Replacing SDRAM (or RAMBUS or whatever) with some type of NVRAM will require a whole new approach to security. Otherwise, when you go home at night, what's to stop me from booting your computer (off a CD or floppy if it's reasonably secure), or rebooting it if you left it running but locked, and running an app that allocates a couple gigs of memory without initializing it then lets me browse it? Encryption keys, passwords, anything that's cached I could get. (Wouldn't care about anything stored on the disk, or other permanent media, I could get those with this method now.) Or, you could just initialize the memory on boot, but then you lose the advantages of nvram like the ability to shut down then pick right back up where you left off.
You couldn't even track it by user at the OS level (user a has memory x and y allocated, so user b can't use that.) because I could still boot it into a different OS through a removable drive...
Of course, you could just eliminate all caches of keys or passwords... But do you really want to have to re-enter your slashdot password everytime you hit refresh, or click on a link to the comments page, or click to read a reply?
Maybe the solution would be to specify a certain area of RAM that would get initialized on power-up (be it a reboot or just waking up from an NVRAM suspend), and get apps to put any sensitive information in that area... Which would probably require additions to your favorite OS's API, in addition to new versions of a lot of apps...
Just thinking 'out loud' here... Anybody else thought about this?
Yes, you're right. However, it's extremely lossy, and nowhere near fast enough to run in real time on even a high end computer at the same time as an intensive video game, which was the point I was trying to make. If you could do effectively lossless 10:1 compression in real time, I would be impressed. That's what I'd like to see a link to. (Even more impressed if you could do with little enough cpu to make it practical for the application we're talking about, which if you'll recall was wireless monitors.)
10:1 compression on video is pretty trivial these days, which means you'd only need 175Mbps for that resolution (although you'd probably drop it down to 24 bit color).
I'm very interested in this. Please post a link to your 10:1 realtime effectively lossless video compression method, I'm sure the divx and xvid folks would be extremely excited over it.
In other words, we need at least 1.75Gbps before I can play battlefield or raven shield with decent settings on a remote monitor. To play it at a better res (1600x1200), we'd need over twice that (4.29Gbps). Add the keyboard, mouse, etc. to the same link, and a few hundred Mbps for inter-computer communications, and I'd say that 5Gbps would be a good figure to look for before we can finally have completely wireless PCs.
Well, except the power cords... How are we coming on microwave power transmission? Anything anywhere near safe for use close enough to the family jewels to put it under the desk? (Jokes about geeks not needing those aside...)
The scariest part of that 43 page affidavit is where some of the evidence came from. On page 7:
22. On October 19, 2001, a resident of the Grail Apartments in Portland, Oregon provided to the Portland Division of the FBI a plastic grocery bag containing miscellaneous paperwork, some in Arabic, that he/she discovered earlier that week in the recycling bin at the apartment complex.
Since when does the FBI collect trash as evidence based on the recommendation of a random neighbor? Or is this a special exception since it contained, huge shock, Arabic writing?
More on page 36:
147: On October 5, 2002, the day after the arrests of Ford, Lewis, Battle and Muhammad Bilal, a neighbor of HAWASH, called the FBI Portland Division and stated that his wife and he resided at 2650 NE Aurora, Hillsboro, Oregon, until approximately June 2002. The neighbor stated that his previous neighbors (to the west of his residence in a light blue house, identified as Hawash's residence) who he identified as "Michael and Lisa" (HAWASH) were close friends of Ahmed Bilal and Habis Al Saoub. He observed Bilal, Bilal's wife Corrine, and Al Saoob frequently visiting Michael and Lisa's house. The neighbor further stated that Ahmed Bilal occasionally provided gardening services for him.
148: During a subsequent interview conducted by a representative of the JTTF approximately four months after his initial telephone call, the neighbor confirmed the identity of Ahmed Bilal from a photo spread, but was unable to identify Al Saoub.
