Wait a goddamned minute. Since when does *not having a cellphone* make you COOLer??!!?? Is that all it takes these days?
Get this, buddy: I didn't have a cell phone way back in 1997. That's right, I was too cool to have a cell phone before you were even cool enough to get one in the first place! Beat that!
Seriously though, if the patients are reporting on their experience, then that is not slander. Just stick to the facts and they should be fine.
There are two kinds of factual statemnts:
1) true statements, and;
2) false statements. Unless the statement is inherently contradictory, there's no way to know whether a factual statement is true just by looking at it, on (for instance) a website devoted to doctor's reviews of patients.
You can't have meaningful, productive free speech with perfect anonymity, because there's no accountibility possible in that scenario. People must be ultimately accountible for their statements, if those statements are aired in public. Even though it rarely comes up on the Internet (most of what we say is nonsense, wnayway), an aggrieved party still needs to have the ability to unmask you in order to sue you for libel. If the big, bad mean doctors are protected, so are the rest of us good folks.
You seem to get some kind of pleasure out of calling people liars, please try to keep the discussion civil if you want people to participate.
No, I don't just get jollies from calling people liars. On this issue, like none other, I KNOW when people are lying, or at least misinformed and acting like they know what they're talking about.
You do bring up serious issues--if you check our my posts on the rest of this thread, you'll see responses to them. I'm a little brisk, but I honestly believe that I have an informed, correct opinion on these issues. This isn't just an argument to me--it's a profession.
If you want to discuss this further, I left my email address (slightly obfuscated) in another post under this thread. Feel free to email me, and I promise we can have a civil, rational, man-to-man discussion about it.
So while it might be true *now* that a simple erase of the drive is sufficient, that only holds if you're concerned about a relatively small time window. Otherwise, you're safest in assuming that you have to take stronger measures.
Sure. But you're assuming that whatever future threats emerge will be exorcised by repeatedly over-writing disks right now. That's just as flawed as any assumption of where future technology goes.
Look, the point is that all of these rumors of being able to recover overwritten data are based on a specific, provable technological phenonemon that manifested in older hard drives. HARD DRIVES HAVE FUNDAMENTALLY CHANGED. The old theories no longer apply--they're horse-and-buggy to the modern automobile.
It's possible that in the future, they'll invent a "time-telescope" that allows them to look through the past and read my hard drive as it currently is. There are unimaginable future techniques that could emerge that will reveal the contents of MY hard drive, porno and all, to future generations.
But you know what? That's all crystal-balling, because you and I and EVERYONE else has NO THEORY that describes how this could possible work.
So. Fucking. There.
I am SO done with this thread. I posted my email address earlier--if you want to continue the discussion, find it and hit me up there.
Have they made some change to zero in the last 8 years that makes it less constant?
No, nothing so drastic. Hard drive technology has fundamentally changed in the last few years, and there was a huge industry-wide turnaround in methods that happened around 1997. The bulk of the changes had to do with the encoding mechanisms used to write and read data from the platter.
Even back then, these attacks were just theories, at least in public. It's possible that some spook-lab made them work, but there was never any real evidence that it was a practical technique, as opposed to a "space elevator dream". That's my opinion, at least, based on a review of the available literature.
But the changes in drive technology made it all a moot point. There aren't even any plausible theoretical methods to recover overwritten data on modern drives, let alone any evidence that it's ever been done. So if you believe that it can work, you have to also believe that the method has been kepy entirely secret from public academia and the business community, both of which would be very interested in the topic.
Something as simple as a single pass overwrite with a single digit isn't going to phase a professional at all.
I AM a professional, and it's not possible. Look, I'm too tired to type it all again, so just go here. I added a pretty good cite in one of the child posts, too:
(sorry if the link gets tangled). The author is Peter Gutmann. The paper you see on that link is actually an updated version of the original, which was published at USENIX '96, minus the "epilogue" section at the end. That's the critical part, where Gutmann basically backs off all the important conclusions about hard drive data recovery. He's still pretty optimistic in the epilogue (he talks about recovering one or two previous write passes of data), but you have to notice that he doesn't support himself, there, and the original citations don't support him, either.
Not to speak ill of Gutmann--he's done a lot of great work in UNIX security over the years, and he's a stand-out researcher. But he doesn't prove what he's saying.
Hopefully, the Gutmann terminology will be enough to get you started if you want to research the issue further. I used to have a couple dozen pages of cites and summaries on the issue, but I lost most of it when I left my last job. It's still out there, but it took me a couple of months to do it originally.
It's been said before, but I'll repeat the point here: there are enough surprising scientific discoveries that most people cannot distinguish between wacky-sounding-but-true statements and wacky-sounding-but-false statements.
This is why people keep propagating the myth that you can recover overwritten data from current generations of hard drives. It USED to be true, with older drives, and it's just spooky-sounding enough to be intriguing, so people want to believe it.
But it's still bullshit. Seriously, I would encourage anybody who thinks I grandstanding to do their own research and let me know. My email username is rlynch, domain is bway.net.
As the sibling-poster points out, I said "functionally" identical.
Yarrow's pseudo-randomness is indistinguishable from true random entropy sources, except over extremely large iterations. Which means that there aren't any known analysis methods that have been able to beat Yarrow, except in a few edge cases that aren't normally functionally relevant. If you fill a 200 GB hard disk with pseudo-random bits from a properly-seeded/dev/urandom, and fill another 200 GB drive with bits from a true hardware generator, you won't be able to tell the difference.
