scale to affect the outcome to any significant extent. It is also relatively easy to create log files etc since there can be redundant machines auditing the IP stream.
The Diebold issue is the reverse. It is quite hard to compromise a system, but if you can compromise the system you can control the vote absolutely.
The other factor that comes into the Diebold story is the incompetent coding, the lack of security knowledge and the refusal to seek any.
They don't have to spend a whole lot of time tracking down the false WHOIS record holders.
Just spend a little bit of time trying to track them down. Then cancel their domains. Let them present themselves for identification when they want the domains un-canceled.
The current cost of a domain name is about $10. You can't get any type of address verification/authentication lookup from a reliable database for less than $20. If you want the result to be at all reliable it would cost at least $100 and most likely $200 - sound familliar? Thats what SSL certs cost.
The rule for domain names is quite simple, you use a false address, someone complains, you are likely to never get notice of the complaint, you lose the domain. Or you use a false address, you never get the renewal notice, you lose the domain. You have no idea how many IETF privacy nuts complained about not getting their renewal notices after typing in bogus address data, well DUUHHH!!
The only reason that WHOIS data is public in the first place is that when ICANN was being set up the competing registrars insisted that the rules should allow them to see Network solution's customer list so they could spam them with transfer offers. The other registrars then did what everyone else has done since, they created nominees to hide the true identities of the holder.
WHOIS would be best shut down. The spammers are never going to give valid data anyway. Instead use the reverse DNS to advertise a contact address to go to when you have a problem with info comming from an IP record. Nice thing here is that in many cases the delegation of reverse DNS reaches exactly to the level you would want to pick up a phone to talk to someone about a hacker comming from their net.
Of course you would need to authenticate any use of that data, telephone numbers would only be given out on a need to know basis etc. But we could do a lot better than whois. I have never traced a hacker successfully using whois data.
Get real, lets send some good ones up there.. Lets see, make fake invitations to Darl McBride and John Ashcroft to go meet at the headquarters of the RIAA, maybe even get Hillary Rosen to show up.
No, no: what he meant was that sometimes (quite often, actually) one process or the whole desktop becomes unresponsive, even though almost no CPU time is being used, the hard drive isn't working, no network traffic should be occuring etc. You just have to assume that something is waiting for something, but there is absolutely no indication what it is.
I see such delays almost every day; mostly on Windows (XP and 2000), but occasionaly on Linux too.
Yep, that is it. I know how to use perfmon, I can recognize an explorer crash. But sometimes the thing just goes off to sleep.
I noticed a similar issue with dotNET, it can take an awful long time to parse XML and while it is busy it can be stuck at 22% utilization on a 2 proc machine.
Outlook is also good at doing this when you make the mistake of using MAPI connect mode. The idiots at MSFT used RPC. The program can hang for an hour synchronizing.
This is all stupid programming, not all in the O/S. I want the O/S to point the finger at the programmer responsible. I want his picture on a Web site.
I wonder if a 64 bit OS will make any performance difference for the average desktop user. Since its not like any normal people have more than a gig of ram anyways. Is it possible that it could even slow down 32 bit apps?
Its been a long time since I had performance issues due to CPU bottlenecks. My twin processor 650MHz box works just as fast as my 2.4GHz single processor box in practice.
The big issue for me are the cases where the stupid machine just locks up and does fuck all for 20 seconds or so. CPU meter shows 3% utilization, no disk activity. What is the stupid thing doing?
Same goes for UNIX systems, its not the processing thats the issues, or even the legitimate I/O delays, its the cretinous delays built into broken device drivers and applications.
I would like Windows to have a meter built in that would show which processes were waiting and the resources they were waiting on.
My other pet peeve is what the cretins at Checkpoint think is an acceptable VPN client. Every time the credentials time out a box appears for me to re-enter my credentials. Only I use cert based credentials stored in CAPI so all I am doing is hitting OK. Even so the box locks the user interface for about 90 seconds while it does something. Oh @$#(& it did it again.
