you laugh, but it would be easy to rig an RFID reader to a detonator.
Range is of course a problem, so the reader would have to be somewhere special... like the doorway to a pub frequented by American tourists, or near the plaque on a monument... something people have to get close to.
More advanced models might increment a counter... As Americans walk into, say, a hotel, the counter increments. Once it hits, say, 42 it detonates.
This might be more trouble than it's worth for the bomber, of course. If they know a certain hotel contains Americans, and have access to place an RFID reading bomb... why not just place a bomb with a conventional timer or command detonation?
As others have pointed out, if the RFID tag can only be read when the passport is open due to shilding in the cover ( big If ) then this works even less well.
Really? You had DVRs, video-on-demand an such a two decades ago?
Yep. Sure did. Except back then we called them VHS or Betamax.
My family must be one of seven who figured out how to use the timed record function on a vcr ( considering how hard it seemed to be for some people ). Sure, skipping commercials required the use of the fast forward button, and "on demand" video was more akin to finding a tape.
DVRs and video on demand are hardly revolutionay; rather they seem evolutionary... just better ways to do the same thing.
Which is what we're talking about with email. Do we really need a revolutionary way of looking at email, or do we need something evolutionary... like, say, IM clients becomeing standard for informal communication while email is reserved for more formal communication?
In much the same way email became standard for informal communication when paper memoranda was relegated to more formal uses when email first appeared in wide use. A natural progression, perhaps.
If the radio's pissing me off and traffic's kind of bad I'll just reach out and turn the damn thing off rather than try to locate a channel that doesn't suck.
Also, it's a good defense. If people know we're constantly developing new technologies to swiftly kick their ass, they'll be less likely to try a conventional attack on us.
Exactly what I was going to say.
A good chunk of maintaining peace is making war with you unthinkable. Maybe it's just human nature; think back to high school... who got picked on? The skinny weakling in glasses or the kid who hung out in the weight room?
If you look like a victim, you'll become one. This R&D keeps us from looking like a victim, and thus makes conventional attacks on us unthinkable to most, if not all, of the world. In that sense, even if one was a pacifist, one might see how this prevents conflict.
I'm registered as a Republican because I believe in true conservatism (small government, limited powers and no interference in private lives, etc) but in the last few years that seems to not be the Republican platform any more. It seems that both parties are out for totalitarianism, albeit through different methods but the end result is the same: powermongering and greed, with no thought or care about their "constituents." Tell them what they want to hear, then do what you want.
You're right on target.
This is eluded to in 'Whats the matter with Kansas', IIRC. Economically, there isn't much difference between the two main parties these days; the main difference seems to be on social issues. Both Dems and Repubs both have groups they dislike, and seek to oppress those groups. As the groups change power, they seem to be using the tools of the previous administration to further their own goals while building on more tools.
If this keeps up, I fear we'll be a Republic in name only.
How else are you supposed to do it? Or did TFA mean that it was stored in plaintext in the code?
I was confused by that as well. I presume plaintext, since storing a hash and comparing a hash generated from user input seems standard practice... at least in the non-virus writting community.
Ya think the writter had a PHB leaning on him to meet deadline?
3) Cops couldn't carry any weapon that couldn't be owned without a permit by any citizen not serving prison time. There's an ugly correlation between gun control and police disrespect for everyone from poor blacks to middle class white people...
That's the most insightful thing I've read on Slashdot in a long time. Thank you.
Agreed. When I saw this story, I figured I'd missed something, since my 9i DBs have had the patch since release.
Metalink note 360465.1 has a table of patch levels required for database versions and patch release dates by OS. For 9.2.0.6, 9.2.0.7, 10.2.0.1 it looks like patches are available, and 10.2.0.2 is only awaiting the patch for the HP Itanium platform ( expected today... I'm sure both sites who use Oracle on HP Itanium will be happy ).
There is some delay in other oracle versions on other platforms. If you're using 8.1.7.4, you're boned... although since IIRC all support for that version ends at the end of this year, I'd hope there's a migration in your future anyway.