And remember: even hardware random number generators aren't perfect. Hardware devices sample an underlying physical process to get their bits, usually either thermal noise or radioactive decay or something similar where the behavior of events is largely governed by the rules of quantum mechanics. But the mechanisms that sample those events are never perfect, and so they all introduce some bias, and some patterns, into the bitstream.
A good hardware generator will behave close enough to "true" randomness over a long enough bitstream for your particular application, the same as with Yarrow.
1) Talking about recovery from an old drive, pre-1997, OR;
2) You're full of shit. Yes, a liar.
So explain yourself, please, because I will apologize immediately if the case is (1) or you can prove me wrong. Cite me some evidence--press releases from the company you worked for, or a paper written by the research team you worked with. Anything, hell--even your blog is something.
I've spent my last four years working as an examiner at a computer forensics firm. I have exhaustively researched this topic several times, hoping against hope that something is out there. There is nothing.
I have encountered a number of documented cases where a party to ligitation claimed that incriminating or exculpatory evidence had been overwritten on a hard drive. In at least two of those cases, the defendants spent more than $500K funding people who said "Oh yeah, I can do that--I just need cash for a lab and a magnetic-force microscope." Nobody EVER recovered over-written data, in any of these cases.
Um, no. No, they can't. I used to have to explain this repeatedly to clients:
UNLESS YOU ARE DEALING WITH A VERY OLD HARD DRIVE (pre 1997, at least), YOU CANNOT RECOVER DATA THAT HAS BEEN OVERWRITTEN.
Go read the Gutmann paper from Usenix '96, and note that he never actually performs any recovery tests, nor does he cite anything other than reports of data recovery in lab situations under ideal conditions.
Also, note that he REVISED that paper in 2000 or 2001 (not quite sure) to take into account the fact that platter encoding techniques post-1997 were vastly different form the platter encoding techniques of the previous era, making the attacks he discusses irrelevant and useless.
On any drive manufactured within the last 6 years, there's no point in using/dev/random at all. Besides, unless you have a hardware rand generator driving/dev/random, it would take weeks to wipe a decent-sized drive. And that's if you sit there and move the mouse to generate entropy the whole time.
As a side note, on Linux and the BSDs,/dev/urandom uses the Yarrow algorithm seeded from/dev/random, which has been shown to be functionally identical to a true random number generator. So if you do need random numbers, use/dev/urandom and save yourself the headache.
I seriously doubt that any magnet you can get your hands on would erase anything from a hard drive platter. Even bulk tape deguassers from five years ago won't do shit on a modern drive. It takes some seriously strong fields to erase a platter.
However, sticking a decently strong household or lab magnet against the drive housing may tense parts of the delicate mechanism inside, causing the bearing to go south or the actuator arm to cease working. It's still probably possible to pull the platters and remount them in a new housing (if the platters weren't too damaged by whatever mechanical failure you induce), and there are a few outfits that can do it for ~$3000 per drive.
Now, get real: Want to know the BIGGEST, best-kept secret in data forensics? The most effective way to forever put your data beyond the reach of cops and courts is:
dd if=/dev/zero of=/dev/hda
That's right, just a single-pass overwrite with zeros will do. Everything else you hear is either 8+ years out of date, or uninformed bullshit, or a scare story.
The other posters noted the "sync" option to 'mount' (or in "/etc/fstab"). This is helpful.
Of course, when you unmount a volume, it automatically calls the "sync" command to flush all the buffers to disk. You DO unmount volumes before tearing the drive out, right? Right??!
Honestly, you have the exact same problem on Windows, or any other OS that caches writes. This is pretty damn simple: unmount the volume, THEN pull the plug out. How can you fuck that up?
Yeah, and in 10, 15, 100 more years, monkeys might fly out of my butt. No, really--they might.
The argument that "this may become economical in the future, given better technology" is a nonsense argument because it's a truism, but it's a useless truism. We don't know what the future will hold, so any statement with "may" in it is perfectly valid, logically. But at the same time, making the statement is totally pointless because it merely states the obvious: that the future is unknowable.
If you have any arguments that tell us WHY or HOW this kind of mass transit may become economical in a reasonable time frame (less than 100 years, let's say), please enlighten us. Seriously, be a futurist and make an interesting point. I'll entertain it. Otherwise, you're just talking bullshit.
Are they rich in any materials that we may find useful to harvest in the future? If so, how can we get up there and bring those materials back?
These objects are in the Kuiper Belt... They are BEYOND THE ORBIT OF NEPTUNE.
I submit to you that there are no materials valuable enough to justify the energy required to move that much mass to the inner solar system, in any reasonable amount of time. For Christ's sake, we're barely at the point where we can get to Mars and back, let along move any significant amount of mass around.
You ask a good question--usually, companies don't bother buying other companies unless they see the potential to leverage some synergy between the parent and child.
It may be something hard to see from the outside, but I had a few ideas:
1) Ebay has a ton of core compentency in connecting and managing a VERY large number of users, especially in near-realtime transactions. Their auction business is dependent on their technical abilities to have an easy-to-use front end for a huge user population, as well as a reliable back-end that can manage how those users want to interact with each other.