The message appears to me to be addressed to Andy. I suspect it is an oblique reference to Andy Wharhol and his '15 minutes of fame' comment after the assasination attempt.
There are several reasons to suspect MyDoom is written to order besides the note. The original launch appears to have been from machines broadcasting the virus payload. That is why the virus suddenly came out of nowhere. The author must have expected this since the timetable for the SCO attack was pretty short.
I suspect we will eventually discover that the MyDoom.B virus is launched by the same gang.
The way to catch these guys is to look at the worst types of criminal spam out there - the Paypal, Citibank etc. impersonations that are intended to perform identity theft. I'll bet that one of those gangs sent the message. They have the resources to pay for bespoke hacking.
Alternatively break into one of the spam sender forums and look to see if someone is retailing a new batch of 'owned' machines.
Did you even RTFA? The Americans didn't blow up anything. The Soviets bought computer chips and used them to control the operations of the pipeline.
The alleged explosion was an intentional consequence of a US action.
It is not credible for many reasons, the technical issues alone, the timetable (16 months for the whole plot), the fact that no such explosion is reported in 1982 and the fact that the US does not commit acts of war against countries as strong as it is.
Reagan was terrified of the Soviets and communism. He thought they were likely to lob bombs at any moment. He certainly did not want to invade the USSR and rule. His concern was the threat to the US and the free world as he called it.
The last thing Reagan was going to do was commit an act of war against the USSR. It would be completely stupid.
At the time the statement was regularly made that if the soviets invaded western Europe the war would be over in 3 days and we would be forced to go nuclear or surrender.
The GOP knows now that the USSR was a paper tiger that would implode under its own weight. Reagan certainly did not in 1981.
If you accept the GOP fable about spending the war into the ground (true in a way, but it was really Jack Kennedy and the moon shot), why would Reagan risk a war over such a pointless action?
During the cold war I used to regularly play games of bridge with a KGB agent, a CIA agent and a Mossad agent. That is the way it was back then. We all knew what everyone did.
I agree with most of your analysis, but I think you're lowballing the 1985 state of the art in control systems a bit.
This fable took place in 1981 and 1982. The state of the art then was very different. Think what was happening at the time. The IBM PC came out in 1982, by 1985 it was mainstream and the clones were being churned out.
I agree that in 1985 it would be slightly more credible. But even then, we were doing 100% bespoke software for our systems at that time. The idea that off the shelf code existed for control of a complete pipeline system is crazy. It does not even exist now, you build up the parts from toolkits.
Like when have you ever seen two chemical plants that are absolutely identical in every detail let alone churned out on a mass produced basis? How could you have the generic system described?
"Ahh, looks like the Republicans have got mod points again. Exactly what part of the political analysis do they consider to be wrong?"
Well I don't know how many mod points got burned, but there must have been at least 20 spent on the first post. It went from 5 to -1, cycled several times and then crawled back to 5. When I made the comment about republicans it had been moderated down to -1. The thing is that they all used the 'overrated' choice, not 'troll', I think folk do that to avoid being meta-moderated. After all it could be the person moderated down a story that was at 5 at the time rather than 0.
This is somethin I have observed on slashdot a few times, you criticize Bush and make a point that hits home and some group seems really keen to make sure it does not get heard.
It could just be folk reading the thread, or it could be organized. Send a note out on some far right list and say 'quick, mod down this story if you have points'.
If it was just folk reading the list you would expect the moderation to go in the same direction and stay there. Why would the folk who read a story early moderate so differently to the later readers?
I knew several people directly involved in oil/gas industry in the 90-ies and they had only started introducing real computerized control systems into the pipelines (using western harware/software, LOL). To blow up in '82, a project of that magnitude would have to be started around '75 (Soviet economy had 5-year planning cycle).
I re-read the Safire piece. He claims the plot took place between the inaguration of Reagan (Jan 1981) and the explosion in June 1982.
