I know that a lot of/. readers are going to use this to say that they should have used linux. Some of the more security-astute will say that they should have used openbsd. The truth, however, is that picking operating system X or Y would not guarantee that something similar could not happen again. The way to avoid this in the future is to change the purchasing decision process for government contracts so they don't promote monocultures. In situations where you use a single type of platform, you are vulnerable to having a single type of bug shut down your enterprise. That's basically true of any OS.
It would be a lot harder for stuff like this to happen if they would:
develop cross-platform applications
use a variety of platforms
That doesn't replace having an adequate system in place for testing and installing the latest patches. It does, however, guarantee that slipping up and missing one patch won't stop you cold. It may slow your enterprise down, but stuff will still get done.
I agree that NEDRA drags are the motorsport where EV and HEV cars have done the best so far. Results elsewhere have been fairly mediocre.
To put things into perspective:
The results of the final leg of the 2002 Midnight Sun to Red Sea Rally are here. The prius was in Class B (1400-1600cc engines in new cars) along with two other cars - the Toyota Corolla
RSi and the Proton Satria . Nik Berg's Prius Rally Car finished 15th [not 14th, sorry about the previous misinformation] overall out of the 17 cars that finished the race. The two vehicles it beat were Keith Callinan's V-8 Holden Monero (picture here) in Class G and Tom Hayes' Volvo 122S (picture here here) in Class E, both of which are for cars 1971 or older. Unfortunately, the Prius finished last in Class B.
According to this reprint from the Atlanta Journal Constitution, The Panoz Q9 (a hybrid modification of a GTR-1) finished third in the GT1 Class. Unfortunately, that makes it the last in the GT1 class, and only number 12th overall in a field of 14 cars that finished the race. The results are here
Jeri Unser's ER3 climbed Pike's Peak in 14:33.12. The fastest climb that year was 11:34.70. (The results are here here.) 44 of the 57 cars that entered the race actually completed the hill climb. The ER3 placed 40th, beating a 2003 Nissan Z33, a 2001 Chevy Monte Carlo, a 1997 Subaru Impreza , and a 2003 Mitsubishi Lance. The ER3 *did* set a new record in its class, but was the only vehicle in that class. Unfortunately, both of the semi-trucks in the race(a kenworth and a freightliner) were faster.
In NEDRA Drag Racing, the current world record for the quarter mile is 8.801. It was set by Dennis Berube's Current Eliminator IV. That car is running about 250-275 hp. That time is *really* good for, especially for a car with that little horsepower.
The problem is that there are not enough electric cars racing to make them very visible. Until there are hundreds of EV dragsters with full sponsorship (so that they can actually go to events around the country instead of just setting records at their local track) instead of dozens with little or no sponsorship the visibility will never get high enough.
I think it will be hard for hobbiest to front the money to do this. It won't work unless we have big corporate sponsors...It would be cool if the Big Three would try an HEV in NASCAR....maybe skipping a pitstop would be enough to win a race. *THAT* would open some eyes.
All the misinformation about EVs out there and a century of being used to the ICE makes it all the more difficult to interest the public as well.
I agree. Unfortunately, I don't think we'll change that until we have EV/HEV cars that finish in the top 10% in a race instead of the bottom 15% of the field when they race.
If organized racing of electric, or even hybrid, cars were to take place...Education of the public
Unfortunately, it is already happening, and the public has not noticed.
Nik Berg's
Prius Rally Car finished 14th in the 5000 mile Midnight Sun to Red Sea Rally.
The Panoz Q9 hybrid finished 12th at LemManns. Jerry Unser beat several normal cars when she did the Pikes Peak Hill Climb
with an electric.
NEDRA has been drag racing electrics since 1998, and the NHRA now has rules for electric drag racing. Guess what? The public doesn't know and/or doesn't care. Until
EVs and HEVs are consistantly *WINNING*, the public won't notice. I wish it were not that way, but it is.