149: On October 20, 2001, FBI Portland Division received a telephone call from a second neighbor of HAWASH in Hillsboro, Oregon, concerning Maher Mofeid HAWASH. The caller described HAWASH as a "Palestinian Muslim who works at Intel and is married with three children." The caller wanted to advise the FBI that HAWASH was spending more time at home following September 11, 2001, and that HAWASH was not as friendly as usual. During a follow-up interview with the second neighbor, he told investigators that following a visit by HAWASH's mother in the Spring of 2001, HAWASH changed his attire from "western" clothing to "eastern" clothing, grew a beard, and distanced himself from his neighbors. The second neighbor observed more vehicles driven by other Middle Eastern males coming and going from the residence. The second neigbor further believed that HAWASH began attending Mosque on a regular basis.
So, let's get this straight. The first neighbor called the FBI because he recognized that one of the people who had been arrested had been to Hawash's house. That, I can almost understand, especially if there was media attention from the first arrests (seems likely).
The second neighbor, on the other hand, called the FBI because.. why? Let's see, first, Hawash spent more time at home after 9/11. Gee, yes, that's suspicious, only like 80% of the people I know decided to spend more time with their family after that. And second, he wasn't as friendly as usual. But gee, huge tradgedies usually make people so *cheerful*, what could be his problem?
Then, when the FBI actually followed up on this inane call, they found that he started attending a Mosque, dressing in "eastern" clothes, grew a beard, and became withdrawn from his neighbors, in turn associating with other Muslims. Gee, that certainly sounds like he found religion, doesn't it? And while that's arguably not the brightest thing to do, last time I checked it wasn't illegal, even if it's an officially unpopular religion like Islam.
This whole thing is sick. Yes, there's other evidence in there that links him to the other people, that's fine. I'm not saying he's innocent. But the fact that the points above, particularly the 'second neighbor', made it into the report is just wrong.
Go to the site, make sure your sound is on, hit F11 (Assuming you're using Phoenix or IE), sit back, and relax. In about 10 minutes one of three things will happen. Either you'll understand his annoyance, you'll go into a coma, or you'll be hooked for life.
He might want to take a look at these records before deciding to take on IBM in court.
41 feet of paper!
At first glance, that did't seem to be all that much. After all, a standard page is 11 inches tall, so 41 feet is only around 45 pages end to end. It wasn't until reading the article you linked that I realized they were talking about a 41' stack of paper... Wow.
"Jan Deprest, President of Fedict, the Federal ICT department" said in the article:
It will allow Belgian citizens to authenticate themselves in an easy and
completely secure electronic way whenever they access e-government applications.
[emphasis added]
Sounds like he's (she's?) been listening to a snake oil salesman at Sun. Last time I checked, nothing was completely secure, least of all smart cards...
You assume perfection of the platform, tools and language; wich of course doesn't exist. Of course any designer of a given system can "break" the system. To believe otherwise is a matter of inexperience and possibly wishful thinking.
Of course perfect tools and platforms don't exist. But you're missing the point, perhaps out of 'inexperience and possibly wishful thinking'. If you know of a way to break the system, you fix it. You code around the hole in your platform, or you patch your tools, or whatver it takes. If you know how to break into your system, then you're not done securing it. Because if you can break it, so can anyone else. It's flawed thinking like yours that causes security problems. If you know how to break your system, and don't know how to fix it, you're probably not qualified to be building it in the first place.
even without explicitly coding a backdoor a "good" developer can get into and exploit a system of his/her own design and development simply as a result of an intimate understanding of the application and how it handles data
So your definition of a 'good' developer is one who can't even code a system securely enough that they can't get in? Funny, that's my definition of a 'bad' developer.
How do they fingerprint these files? Wouldn't it be quite easy to set up some sort of system to scramble the file before posting it on P2P and them descramble it to defeat the fingerprinting scheme?
Yes. Those scrambling systems are usually referred to as 'encryption'.
www.bovik.org/codeposition/best.gif [bovik.org] (confirmatory experiment you can do at home for less than the cost of building a Farnsworth fusor.)