That means 16 months to decide to shaft the Soviets, to cook up the plot, to steal the necessary information from the Soviets, to analyze it, to cook up the trojan and plant it on the Soviets. The Soviets would then have had to design the control system of the plant arround the stolen software (which has to play a central role), deploy it, teach the operators how to use it, commission the whole scheme and have it explode.
If you think through the steps necessary it is simply not credible or possible. The other issue Safire ignores is that the scheme clearly failed since the pipeline operated and operates very successfully. Causing the explosion would be like the WTC attack, an act of blatant terrorism with huge casualties which was never going to have the desired political effect.
The fact that every one of the people concerned is conveniently dead or incapable of response is probably the reason why the date is proposed. It has to be in Reagan's period of office (would Carter do that?) but before people who are still arround could say its a crock.
No usernames/passwords are allowed.
It's funny in this situation MS is the only one following the RFC
The security problem was spotted back in 1993 or 1994.
The problem was that the URI group was way out in hyperspace by then and not doing what people needed. There was an inordinate amount of effort went in to gopher URLs, the gopher losers wanted to have / be a normal character because it could appear in a Mac filename. The point about escape characters was lost.
Most browsers killed gopher because the protocol was so insecure, you could use a gopher URL to send any string you wanted to any port you wanted, ditto for finger.
The URIs that got used in practice were mostly the ones defined in Netscape. They did not give a wetslap for standards from the IETF or W3C, as far as they were concerned they defined the standard. They did not care much about security either, well not until it started to go embarrasingly wrong.
You're a lying sack of scum. Back up this lie you liar.
You have so far failled to back any of your own allegations, folk can judge you by your posts. You like dictators, you like Bush, you peddle the type of conspiracy stories spun by Wolfowitz and Perle.
The infamous statement by the then US ambassador to Iraq on the Iraq dispute over the Kewaiti oil fields is well established "Washington has no stake in this local dispute".
Equally beyond dispute is the assistence given to Saddam during the war he started against Iran and in which he used the chemical weapons.
You would have to read a history of CIA operations in the middle east to verify the other claims, these are not online but easy enough to get hold of.
Ahhh! I missed that. Are you certian? Or I suppose I should ask is he? I guess it seems hard to believe that there was no electronic automation ANYWHERE.
I was doing control engineering in the mid 1980s. Electronic control was just appearing. Microprocessors had only just appeared and 8 bit was state of the art in 1982.
There were electronic controllers but they were pretty clunky. They were analogue systems that used a series of op-amps to create a three term controller. there was an advantage to using those over a compressed air version but not much. You would still use compressed air to drive the valves - you still do in many cases.
As for the confused discussion of ROMs and such. These are analogue control systems. I am aware that you can use a ROM in the fashion described in a digital control system, it makes no sense for an analogue system.
The fact still remains that there was simply no component available in those days that was complex enough for it to be practical to hide a trojan in. Furthermore as others have pointed out quality control was so sloppy that everyone had to retest chips on arrival anyway. 10% of the chips you received would just be dead. No way could anyone build anything and have it work without testing.
Three term controllers are used as black box items, you test them in isolation. No way is anyone going to be able to predict how to sabotage a plant from the US. You would have no way of knowing which controller was going to go where.
Doesn't seem too smart but at least it's better than the memory and processor cycles idea
The media accounts are wrong. Microsoft is pushing a processor cycles idea. The NPR interview with Ryan Hamlin the GM of the anti-spam division is a more accurate example of what they have presented.
The accreditation scheme that Microsoft and Yahoo are considering mean you pay for sending spam. You do not pay for sending email.
It is like ironport bonded sender, you spam, you forfeit part of your bond. You no spam you no pay.
Ryan was pushing the computational scheme hardest. But the basic scheme is, you stop impersonation spam so you know where the message comes from, then you act on what you know about that person. It authentication and accreditation.