I was assuming a typical hybrid would be in the 100-120HP range.
First off, sorry for calling your blower a turbo. That's considered to be a major insult in some quarters.;-) Anyway, your estimate was in the ballpark for Toyota hybrids. It was actually over-optimistic for Honda hybrids.
The new Toyota prius is a touch more than your guess (drivetrain total of 145hp), the old one was a little less (drivetrain total of 114).
The Honda hybrids are weaker, although the cars are smaller and lighter to compensate. The 2003 Civic hybrid is only 85 hp, but I have seen one report that mentions 93 horsepower, so they may be about to increase that in the next model year. The older insight is even less than the civic, at a paltry 67 hp.
The engine shut-off isn't quite what it's cracked up to be. Yeah, when you stop at a light or in traffic the engine shuts off. But if you creep forward a bit the engine won't shut off the next time you stop. You have to get up to a certain speed or go a certain distance/time (not sure yet what the rules actually are) or next time you stop the engine stays on. And it doesn't even recharge the battery at that time. It's very frustrating because I sit in a lot of stop & go traffic and you can't just stay put when all the cars in front of you are rolling. You let off the brake and the engine kicks back on, and the only way to ensure it turns off next time is to let a big gap form between you and the car in front of you then gun it and step on the brake. Not a thing you want to be doing in heavy traffic.
In your driving conditions, the prius is much better hybrid. It stays on electric power in the situations you describe, and won't turn on the ICE until you get moving at a good pace again.
If I had a hybrid that got twice the fuel economy...I would lose...about 140HP and probably some seating room and trunk space.
Just curious, but what is your car's turbocharged sportscar's horsepower rating? If you are giving up 140hp, you must have something pretty zippy; i.e. above 285hp.
I'm thinking that you must have something pretty powerful. The new Prius hybrid has a 78hp engine and a 67hp motor.
I'm more impressed by the fact that the engine in the new prius is now 78 horsepower(it used to be 70 hp) and the motor is 50kW/67hp (it used to be 44 hp).
Toyota did the right thing. The new prius is bigger than the old one (now a midsize, not a compact), has fewer emissions, more horsepower, and accelerates faster. Now, if they could only make it cheaper, too....
If people are living that long, overpopulation will get ugly. Imagine a situation where laws are required that make china look liberal; i.e. a lottery to determine who can breed...
I'm not sure why anyone would want to live that long anyway.
Gads...an informed post on security and the CC
My complements.
Thanks.
EAL7 is the highest defined Common Criteria Evaluation Assurance Level. EAL2 is one of the lower ones and can be achieved by minimal documentation efforts. [....] For the original post to say "highest" is to say the writer misunderstood the significance of the IBM announcement.
I'm glad you pointed that out. Taco's "highest" comment was just plain silly.
I'm aware of only one OS aspiring to a greater than EAL5 level for a general purpose operating system, DigitalNet's STOP which is currently in evaluation, has been for 8 months and will be for several more months.
I didn't know you guys were doing that. It looks like you guys have built a ground up proprietary security OS with XTS-400. Am I reading that correctly? If so, that's much more ambitious than the Solaris/Linux proprietary modules Argus is using in pitbull.
PS - if you know anyone who needs the services of a CISSP,
let me know...;-)
If Win2k gets a higher rating than Linux, then why do we have
stuff like this happening?
Isn't it odd that a "comprehensive security rating" can overlook something as serious as a complete remote compromise?
No, it is not odd. It is expected, in fact. Microsoft's rating was for common criteria "CAPP/EAL4".
The CAPP part means that the OS provides "a level of protection which is appropriate for an assumed non-hostile and well-managed user community requiring protection against threats of inadvertent or casual attempts to breach the system security". I don't consider the internet to be a non-hostile and well-managed user community, so I'm not the least bit surprised that hostile remote attacks are possible. The evaluations didn't say that it was safe to hang the microsoft box - or the linux one - on the internet.