For versions 10.1.0.3 and 10.1.0.4 it's a little odd... for some OSs there are patches available ( Tru-64, Linux, UNIX, et. al. ) but there's a wait for the windows versions. In 10.1.0.3s case some platforms must upgrade to 10.1.0.4 or 10.1.0.5, then apply patches for those levels.
So in short, if you're running the latest version of Oracle 9i or 10g on Windows, proprietary UNIX or Linux, there are patches available.
Locks are for honest people. If a pro really wants to steal your car, whether the key is physical or software won't matter much.
Not even a Pro, really. After all, implementation of the GTH(*) protocol has been known to facilitate the transfer of identity tokens to unauthorized third parties.
For perl, you could use a module which contains a hash of hashes. This stores only cyphertext keyed to values ( username => 'qifhhfwqe', password => 'aiuherg' for instance ).
In the application, you read the hash from the module and decrypt it prior to authentication.
Sure, someone who has both the code for the application ( which must contain the decryption routine ) and the perl module can decrypt the credentials, but it does prevent someone from reading a text / base_64 file for your username / password combination.
I'm sure other languages could impliment similar functionality; perl's just what I've been coding in lately.
Seems you and I had the same thought... I'll add that the next paragraph from TFA is intersting as well:
Still, energy projects don't even have to be viable to spark opposition: Already, there are activists gearing up to fight the nascent biofuel industry, on the grounds that fields of switch grass or cornstalks needed to produce ethanol will replace rainforests and bucolic country landscapes. Soon the nonexistent "hydrogen economy" will doubtless be under attack as well. There's a lot of earnest, even bipartisan talk nowadays about the need for clean, emissions-free energy. But are we really ready, politically, to build any new energy sources at all?
There is a downside to everything... which is something people seem to miss. Joe Sixpack and Sarah Soccermom want a perfect solution that never needs fixing, looks cute and emits only rainbows and pine scented goodness.
There is no perfect solution. Until people accept that, and agree on what the "least bad" solution is, we'll likely be stuck with deadlock. Lets hope it doesn't take electricity rationing and $20 per gallon gasoline to drag people to that point.
You just don't buy the right games. Grand Theft Auto: New Jersey (Q4/08) is rumored to come with a used condom, a hypodermic needle and a dead hooker in the packaging.
Sucessful dispersal of chemical and biological agents is tough. Government funded programs have not been very effective, what makes anyone think that terrorists could come up with an effective delivery system.
True, but also the sarin released was highly impure. One conductor who mopped up a puddle of the stuff with a rag was dead within 12 hours. Had it been real sarin, I doubt he would have lasted 12 minutes.
Slashdot Mirror
you laugh, but it would be easy to rig an RFID reader to a detonator.
Range is of course a problem, so the reader would have to be somewhere special... like the doorway to a pub frequented by American tourists, or near the plaque on a monument... something people have to get close to.
More advanced models might increment a counter... As Americans walk into, say, a hotel, the counter increments. Once it hits, say, 42 it detonates.
This might be more trouble than it's worth for the bomber, of course. If they know a certain hotel contains Americans, and have access to place an RFID reading bomb... why not just place a bomb with a conventional timer or command detonation?
As others have pointed out, if the RFID tag can only be read when the passport is open due to shilding in the cover ( big If ) then this works even less well.
That would make The Piano bearable... Holly Hunter would be nude through the whole movie!
Yep. Sure did. Except back then we called them VHS or Betamax.
My family must be one of seven who figured out how to use the timed record function on a vcr ( considering how hard it seemed to be for some people ). Sure, skipping commercials required the use of the fast forward button, and "on demand" video was more akin to finding a tape.
DVRs and video on demand are hardly revolutionay; rather they seem evolutionary... just better ways to do the same thing.
Which is what we're talking about with email. Do we really need a revolutionary way of looking at email, or do we need something evolutionary... like, say, IM clients becomeing standard for informal communication while email is reserved for more formal communication?
In much the same way email became standard for informal communication when paper memoranda was relegated to more formal uses when email first appeared in wide use. A natural progression, perhaps.