Slashdot Mirror
Do you think the Europeans and Japanese are all that keen on the ISS program at this point? If the US backs out they might only be too pleased to do so as well.
I think we would need to catch Bin Laden before we execute him.... just a thought.
Catching Bin Laden is only a means to his end.
We are going to have to seriously try to catch him before that happens.
More important tasks? Like what?
The space station is a much lower science priority than Hubble. Hubble is the only telescope with a view that is not clouded by the atmosphere. There are some ground based telescopes that come close to Hubble in some areas, but it is still the gold standard.
The economist has done several articles on the space station, they can't see the point, neither can I.
I don't think the issue is actually cost here, the issue is that the shuttle is too unsafe to fly for any reason at all. Clearly if it is safe enough to fly thirty odd missions for the space station it is safe enough to do one mission to save Hubble.
If the issue is cost, it is not Bush behind it. Bush is not Reagan. Reagan cut spending to pay for his tax cuts. Bush has not cut anything, has not vetoed any bill however pork laden. The current plot is to have him veto the highways bill so he looks tough on spending safe in the knowledge he will be overridden.
Hubble is the biggest contribution NASA has made to science in the past decade. There is more science comes out of Hubble each week than will ever come out of the space station. If the issue was cash it would be because the NASA brass either think they can get Congress to pay for an extra mission to save Hubble or they are so committed to the space station they will defend it at all costs.
The Mars crap is an obvious canard, its the 'vision thing'. Like dressing Bush up in a flight suit and landing on the deck of the US Lincoln. It is a typical election pledge and you can tell it is bogus because there is no extra money in the budget to pay for it. The unreported part of the speech gave the end of life date for the shuttle.
The shuttle is not going to fly before the election. Karl Rove is not going to risk having it blow up on the launchpad and have Bush be blamed for an election stunt that cost others lives. To lose one shuttle is a misfortune, two...
So far the shuttle has cost 16 lives. Both disasters showed that the management had failled. The top priority after November is going to be executing Bin Laden and sorting out the CIA. Fixing NASA as well is not going to be ralistic.
That is not an obstacle. Turning that type of situation into liquid cash is what private bankers are for. Daryl will have a fancy derivative collar.
Bigger news is that IBM did not file to dismiss. I certainly don't think they are going to fold, quite the opposite. I think they have deliberately not filed the routine motion because they think that they might soon be in a position to get it granted for real, they don't want the judge getting used to batting them away.
Some SCO speak: "With respect to the overriding issue, that SCO failed to identify line-for-line code copying", Heise claimed "that has not and is not what the case is about". (Again, very surprised looks in the audience).
The judge did not buy that. SCO is still on the hook. The judge raised the issue of strict compliance which means more games from sco and the case goes out.
That is the sort of thing that black hat hackers tend to do anyway.
If you read the article you will see that the major source of exploits is the full disclosure type security forums. I am not saying full disclosure is entirely bad, just that the people writing viruses and worms are not telling the world it did not know anyway.
The guys (and they were mostly guys) in the article were describing using Visual Basic as the cutting edge of programming. One became recognized as elite because he worked out how to use multithreading. Like don't over-estimate the skills of these guys here.
The point about monoculture is made, but it is a crock. The original Moriss worm attacked multiple host types. There have been several cross platform worms. Microsoft is 90% of the machines out there, so if you write for any other platform you guarantee that your attacks will be an order of magnitude likely to succeed at each link.
x^y tends to infinity with increasing y if x>1 and to zero if x1.
I know who they are, they are a bunch of academics who have never built anything who have established their reputation by playing Casandra. Just because four out of the ten members of the review panel publish a minority report does not mean that their claims are credible. The other six members of the panel disagree with them.
Bruce Schneier does something of the same thing, but there is a major difference. I have never seen Bruce criticise something without offering a fix or making a really serious effort to find one or give as good a description of the problem as he can.
The other difference with Bruce is that whenever he comes after something I did he has always raised the issue in private before going public. He does not always agree but he does not say things like 'there is no technology in existence that can fix it'. The authors of the report just did a hatchet job, they reported to the press first.