These lower level security evaluations don't
mean much in terms of real security out on the big scarey internet; i.e. the situation most of us find our machines in all the time. (This
has been discussed on slashdot before.) Basically, all that is necessary to get one is that you document *everything* and then throw a pile of money into having a government-approved independent organization evaluate your product and make sure that it does what the documentation says it does. If your product behaves as your documentation says it does, you get the certification.
It is worth noting that OpenBSD, who have only had one remote hole in the default installation in seven years, have avoided these types of certifications for a long time. Look at
Theo'scomments
on the C2 rating in the Orange Book (the predicessor of the common criteria.)
This is the formal description of EAL4 in the official
list of evaluation levels
EAL4 - methodically designed, tested and reviewed
EAL4 permits a developer to maximize assurance gained from positive security engineering based on good commercial development practices. Although rigorous, these practices do not require substantial specialist knowledge, skills, and other resources. EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line. It is applicable in those circumstances where developers or users require a moderate to high level of independently assured security in conventional commodity TOEs, and are prepared to incur additional security-specific engineering costs.
An EAL4 evaluation provides an analysis supported by the low-level design of the modules of the TOE, and a subset of the implementation. Testing is supported by an independent search for vulnerabilities. Development controls are supported by a life-cycle model, identification of tools, and automated configuration management.
Notice that the goal is to "retrofit" a product line with security, and only to the degree that doing so is "economically feasible". Compare that with Bruce Schneier's comment that
"Security isn't easy, nor is it something that you can bolt onto a product after the fact." No one should be surprised that feature-rich, general purpose operating systems designed for quick and easy use (i.e. everything turned on by default) are vulnerable.
I'm all for it. In my post that started this thread, I said that the civil rights movement
was a "proper form of law breaking". Someone else in this thread asked about
the british laws that were broken during the American Revolution. Same deal.
IP and copyright are fundamentally unethical laws in an age in where there
are no natural restrictions to the flow or creation of information.... [my emphasis -- 2]
I'd say talent and/or drive are restrictions. If you think it is so easy, write
your own music and content. Direct your own
movies. Then there's no need to pilfer someone else's.
...and the vast majority of "violators" are not doing so for profit or for gain.
People who get copies of copyrighted works without permission are profiting
from their efforts as they gain (i.e. obtain) something they didn't pay for.
O'Leary said: We feel strongly that everyone should comply with the requirements of all laws.
I think that's the key here.
As has been
pointed outbefore,
most file sharing, CD burning, etc. goes on because the public believes that they somehow have a *right* to a song or a movie without paying for it. That's just plain silly.
Ignoring the law just because it is inconvenient is wrong. O'Leary was incorrect in stating that *all* laws should be obeyed - the civil rights movement was an proper form of law breaking - but
"because I want this" is not a valid reason to break the law.
News flash: Web-based technologies change monthly, if not weekly. If we waited for them all to mature, we'd still be viewing Lynx compatible pages.
...and what would be so wrong with that? I was reading slashdot yesterday with lynx. Unless there is a bloody good reason for a site to be chocked full of graphics (e.g. a pr0n site, or one with photos illustrating "how to do X", etc.) it should be accessible to lynx. Why? Well, if you want your information to be available to the widest number of people possible, you have plenty of text. If you want you page to load fast, you have plenty of text.
wrong. The vulnerability in the cert advisory had nothing to do with rot13, but Dmitry and friends pointed out several problems at their talk in las vegas. One was that the "unbreakable" digital format that Adobe was selling to book publishers was nothing more than doing a rot13 on the file and then gzipping it.
Dmitry wrote a program that decrypted the things.
The DMCA declares such programs to be a "circumvention device", and make writing them, owning them, or describing them illegal. He wrote the program in Russia, but he flew to the USA and described it at his talk, thus violating the DMCA.