2) Ebay has a large userbase. Skype's ultimate success depends on reaching a large enough mass of users to amortize its fixed costs, and so that network effects will make its service more attractive to new users. There's a cross-selling opportunity, here, along the lines of Google offering IM on top of its email services.
3) Fraud prevention. Ebay doesn't do a perfect job of preventing fraud (phony accounts, stolen accounts, etc), but it had a lot of experience dealing with it. I would imagine that a telecom service like Skype has similar issues with people abusing accounts, or that they foresee such abuse as the service grows more popular. All of the skills and expertise needed to deal with fraud in a massive userbase (like behavior pattern analysis, customer interaction, etc.) may be cross-applicable to both industries.
But these are just guesses. I imagine that there are possibilities that Ebay and Skype see, but that are hidden from outsiders. Might as well wait and watch what happens.
The simplest way to enforce intellectual property is the ban the import of goods that flaunt the law. No need for interstellar police forces, or invasions, or anything dramatic--just good old-fashioned trade embargos.
And remember, you can be sued in US courts for actions anywhere, even on Mars. So if these Martian people have any assets or business presense in the US, it's pretty simple to prove the relationship and use the local assets as a proxy to inflict punishments on the offenders.
Do you REALLY audit every piece of code that you run? The entire Linux kernel, for instance? I don't believe it. And even if you make a good effort to get most of the network-exposed code audited, you can never be sure that you're actually finding vulnerabilities--can't prove a negative.
Disclosure of exploits and fixes to the author is like any other OSS bug-fix submission: Yes, you're doing work that you're not getting paid for. But at the point where you've already done the work, your time is a sunk cost. Why not inform the author (nearly zero cost to you), and do everybody else in the world a favor? Sure, you lose that "competetive advantage", but you also have to maintain all your own patch sets against published versions, which INCREASES the amount of effort you have to spend. If you have a secret bug fix, you have to re-work the patch every time a new version comes out, so you can use all the other bug fixes that you didn't find that are in the published version.
Also, a secret bug fix may not be a fix at all. Isn't it better to tell the authors, and let people who know more about a particular software package than you determine whether 1) it helps, 2) it doesn't cause additional problems, and 3) it's the best way to fix the problem?
IN short, I believe that your hubris actually makes more work for you, and will eventually come back to bite you in the ass when you break something in the process of trying to fix it yourself, or you screw up your source trying to maintain your precious secret patch sets.
At that point, I just hope you're not working for me. But you sound like an arrogrant control freak, anyway, and we don't hire people like that.
Then arrange to have the benchmarking done in a country which won't uphold anti-competitive bullshit clauses (and when Oracle protest that the license lets them sue the guy in the jurisdiction of Buttfuck, Illinois, will tell them where they can stick their extradition request).
When you're sueing someone, there's no extradition--that's solely for criminal proceedings. There is no analogous concept in civil litigation. It doesn't matter WHERE the violation of the contract takes place. You could have someone in Venezuala, or on Mars, perform the benchmarking, and you'd STILL get sued in a California court (assuming that's what Oracle wrote into the license agreement).
So if Oracle has a contract/license agreement with a customer that says "no benchmarking", and another clause that says "all disputes will be settled in Marin Co., CA", they don't have to bother with Buttfuck, IL at all:
1) Oracle files lawsuit against customer in Marin Co. court.
2) Marin Co. court looks at the contract clause governing jurisdiction, agrees that Marin is a valid court to hear the case.
3) Lawsuit proceeds.
If the defendant doesn't respond or show up, Oracle automatically wins the suit by default, and a judgement is entered against the defendant. Then Oracle has a court order, valid in EVERY other county in the USA, demanding that the defendant pay the judgement.
And Buttfuck, IL will enforce the order.
(If it were THAT easy to get out of a contract clause, wouldn't
Just how many satellite launches do you think take place in one year? If you need 100 microsatellites sent to the same spot in orbit to duplicate the functionality of a single big satellite, you'll be launching most (if not all) of those birds on a single rocket.
Not necessarily. You can piggyback on multiple other launches to get several payloads to the same spot in orbit--it might take a while, but you factor that into your operation. And we don't yet know whether 100 microsatellites will need to be in the same place to do the job of one big guy.
Right now, it's impossible to know how many satellites, or in what configurations, would be required to perform the job of one bigger satellite. That's why these guys are researching the issue: to determine what the practical constraints of the idea are.
And even if you're right about having to put all the microsatellites in one spot, you miss that fact that the cheaper birds can be redesigned and replaced on a much shorter schedule than bigger, more expensive satellites. A $500million comsat needs to have a service lifetime of years, if not a decade or more, in order to pay for itself. Whereas micros could be redesigned like automobiles, every year or two, with new ones being sent in to replace or augment on a continuous basis.
Want to know the biggest problem with a $500m, 12-year old satellite? It's using technology that's 15 years old. Bigger, heavier chips and components. More expensive tech. And it's impossible to take advantage of newer, cheaper, smaller stuff if you aren't building new birds. The microsatellites, since they could be continuously re-designed and deployed, would be taking advantage of the new tech all the time.