Yeah, I leave mine off too...
[badum-ching]
It does seem that this was a random theft, not a targeted attempt to steal the data.
However, how does the FBI know the data wasn't accessed?
If the police won't trust it... why should I?
Don't know about 811, but in my area it's 311. All non-emergency calls go there, although it's not manned 24/7 yet apparently.
see also: http://311.columbus.gov/
Would those terrorist cells be in the fifth column? ;)
You're right on target.
This is eluded to in 'Whats the matter with Kansas', IIRC. Economically, there isn't much difference between the two main parties these days; the main difference seems to be on social issues. Both Dems and Repubs both have groups they dislike, and seek to oppress those groups. As the groups change power, they seem to be using the tools of the previous administration to further their own goals while building on more tools.
If this keeps up, I fear we'll be a Republic in name only.
I was confused by that as well. I presume plaintext, since storing a hash and comparing a hash generated from user input seems standard practice... at least in the non-virus writting community.
Ya think the writter had a PHB leaning on him to meet deadline?
That's the most insightful thing I've read on Slashdot in a long time. Thank you.
Agreed. When I saw this story, I figured I'd missed something, since my 9i DBs have had the patch since release.
Metalink note 360465.1 has a table of patch levels required for database versions and patch release dates by OS. For 9.2.0.6, 9.2.0.7, 10.2.0.1 it looks like patches are available, and 10.2.0.2 is only awaiting the patch for the HP Itanium platform ( expected today... I'm sure both sites who use Oracle on HP Itanium will be happy ).
There is some delay in other oracle versions on other platforms. If you're using 8.1.7.4, you're boned... although since IIRC all support for that version ends at the end of this year, I'd hope there's a migration in your future anyway.
For versions 10.1.0.3 and 10.1.0.4 it's a little odd... for some OSs there are patches available ( Tru-64, Linux, UNIX, et. al. ) but there's a wait for the windows versions. In 10.1.0.3s case some platforms must upgrade to 10.1.0.4 or 10.1.0.5, then apply patches for those levels.
So in short, if you're running the latest version of Oracle 9i or 10g on Windows, proprietary UNIX or Linux, there are patches available.
Not even a Pro, really. After all, implementation of the GTH(*) protocol has been known to facilitate the transfer of identity tokens to unauthorized third parties.
(*) Gun To Head
Bingo.
A set of key/value pairs. There's even a wikibook on the subject:
http://en.wikibooks.org/wiki/Programming:Perl_Has
A hash of hashes is a multidimensional array.
For perl, you could use a module which contains a hash of hashes. This stores only cyphertext keyed to values ( username => 'qifhhfwqe', password => 'aiuherg' for instance ).
In the application, you read the hash from the module and decrypt it prior to authentication.
Sure, someone who has both the code for the application ( which must contain the decryption routine ) and the perl module can decrypt the credentials, but it does prevent someone from reading a text / base_64 file for your username / password combination.
I'm sure other languages could impliment similar functionality; perl's just what I've been coding in lately.
There is a downside to everything... which is something people seem to miss. Joe Sixpack and Sarah Soccermom want a perfect solution that never needs fixing, looks cute and emits only rainbows and pine scented goodness.
There is no perfect solution. Until people accept that, and agree on what the "least bad" solution is, we'll likely be stuck with deadlock. Lets hope it doesn't take electricity rationing and $20 per gallon gasoline to drag people to that point.
The people who liked Wesley Crusher... both of them?
Don't forget, we were also colonized by criminals... which is why we still like naughty bits.
You realize you're only modded "funny" because there's no option to mod you "Sad, but true"...
talk about bloat!
[badum-ching]
True, but also the sarin released was highly impure. One conductor who mopped up a puddle of the stuff with a rag was dead within 12 hours. Had it been real sarin, I doubt he would have lasted 12 minutes.
What, France was busy or something?
[badum-ching]
Either that or Microsoft's calendar is running five days late...
Cthulhu?
[badum-ching]