Umm, sure you can do that at home for cheap, as long as you have a convenient source of heavy water, a highly regulated substance that's a key ingredient in certain plutonium breeder reactors. Of course, it does occur naturally, you could filter it out of normal water at a ratio of about 1 molecule in 20,250,000 [1] if you had enough time. Or you could just make it yourself through enrichment, provided you can find a source of deuterium (good frigging luck) and had at least a few grand to throw at the equipment. There's more in depth information at the FAS site if you don't believe me.
I'd love it if I was wrong and you had a convenient source of heavy water, but I somehow doubt it.
1: I got the 20,250,000 number because deuterium is an isotope of hydrogen which occurs naturally at a rate of about 1:4500 hydrogen atoms, but to make heavy water (D2O) out of regular water (H2O) you have to have both hydrogen atoms replaced with deuterium, making the natural heavy water ratio 1 in 4500^2, or 1:20,250,000.
Just because there's correlation doesn't mean its cause and effect. In recent years the number of teenage smokers has dropped, and cpu processor speeds continues to increase, the two must be related...
Actually, they are vaguely related - you've just stumbled onto one of Moore's numerous lesser known laws - that the number of anti-smoking ads kids are exposed to will double every election year.
OK that site pisses me off. They pull that stupid ass 'split the article into multiple pages to get more banner views' trick, but A) they split them into 1 or 2 paragraph pages, and B) the only banner they're running is their own. So, what, they're splitting the article up so they'll pay themselves more? Or are they just trying to inflate their # of hits to try to attract more advertisers? (If it's the latter, congrats,/. just helped them more than they could have ever imagined!)
Slashdot Mirror
3 people correct you with almost identical posts, and all 3 are modded as informative.
I hate to point it out, but you seem to have used the same example twice.
Watch, for their next letter, they're going to warn about the dangers of using Microsoft products!
You couldn't even track it by user at the OS level (user a has memory x and y allocated, so user b can't use that.) because I could still boot it into a different OS through a removable drive...
Of course, you could just eliminate all caches of keys or passwords... But do you really want to have to re-enter your slashdot password everytime you hit refresh, or click on a link to the comments page, or click to read a reply?
Maybe the solution would be to specify a certain area of RAM that would get initialized on power-up (be it a reboot or just waking up from an NVRAM suspend), and get apps to put any sensitive information in that area... Which would probably require additions to your favorite OS's API, in addition to new versions of a lot of apps...
Just thinking 'out loud' here... Anybody else thought about this?
Yes, you're right. However, it's extremely lossy, and nowhere near fast enough to run in real time on even a high end computer at the same time as an intensive video game, which was the point I was trying to make. If you could do effectively lossless 10:1 compression in real time, I would be impressed. That's what I'd like to see a link to. (Even more impressed if you could do with little enough cpu to make it practical for the application we're talking about, which if you'll recall was wireless monitors.)
I'm very interested in this. Please post a link to your 10:1 realtime effectively lossless video compression method, I'm sure the divx and xvid folks would be extremely excited over it.
1024*768*32*75=1887436800
In other words, we need at least 1.75Gbps before I can play battlefield or raven shield with decent settings on a remote monitor. To play it at a better res (1600x1200), we'd need over twice that (4.29Gbps). Add the keyboard, mouse, etc. to the same link, and a few hundred Mbps for inter-computer communications, and I'd say that 5Gbps would be a good figure to look for before we can finally have completely wireless PCs.
Well, except the power cords... How are we coming on microwave power transmission? Anything anywhere near safe for use close enough to the family jewels to put it under the desk? (Jokes about geeks not needing those aside...)
The scariest part of that 43 page affidavit is where some of the evidence came from. On page 7:
Since when does the FBI collect trash as evidence based on the recommendation of a random neighbor? Or is this a special exception since it contained, huge shock, Arabic writing?
More on page 36:
So, let's get this straight. The first neighbor called the FBI because he recognized that one of the people who had been arrested had been to Hawash's house. That, I can almost understand, especially if there was media attention from the first arrests (seems likely).
