Yeah, it's just a shame that bitlocker is ONLY available on Ultimate! Not cheap dammit. They should have been able to easily check to see if the hash of that program was correct before executing it and forced someone to dig to modify that check. They have fallen to this sort of EASY attack before and I think they have made changes in the past to try and defend against it (remember when the LOGIN process could be renamed?). This just seems too easy to me. I'd like it if someone could verify just how high a level of access this shell really gives - SYSTEM looks scary but Vista seems to handle levels of access differently than previously relesed OS did
And this is why TPM stores an encrypted hash of those unencrypted files in it's locked storage. If the "measure" fails due to a modification to the unencrypted file (does Microsoft sign those files?) then the boot fails. The TPM chip stores those measures and does the checks over an encrypted bus, the chip itself is supposed to be tamper resistant and have measures in it to prevent RE. The TPM takes a measure on the BIOS too BTW. The TPM stores the crypto key for the volume as well so swapping it out is a no-go too.
TPM looks to be a tin plated bitch if it's setup right....
Hardware key logger - I can deploy one of those with physical access. Perhaps a modified USB or other keyboard driver might work on OSX too, something I could install with physical access. If only the user's home dir is encrypted then it sounds to me like those drivers, and obviously the hardware, are fair game for a key logger to get past your password. I simply need to take a copy of the encrypted dir with me and have the key logger email me your password when you log in:-)
I mostly agree with what you're saying however the checks and balances brought to the table by properly setup TPM push the bar so high that an attacker is going to have to be damned near a state supported entity to get the job done!:-O At what point do you declare enough is enough? I won't go into a dissertation as to how TPM works as it's lengthy and I'd probably screw it up but you're nto going to be able to just go in and modify how that hardware works to get past it easily. I don't 100% trust it or the vendors supporting it but it does look on the surface like some fairly high effort will be required to get past it.... if it's properly setup (heh)
I'm typing this on a *production* laptop right now that has TPM on it (thumb print scanner blah blah), not sure it has virtualization support. I also have an ASUS motherboard in one of my machines that can accept a TPM module - that CPU supports VT-d. The SO bought a new laptop for work and IT came with a TPM onboard too. Last but not least one of my Shuttle XPC might have a TPM too - it has a scanner on board but I've not investigated further.
As for an OS being able to use it yeah you CAN do it with Vista. It requires some drivers from the manufacturer like say Lenovo to work and isn't something that "just works" out of the box with Vista but my understanding is that YES you CAN set this up and that Microsoft employees do just that with their laptops. I will admit I've not done it myself, this machine has crappy XP Home on it, but I will be setting it up for Vista 64 Ultimate when I get arsed enough so I'll know for sure then. I will utilize the TPM as well, drivers for it are available form Lenovo just like they are from Toshiba and others.
Bottom line - you need not have some "special" Intel machine to have support for TPM and VT-d. Production computers, mostly laptops but some desktops, have been rolling out the door with this for at LEAST a year or more. Hell EFI is everywhere too if you are running an Intel chipset but few people realize that:)
Soldering iron to the TPM? The TPM has to be unlocked to get the key to unlock the encrypted partition. The TPM has to take "measures" on the hardware before it will unlock. Simply swapping out the TPM with a "soldering iron" buys you nothing - you have removed the one device that would, in a properly setup system, contain the key to the crypto!
You really ought to read up on TPM, it's a bit stronger than you have ASSumed. That's *if* the vendors have followed th espec, not backdoored THEIR drivers, and the crypto is really as good as they say etc. Lots of ifs but there's nothing better that I'm aware of IF you can manage to get it all setup correctly. Heh, bet that's a picnic!
Not completely strue - you will be able to read PARTS of the system, just not the OS. Bitlocker has a portion that is unencrypted - it must - so a boot disk does buy you SOME access. Just not the level of access shown in this video. Sadly Bitlocker is only available on Ultimate, it was dropped from the Biz version. Grrr!