The problem here is that the only thing that the Pentagon has learned from this is who not to choose to put on a review panel. The project will continue, they have only cancelled the 2004 trials. Meanwhile Mitchigan is holding the democrat primary via the Web and that will be used to 'prove' the report was bunk.
I have worked in several of the labs where Steve has worked. Does not play well with others is a common conclusion.
The big problem with Steve's book is that he is simply unable to see that a large part of what he is proposing is simply stating existing ideas in a different notation.
Einstein surrounded himself by people who he considered his intellectual peers, people like Kurt Goedel. Steve shut himself up in a room for ten years and basically talked only to the people he felt like. He surrounded himself with a bunch of sycophants in the manner of a pop star - we have all seen what that has done to Michael Jackson. I decided not to read the book after I heard the gushing haigographies given by his employees.
It is not surprising that the book got the reception it did. When I heard Steve talking about it I kept thinking 'hammer, nail'. Steve has been working on finite state automata for years. But the standard model of physics today has at its core an idea that is pretty close to being a collection of finite state machines. It is already known that you can simulate one with the other.
I think that the problem that Steve has created here is that the manner of his presentation closely resembles that of a crank. I get letters from cranks calling themselves the new Einstein and Adam Smith combined, actually everyone who has been published in the letters section of the London Times does.
Steve is incredibly bright, but unfortunately no intelligence in history could match his ego, and his does not either.
But not the confidence problem.
The problem with SERVE is that it got caught in the crossfire from the Diebold issue. It is an easier target in some ways because people are used to ATMs, they are less used to the Internet.
There is a big difference in the two problems, with Internet voting it is much easier to perform one off frauds that afftect single votes. You can trojan a machine if you know a voter is going to use it. It is actually very hard to preform a fraud on a wide enough scale to affect the outcome to any significant extent. It is also relatively easy to create log files etc since there can be redundant machines auditing the IP stream.
The Diebold issue is the reverse. It is quite hard to compromise a system, but if you can compromise the system you can control the vote absolutely.
The other factor that comes into the Diebold story is the incompetent coding, the lack of security knowledge and the refusal to seek any.
The current cost of a domain name is about $10. You can't get any type of address verification/authentication lookup from a reliable database for less than $20. If you want the result to be at all reliable it would cost at least $100 and most likely $200 - sound familliar? Thats what SSL certs cost.
The rule for domain names is quite simple, you use a false address, someone complains, you are likely to never get notice of the complaint, you lose the domain. Or you use a false address, you never get the renewal notice, you lose the domain. You have no idea how many IETF privacy nuts complained about not getting their renewal notices after typing in bogus address data, well DUUHHH!!
The only reason that WHOIS data is public in the first place is that when ICANN was being set up the competing registrars insisted that the rules should allow them to see Network solution's customer list so they could spam them with transfer offers. The other registrars then did what everyone else has done since, they created nominees to hide the true identities of the holder.
WHOIS would be best shut down. The spammers are never going to give valid data anyway. Instead use the reverse DNS to advertise a contact address to go to when you have a problem with info comming from an IP record. Nice thing here is that in many cases the delegation of reverse DNS reaches exactly to the level you would want to pick up a phone to talk to someone about a hacker comming from their net.
Of course you would need to authenticate any use of that data, telephone numbers would only be given out on a need to know basis etc. But we could do a lot better than whois. I have never traced a hacker successfully using whois data.
You have it all wrong - Barney
Depends on who they are going to send.
I vote for a crew consisting of Michael Jackson, Ossama Bin Laden and Katherine Harris.
Yep, that is it. I know how to use perfmon, I can recognize an explorer crash. But sometimes the thing just goes off to sleep.
I noticed a similar issue with dotNET, it can take an awful long time to parse XML and while it is busy it can be stuck at 22% utilization on a 2 proc machine.