Think of it like buying a computer that you have a 15-year upgrade path for, as opposed to a computer that will never get any faster of better without you buying a whole new system. Even if the total 15-year cost of the upgradable system amounted to $600m or $700m, and the non-upgradeable system was only $500m, you'd still be winning because you're getting more for your money. You keep the system current with new tech, and your lifetime computing power is substantially higher than if you couldn't upgrade. Think about how much faster and cheaper computer components have gotten in any 15-year period.
I would predict that practical microsatellites will also be insanely expensive to design and launch (maybe not build).
Now you're just crystal-balling. WHY would you predict that (besides the fact that it supports your argument)?? And how would the design costs NOT come down, when you're amortizing the design cost of dozens or hundreds or even thousands of units that share the same design?
My stepfather built defense satellites for 37 years (he just retired 6 mos. ago). He made a LOT of money, and had a team of about 50 people making similar big dough, and they would all work on ONE satellite for a couple of years. Design is really, REALLY expensive when you only build one at a time.
As I suggested elsewhere, major catastrophes that completely take out a satellite already in orbit are rare enough already.
IN ORBIT, maybe, but satellites are lost on the pad and in transit, too. And one of the reasons why launches are so expensive now is because the amount of money riding on them is so high (expensive payloads) that the launchers must be uber-careful with their cargo. If the financial risk of a failed launch came down by an order of magnitude (because the value of the cargo dropped as much), you'd be able to make any given launch happen for cheaper. How much cheaper, I don't know.
And consider that orbit will probably become militarized, perhaps heavily so, in our lifetimes (it kind of has already, hasn't it?). So major catastrophes that completely take out a satellite in orbit may become less and less rare as we go from here.
Sort of. The 1st amendment says that "congress shall make no law..." restricting your freedom of speech, and subsequent interpretations by the Supreme Court have determined that this applies to acts of the Federal, state, and local governments in general. It does NOT say that private citizens can't restrict each others' speech.
The most obvious way the private citizens would restrict each others' speech is lawsuits, brought by one private citizen against another. Libel and slander are examples of this, where you can seek compensation from someone who's harmed you by saying or publishing falsehoods that damage your character. Trade secrets, nondisclosure agreements, and other kinds of claims can work, too.
It's possible to use these sorts of claims to put a prior restriction on another person's speech, such as if a business pre-emptively sues a newspaper to stop it from printing a libellous article. This usage is much less common, though, because the courts generally don't like to impose that kind of prior restraint on people. The burden to prove that some is GOING to damage you is a lot higher that proving someone has ALREADY damaged you.
While technically the courts are imposing and enforcing the restrictions and penalties on speech, it isn't considered a government action because the court is merely acting on behalf of the plaintiff in the lawsuit. It's kind of a semantic distinction, but it's necessary to preserve the existence of libel and slander and all the rest as actionable offenses (things you can sue over). And there are a lot of good reasons to keep those things in the law.
In other words, 80 of those companies may attempt to assert a legal claim to the 'Linux' name now or in the future.
I think you're using a rhetorical gesture that's kind of a logical fallacy--not quite, but sort o. To wit, the fact that I haven't signed the letter means that I may attempt to assert a legal claim to the Linux name now of in the future. What of it?
When a company receives a letter like that, there dozens of perfectly good reasons not to sign it that don't spring from intentions to use Linux as a trademark:
- The letter was sent out only a short time ago (weeks?); in the time frames of many companies' legal departments (who would HAVE to sign off on this), that's barely a blink of an eye. They may need more time to consider it.
- The letter was entirely unsolicited. Most people, myself included, are pretty uncomfortable with signed unsolicited letters-of-intent that come in the mail. They may suspect that there's a hidden agenda in the letter that hasn't been revealed, and they don't want to make themselves vulnerable.
- The letter isn't rude, but it still gives of a presumption that the companies receiving it are somehow treading in a legal gray area. Most companies, and people, view this as a kind of accusation, or possibly the beginnings of an accusation, and resent that someone has begun a dialogue that way. They might come around, once they've had the chance to discuss the issue with the lawyer who sent the letter.
Finally, if not all of them were using the 'Linux' name in their business/product/service name - what exactly was the point in sending them this letter? So they could ignore it?
It's very hard to come up with a comprehensive list of companies that are using Linux as a trademark without asking. They probably had a reasearcher or paralegal draft up a list of the 90 biggest companies that they could find who MIGHT be using it, and are using this as a sort of representative sample.
I mean, the lawyer DID say in the quote in the article that he was trying to discern who it applied to by the response or lack thereof.
I think you miss the point. Big satellites are insanely expensive to design, build, and launch. If your one Big Bird blows up on the launch pad, or gets hit by the aforementioned space junk, or is shot down by the North Koreans, you've just wasted the entire expenditure.
IF, on the other hand, you spend an approximately equal amount of money to build a swarm of tiny, cheap, simple birds, that together can do the same job as a big satellite (and have some redundency amongst themselves), you can afford to lose a few from time to time. There are less catastrophes that will deny your orbital presence entirely.
Plus, if your birds are the size of milk cartons (with a mass to go with it), your launch options are a LOT more flexible: instead of commissioning your own launch, you can piggyback on other launches at a huge discount.
Like with clusters of servers, disks, or whatever, flexibility opens up tons of opportunities to save money and be more robust.
Slashdot Mirror
Wait a goddamned minute. Since when does *not having a cellphone* make you COOLer??!!?? Is that all it takes these days?