And THIS is why 2-part protection is the best way to go. A USB or othe rdevice you keep on your person and a password you keep in your head. By all means slap a keylogger on there, it will not retrieve what has been stored on the physical device. Better yet use one of those FOBS with the rolling numbers and you cannot simply copy the device while the person sleeps. Probably some vulns there too but geez just how far you willing to go here? (lol)
I would like to see you try this with a fully setup TPM in place. The measures that will be performed on the BIOS at boot will determine that it has been modified and the game will be over. Likewise the ideas posted here to backdoor various bootloaders will be detected as the measures on those are checked. Bitlocker is simply a PIECE of the puzzle and not the whole puzzle. Microsoft and many others recognize that it won't fully protect a system and that things like unencrypted critical files and firmware are still vulnerable - that is why TPM is being developed to protect those.
No I do not think that TPM is the be all end all but you ought to recognize that that bitlocker wasn't meant to protect against the attack you propose and is simply a link in the chain that raises the bar of difficulty. Bitlocker is better for protecting against some dumbass imaging your drive while you're taking a shower in a foreign country or for protecting company secrets while sitting in secondary.
See the problem with that is that you had to use someone else's program to do this - it wasn't just something you could do. Someone had to reverse how the SAM was storing passwords blah blah. Plus now you have hosed up your "friends" password and he will know you have been playing on his machine when he gets back. See, that's not really kewl....
What you should have done that would have been more impressive would be to boot off a Linux CD and rename the SAM file. Then when the machine was booted again the Administrator password would have been BLANK. You could then have retrieved whatever information you wanted from your "friends" computer, renamed the SAM back to it's correct name, and when he returned his password would have been the same. This would have been much nicer for your "friend" and far more impressive since you would not have had to rely on someone reversing the password storage format of the SAM file - which BTW has changed a few times. Microsoft even started using SALT, the nerve!
Anyway, the rename method would have worked out of the box without any "boring" reverse work on someone else's part and would take advantage of a stupid oversight on Microsoft's work - just like this hack does. FWIW, I LIKE Vista and know that in general it's more secure than XP. That Microsoft was so STUPID as to allow something like this to work doesn't surprise me but it does dissapoint me. Hopefully they don't fix it before I've had a chance to show a "friend" how it works:-P
XBMC for Linux is where I think money ought to go - that or the EFF to whom I donate to every DEFCON. Many of us have used XBMC on the old XBOX but it's now been ported to Linux using SDL so in addition it is also being ported to OSX and even Windows. The code can now handle HD video and while still "Alpha" I find that it works well enough that I'm using it on my main HTPC to watch movies often. EFF needs no introduction.
While you may only be accepting a few connections I'd bet that MANY more connection attempts are being made by others who are unaware of your limiting connections. You can see this sometimes by shutting down a Torrent client and yet continuing to see many connection attempts as others in the cloud continue to try and get traffic from you. All of those attempts come through your router, if you were to monitor the traffic you might be surprised at how much stress it's being put under. Its a bit like a DOS attack I would suppose. I guess you could call this a fault of the protocol but I'm not sure how you might fix this. Your router may perform flawlessly but how often is it being asked to act like a WEB server during a Slashdot storm? That's sort of what's being asked of it from a connection standpoint when you're in a Torrent cloud serving up a popular Torrent IMO.
Suggest you seek more facts on the McDonalds case. Like for instance the fact that the coffee served by that establishment was significantly hotter than that served by all of the surrounding establishments by a significant amount and that McDonalds had received more than 700 complaints of injuries across their chain. The temperature was some 50 degrees hotter than a normal home coffee pot would serve it at. You might also learn that the woman simply wanted her medical costs attended to (that's $15K) and that the large settlement was awarded by the jury that was outraged at McDonald's behavior and attitude. While it's true she should have been more careful and focused the spill occurred while the car was stopped and she was *NOT* driving. I think that most any sane person would expect a spill to be merely painful and not require medical personnel to remove the clothing that had MELTED into her skin. Nor would a normal prudent person expect that a spill might require skin grafts to repair the damage. Would you have felt better about this settlement if it had been a child carrying a cup of coffee for their parent and gotten scalded? Oh wait, kids *had* been burned in the past and still McDonalds insisted on the temp being kept excessively high.
Here are some starter links for you, Google can provide more.