Outlook is also good at doing this when you make the mistake of using MAPI connect mode. The idiots at MSFT used RPC. The program can hang for an hour synchronizing.
This is all stupid programming, not all in the O/S. I want the O/S to point the finger at the programmer responsible. I want his picture on a Web site.
Its been a long time since I had performance issues due to CPU bottlenecks. My twin processor 650MHz box works just as fast as my 2.4GHz single processor box in practice.
The big issue for me are the cases where the stupid machine just locks up and does fuck all for 20 seconds or so. CPU meter shows 3% utilization, no disk activity. What is the stupid thing doing?
Same goes for UNIX systems, its not the processing thats the issues, or even the legitimate I/O delays, its the cretinous delays built into broken device drivers and applications.
I would like Windows to have a meter built in that would show which processes were waiting and the resources they were waiting on.
My other pet peeve is what the cretins at Checkpoint think is an acceptable VPN client. Every time the credentials time out a box appears for me to re-enter my credentials. Only I use cert based credentials stored in CAPI so all I am doing is hitting OK. Even so the box locks the user interface for about 90 seconds while it does something. Oh @$#(& it did it again.
Ever wondered why the Bushies did not use the name 'Operation Iraqi Liberation'?
There are several reasons to suspect MyDoom is written to order besides the note. The original launch appears to have been from machines broadcasting the virus payload. That is why the virus suddenly came out of nowhere. The author must have expected this since the timetable for the SCO attack was pretty short.
I suspect we will eventually discover that the MyDoom.B virus is launched by the same gang.
The way to catch these guys is to look at the worst types of criminal spam out there - the Paypal, Citibank etc. impersonations that are intended to perform identity theft. I'll bet that one of those gangs sent the message. They have the resources to pay for bespoke hacking.
Alternatively break into one of the spam sender forums and look to see if someone is retailing a new batch of 'owned' machines.
The alleged explosion was an intentional consequence of a US action.
It is not credible for many reasons, the technical issues alone, the timetable (16 months for the whole plot), the fact that no such explosion is reported in 1982 and the fact that the US does not commit acts of war against countries as strong as it is.
Reagan was terrified of the Soviets and communism. He thought they were likely to lob bombs at any moment. He certainly did not want to invade the USSR and rule. His concern was the threat to the US and the free world as he called it.
The last thing Reagan was going to do was commit an act of war against the USSR. It would be completely stupid.
At the time the statement was regularly made that if the soviets invaded western Europe the war would be over in 3 days and we would be forced to go nuclear or surrender.
The GOP knows now that the USSR was a paper tiger that would implode under its own weight. Reagan certainly did not in 1981.
If you accept the GOP fable about spending the war into the ground (true in a way, but it was really Jack Kennedy and the moon shot), why would Reagan risk a war over such a pointless action?
During the cold war I used to regularly play games of bridge with a KGB agent, a CIA agent and a Mossad agent. That is the way it was back then. We all knew what everyone did.
This fable took place in 1981 and 1982. The state of the art then was very different. Think what was happening at the time. The IBM PC came out in 1982, by 1985 it was mainstream and the clones were being churned out.
I agree that in 1985 it would be slightly more credible. But even then, we were doing 100% bespoke software for our systems at that time. The idea that off the shelf code existed for control of a complete pipeline system is crazy. It does not even exist now, you build up the parts from toolkits.
Like when have you ever seen two chemical plants that are absolutely identical in every detail let alone churned out on a mass produced basis? How could you have the generic system described?
Well I don't know how many mod points got burned, but there must have been at least 20 spent on the first post. It went from 5 to -1, cycled several times and then crawled back to 5. When I made the comment about republicans it had been moderated down to -1. The thing is that they all used the 'overrated' choice, not 'troll', I think folk do that to avoid being meta-moderated. After all it could be the person moderated down a story that was at 5 at the time rather than 0.
This is somethin I have observed on slashdot a few times, you criticize Bush and make a point that hits home and some group seems really keen to make sure it does not get heard.