Get this, buddy: I didn't have a cell phone way back in 1997. That's right, I was too cool to have a cell phone before you were even cool enough to get one in the first place! Beat that!
Seriously though, if the patients are reporting on their experience, then that is not slander. Just stick to the facts and they should be fine.
There are two kinds of factual statemnts:
1) true statements, and;
2) false statements.
Unless the statement is inherently contradictory, there's no way to know whether a factual statement is true just by looking at it, on (for instance) a website devoted to doctor's reviews of patients.
You can't have meaningful, productive free speech with perfect anonymity, because there's no accountibility possible in that scenario. People must be ultimately accountible for their statements, if those statements are aired in public. Even though it rarely comes up on the Internet (most of what we say is nonsense, wnayway), an aggrieved party still needs to have the ability to unmask you in order to sue you for libel. If the big, bad mean doctors are protected, so are the rest of us good folks.
You seem to get some kind of pleasure out of calling people liars, please try to keep the discussion civil if you want people to participate.
No, I don't just get jollies from calling people liars. On this issue, like none other, I KNOW when people are lying, or at least misinformed and acting like they know what they're talking about.
You do bring up serious issues--if you check our my posts on the rest of this thread, you'll see responses to them. I'm a little brisk, but I honestly believe that I have an informed, correct opinion on these issues. This isn't just an argument to me--it's a profession.
If you want to discuss this further, I left my email address (slightly obfuscated) in another post under this thread. Feel free to email me, and I promise we can have a civil, rational, man-to-man discussion about it.
Who knows--I might even admit that I'm wrong!
So while it might be true *now* that a simple erase of the drive is sufficient, that only holds if you're concerned about a relatively small time window. Otherwise, you're safest in assuming that you have to take stronger measures.
Sure. But you're assuming that whatever future threats emerge will be exorcised by repeatedly over-writing disks right now. That's just as flawed as any assumption of where future technology goes.
Look, the point is that all of these rumors of being able to recover overwritten data are based on a specific, provable technological phenonemon that manifested in older hard drives. HARD DRIVES HAVE FUNDAMENTALLY CHANGED. The old theories no longer apply--they're horse-and-buggy to the modern automobile.
It's possible that in the future, they'll invent a "time-telescope" that allows them to look through the past and read my hard drive as it currently is. There are unimaginable future techniques that could emerge that will reveal the contents of MY hard drive, porno and all, to future generations.
But you know what? That's all crystal-balling, because you and I and EVERYONE else has NO THEORY that describes how this could possible work.
So. Fucking. There.
I am SO done with this thread. I posted my email address earlier--if you want to continue the discussion, find it and hit me up there.
Have they made some change to zero in the last 8 years that makes it less constant?
No, nothing so drastic. Hard drive technology has fundamentally changed in the last few years, and there was a huge industry-wide turnaround in methods that happened around 1997. The bulk of the changes had to do with the encoding mechanisms used to write and read data from the platter.
Even back then, these attacks were just theories, at least in public. It's possible that some spook-lab made them work, but there was never any real evidence that it was a practical technique, as opposed to a "space elevator dream". That's my opinion, at least, based on a review of the available literature.
But the changes in drive technology made it all a moot point. There aren't even any plausible theoretical methods to recover overwritten data on modern drives, let alone any evidence that it's ever been done. So if you believe that it can work, you have to also believe that the method has been kepy entirely secret from public academia and the business community, both of which would be very interested in the topic.
Something as simple as a single pass overwrite with a single digit isn't going to phase a professional at all.
5 51345
I AM a professional, and it's not possible. Look, I'm too tired to type it all again, so just go here. I added a pretty good cite in one of the child posts, too:
http://slashdot.org/comments.pl?sid=162112&cid=13
So you're either lying, or you don't know what you're talking about.
The big paper that started all this is here:
_ del.html
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure
(sorry if the link gets tangled). The author is Peter Gutmann. The paper you see on that link is actually an updated version of the original, which was published at USENIX '96, minus the "epilogue" section at the end. That's the critical part, where Gutmann basically backs off all the important conclusions about hard drive data recovery. He's still pretty optimistic in the epilogue (he talks about recovering one or two previous write passes of data), but you have to notice that he doesn't support himself, there, and the original citations don't support him, either.
Not to speak ill of Gutmann--he's done a lot of great work in UNIX security over the years, and he's a stand-out researcher. But he doesn't prove what he's saying.
Hopefully, the Gutmann terminology will be enough to get you started if you want to research the issue further. I used to have a couple dozen pages of cites and summaries on the issue, but I lost most of it when I left my last job. It's still out there, but it took me a couple of months to do it originally.
It's been said before, but I'll repeat the point here: there are enough surprising scientific discoveries that most people cannot distinguish between wacky-sounding-but-true statements and wacky-sounding-but-false statements.
This is why people keep propagating the myth that you can recover overwritten data from current generations of hard drives. It USED to be true, with older drives, and it's just spooky-sounding enough to be intriguing, so people want to believe it.
But it's still bullshit. Seriously, I would encourage anybody who thinks I grandstanding to do their own research and let me know. My email username is rlynch, domain is bway.net.
As the sibling-poster points out, I said "functionally" identical.
/dev/urandom, and fill another 200 GB drive with bits from a true hardware generator, you won't be able to tell the difference.