FWIW, that's the entire point of the DeCSS Art Contest; DeCSS has been declared a circumvention device, which makes it illegal. People are trying to skirt the law by incorporating it into artwork and claiming that forcing them to alter the art would violate their freedom of speech.
Is it pronounced "S, C, O, Linux" or do I say it like a word: "SKOH Linux"?
I called their line the other day to see why they were still distributing linux, and their voice mail said "S-C-O". This surprised me, since my friends and I have been pronouncing it 'skoh' since the 1996 or 1997.
Basically what the Nmap people are showing me is that if I implement an OSS product in my company, I have to worry about the developers dropping support for the platform I'm running it on if they have a personal grudge against the company that makes it. I'll be sure to take that into account next time I'm evaluating software.
Suppose a closed-source application company has a "Business Alliance" with a platform vendor; i.e. they get money upfront from the platform vendor to develop applications for that platform. If the vendor gets upset with the application company and the business alliance ends, they may not write for that platform anymore. This is no surprise.
Heck, it doesn't even take that. I worked for a company using HP-UX who were rather pissed off when the vendor of one of their business-critical applications decided not to develop for HP-UX anymore. The vendor got most of their money from clients using NT, and didn't think they could justify developing for HP-UX anymore.
SCO is an even smaller platform. I'm sure they've had lots of similar experiences where closed-source software companies stopped developing for the platform.
It is nice to see a prominent member of the security community (no, I'm not sucking up) respond in this way. I hope that many other developers will respond in kind. I suspect that wall street would loose faith in SCO if most of the commonly used networking tools were not supported on SCO products
safer, too.....
on
42-Volt Autos
·
· Score: 2, Informative
I forgot to add that this could make them safer, too. Right now cars that have high voltage systems (e.g. hybrid or electric cars) usually have separateelectrical systems; a high voltage one for the drive train, and a low voltage one for the rest of the car.
This is works, but it can cause fires if the high voltage system comes in contact with the low voltage one. Fires and high voltage systems in cars can be very nasty. This complicates the job of resuing people from an accident or repairing the car afterwards.
good for the environment
on
42-Volt Autos
·
· Score: 4, Informative
Way cool. One of the arguments that the Big Three automakers have been offering for why they don't make ultra-efficient ICE SUVs is that they require more expensive high voltage electrical systems. That's also one reason (albit a minor one) why gas-electric hybrids are so expensive.
Car manufacturers have said that it is more expensive for them if their product line has to have two different types of electrical systems. If high voltage electrical systems are going to be standard equipment, though, that argument will disappear.
if these two Germans are not under the NDA they should just post the code. If it was lifted from BSD, the original author should be able to identify their own work.
Adaere says: "Bowling for Columbine" wasn't a documentary, it was a mockumentary like "This is Spinal Tap".
Lots of people have been criticizing Moore without having their own facts straight. A good example is
this article, which is quoted in the one you mentioned above. It
attempts to demonstrate inaccuracies in the movie "Bowling For Columbine" (BFC), saying
"we've found Moore's facts a little slippery". In reality, it looks like the "facts" of the people criticizing
Moore and BFC are just as "slippery" as anything in the movie:
Hmmmm.....Forbes vs. CNN make contradictory claims about what the police say. Neither neither lists
a direct quote from a named source within the police department, so we can't be certain which one
is correct...I suppose we'll have to see what other students in the bowling class say.
Dustin Harrison says both were there. Jenni LaPlante says one was calm, so we know she believed one to be there. (Nothing
is said about the other.) John Hause says they missed the class, but he bases this on the fact that he didn't notice them, but he may have missed them if they "were calm" instead of behaving normally; i.e. if they weren't disrupting class with nazi salutes like they often did, he may not have noticed them. We can't say what the police think with
any certainty, because we don't have accurate quotes. However, it looks like some of their class thought they were there, and there's a logical reason why the one person quoted as saying they were not may have been wrong. The only way to know for certain is to check the class attendance sheet, but more people are saying they were there than not. I'd say BFC is on
solid ground.