It could just be folk reading the thread, or it could be organized. Send a note out on some far right list and say 'quick, mod down this story if you have points'.
If it was just folk reading the list you would expect the moderation to go in the same direction and stay there. Why would the folk who read a story early moderate so differently to the later readers?
I re-read the Safire piece. He claims the plot took place between the inaguration of Reagan (Jan 1981) and the explosion in June 1982.
That means 16 months to decide to shaft the Soviets, to cook up the plot, to steal the necessary information from the Soviets, to analyze it, to cook up the trojan and plant it on the Soviets. The Soviets would then have had to design the control system of the plant arround the stolen software (which has to play a central role), deploy it, teach the operators how to use it, commission the whole scheme and have it explode.
If you think through the steps necessary it is simply not credible or possible. The other issue Safire ignores is that the scheme clearly failed since the pipeline operated and operates very successfully. Causing the explosion would be like the WTC attack, an act of blatant terrorism with huge casualties which was never going to have the desired political effect.
The fact that every one of the people concerned is conveniently dead or incapable of response is probably the reason why the date is proposed. It has to be in Reagan's period of office (would Carter do that?) but before people who are still arround could say its a crock.
The security problem was spotted back in 1993 or 1994.
The problem was that the URI group was way out in hyperspace by then and not doing what people needed. There was an inordinate amount of effort went in to gopher URLs, the gopher losers wanted to have / be a normal character because it could appear in a Mac filename. The point about escape characters was lost.
Most browsers killed gopher because the protocol was so insecure, you could use a gopher URL to send any string you wanted to any port you wanted, ditto for finger.
The URIs that got used in practice were mostly the ones defined in Netscape. They did not give a wetslap for standards from the IETF or W3C, as far as they were concerned they defined the standard. They did not care much about security either, well not until it started to go embarrasingly wrong.
You have so far failled to back any of your own allegations, folk can judge you by your posts. You like dictators, you like Bush, you peddle the type of conspiracy stories spun by Wolfowitz and Perle.
The infamous statement by the then US ambassador to Iraq on the Iraq dispute over the Kewaiti oil fields is well established "Washington has no stake in this local dispute".
Equally beyond dispute is the assistence given to Saddam during the war he started against Iran and in which he used the chemical weapons.
You would have to read a history of CIA operations in the middle east to verify the other claims, these are not online but easy enough to get hold of.
I was doing control engineering in the mid 1980s. Electronic control was just appearing. Microprocessors had only just appeared and 8 bit was state of the art in 1982.
There were electronic controllers but they were pretty clunky. They were analogue systems that used a series of op-amps to create a three term controller. there was an advantage to using those over a compressed air version but not much. You would still use compressed air to drive the valves - you still do in many cases.
As for the confused discussion of ROMs and such. These are analogue control systems. I am aware that you can use a ROM in the fashion described in a digital control system, it makes no sense for an analogue system.
The fact still remains that there was simply no component available in those days that was complex enough for it to be practical to hide a trojan in. Furthermore as others have pointed out quality control was so sloppy that everyone had to retest chips on arrival anyway. 10% of the chips you received would just be dead. No way could anyone build anything and have it work without testing.
Three term controllers are used as black box items, you test them in isolation. No way is anyone going to be able to predict how to sabotage a plant from the US. You would have no way of knowing which controller was going to go where.
The media accounts are wrong. Microsoft is pushing a processor cycles idea. The NPR interview with Ryan Hamlin the GM of the anti-spam division is a more accurate example of what they have presented.
The accreditation scheme that Microsoft and Yahoo are considering mean you pay for sending spam. You do not pay for sending email. It is like ironport bonded sender, you spam, you forfeit part of your bond. You no spam you no pay.
Ryan was pushing the computational scheme hardest. But the basic scheme is, you stop impersonation spam so you know where the message comes from, then you act on what you know about that person. It authentication and accreditation.