Yarrow's pseudo-randomness is indistinguishable from true random entropy sources, except over extremely large iterations. Which means that there aren't any known analysis methods that have been able to beat Yarrow, except in a few edge cases that aren't normally functionally relevant. If you fill a 200 GB hard disk with pseudo-random bits from a properly-seeded
And remember: even hardware random number generators aren't perfect. Hardware devices sample an underlying physical process to get their bits, usually either thermal noise or radioactive decay or something similar where the behavior of events is largely governed by the rules of quantum mechanics. But the mechanisms that sample those events are never perfect, and so they all introduce some bias, and some patterns, into the bitstream.
A good hardware generator will behave close enough to "true" randomness over a long enough bitstream for your particular application, the same as with Yarrow.
You're either:
1) Talking about recovery from an old drive, pre-1997, OR;
2) You're full of shit. Yes, a liar.
So explain yourself, please, because I will apologize immediately if the case is (1) or you can prove me wrong. Cite me some evidence--press releases from the company you worked for, or a paper written by the research team you worked with. Anything, hell--even your blog is something.
I've spent my last four years working as an examiner at a computer forensics firm. I have exhaustively researched this topic several times, hoping against hope that something is out there. There is nothing.
I have encountered a number of documented cases where a party to ligitation claimed that incriminating or exculpatory evidence had been overwritten on a hard drive. In at least two of those cases, the defendants spent more than $500K funding people who said "Oh yeah, I can do that--I just need cash for a lab and a magnetic-force microscope." Nobody EVER recovered over-written data, in any of these cases.
So prove me wrong.
Um, no. No, they can't. I used to have to explain this repeatedly to clients:
UNLESS YOU ARE DEALING WITH A VERY OLD HARD DRIVE (pre 1997, at least), YOU CANNOT RECOVER DATA THAT HAS BEEN OVERWRITTEN.
Go read the Gutmann paper from Usenix '96, and note that he never actually performs any recovery tests, nor does he cite anything other than reports of data recovery in lab situations under ideal conditions.
Also, note that he REVISED that paper in 2000 or 2001 (not quite sure) to take into account the fact that platter encoding techniques post-1997 were vastly different form the platter encoding techniques of the previous era, making the attacks he discusses irrelevant and useless.
Go ahead--I dare you to contradict me.
On any drive manufactured within the last 6 years, there's no point in using /dev/random at all. Besides, unless you have a hardware rand generator driving /dev/random, it would take weeks to wipe a decent-sized drive. And that's if you sit there and move the mouse to generate entropy the whole time.
/dev/urandom uses the Yarrow algorithm seeded from /dev/random, which has been shown to be functionally identical to a true random number generator. So if you do need random numbers, use /dev/urandom and save yourself the headache.
As a side note, on Linux and the BSDs,
I seriously doubt that any magnet you can get your hands on would erase anything from a hard drive platter. Even bulk tape deguassers from five years ago won't do shit on a modern drive. It takes some seriously strong fields to erase a platter.
However, sticking a decently strong household or lab magnet against the drive housing may tense parts of the delicate mechanism inside, causing the bearing to go south or the actuator arm to cease working. It's still probably possible to pull the platters and remount them in a new housing (if the platters weren't too damaged by whatever mechanical failure you induce), and there are a few outfits that can do it for ~$3000 per drive.
Now, get real: Want to know the BIGGEST, best-kept secret in data forensics? The most effective way to forever put your data beyond the reach of cops and courts is:
dd if=/dev/zero of=/dev/hda
That's right, just a single-pass overwrite with zeros will do. Everything else you hear is either 8+ years out of date, or uninformed bullshit, or a scare story.
The other posters noted the "sync" option to 'mount' (or in "/etc/fstab"). This is helpful.
Of course, when you unmount a volume, it automatically calls the "sync" command to flush all the buffers to disk. You DO unmount volumes before tearing the drive out, right? Right??!
Honestly, you have the exact same problem on Windows, or any other OS that caches writes. This is pretty damn simple: unmount the volume, THEN pull the plug out. How can you fuck that up?
Yeah, and in 10, 15, 100 more years, monkeys might fly out of my butt. No, really--they might.
The argument that "this may become economical in the future, given better technology" is a nonsense argument because it's a truism, but it's a useless truism. We don't know what the future will hold, so any statement with "may" in it is perfectly valid, logically. But at the same time, making the statement is totally pointless because it merely states the obvious: that the future is unknowable.
If you have any arguments that tell us WHY or HOW this kind of mass transit may become economical in a reasonable time frame (less than 100 years, let's say), please enlighten us. Seriously, be a futurist and make an interesting point. I'll entertain it. Otherwise, you're just talking bullshit.
Are they rich in any materials that we may find useful to harvest in the future? If so, how can we get up there and bring those materials back?
These objects are in the Kuiper Belt... They are BEYOND THE ORBIT OF NEPTUNE.
I submit to you that there are no materials valuable enough to justify the energy required to move that much mass to the inner solar system, in any reasonable amount of time. For Christ's sake, we're barely at the point where we can get to Mars and back, let along move any significant amount of mass around.
You ask a good question--usually, companies don't bother buying other companies unless they see the potential to leverage some synergy between the parent and child.
It may be something hard to see from the outside, but I had a few ideas:
1) Ebay has a ton of core compentency in connecting and managing a VERY large number of users, especially in near-realtime transactions. Their auction business is dependent on their technical abilities to have an easy-to-use front end for a huge user population, as well as a reliable back-end that can manage how those users want to interact with each other.