Claim 2: Lockheed Martin's plant in Littleton doesn't make weapons. It makes space launch vehicles for TV satellites.
Truth: Moore was not standing in front of a weapon, but that plant does have a history of producing them
ESR's been doing this for years - ever since he took over maintenance of the Jargon File, he's been adding crap definitions that exist only to push his views.
That is *SO* true. He's the one responsible for all the "the proper term is cracker" threads that break out here. The term cracker was *never* widely used. Old time computer nerds of any hat color were "hackers". According to was Obscure Images of the cDc:
We would like to take a stand on this nonsense once and for all. We are of the firm opinon that the qualification for being a hacker is not something that can be stated on clear moral grounds. As far as we are concerned, crackers are something you eat.
Slashdot Mirror
It would be a lot harder for stuff like this to happen if they would:
- develop cross-platform applications
- use a variety of platforms
That doesn't replace having an adequate system in place for testing and installing the latest patches. It does, however, guarantee that slipping up and missing one patch won't stop you cold. It may slow your enterprise down, but stuff will still get done.I agree that NEDRA drags are the motorsport where EV and HEV cars have done the best so far. Results elsewhere have been fairly mediocre. To put things into perspective:
The results of the final leg of the 2002 Midnight Sun to Red Sea Rally are here. The prius was in Class B (1400-1600cc engines in new cars) along with two other cars - the Toyota Corolla RSi and the Proton Satria . Nik Berg's Prius Rally Car finished 15th [not 14th, sorry about the previous misinformation] overall out of the 17 cars that finished the race. The two vehicles it beat were Keith Callinan's V-8 Holden Monero (picture here) in Class G and Tom Hayes' Volvo 122S (picture here here) in Class E, both of which are for cars 1971 or older. Unfortunately, the Prius finished last in Class B.
According to this reprint from the Atlanta Journal Constitution, The Panoz Q9 (a hybrid modification of a GTR-1) finished third in the GT1 Class. Unfortunately, that makes it the last in the GT1 class, and only number 12th overall in a field of 14 cars that finished the race. The results are here
Jeri Unser's ER3 climbed Pike's Peak in 14:33.12. The fastest climb that year was 11:34.70. (The results are here here.) 44 of the 57 cars that entered the race actually completed the hill climb. The ER3 placed 40th, beating a 2003 Nissan Z33, a 2001 Chevy Monte Carlo, a 1997 Subaru Impreza , and a 2003 Mitsubishi Lance. The ER3 *did* set a new record in its class, but was the only vehicle in that class. Unfortunately, both of the semi-trucks in the race(a kenworth and a freightliner) were faster.
In NEDRA Drag Racing, the current world record for the quarter mile is 8.801. It was set by Dennis Berube's Current Eliminator IV. That car is running about 250-275 hp. That time is *really* good for, especially for a car with that little horsepower.
The problem is that there are not enough electric cars racing to make them very visible. Until there are hundreds of EV dragsters with full sponsorship (so that they can actually go to events around the country instead of just setting records at their local track) instead of dozens with little or no sponsorship the visibility will never get high enough.
I think it will be hard for hobbiest to front the money to do this. It won't work unless we have big corporate sponsors...It would be cool if the Big Three would try an HEV in NASCAR....maybe skipping a pitstop would be enough to win a race. *THAT* would open some eyes.
All the misinformation about EVs out there and a century of being used to the ICE makes it all the more difficult to interest the public as well.
I agree. Unfortunately, I don't think we'll change that until we have EV/HEV cars that finish in the top 10% in a race instead of the bottom 15% of the field when they race.