Very true and I'd mod you up if I could. My FIOS connection is capable of some pretty sick speeds when I let it off the leash - I actually see higher than advertised download speeds! However I don't abuse the connection too badly as I know that it would cause problems. I run a torrent client 24X7 with encryption turned on. I limit the speeds to a fraction of what it's capable of and only raise the limits when traffic is offpeak - like during the late evening hours. I also close out torrents when they have been sufficiently shared back or when the number of seeds is high enough to keep it going. Just because I have a good thing doesn't mean I should try to take advantage.
When I was on cable I also did this and I also discovered, as you noted, that ACKs can be pretty important (duh). On cable if I let my download free flow my upload would falter as would my VOIP and WEB surfing, eventually my download would begin to take a hit too. In the end I throttled my upload heavily but also my download to make sure that I had bandwidth available even when I was downloading something big. So far I've not seen this behavior with my higher speed FIOS connection but it was pretty pronounced with the ComCast cable - I never detected any signs of external throttling either. FIOS is coming down at about 3x the max speed I ever got from ComCast FWIW despite advertised speeds being somewhat close - YMMV.
I wonder what will happen when the ISP throttling begins to impact streaming video, iTunes, gaming, and other activities that require some sustained bandwidth. Will they finally own up to what they're doing? I for one will *not* be willing to goto a metered connection and think that this would be the worst idea possible....
That may be the hardware and not the ISP. Some modems puke when they get too many connection attempts - Limewire and Bitorrent can cause this behavior. You might want to try a different cable modem.
So how many people read that and thought it would identify dangerous FBI persons in the room? And who exactly trusts the sex offender lists? Take a leak in public and get caught and you could be on that list! It might be interesting to find or know about others who want to share but looking up information from some 3rd party list like that? No thanks!
Just about the most informative post in this thread! Finally someone who USED the software has stepped forward and answered the question the takedown raised - which is did the code contain anything from CoreAVC? Apparently not so the takedown was bogus. Reverse Engineering for interoperability is allowed, breaking content protection less so if the primary reason for doing it is to pirate the software. Interesting that CoreAVC backed off although the "we've allowed them" part is crap. Sadly the project I'm most interested in, XBMC on Linux, won't use this code anyway. However they DID take the CABAC patches that allowed for multithreaded decoding of H.264 so we be rocking:-)
I won't argue if this is what they want or not but I will point out that it need only be the group in power who pushes the button. They do not need the consensus of the population in order to launch weapons. At this point in time it might be safe to say that a majority of the US population is unhappy with our troops in Iraq and that doesn't seem to have stopped what's going on there either. Obviously consensus isn't needed to make war.
You'll note the very public statements that Iran's leadership has made about things such as the Holocaust. This is something that DID happen, in fact I've spoken to a soldier that was THERE when one of those camps was liberated. It cannot be denied by anyone sane and yet these folks declare it's never happened. How comfortable are you with this sort of folks controlling nuclear weapons?
I understand that there IS a very moderate middle class in Iran. They're educated, not radical, and supposedly reasonable. Unfortunately when other countries like the US rattle sabers it reinforces the radical rulers. Yup, it's a mess...
Solar water is supposed to be a great way to save big bucks. However in my case I use little hot water since my appliances are efficient and my existing heater is on-demand. If I saved 100% of my hot water heating costs right now I'd say maybe $20-$30 a month.:-(
I'm WAY more interested in cutting down my electric bill. I have C/F everywhere and my computer P/S are 85+ rated. Power bills are still too danged high!
This is called Guerrilla Solar. Home Power magazine used to run spotlights every issue although I've not seen one in awhile. Folks would show off their systems that had been setup without their power company knowing about it.
You're better off isolating some room for use with this small scale stuff if the cost of a certified approved and TESTED inverter is too much for you. Yes, these things are expensive but they are also heavily tested for long term use by labs to ensure they don't burn your house down in some odd failure mode or kill a guy up on a pole. Yeah, the guys on the pole are supposed to know better; somehow knowing that wouldn't make me comfortable if someone died because I was too cheap to do it right with a known good tested piece of hardware.
Stick to powering something off grid and get used to managing loads, charging batteries, and maintaining your power source if you cannot do it bigtime to start. As you get comfortable with it maybe commit to something more expensive. Screwing around and possibly hurting someone does no one any favors when others want to grid-tie. Some of the existing codes are onerous enough without mistakes forcing municipalities to make it even harder....