2) Ebay has a large userbase. Skype's ultimate success depends on reaching a large enough mass of users to amortize its fixed costs, and so that network effects will make its service more attractive to new users. There's a cross-selling opportunity, here, along the lines of Google offering IM on top of its email services.
3) Fraud prevention. Ebay doesn't do a perfect job of preventing fraud (phony accounts, stolen accounts, etc), but it had a lot of experience dealing with it. I would imagine that a telecom service like Skype has similar issues with people abusing accounts, or that they foresee such abuse as the service grows more popular. All of the skills and expertise needed to deal with fraud in a massive userbase (like behavior pattern analysis, customer interaction, etc.) may be cross-applicable to both industries.
But these are just guesses. I imagine that there are possibilities that Ebay and Skype see, but that are hidden from outsiders. Might as well wait and watch what happens.
The simplest way to enforce intellectual property is the ban the import of goods that flaunt the law. No need for interstellar police forces, or invasions, or anything dramatic--just good old-fashioned trade embargos.
And remember, you can be sued in US courts for actions anywhere, even on Mars. So if these Martian people have any assets or business presense in the US, it's pretty simple to prove the relationship and use the local assets as a proxy to inflict punishments on the offenders.
Do you REALLY audit every piece of code that you run? The entire Linux kernel, for instance? I don't believe it. And even if you make a good effort to get most of the network-exposed code audited, you can never be sure that you're actually finding vulnerabilities--can't prove a negative.
Disclosure of exploits and fixes to the author is like any other OSS bug-fix submission: Yes, you're doing work that you're not getting paid for. But at the point where you've already done the work, your time is a sunk cost. Why not inform the author (nearly zero cost to you), and do everybody else in the world a favor? Sure, you lose that "competetive advantage", but you also have to maintain all your own patch sets against published versions, which INCREASES the amount of effort you have to spend. If you have a secret bug fix, you have to re-work the patch every time a new version comes out, so you can use all the other bug fixes that you didn't find that are in the published version.
Also, a secret bug fix may not be a fix at all. Isn't it better to tell the authors, and let people who know more about a particular software package than you determine whether 1) it helps, 2) it doesn't cause additional problems, and 3) it's the best way to fix the problem?
IN short, I believe that your hubris actually makes more work for you, and will eventually come back to bite you in the ass when you break something in the process of trying to fix it yourself, or you screw up your source trying to maintain your precious secret patch sets.
At that point, I just hope you're not working for me. But you sound like an arrogrant control freak, anyway, and we don't hire people like that.
Then arrange to have the benchmarking done in a country which won't uphold anti-competitive bullshit clauses (and when Oracle protest that the license lets them sue the guy in the jurisdiction of Buttfuck, Illinois, will tell them where they can stick their extradition request).
When you're sueing someone, there's no extradition--that's solely for criminal proceedings. There is no analogous concept in civil litigation. It doesn't matter WHERE the violation of the contract takes place. You could have someone in Venezuala, or on Mars, perform the benchmarking, and you'd STILL get sued in a California court (assuming that's what Oracle wrote into the license agreement).
So if Oracle has a contract/license agreement with a customer that says "no benchmarking", and another clause that says "all disputes will be settled in Marin Co., CA", they don't have to bother with Buttfuck, IL at all:
1) Oracle files lawsuit against customer in Marin Co. court.
2) Marin Co. court looks at the contract clause governing jurisdiction, agrees that Marin is a valid court to hear the case.
3) Lawsuit proceeds.
If the defendant doesn't respond or show up, Oracle automatically wins the suit by default, and a judgement is entered against the defendant. Then Oracle has a court order, valid in EVERY other county in the USA, demanding that the defendant pay the judgement.
And Buttfuck, IL will enforce the order.
(If it were THAT easy to get out of a contract clause, wouldn't
Just how many satellite launches do you think take place in one year? If you need 100 microsatellites sent to the same spot in orbit to duplicate the functionality of a single big satellite, you'll be launching most (if not all) of those birds on a single rocket.
Not necessarily. You can piggyback on multiple other launches to get several payloads to the same spot in orbit--it might take a while, but you factor that into your operation. And we don't yet know whether 100 microsatellites will need to be in the same place to do the job of one big guy.
Right now, it's impossible to know how many satellites, or in what configurations, would be required to perform the job of one bigger satellite. That's why these guys are researching the issue: to determine what the practical constraints of the idea are.
And even if you're right about having to put all the microsatellites in one spot, you miss that fact that the cheaper birds can be redesigned and replaced on a much shorter schedule than bigger, more expensive satellites. A $500million comsat needs to have a service lifetime of years, if not a decade or more, in order to pay for itself. Whereas micros could be redesigned like automobiles, every year or two, with new ones being sent in to replace or augment on a continuous basis.
Want to know the biggest problem with a $500m, 12-year old satellite? It's using technology that's 15 years old. Bigger, heavier chips and components. More expensive tech. And it's impossible to take advantage of newer, cheaper, smaller stuff if you aren't building new birds. The microsatellites, since they could be continuously re-designed and deployed, would be taking advantage of the new tech all the time.