If organized racing of electric, or even hybrid, cars were to take place...Education of the public
Unfortunately, it is already happening, and the public has not noticed. Nik Berg's Prius Rally Car finished 14th in the 5000 mile Midnight Sun to Red Sea Rally. The Panoz Q9 hybrid finished 12th at LemManns. Jerry Unser beat several normal cars when she did the Pikes Peak Hill Climb with an electric. NEDRA has been drag racing electrics since 1998, and the NHRA now has rules for electric drag racing. Guess what? The public doesn't know and/or doesn't care. Until EVs and HEVs are consistantly *WINNING*, the public won't notice. I wish it were not that way, but it is.
I was assuming a typical hybrid would be in the 100-120HP range.
;-) Anyway, your estimate was in the ballpark for Toyota hybrids. It was actually over-optimistic for Honda hybrids.
First off, sorry for calling your blower a turbo. That's considered to be a major insult in some quarters.
The new Toyota prius is a touch more than your guess (drivetrain total of 145hp), the old one was a little less (drivetrain total of 114). The Honda hybrids are weaker, although the cars are smaller and lighter to compensate. The 2003 Civic hybrid is only 85 hp, but I have seen one report that mentions 93 horsepower, so they may be about to increase that in the next model year. The older insight is even less than the civic, at a paltry 67 hp.
The engine shut-off isn't quite what it's cracked up to be. Yeah, when you stop at a light or in traffic the engine shuts off. But if you creep forward a bit the engine won't shut off the next time you stop. You have to get up to a certain speed or go a certain distance/time (not sure yet what the rules actually are) or next time you stop the engine stays on. And it doesn't even recharge the battery at that time. It's very frustrating because I sit in a lot of stop & go traffic and you can't just stay put when all the cars in front of you are rolling. You let off the brake and the engine kicks back on, and the only way to ensure it turns off next time is to let a big gap form between you and the car in front of you then gun it and step on the brake. Not a thing you want to be doing in heavy traffic.
In your driving conditions, the prius is much better hybrid. It stays on electric power in the situations you describe, and won't turn on the ICE until you get moving at a good pace again.
Just curious, but what is your car's turbocharged sportscar's horsepower rating? If you are giving up 140hp, you must have something pretty zippy; i.e. above 285hp.
I'm thinking that you must have something pretty powerful. The new Prius hybrid has a 78hp engine and a 67hp motor.
I'm more impressed by the fact that the engine in the new prius is now 78 horsepower(it used to be 70 hp) and the motor is 50kW/67hp (it used to be 44 hp).
Toyota did the right thing. The new prius is bigger than the old one (now a midsize, not a compact), has fewer emissions, more horsepower, and accelerates faster. Now, if they could only make it cheaper, too....
If people are living that long, overpopulation will get ugly. Imagine a situation where laws are required that make china look liberal; i.e. a lottery to determine who can breed...
I'm not sure why anyone would want to live that long anyway.
Gads...an informed post on security and the CC My complements.
;-)
Thanks.
EAL7 is the highest defined Common Criteria Evaluation Assurance Level. EAL2 is one of the lower ones and can be achieved by minimal documentation efforts. [....] For the original post to say "highest" is to say the writer misunderstood the significance of the IBM announcement.
I'm glad you pointed that out. Taco's "highest" comment was just plain silly.
I'm aware of only one OS aspiring to a greater than EAL5 level for a general purpose operating system, DigitalNet's STOP which is currently in evaluation, has been for 8 months and will be for several more months.
I didn't know you guys were doing that. It looks like you guys have built a ground up proprietary security OS with XTS-400. Am I reading that correctly? If so, that's much more ambitious than the Solaris/Linux proprietary modules Argus is using in pitbull.
PS - if you know anyone who needs the services of a CISSP, let me know...