Umm, I already own two socket 775 XPC. I find them neither butt ugly nor particularly in the way on my desk. In the past I've owned about 4 other XPC and find that they are much less of a bother than full sized machines except when it comes time to upgrade them, upgrading a Mini is significantly more difficult. Unless you're willing to pile stuff on top of a Mini or turn it on it's side the footprint it takes up isn't all that much smaller than an XPC.
Frankly, I don't buy hardware simply because it looks pretty. If that's high on your list and you're okay spending too much then by all means buy yourself as much Apple hardware as you can stand. The Mini is a nice box, it's still overpriced.
How is the mini a good value compared to an XPC? You can put together a 3Ghz E8400 XPC with an 8800GTS etc. for a pretty decent price. Hell use a 65nm quad and you're still not doing too bad. I'd like a mini and all but 2Ghz for HOW much?! I must admit that building a Hackintosh is VERY tempting when looking at the prices critically. $800 with 1Gig of RAM and THAT video card?
I'd bet that his owning books on police investigative practices may have had something to do with the conclusion it was premeditated. I didn't follow the trial closely so I do not know if they covered WHEN he acquired the material but yeah - suspicious.
Frankly, I do not trust our legal system. His trial is somewhat high profile which of course means they will try extra hard, woe for him. I do find the idea she ran off suddenly unconvincing, she has children. The blood, the water in the car, the removal of the seat - all way tough to explain. But premotivated? Yeah, a bit tough to swallow...
Heh good points although I'm not quite as young as I used to be! I do think that I would be a prosecutor's nightmare or a guilty persons nightmare since I'd likely take it seriously and would try to think it through critically. I don't think that is really what either side wants however - they want whatever will make it easiest for them to "win".
Slashdot Mirror
Yeah, it's just a shame that bitlocker is ONLY available on Ultimate! Not cheap dammit. They should have been able to easily check to see if the hash of that program was correct before executing it and forced someone to dig to modify that check. They have fallen to this sort of EASY attack before and I think they have made changes in the past to try and defend against it (remember when the LOGIN process could be renamed?). This just seems too easy to me. I'd like it if someone could verify just how high a level of access this shell really gives - SYSTEM looks scary but Vista seems to handle levels of access differently than previously relesed OS did
And this is why TPM stores an encrypted hash of those unencrypted files in it's locked storage. If the "measure" fails due to a modification to the unencrypted file (does Microsoft sign those files?) then the boot fails. The TPM chip stores those measures and does the checks over an encrypted bus, the chip itself is supposed to be tamper resistant and have measures in it to prevent RE. The TPM takes a measure on the BIOS too BTW. The TPM stores the crypto key for the volume as well so swapping it out is a no-go too.
TPM looks to be a tin plated bitch if it's setup right....
Hardware key logger - I can deploy one of those with physical access. Perhaps a modified USB or other keyboard driver might work on OSX too, something I could install with physical access. If only the user's home dir is encrypted then it sounds to me like those drivers, and obviously the hardware, are fair game for a key logger to get past your password. I simply need to take a copy of the encrypted dir with me and have the key logger email me your password when you log in :-)
I mostly agree with what you're saying however the checks and balances brought to the table by properly setup TPM push the bar so high that an attacker is going to have to be damned near a state supported entity to get the job done! :-O At what point do you declare enough is enough? I won't go into a dissertation as to how TPM works as it's lengthy and I'd probably screw it up but you're nto going to be able to just go in and modify how that hardware works to get past it easily. I don't 100% trust it or the vendors supporting it but it does look on the surface like some fairly high effort will be required to get past it.... if it's properly setup (heh)
I'm typing this on a *production* laptop right now that has TPM on it (thumb print scanner blah blah), not sure it has virtualization support. I also have an ASUS motherboard in one of my machines that can accept a TPM module - that CPU supports VT-d. The SO bought a new laptop for work and IT came with a TPM onboard too. Last but not least one of my Shuttle XPC might have a TPM too - it has a scanner on board but I've not investigated further.