Think of it like buying a computer that you have a 15-year upgrade path for, as opposed to a computer that will never get any faster of better without you buying a whole new system. Even if the total 15-year cost of the upgradable system amounted to $600m or $700m, and the non-upgradeable system was only $500m, you'd still be winning because you're getting more for your money. You keep the system current with new tech, and your lifetime computing power is substantially higher than if you couldn't upgrade. Think about how much faster and cheaper computer components have gotten in any 15-year period.
I would predict that practical microsatellites will also be insanely expensive to design and launch (maybe not build).
Now you're just crystal-balling. WHY would you predict that (besides the fact that it supports your argument)?? And how would the design costs NOT come down, when you're amortizing the design cost of dozens or hundreds or even thousands of units that share the same design?
My stepfather built defense satellites for 37 years (he just retired 6 mos. ago). He made a LOT of money, and had a team of about 50 people making similar big dough, and they would all work on ONE satellite for a couple of years. Design is really, REALLY expensive when you only build one at a time.
As I suggested elsewhere, major catastrophes that completely take out a satellite already in orbit are rare enough already.
IN ORBIT, maybe, but satellites are lost on the pad and in transit, too. And one of the reasons why launches are so expensive now is because the amount of money riding on them is so high (expensive payloads) that the launchers must be uber-careful with their cargo. If the financial risk of a failed launch came down by an order of magnitude (because the value of the cargo dropped as much), you'd be able to make any given launch happen for cheaper. How much cheaper, I don't know.
And consider that orbit will probably become militarized, perhaps heavily so, in our lifetimes (it kind of has already, hasn't it?). So major catastrophes that completely take out a satellite in orbit may become less and less rare as we go from here.
Sort of. The 1st amendment says that "congress shall make no law..." restricting your freedom of speech, and subsequent interpretations by the Supreme Court have determined that this applies to acts of the Federal, state, and local governments in general. It does NOT say that private citizens can't restrict each others' speech.
The most obvious way the private citizens would restrict each others' speech is lawsuits, brought by one private citizen against another. Libel and slander are examples of this, where you can seek compensation from someone who's harmed you by saying or publishing falsehoods that damage your character. Trade secrets, nondisclosure agreements, and other kinds of claims can work, too.
It's possible to use these sorts of claims to put a prior restriction on another person's speech, such as if a business pre-emptively sues a newspaper to stop it from printing a libellous article. This usage is much less common, though, because the courts generally don't like to impose that kind of prior restraint on people. The burden to prove that some is GOING to damage you is a lot higher that proving someone has ALREADY damaged you.
While technically the courts are imposing and enforcing the restrictions and penalties on speech, it isn't considered a government action because the court is merely acting on behalf of the plaintiff in the lawsuit. It's kind of a semantic distinction, but it's necessary to preserve the existence of libel and slander and all the rest as actionable offenses (things you can sue over). And there are a lot of good reasons to keep those things in the law.
In other words, 80 of those companies may attempt to assert a legal claim to the 'Linux' name now or in the future.
I think you're using a rhetorical gesture that's kind of a logical fallacy--not quite, but sort o. To wit, the fact that I haven't signed the letter means that I may attempt to assert a legal claim to the Linux name now of in the future. What of it?
When a company receives a letter like that, there dozens of perfectly good reasons not to sign it that don't spring from intentions to use Linux as a trademark:
- The letter was sent out only a short time ago (weeks?); in the time frames of many companies' legal departments (who would HAVE to sign off on this), that's barely a blink of an eye. They may need more time to consider it.
- The letter was entirely unsolicited. Most people, myself included, are pretty uncomfortable with signed unsolicited letters-of-intent that come in the mail. They may suspect that there's a hidden agenda in the letter that hasn't been revealed, and they don't want to make themselves vulnerable.
- The letter isn't rude, but it still gives of a presumption that the companies receiving it are somehow treading in a legal gray area. Most companies, and people, view this as a kind of accusation, or possibly the beginnings of an accusation, and resent that someone has begun a dialogue that way. They might come around, once they've had the chance to discuss the issue with the lawyer who sent the letter.
Finally, if not all of them were using the 'Linux' name in their business/product/service name - what exactly was the point in sending them this letter? So they could ignore it?
It's very hard to come up with a comprehensive list of companies that are using Linux as a trademark without asking. They probably had a reasearcher or paralegal draft up a list of the 90 biggest companies that they could find who MIGHT be using it, and are using this as a sort of representative sample.
I mean, the lawyer DID say in the quote in the article that he was trying to discern who it applied to by the response or lack thereof.
I think you miss the point. Big satellites are insanely expensive to design, build, and launch. If your one Big Bird blows up on the launch pad, or gets hit by the aforementioned space junk, or is shot down by the North Koreans, you've just wasted the entire expenditure.
IF, on the other hand, you spend an approximately equal amount of money to build a swarm of tiny, cheap, simple birds, that together can do the same job as a big satellite (and have some redundency amongst themselves), you can afford to lose a few from time to time. There are less catastrophes that will deny your orbital presence entirely.
Plus, if your birds are the size of milk cartons (with a mass to go with it), your launch options are a LOT more flexible: instead of commissioning your own launch, you can piggyback on other launches at a huge discount.
Like with clusters of servers, disks, or whatever, flexibility opens up tons of opportunities to save money and be more robust.
Troll...people!
Troll...people!
Tastes like trolls!
Talks like people!
Troll...people!