These lower level security evaluations don't mean much in terms of real security out on the big scarey internet; i.e. the situation most of us find our machines in all the time. (This has been discussed on slashdot before.) Basically, all that is necessary to get one is that you document *everything* and then throw a pile of money into having a government-approved independent organization evaluate your product and make sure that it does what the documentation says it does. If your product behaves as your documentation says it does, you get the certification. It is worth noting that OpenBSD, who have only had one remote hole in the default installation in seven years, have avoided these types of certifications for a long time. Look at Theo's comments on the C2 rating in the Orange Book (the predicessor of the common criteria.) This is the formal description of EAL4 in the official list of evaluation levels Notice that the goal is to "retrofit" a product line with security, and only to the degree that doing so is "economically feasible". Compare that with Bruce Schneier's comment that "Security isn't easy, nor is it something that you can bolt onto a product after the fact." No one should be surprised that feature-rich, general purpose operating systems designed for quick and easy use (i.e. everything turned on by default) are vulnerable.
Since we have a link to Free Peltier, here is a link to the No Parole Peltier Association.
http://www.noparolepeltier.com/
Thanks. I actually wanted the phrase "very controversial" to be one link for and one against, but could not find this when googling....
This is the funniest joke I've seen on slashdot in quite a while. Of course, most /.'ers probably are not familiar with this
very controversial case.
how about ignoring law because it is wrong?
...and the vast majority of "violators" are not doing so for profit or for gain.
I'm all for it. In my post that started this thread, I said that the civil rights movement was a "proper form of law breaking". Someone else in this thread asked about the british laws that were broken during the American Revolution. Same deal.
IP and copyright are fundamentally unethical laws in an age in where there are no natural restrictions to the flow or creation of information.... [my emphasis -- 2]
I'd say talent and/or drive are restrictions. If you think it is so easy, write your own music and content. Direct your own movies. Then there's no need to pilfer someone else's.
People who get copies of copyrighted works without permission are profiting from their efforts as they gain (i.e. obtain) something they didn't pay for.
O'Leary said: We feel strongly that everyone should comply with the requirements of all laws.
I think that's the key here. As has been pointed out before, most file sharing, CD burning, etc. goes on because the public believes that they somehow have a *right* to a song or a movie without paying for it. That's just plain silly.
Ignoring the law just because it is inconvenient is wrong. O'Leary was incorrect in stating that *all* laws should be obeyed - the civil rights movement was an proper form of law breaking - but "because I want this" is not a valid reason to break the law.
News flash: Web-based technologies change monthly, if not weekly. If we waited for them all to mature, we'd still be viewing Lynx compatible pages.
...and what would be so wrong with that? I was reading slashdot yesterday with lynx. Unless there is a bloody good reason for a site to be chocked full of graphics (e.g. a pr0n site, or one with photos illustrating "how to do X", etc.) it should be accessible to lynx. Why? Well, if you want your information to be available to the widest number of people possible, you have plenty of text. If you want you page to load fast, you have plenty of text.
the incident had nothing to do with rot13
wrong. The vulnerability in the cert advisory had nothing to do with rot13, but Dmitry and friends pointed out several problems at their talk in las vegas. One was that the "unbreakable" digital format that Adobe was selling to book publishers was nothing more than doing a rot13 on the file and then gzipping it.
Dmitry wrote a program that decrypted the things. The DMCA declares such programs to be a "circumvention device", and make writing them, owning them, or describing them illegal. He wrote the program in Russia, but he flew to the USA and described it at his talk, thus violating the DMCA.
FWIW, that's the entire point of the DeCSS Art Contest; DeCSS has been declared a circumvention device, which makes it illegal. People are trying to skirt the law by incorporating it into artwork and claiming that forcing them to alter the art would violate their freedom of speech.
Is it pronounced "S, C, O, Linux" or do I say it like a word: "SKOH Linux"?
I called their line the other day to see why they were still distributing linux, and their voice mail said "S-C-O". This surprised me, since my friends and I have been pronouncing it 'skoh' since the 1996 or 1997.