:)
As for an OS being able to use it yeah you CAN do it with Vista. It requires some drivers from the manufacturer like say Lenovo to work and isn't something that "just works" out of the box with Vista but my understanding is that YES you CAN set this up and that Microsoft employees do just that with their laptops. I will admit I've not done it myself, this machine has crappy XP Home on it, but I will be setting it up for Vista 64 Ultimate when I get arsed enough so I'll know for sure then. I will utilize the TPM as well, drivers for it are available form Lenovo just like they are from Toshiba and others.
Bottom line - you need not have some "special" Intel machine to have support for TPM and VT-d. Production computers, mostly laptops but some desktops, have been rolling out the door with this for at LEAST a year or more. Hell EFI is everywhere too if you are running an Intel chipset but few people realize that
Soldering iron to the TPM? The TPM has to be unlocked to get the key to unlock the encrypted partition. The TPM has to take "measures" on the hardware before it will unlock. Simply swapping out the TPM with a "soldering iron" buys you nothing - you have removed the one device that would, in a properly setup system, contain the key to the crypto!
You really ought to read up on TPM, it's a bit stronger than you have ASSumed. That's *if* the vendors have followed th espec, not backdoored THEIR drivers, and the crypto is really as good as they say etc. Lots of ifs but there's nothing better that I'm aware of IF you can manage to get it all setup correctly. Heh, bet that's a picnic!
Not completely strue - you will be able to read PARTS of the system, just not the OS. Bitlocker has a portion that is unencrypted - it must - so a boot disk does buy you SOME access. Just not the level of access shown in this video. Sadly Bitlocker is only available on Ultimate, it was dropped from the Biz version. Grrr!
And THIS is why 2-part protection is the best way to go. A USB or othe rdevice you keep on your person and a password you keep in your head. By all means slap a keylogger on there, it will not retrieve what has been stored on the physical device. Better yet use one of those FOBS with the rolling numbers and you cannot simply copy the device while the person sleeps. Probably some vulns there too but geez just how far you willing to go here? (lol)
I would like to see you try this with a fully setup TPM in place. The measures that will be performed on the BIOS at boot will determine that it has been modified and the game will be over. Likewise the ideas posted here to backdoor various bootloaders will be detected as the measures on those are checked. Bitlocker is simply a PIECE of the puzzle and not the whole puzzle. Microsoft and many others recognize that it won't fully protect a system and that things like unencrypted critical files and firmware are still vulnerable - that is why TPM is being developed to protect those.
No I do not think that TPM is the be all end all but you ought to recognize that that bitlocker wasn't meant to protect against the attack you propose and is simply a link in the chain that raises the bar of difficulty. Bitlocker is better for protecting against some dumbass imaging your drive while you're taking a shower in a foreign country or for protecting company secrets while sitting in secondary.
See the problem with that is that you had to use someone else's program to do this - it wasn't just something you could do. Someone had to reverse how the SAM was storing passwords blah blah. Plus now you have hosed up your "friends" password and he will know you have been playing on his machine when he gets back. See, that's not really kewl....
:-P
What you should have done that would have been more impressive would be to boot off a Linux CD and rename the SAM file. Then when the machine was booted again the Administrator password would have been BLANK. You could then have retrieved whatever information you wanted from your "friends" computer, renamed the SAM back to it's correct name, and when he returned his password would have been the same. This would have been much nicer for your "friend" and far more impressive since you would not have had to rely on someone reversing the password storage format of the SAM file - which BTW has changed a few times. Microsoft even started using SALT, the nerve!
Anyway, the rename method would have worked out of the box without any "boring" reverse work on someone else's part and would take advantage of a stupid oversight on Microsoft's work - just like this hack does. FWIW, I LIKE Vista and know that in general it's more secure than XP. That Microsoft was so STUPID as to allow something like this to work doesn't surprise me but it does dissapoint me. Hopefully they don't fix it before I've had a chance to show a "friend" how it works
XBMC for Linux is where I think money ought to go - that or the EFF to whom I donate to every DEFCON. Many of us have used XBMC on the old XBOX but it's now been ported to Linux using SDL so in addition it is also being ported to OSX and even Windows. The code can now handle HD video and while still "Alpha" I find that it works well enough that I'm using it on my main HTPC to watch movies often. EFF needs no introduction.
http://xbmc.org/forum/forumdisplay.php?f=52 for more information on Linux XBMC or check out the Wiki -> http://www.xboxmediacenter.net/wiki/?title=HOW-TO_compile_XBMC_for_Linux_from_source_code
P.S. ffmpeg is a project that MANY others benefit from including XBMC, if they need money they are also a worthy cause.
Perhaps if they had chosen larger slower moving blades this wouldn't be an issue?
While you may only be accepting a few connections I'd bet that MANY more connection attempts are being made by others who are unaware of your limiting connections. You can see this sometimes by shutting down a Torrent client and yet continuing to see many connection attempts as others in the cloud continue to try and get traffic from you. All of those attempts come through your router, if you were to monitor the traffic you might be surprised at how much stress it's being put under. Its a bit like a DOS attack I would suppose. I guess you could call this a fault of the protocol but I'm not sure how you might fix this. Your router may perform flawlessly but how often is it being asked to act like a WEB server during a Slashdot storm? That's sort of what's being asked of it from a connection standpoint when you're in a Torrent cloud serving up a popular Torrent IMO.
Suggest you seek more facts on the McDonalds case. Like for instance the fact that the coffee served by that establishment was significantly hotter than that served by all of the surrounding establishments by a significant amount and that McDonalds had received more than 700 complaints of injuries across their chain. The temperature was some 50 degrees hotter than a normal home coffee pot would serve it at. You might also learn that the woman simply wanted her medical costs attended to (that's $15K) and that the large settlement was awarded by the jury that was outraged at McDonald's behavior and attitude. While it's true she should have been more careful and focused the spill occurred while the car was stopped and she was *NOT* driving. I think that most any sane person would expect a spill to be merely painful and not require medical personnel to remove the clothing that had MELTED into her skin. Nor would a normal prudent person expect that a spill might require skin grafts to repair the damage. Would you have felt better about this settlement if it had been a child carrying a cup of coffee for their parent and gotten scalded? Oh wait, kids *had* been burned in the past and still McDonalds insisted on the temp being kept excessively high.
Here are some starter links for you, Google can provide more.
http://www.lectlaw.com/files/cur78.htm
http://www.centerjd.org/free/mythbusters-free/MB_mcdonalds.htm
Very true and I'd mod you up if I could. My FIOS connection is capable of some pretty sick speeds when I let it off the leash - I actually see higher than advertised download speeds! However I don't abuse the connection too badly as I know that it would cause problems. I run a torrent client 24X7 with encryption turned on. I limit the speeds to a fraction of what it's capable of and only raise the limits when traffic is offpeak - like during the late evening hours. I also close out torrents when they have been sufficiently shared back or when the number of seeds is high enough to keep it going. Just because I have a good thing doesn't mean I should try to take advantage.
When I was on cable I also did this and I also discovered, as you noted, that ACKs can be pretty important (duh). On cable if I let my download free flow my upload would falter as would my VOIP and WEB surfing, eventually my download would begin to take a hit too. In the end I throttled my upload heavily but also my download to make sure that I had bandwidth available even when I was downloading something big. So far I've not seen this behavior with my higher speed FIOS connection but it was pretty pronounced with the ComCast cable - I never detected any signs of external throttling either. FIOS is coming down at about 3x the max speed I ever got from ComCast FWIW despite advertised speeds being somewhat close - YMMV.
I wonder what will happen when the ISP throttling begins to impact streaming video, iTunes, gaming, and other activities that require some sustained bandwidth. Will they finally own up to what they're doing? I for one will *not* be willing to goto a metered connection and think that this would be the worst idea possible....
That may be the hardware and not the ISP. Some modems puke when they get too many connection attempts - Limewire and Bitorrent can cause this behavior. You might want to try a different cable modem.
So how many people read that and thought it would identify dangerous FBI persons in the room? And who exactly trusts the sex offender lists? Take a leak in public and get caught and you could be on that list! It might be interesting to find or know about others who want to share but looking up information from some 3rd party list like that? No thanks!
Just about the most informative post in this thread! Finally someone who USED the software has stepped forward and answered the question the takedown raised - which is did the code contain anything from CoreAVC? Apparently not so the takedown was bogus. Reverse Engineering for interoperability is allowed, breaking content protection less so if the primary reason for doing it is to pirate the software. Interesting that CoreAVC backed off although the "we've allowed them" part is crap. Sadly the project I'm most interested in, XBMC on Linux, won't use this code anyway. However they DID take the CABAC patches that allowed for multithreaded decoding of H.264 so we be rocking :-)
I won't argue if this is what they want or not but I will point out that it need only be the group in power who pushes the button. They do not need the consensus of the population in order to launch weapons. At this point in time it might be safe to say that a majority of the US population is unhappy with our troops in Iraq and that doesn't seem to have stopped what's going on there either. Obviously consensus isn't needed to make war.
You'll note the very public statements that Iran's leadership has made about things such as the Holocaust. This is something that DID happen, in fact I've spoken to a soldier that was THERE when one of those camps was liberated. It cannot be denied by anyone sane and yet these folks declare it's never happened. How comfortable are you with this sort of folks controlling nuclear weapons?
I understand that there IS a very moderate middle class in Iran. They're educated, not radical, and supposedly reasonable. Unfortunately when other countries like the US rattle sabers it reinforces the radical rulers. Yup, it's a mess...
Solar water is supposed to be a great way to save big bucks. However in my case I use little hot water since my appliances are efficient and my existing heater is on-demand. If I saved 100% of my hot water heating costs right now I'd say maybe $20-$30 a month. :-(
I'm WAY more interested in cutting down my electric bill. I have C/F everywhere and my computer P/S are 85+ rated. Power bills are still too danged high!
This is called Guerrilla Solar. Home Power magazine used to run spotlights every issue although I've not seen one in awhile. Folks would show off their systems that had been setup without their power company knowing about it.
You're better off isolating some room for use with this small scale stuff if the cost of a certified approved and TESTED inverter is too much for you. Yes, these things are expensive but they are also heavily tested for long term use by labs to ensure they don't burn your house down in some odd failure mode or kill a guy up on a pole. Yeah, the guys on the pole are supposed to know better; somehow knowing that wouldn't make me comfortable if someone died because I was too cheap to do it right with a known good tested piece of hardware.
Stick to powering something off grid and get used to managing loads, charging batteries, and maintaining your power source if you cannot do it bigtime to start. As you get comfortable with it maybe commit to something more expensive. Screwing around and possibly hurting someone does no one any favors when others want to grid-tie. Some of the existing codes are onerous enough without mistakes forcing municipalities to make it even harder....
Umm, I already own two socket 775 XPC. I find them neither butt ugly nor particularly in the way on my desk. In the past I've owned about 4 other XPC and find that they are much less of a bother than full sized machines except when it comes time to upgrade them, upgrading a Mini is significantly more difficult. Unless you're willing to pile stuff on top of a Mini or turn it on it's side the footprint it takes up isn't all that much smaller than an XPC.
Frankly, I don't buy hardware simply because it looks pretty. If that's high on your list and you're okay spending too much then by all means buy yourself as much Apple hardware as you can stand. The Mini is a nice box, it's still overpriced.
How is the mini a good value compared to an XPC? You can put together a 3Ghz E8400 XPC with an 8800GTS etc. for a pretty decent price. Hell use a 65nm quad and you're still not doing too bad. I'd like a mini and all but 2Ghz for HOW much?! I must admit that building a Hackintosh is VERY tempting when looking at the prices critically. $800 with 1Gig of RAM and THAT video card?
I'd bet that his owning books on police investigative practices may have had something to do with the conclusion it was premeditated. I didn't follow the trial closely so I do not know if they covered WHEN he acquired the material but yeah - suspicious.
Frankly, I do not trust our legal system. His trial is somewhat high profile which of course means they will try extra hard, woe for him. I do find the idea she ran off suddenly unconvincing, she has children. The blood, the water in the car, the removal of the seat - all way tough to explain. But premotivated? Yeah, a bit tough to swallow...
Heh good points although I'm not quite as young as I used to be! I do think that I would be a prosecutor's nightmare or a guilty persons nightmare since I'd likely take it seriously and would try to think it through critically. I don't think that is really what either side wants however - they want whatever will make it easiest for them to "win".