The second neighbor, on the other hand, called the FBI because.. why? Let's see, first, Hawash spent more time at home after 9/11. Gee, yes, that's suspicious, only like 80% of the people I know decided to spend more time with their family after that. And second, he wasn't as friendly as usual. But gee, huge tradgedies usually make people so *cheerful*, what could be his problem?
Then, when the FBI actually followed up on this inane call, they found that he started attending a Mosque, dressing in "eastern" clothes, grew a beard, and became withdrawn from his neighbors, in turn associating with other Muslims. Gee, that certainly sounds like he found religion, doesn't it? And while that's arguably not the brightest thing to do, last time I checked it wasn't illegal, even if it's an officially unpopular religion like Islam.
This whole thing is sick. Yes, there's other evidence in there that links him to the other people, that's fine. I'm not saying he's innocent. But the fact that the points above, particularly the 'second neighbor', made it into the report is just wrong.
Go to the site, make sure your sound is on, hit F11 (Assuming you're using Phoenix or IE), sit back, and relax. In about 10 minutes one of three things will happen. Either you'll understand his annoyance, you'll go into a coma, or you'll be hooked for life.
At first glance, that did't seem to be all that much. After all, a standard page is 11 inches tall, so 41 feet is only around 45 pages end to end. It wasn't until reading the article you linked that I realized they were talking about a 41' stack of paper... Wow.
Sounds like he's (she's?) been listening to a snake oil salesman at Sun. Last time I checked, nothing was completely secure, least of all smart cards...
Not if Nanotechnology gets there first.
With that much duct tape, you think they'd be able to piece together a server that wouldn't be slashdotted so fast...
No, the ideas cannot have been previously published. I saw that one on slashdot already.
Ultimate Arena already does that.
Of course perfect tools and platforms don't exist. But you're missing the point, perhaps out of 'inexperience and possibly wishful thinking'. If you know of a way to break the system, you fix it. You code around the hole in your platform, or you patch your tools, or whatver it takes. If you know how to break into your system, then you're not done securing it. Because if you can break it, so can anyone else. It's flawed thinking like yours that causes security problems. If you know how to break your system, and don't know how to fix it, you're probably not qualified to be building it in the first place.
:)
Actually, Sid Meier is American...
Umm, sure you can do that at home for cheap, as long as you have a convenient source of heavy water, a highly regulated substance that's a key ingredient in certain plutonium breeder reactors. Of course, it does occur naturally, you could filter it out of normal water at a ratio of about 1 molecule in 20,250,000 [1] if you had enough time. Or you could just make it yourself through enrichment, provided you can find a source of deuterium (good frigging luck) and had at least a few grand to throw at the equipment. There's more in depth information at the FAS site if you don't believe me.
I'd love it if I was wrong and you had a convenient source of heavy water, but I somehow doubt it.
1: I got the 20,250,000 number because deuterium is an isotope of hydrogen which occurs naturally at a rate of about 1:4500 hydrogen atoms, but to make heavy water (D2O) out of regular water (H2O) you have to have both hydrogen atoms replaced with deuterium, making the natural heavy water ratio 1 in 4500^2, or 1:20,250,000.
Actually, they are vaguely related - you've just stumbled onto one of Moore's numerous lesser known laws - that the number of anti-smoking ads kids are exposed to will double every election year.
It's okay, they took the pictures for you... http://www.arnierosner.com/ccd/wallpaper/saturn/ (Actually those are older, sometime before Oct. 11, but they're still sweet.)
7 computers and not a single UPS? And you call yourself a nerd! :)
OK that site pisses me off. They pull that stupid ass 'split the article into multiple pages to get more banner views' trick, but A) they split them into 1 or 2 paragraph pages, and B) the only banner they're running is their own. So, what, they're splitting the article up so they'll pay themselves more? Or are they just trying to inflate their # of hits to try to attract more advertisers? (If it's the latter, congrats, /. just helped them more than they could have ever imagined!)
Doh.
And second, the sourceforge link in my original post is for Links :)