Heck, it doesn't even take that. I worked for a company using HP-UX who were rather pissed off when the vendor of one of their business-critical applications decided not to develop for HP-UX anymore. The vendor got most of their money from clients using NT, and didn't think they could justify developing for HP-UX anymore.
SCO is an even smaller platform. I'm sure they've had lots of similar experiences where closed-source software companies stopped developing for the platform.
It is nice to see a prominent member of the security community (no, I'm not sucking up) respond in this way. I hope that many other developers will respond in kind. I suspect that wall street would loose faith in SCO if most of the commonly used networking tools were not supported on SCO products
I'm much more impressed with his experiments with sodium
I forgot to add that this could make them safer, too. Right now cars that have high voltage systems (e.g. hybrid or electric cars) usually have separate electrical systems; a high voltage one for the drive train, and a low voltage one for the rest of the car.
This is works, but it can cause fires if the high voltage system comes in contact with the low voltage one. Fires and high voltage systems in cars can be very nasty. This complicates the job of resuing people from an accident or repairing the car afterwards.
Way cool. One of the arguments that the Big Three automakers have been offering for why they don't make ultra-efficient ICE SUVs is that they require more expensive high voltage electrical systems. That's also one reason (albit a minor one) why gas-electric hybrids are so expensive.
Car manufacturers have said that it is more expensive for them if their product line has to have two different types of electrical systems. If high voltage electrical systems are going to be standard equipment, though, that argument will disappear.
if these two Germans are not under the NDA they should just post the code. If it was lifted from BSD, the original author should be able to identify their own work.
Lots of people have been criticizing Moore without having their own facts straight. A good example is this article, which is quoted in the one you mentioned above. It attempts to demonstrate inaccuracies in the movie "Bowling For Columbine" (BFC), saying "we've found Moore's facts a little slippery". In reality, it looks like the "facts" of the people criticizing Moore and BFC are just as "slippery" as anything in the movie:
Claim 1: It was commonly reported that the Klebold and Harris went to their bowling class before their attack. Forbes author Daniel Lyons says "Cool story, but police say it's not true. They say the shooters skipped their bowling class that day."
Truth: unknown, but more likely that they were there
Details:
CNN says: " Police said that, in fact, the two went bowling before they headed for school to launch the attack."
Hmmmm.....Forbes vs. CNN make contradictory claims about what the police say. Neither neither lists a direct quote from a named source within the police department, so we can't be certain which one is correct...I suppose we'll have to see what other students in the bowling class say.
Dustin Harrison says both were there. Jenni LaPlante says one was calm, so we know she believed one to be there. (Nothing is said about the other.) John Hause says they missed the class, but he bases this on the fact that he didn't notice them, but he may have missed them if they "were calm" instead of behaving normally; i.e. if they weren't disrupting class with nazi salutes like they often did, he may not have noticed them. We can't say what the police think with any certainty, because we don't have accurate quotes. However, it looks like some of their class thought they were there, and there's a logical reason why the one person quoted as saying they were not may have been wrong. The only way to know for certain is to check the class attendance sheet, but more people are saying they were there than not. I'd say BFC is on solid ground.
Claim 2: Lockheed Martin's plant in Littleton doesn't make weapons. It makes space launch vehicles for TV satellites.
Truth: Moore was not standing in front of a weapon, but that plant does have a history of producing them
Details:
The martin plant in littleton was founded as a defense plant, and is where the titan family of missiles were built . The Titan II is "the largest Inter-Continental Ballistic Missile (ICBM) ever developed by the United States.". In 1998, the Littleton plant recieved $550,889,415 of airforce money for continued booster procurement and assembly; three ship sets of solid rocket motor upgrades, spares, and liquid rocket engine quartz skirts for the Ti
That is *SO* true. He's the one responsible for all the "the proper term is cracker" threads that break out here. The term cracker was *never* widely used. Old time computer nerds of any hat color were "hackers". According to was Obscure Images of the cDc: