I'm torn on whether to be surprised by this--the Economist has run stories before (there was one last issue on the SCO deal) that seem to be subtly, quietly favoring GNU/Linux.
The part of me that says "I told you so" has been informed by recent experiences with managment/executives in our small business. They LOVE the fact that we run Linux on everything (well, there's a couple of BSD and Windows machines where we need them) and they never hesitate to brag about it to clients. They love feeling ahead of the curve.
The surprised part of me read the article in the WSJ last month (on the SCO thing) that warned the "Linux crunchies" to be wary of SCO's ability to win scummy IP lawsuits. The article betrayed a complete lack of understanding of what the "Open-Source community" is (to the extent that it's anything at all). And the same execs that love having Slackware stickers on everything need to be reminded during every internal licensing audit that GNU/Linux IS free as in beer, too.
They love it, but they don't get it. Makes me a little worried, sometimes, where they'll want to take it.
By "ISP" I do not mean the people who bring you cable modem service. I mean a company that provides you with a T1 or a T3 or an OC3 or... get the point?
You know, I've always wondered about this. Sometimes I want Linux to conquer the home desktop, sometimes I don't care. Other times, I feel like the LAST place I would ever want to see GNU/Linux is on my mother's desktop.
Is it about the driver support? If so, I'm not sure that we need to be worried so much any more. The only really heinous driver support problems I've experienced are in laptops, but you can find laptops that will run Linux just fine if you spend an hour googling. As for everything else, I haven't lacked for a driver that didn't appear less than two months after I first needed it. Which is pretty good, when you consider that it's free. YOu pick your components a little more carefully.
Linux has never been easy and standard for a reason--it's supposed to be flexible, fast, and powerful. Those are competing goals, in software engineering--the more time you spend on making it idiot-proof, the less time you have to write that O(1) task scheduler. And when you write software to be usable by the lowest common denominator, you impair its capacity to do the amazing shit that makes Linux so much better.
I just saved $3,000 for a Gigabit Ethernet tap by configuring a dual-home GigE Linux machine as an 802.1d bridge and running snort on the bridge. When Mr. Shithead-tech-columnist gets his standard, idiot-proof desktop, which wizard will configure bridging for me? And which one will compile the kernel with the right tweaks to pass traffic back and forth that fast? Or will it be a registry hack? And will I have to wait for a service pack?
the worst HAS to be the idea that if it looks like a duck, quacks like a duck, and walks like a duck, you have to regulate and tax it like a duck. VoIP is totally different from ordinary phone service in almost every way that is relevant to taxation and regulation.
Consider WHY we invented public utility commissions for phone, electric, gas, etc, but not for (say) supermarkets: because there are NATURAL MONOPOLIES in the utility business, making it unrealistic to allow multiple providers in a single area (what there were 20 local phone companies digging up the streets to fix cable?), and you have to keep those monopolies in check artificially. Supermarkets don't have regulation to the level of the phone company because competition will generally do a good idea of keeping them in line. (Sure, they have rules to follow, but it's sooo much less.)
If you've ever had to deal with provisioning new copper for a business, you know of what I speak. All of the phone company-borne issues are a nightmare: expensive, shitty service, and it takes forever to get anything done. Contrast that to the services provided by the ISP who resells the lines to you: their routers are on backup power (go Focal!), and they fix broken stuff in minutes or hours, not days or weeks. The ISP knows that if they fuck up, you can drop your contract and call their competition. Verizon, to quote Lily Tomlin, gets to say: "We're the phone company. We don't *h ave* to care!"
Maybe you ought to impose some rules on Vonage, to ensure proper 911-related operation--after all, we have health inspectors for supermarkets. But don't regulate them just because they're like other phone providers! If that sounds unfair to the telcos, and liable to drive the telco out of the local phone business, that's GREAT! Then we can have an actual competitive market to provide local phone service via the Internet, and we won't need the PUCs the ever talk about phone service again--they will be running the copper, and that's it.
And if I'm wrong, what's the harm in leaving them alone? If they provide bad service or charge outrageous amounts, people will just go back the telco (or not leave it). Just make sure they follow the basic rules for safety, and leave my fucking VoIP alone!
Oh, really? Since when does "advanced forensics [sic] analysis" involve expensive tools? What forensic company do you work for, anyway, that you'd have the experience to make such a sweeping generalization? Oh, wait... you DON'T work for a forensic company--you build servers for a living.
I've worked six jobs in the last four months using Unix tools, and used various combinations of dd, netcat, ssh, mount, losetup, grep, and the other unix basics to wonderful effect on every one. They don't really ever fail on account of bugs or arbitrary limit conditions (can't handle files bigger than X MB, for instance), and they're terribly simple to troubleshoot. Oh, and there's nothing like an open-source tool for when you have to walk into court and answer the question "So, Mr. Expert-Computer-guy, how do you KNOW that this software did what you said it did?" It takes the wind out of an attorney's sails when you whip out the printed source code to md5sum and start walking him through it.
I've used the $90K forensic tools from the high-profile companies, and they work OK. Not great , though. EnCase, one of the more popular LE programs, has been plagued with bugs in the latest major version. Also, they're restricted to Windows and Mac analysis, so you're out of luck if you get a Linux machine. Oh, and don't even bother with tech support unless you're a true idiot who has failed to plug in his computer--one time, their IDE write-blocking interface was forcing drives into PIO mode (and taking 40 hours to copy a 10 GB hard drive!), and their phone tech suggesting that I try "www.hardforum.com" for technical advice. Talk about pure shit.
Most of the other insanely expensive tools that I've used have similar issues: limited platform support, buggy out the ass, and crappy tech support. The last isn't their fault so much, because most people using forensic tools are advanced enough that they won't be helped by any by the best--and the best technical/forensic people are expensive. But the bugs, oh god, the bugs!
There are a few tools that the USAF's OSI put into public domain usage that are handy, but really, you just need a linux machine with dd, ssh, netcat, and a custom kernel.
Wow. Mod parent for "cognitive dissonance". What abilities does Cisco's draft standard give to the Feds or cops that they don't already have, guy?
The Patriot, Patriot 2, and any other acts of the US or foreign governments that represent serious invasions of our privacy have nothing whatsoever to do with lawful intercept standards. If the government is sniffing you illegally or legally without good oversight, you're still getting fucked, anyway.
Remember Carnivore? That's actually a much, MUCH more invasive tool for lawful (or otherwise) intercept. A coherent standard, built into the router, would make Carnivore unnecessary and (probably) constitutionally impermissable as an over-broad surveillance tool.
Right now, if the FBI gets a warrant to sniff your Net traffic, they walk into your ISP's office with a warrant and plug their sniffer into a router. They'll probably use a filtering expression to just look at stuff heading to/from your IP address (as reported by the ISP), but maybe they won't. Maybe they'll capture raw traffic and parse it out later to get your packets, throwing out the rest.
For the ISP, this isn't really very fun. They have to give up control over their router to the Feds, because there isn't any developed protocol for describing lawful collection of data on a router. What if Special Agent Johnson doesn't know the Cisco 7600 series as well as he thinks? Whoops, there's some downtime for the ISP, and maybe a bill for a new router if something really gets fucked up.
And what if the tap has to stay in place for a while? Some wiretap orders persist for months. That means Agent Johnson will be hanging around and making you nervous at work for quite a while. He likes his coffee black with sugar, just so you know.
The new standard would allow an ISP or other company to look at a warrant, turn around to the router, and put the tap in place themselves. The FBI will ONLY see what they specify in the warrant, and the ISP gets to continue on serving up porn to the rest of us. No muss, no fuss, no incidental privacy violations.
I can't think of a single decent managed switch that doesn't come with a spanning port. This isn't any different in practice--it's just a system that allows for particular LE situations to be handled correctly. And for christs' sake, what's wrong with a lawful warrant? They even have those in fucking Canada and France, so why does "lawful intercept" immediately turn into "Evil American Facism"?
Did it ever occur to any of the bitchers and moaners here that when the FBI or the cops need to intercept network communications, they're working in the dark much of the time? They have a legal obligation to collect only what their warrant specifies, and nothing further. This is difficult, to say the least. Carnivore (and Magic Lantern, or whatever they call it now) is just a sniffer that is optimized for being VERY SELECTIVE about what it captures.
Why? Because if the FBI has a warrant for Guido Gambino's net traffic, but they accidently pick up some of Tony Gambino's traffic, too, stuff outside the warrant is tainted. Any good defense attorney could make the Feds look like monkeys on something like that. These guys are generally heavily incentivized to NOT violate your rights. This isn't absolute, but thanks to criminal defense lawyers, it's pretty fucking close.
The point of Cisco pushing this draft is to start a discussion about how to let LE get what it needs (and what YOU want it) to get when investigating crimes, but without accidentally violating the rights of anyone outside the scope of its efforts.
There are some people around here (not nearly everybody, but some) who really ought to grow up and realize that the Net isn't Stephen Levy's little MIT-hacker-paradise anymore. Real people, who sometimes commit very real crimes, use it, too. Do you think they all ought to get a free pass just because they're "cool" enough to use email?
For the record, you CAN get hardware acceleration under Linux with the built-in Trident chipset--it's not the normal trident.c driver in the kernel. Here's a link (no guarantees, it's Geocities):
http://www.geocities.com/jagasian/
I personally own five mini-itx systems, and I've purchased about another 20 for my firm. Up until this past month, we didn't have the space to install real rack servers, so I started buying Epia 800 boards and Cubid 2677R cases--they're tiny, low power, and not very noticable, and more than fast enough for a firewall, mail server, web server, what-have-you. And they look a lot sexier lying around the office.
We also use them for forensic work. Put an IDE controller in the PCI slot, and you can pack the entire machine, plus an LCD monitor, keyboard, and mouse, into a breifcase-sized Pelican case. Pack a few extra PCI cards (SCSI, FW, MFM/RLL controller) and you can access just about any hard drive ever made. Many's the time we've made our reputation by being on the scene in hours, fully prepared and able to do a drive acquisition, for a job that the competition needed two days to prepare for. Clients eat that shit up.
Basically, you haven't lived until you've had a really portable system with actual PCI slots. I have a laptop, but this is a whole 'nother ball game.
how will we separate the people who know from the people who THINK they know?
I use this all the time in testing the technical limits of clients, prospective co-workers, and random techie people. You start a casual conversation about some absurbly technical topic, and wait for the buzzwords/jargon to come out--then you tease them into a potential mis-step, and see whether they fall in it.
People who honestly don't know what you're talking about won't feel pressured into lying to cover it up (unless there's a LARGE ego at stake). But the poor schmuck who doesn't even realize his own cluelessness won't, and will expose himself for the tool that he is.
It's pretty obvious that Timothy hasn't got a fucking clue about the US legal system--this is a convenient "litmus test".
The essential claim of "unlimited spectrum" that this fool is waving around is really, just barely sensible enough to fool someone who hasn't studied information theory. Take any finite dimensional span, like a foot-long ruler. You have, in theory, an infinite number of possible subdivisions of that 12-inch length--you can have arbitrarily many divisions, if you make them all small enough.
In short:
YOU CAN'T TRANSMIT AN ARBITRARILY LARGE AMOUNT OF DATA/SECOND ON A FINITE AMOUNT OF BANDWIDTH. No matter how good your equipment, or how clever your signaling patterns, you will never be able to increase your data rate above the amount determined by Shannon's equations.
The flaw in Reed's reasoning is that we're talking about subdivisions of frequency, and the amount of data that can be transmitted in a given wavelength band has an absolute upper limit. It's Shannon's rule about bandwidth. So yes, Reed can go around giving everybody a gnat's ball hair width of radio frequency to push their data, but each riny segment will only be able to transmit a piddle of bits per second.
This is like people who don't know Calculus, but who think they've disproved Special Relativity with a thought experiment. Anybody who's sat through a class on it, or read a book, will laugh and laugh, while everybody who hasn't had the benefit of learning will probably be suckered.
There is no "hard-limited" maximum of 4 IDE drives per motherboard. Most boards have two IDE channels built in, and IDE will only support 2 devices per channel, so you get four devices from the board. However, you can buy many, many boards that have more than that, especially lately (Abit's AT7/IT7 models come to mind).
Most board manufacturers include only two IDE channels because that's how many are generally built into north-bridge chipsets. The Abit boards mentioned above use an additional Promise HPT374 chip to provide FOUR extra IDE channels, for a total of TWELVE IDE devices, altogether.
If you want more IDE devices than your board supports natively, you can just buy PCI cards that have more IDE channels. Promise, SIIG, and Highpoint all make really cheap cards that have an extra two channels, or four more devices.
SCSI limitations are similar. You only get 15 devices PER BUS, but you can add as many devices into your system as you have PCI slots and IRQs for. You can buy an Adaptec 29160 card (dual busses) and plug 30 hard drives into it. Buy four of them, and can have more than 100 drives.
Okay, I'll bite. I did make a disparaging comment about an entire line of software products, so I'll do what I can to back it up. I stand by my assertion that recovery of wiped data is snake oil, and here's why.
The most often cited source of opinions on MFM-related data recovery techniques is a paper from 1996 entitled "Secure Deletion of Data from Magnetic and Solid-State Memory", by Peter Gutmann. It's pretty readable if you have a good grounding in physics and hard drive operation, so I'd recommend checking it out:
http://www.usenix.org/publications/library/proce ed ings/sec96/gutmann.html
Notice, though, that Gutmann isn't the actual first-person researcher. His paper is a compilation of data gleaned from other sources. I spent six weeks tracking down (among other things) his bibliography, and found out that MFM techniques had been used in laboratory tests to recover overwritten data, in the early 1990s. These tests were not field-usable. It amounted to "write a regular pattern on the disk, overwrite it with another regular pattern, and look for evidence of the first pattern." Furthermore, these papers all referred to disks which had been manufactured about 10 years ago.
I'll bet that someone HAS used this to a practical effect, somewhere, but just try finding out who, where, and (most importantly) how. There are no commercial vendors of this kind of technology--just try calling up OnTrack, or any of their competitors, and you'll hear the same thing. Desperate people in lawsuits and other dire straits have thrown millions of dollars down this hole (and that's just in the last few years, that I'm aware of), and gotten nothing for it.
To hear Gutmann describe it, though, any halfway competent lab technician could make this process work. Where are the papers describing those operations, done on actual post-1993 hard drives, describing their methodologies?
I personally watched a not-so-reputable data recovery firm tell a judge and some attorneys that they could recover single-pass deleted data if they had $750,000 in R&D and six months. They came up empty handed.
This kind of data recovery is PIXIE DUST. It's an urban legend of the tech industry, one that everybody knows is true but nobody can ever prove.
Can I prove to you that some spook lab buried ten miles beneath Ft. Meade, MD hasn't done this, and isn't buying computers thrown out by French businesses and reading every old secret? No, I can't, I don't work for the government and don't plan to start. But last I checked, it wasn't considered good logic to require absolute proof of a negation, when no proof has been shown of the posited statement.
So, sure. You can MAYBE read data from pre-1993 hard drives, and maybe in 10 years the examination technology will have advanced enough to read today's drives (if hard drive technology stands perfectly still, eh?). The only people who need protection, then, are folks whose adversaries are incredibly wealthy AND willing to spend gobs of money on getting to them, and who would still be harmed if their ten-year old data is read.
This does not include businesses--who cares what your business plan was ten years ago? This does not include common criminals--the government won't spend millions of dollars just to recover one piece of evidence. This certainly does not include you and I.
This include ONE type of entity: sovereign governments. Are you selling your disk wiping utilities to governments, or to businesses and consumers?
Um, have you ever heard of "contempt of court"? I'm not sure about other places, but in the US, the first thing that will happen when the cops see encrypted files is that the judge will order you to turn over your keys. If you fail to comply, or even if you "forget" them conveniently, the judge will most likely throw your ass in jail until you "remember" the passphrase. Now, if you turn over the keys in the beginning like a good boy, you MIGHT go to jail, if your lawyer isn't up to it. If you don't turn them over, you WILL go to jail, RIGHT NOW, and you will stay there until you change your mind.
And if you persist until after the trial is over, count on an obstruction of justice charge. I've seen people go away for five years for that.
So, tell me again, how does encrption protect you, again?
Oh, and how about Nicky Scarfo, the bookie in Jersey? He used PGP, and so the FBI installed a keystroke logger that grabbed his passphrase.
Wasn't it Bruce Schneier who said recently that ordinary people using strong crypto is like using an armored car to transport a message from a man sleeping on a park bench to a man living in a cardboard box?
Call this off-topic if you must, but I've seen gazillions of posts in this and many other threads about forensics and data recovery that are terribly misinformed about the realities of the field. Here's the two cents of a real, live forensic examiner:
First, it is NOT realistically possible to recover data that has been overwritten ONE time. Yes, yes--I've read all the white papers on magnetic force microscopy (MFM) and I understand that a theory exists about recovery of overwritten data. In practice, nobody actually does it. Maybe one time, six years ago, some dude at NASA or MIT actually made this work conditions on an older disk with a lower bit density, but anyone telling you that old patterns can be read in the real world is full of shit. And yes, it's been tried. Millions have been spent on this, and nobody can do it. Anybody selling you software that claims under laboratory to be "more secure" because it overwrites more than once is being silly. It's not even paranoia, just lacking a clue.
That's why forensic examiners don't need to have the original media. In fact, one of the big tenets of the job is to never, ever, ever perform analysis on the originals. You make a bitstream copy of the perp's (excuse me, "client's") disk, and you work with that.
Oh, and electron microscopes have nothing to do with this theorized recovery process. MFM is a related but very different technology.
Second, Linux versus Windows versus LogicCube versus ImageMasster (another brand) is utterly beside the point. Forensic shops use what they find to be cost effective, fast, and convenient. The dd command is great, and all, and many examiners use it on Linux platforms for their disk imaging needs, but it's not an analytical tool.
Let me put it this way: do you actually think that a forensic examiner sits down, opens/dev/hdX in vi, and starts paging through 5 GB or hex? Oh, god, no--that would take years. Making the bitstream image is the easy part, and your choices are virtually unlimited. For the actual analysis (what does it MEAN), you need something that can examine an allocation table, interpret the results, and display the contents in an easy-to-understand format. You need software that can quickly search across a drive for a particular keyword, regular expression, or file signature. You need something that can analyze data for randomness in order to re-assemble images that have been chunked out across virtual memory. Linux does NOT have basic utilities for all of this, and neither does Windows.
Last, a good forensic examiner is less constrained by his/her knowledge of computers than by his/her investigative skills. I know more about operating systems, file allocation, and troubleshooting than any of the 30-50 year old former cops/feds/spooks that I work with, but they're capable of far more effective work than I am. Why? Because once you have a few basic computer operations taken care of, the work has as much to do with computers as Computer Science does.
The folks that put the child pornographers, embezzlers, script kiddies, and the rest of the computer criminals in jail generally know much, much less than you about computers, Slashdotters. They also don't give a rat's ass about Linux, Windows, Bill Gates, RMS, or any of it.
I'm not a professional progammer, and I'm not even a good programmer. I don't think I've ever written more than two or three programs that actually intended to achieve some practical goal. Mostly, I like to play around with mathematical puzzles and number games.
The bulk of the programs I've written and studied are learning tools. Page through a CS textbook or something similar, and it becomes painfully obvious that programs often serve no function other than to explicate a general algorithm or concept. To that end, source code makes up an essential part of academic and scientific expression. It would take pages to adequetely explain sorting algorithms to a reader in plain English, while a few blocks of code do it better and faster. Plus, code can demonstrate concepts that regular language just doesn't seem to be equipped to handle.
At that point, the question really becomes an issue of whether the academic discussion of copyright-dodging technique merits protection--because without the source code, that discussion is crippled. And regardless of what the DCMA says, the US Constitution does protect such speech. If we're free to post articles on making bombs, defrauding credit card companies, or similarly illegal and dangerous activities, we are most certainly free to take on copyright infringement. Use is another matter, entirely, of course.
Any individual or group interest, from Joe/. to the MPAA, will seek to minimize the costs and maximize the benefits that government may grant to it. Every January, I spend hours thinking up tax deductible items that will save me a few bucks to Uncle Sam. And every time a new technology appears, the "landed interests" of intellectual property will spend millions of space-bucks on lawyers to preserve their profit margin. The important thing is that the rest of us (in spirit, mostly) keep an eye out for those who would push it too far.
The article was a little sketchy on the specifics of JumpTV's business model, but it seems to center on the idea of "TV on demand". Whether you watch broadcast, cable, or satellite, you're stuck with the fact that you can only watch a particular program if you sit down and view it at the particular time it's shown. If JumpTV has the show available, though, it seems that you would be able to watch it anytime you want.
Of course, there's always the VCR--but that means buying tapes, programming the VCR, storing tapes, and remembering where you put last week's Law & Order. Not exactly "point 'n' click". TiVo and its clones make the process MUCH, much easier (my rich friends just bought one), but they cost an arm and a leg.
Being as I'm on a shared T3, a service like JumpTV makes perfect sense to me. The storage and playback hardware are all maintained by someone else, and (assuming they have the content I want) accessibility is pretty easy. We save a bundle by sharing hardware costs, and get the same effect as long as the Net doesn't crash, or something.
Actually, it's quite a bit easier than you would lead us to believe. Being as this is a mine site (man-made), it's likely that there are a small number of entrances, possibly even a single entrance, and that all ventilation access is known. Therefore, it's a simple construction job to make it airtight.
As far as size goes, you're not quite correct. Strictly speaking, any additional amount of air forced into a closed space will raise the pressure, and thereby store energy in the difference in pressures between the inside space and the outside (the atmosphere). Even if it's a gallon-jug of nitrogen at 14 PSI (sea-level atmospheric pressure), energy will be stored. Remember, a smaller pressure differential will produce as much energy as a larger differential if the volume of the enclosed space is larger. Basically, it will take longer for the pressure to equalize when you "uncork" the mine, and therefore you will drive the receiving mechanism for a longer period of time. Energy = Force * TIME.
As to strength, I seriously doubt that the pressure differential created will threaten the integrity of the mine. Rock is REALLY STRONG, especially below ground, in an unweathered and contiguous state. You couldn't stick Lake Meade on top of it, but I'm sure a few residential subdivisions wouldn't be a problem.
Re:The true "cost" to the music industry
on
Ring-Tone Royalties
·
· Score: 1
The kind of calculus employed by the music and software industries to obtain an estimated loss to pirates, I think, strikes everybody (on one level or another) as the absurdity that it truly is. We all understand that something is wrong with those numbers--millions per day in ringtones? Right, and I have a bridge in Brooklyn to sell you...
I would assume that they aim to either drum up business for an anti-piracy product line (as in this case), or to garner public support based on the sheer scale of the quoted losses. But when the public senses that the numbers don't correspond to reality, we see them as simply liars. With a scarlet letter like that, it's no wonder anti-piracy initiatives work like old people screw.
Now that I think about it, this particular firm might gain from that effect--more people pirating music or software out of pure spite is an additional loss to the industry, which increases demand for anti-piracy products! Or maybe I'm just paranoid.
Economics tell us that the losses attributable to any kind of piracy, be it software, MP3, or ring-tone, cannot be boiled down to a simple "X illegal copies in existence times Y cost per retail copy equals Z space-bucks lost".
In the real world, people will tend to use something more if the cost is lower. Free ring tones mean that the fad is quite popular. Start charging (and enforcing, if you could) $100/tone fees, though, and next to nobody will use them--it's just not worthwhile. Microsoft and the RIAA's constituents WOULD make more money if nobody ever pirated anything, but the true amount lies somewhere between 0 and the XY=Z figure mentioned above.
Really, I think, the incredible numbers quoted by Coppin amount to little more than a publicity stunt--and guess what? IT WORKED.
Okay. I buy that the Warren report (on the JFK assasination) doesn't quite add up. I can maybe even see the UFO conspiracists' point of view. But faking moon landings? My god, it harkens back to the days before space travel, when the New York Times insisted that space travel was an impossibility because rocket exhaust couldn't "push against" anything in outer space to provide thrust.
Does anyone else ever wonder if some of these people are evidence that humanity had progressed to the point where the gene pool is becoming weakened by the lack of Darwinian selection in modern society?
Overclockers, LAN enthusiasts, and do-it-yourselfers have been building non-standard enclosures (ESPECIALLY portable ones) for quite some time. There isn't much retail market for it, but I've seen a few projects that put performance systems into briefcases, rolling luggage, or just small, easy-to-carry boxes.
If you get to Hardocp.com they should have a few links to case-modding pages and other relavant info.
Anyway, as a guy who appreciates even case-hacking, I hope you go with something cool. There's nothing quite like having a unique-looking box to show off.
Slashdot Mirror
I'm torn on whether to be surprised by this--the Economist has run stories before (there was one last issue on the SCO deal) that seem to be subtly, quietly favoring GNU/Linux.
The part of me that says "I told you so" has been informed by recent experiences with managment/executives in our small business. They LOVE the fact that we run Linux on everything (well, there's a couple of BSD and Windows machines where we need them) and they never hesitate to brag about it to clients. They love feeling ahead of the curve.
The surprised part of me read the article in the WSJ last month (on the SCO thing) that warned the "Linux crunchies" to be wary of SCO's ability to win scummy IP lawsuits. The article betrayed a complete lack of understanding of what the "Open-Source community" is (to the extent that it's anything at all). And the same execs that love having Slackware stickers on everything need to be reminded during every internal licensing audit that GNU/Linux IS free as in beer, too.
They love it, but they don't get it. Makes me a little worried, sometimes, where they'll want to take it.
By "ISP" I do not mean the people who bring you cable modem service. I mean a company that provides you with a T1 or a T3 or an OC3 or... get the point?
You know, I've always wondered about this. Sometimes I want Linux to conquer the home desktop, sometimes I don't care. Other times, I feel like the LAST place I would ever want to see GNU/Linux is on my mother's desktop.
Is it about the driver support? If so, I'm not sure that we need to be worried so much any more. The only really heinous driver support problems I've experienced are in laptops, but you can find laptops that will run Linux just fine if you spend an hour googling. As for everything else, I haven't lacked for a driver that didn't appear less than two months after I first needed it. Which is pretty good, when you consider that it's free. YOu pick your components a little more carefully.
Linux has never been easy and standard for a reason--it's supposed to be flexible, fast, and powerful. Those are competing goals, in software engineering--the more time you spend on making it idiot-proof, the less time you have to write that O(1) task scheduler. And when you write software to be usable by the lowest common denominator, you impair its capacity to do the amazing shit that makes Linux so much better.
I just saved $3,000 for a Gigabit Ethernet tap by configuring a dual-home GigE Linux machine as an 802.1d bridge and running snort on the bridge. When Mr. Shithead-tech-columnist gets his standard, idiot-proof desktop, which wizard will configure bridging for me? And which one will compile the kernel with the right tweaks to pass traffic back and forth that fast? Or will it be a registry hack? And will I have to wait for a service pack?
the worst HAS to be the idea that if it looks like a duck, quacks like a duck, and walks like a duck, you have to regulate and tax it like a duck. VoIP is totally different from ordinary phone service in almost every way that is relevant to taxation and regulation.
Consider WHY we invented public utility commissions for phone, electric, gas, etc, but not for (say) supermarkets: because there are NATURAL MONOPOLIES in the utility business, making it unrealistic to allow multiple providers in a single area (what there were 20 local phone companies digging up the streets to fix cable?), and you have to keep those monopolies in check artificially. Supermarkets don't have regulation to the level of the phone company because competition will generally do a good idea of keeping them in line. (Sure, they have rules to follow, but it's sooo much less.)
If you've ever had to deal with provisioning new copper for a business, you know of what I speak. All of the phone company-borne issues are a nightmare: expensive, shitty service, and it takes forever to get anything done. Contrast that to the services provided by the ISP who resells the lines to you: their routers are on backup power (go Focal!), and they fix broken stuff in minutes or hours, not days or weeks. The ISP knows that if they fuck up, you can drop your contract and call their competition. Verizon, to quote Lily Tomlin, gets to say: "We're the phone company. We don't *h
ave* to care!"
Maybe you ought to impose some rules on Vonage, to ensure proper 911-related operation--after all, we have health inspectors for supermarkets. But don't regulate them just because they're like other phone providers! If that sounds unfair to the telcos, and liable to drive the telco out of the local phone business, that's GREAT! Then we can have an actual competitive market to provide local phone service via the Internet, and we won't need the PUCs the ever talk about phone service again--they will be running the copper, and that's it.
And if I'm wrong, what's the harm in leaving them alone? If they provide bad service or charge outrageous amounts, people will just go back the telco (or not leave it). Just make sure they follow the basic rules for safety, and leave my fucking VoIP alone!
Oh, really? Since when does "advanced forensics [sic] analysis" involve expensive tools? What forensic company do you work for, anyway, that you'd have the experience to make such a sweeping generalization? Oh, wait... you DON'T work for a forensic company--you build servers for a living.
I've worked six jobs in the last four months using Unix tools, and used various combinations of dd, netcat, ssh, mount, losetup, grep, and the other unix basics to wonderful effect on every one. They don't really ever fail on account of bugs or arbitrary limit conditions (can't handle files bigger than X MB, for instance), and they're terribly simple to troubleshoot. Oh, and there's nothing like an open-source tool for when you have to walk into court and answer the question "So, Mr. Expert-Computer-guy, how do you KNOW that this software did what you said it did?" It takes the wind out of an attorney's sails when you whip out the printed source code to md5sum and start walking him through it.
I've used the $90K forensic tools from the high-profile companies, and they work OK. Not great , though. EnCase, one of the more popular LE programs, has been plagued with bugs in the latest major version. Also, they're restricted to Windows and Mac analysis, so you're out of luck if you get a Linux machine. Oh, and don't even bother with tech support unless you're a true idiot who has failed to plug in his computer--one time, their IDE write-blocking interface was forcing drives into PIO mode (and taking 40 hours to copy a 10 GB hard drive!), and their phone tech suggesting that I try "www.hardforum.com" for technical advice. Talk about pure shit.
Most of the other insanely expensive tools that I've used have similar issues: limited platform support, buggy out the ass, and crappy tech support. The last isn't their fault so much, because most people using forensic tools are advanced enough that they won't be helped by any by the best--and the best technical/forensic people are expensive. But the bugs, oh god, the bugs!
There are a few tools that the USAF's OSI put into public domain usage that are handy, but really, you just need a linux machine with dd, ssh, netcat, and a custom kernel.
Wow. Mod parent for "cognitive dissonance". What abilities does Cisco's draft standard give to the Feds or cops that they don't already have, guy?
The Patriot, Patriot 2, and any other acts of the US or foreign governments that represent serious invasions of our privacy have nothing whatsoever to do with lawful intercept standards. If the government is sniffing you illegally or legally without good oversight, you're still getting fucked, anyway.
Remember Carnivore? That's actually a much, MUCH more invasive tool for lawful (or otherwise) intercept. A coherent standard, built into the router, would make Carnivore unnecessary and (probably) constitutionally impermissable as an over-broad surveillance tool.
Right now, if the FBI gets a warrant to sniff your Net traffic, they walk into your ISP's office with a warrant and plug their sniffer into a router. They'll probably use a filtering expression to just look at stuff heading to/from your IP address (as reported by the ISP), but maybe they won't. Maybe they'll capture raw traffic and parse it out later to get your packets, throwing out the rest.
For the ISP, this isn't really very fun. They have to give up control over their router to the Feds, because there isn't any developed protocol for describing lawful collection of data on a router. What if Special Agent Johnson doesn't know the Cisco 7600 series as well as he thinks? Whoops, there's some downtime for the ISP, and maybe a bill for a new router if something really gets fucked up.
And what if the tap has to stay in place for a while? Some wiretap orders persist for months. That means Agent Johnson will be hanging around and making you nervous at work for quite a while. He likes his coffee black with sugar, just so you know.
The new standard would allow an ISP or other company to look at a warrant, turn around to the router, and put the tap in place themselves. The FBI will ONLY see what they specify in the warrant, and the ISP gets to continue on serving up porn to the rest of us. No muss, no fuss, no incidental privacy violations.
I can't think of a single decent managed switch that doesn't come with a spanning port. This isn't any different in practice--it's just a system that allows for particular LE situations to be handled correctly. And for christs' sake, what's wrong with a lawful warrant? They even have those in fucking Canada and France, so why does "lawful intercept" immediately turn into "Evil American Facism"?
Did it ever occur to any of the bitchers and moaners here that when the FBI or the cops need to intercept network communications, they're working in the dark much of the time? They have a legal obligation to collect only what their warrant specifies, and nothing further. This is difficult, to say the least. Carnivore (and Magic Lantern, or whatever they call it now) is just a sniffer that is optimized for being VERY SELECTIVE about what it captures.
Why? Because if the FBI has a warrant for Guido Gambino's net traffic, but they accidently pick up some of Tony Gambino's traffic, too, stuff outside the warrant is tainted. Any good defense attorney could make the Feds look like monkeys on something like that. These guys are generally heavily incentivized to NOT violate your rights. This isn't absolute, but thanks to criminal defense lawyers, it's pretty fucking close.
The point of Cisco pushing this draft is to start a discussion about how to let LE get what it needs (and what YOU want it) to get when investigating crimes, but without accidentally violating the rights of anyone outside the scope of its efforts.
There are some people around here (not nearly everybody, but some) who really ought to grow up and realize that the Net isn't Stephen Levy's little MIT-hacker-paradise anymore. Real people, who sometimes commit very real crimes, use it, too. Do you think they all ought to get a free pass just because they're "cool" enough to use email?
For the record, you CAN get hardware acceleration under Linux with the built-in Trident chipset--it's not the normal trident.c driver in the kernel. Here's a link (no guarantees, it's Geocities):
http://www.geocities.com/jagasian/
I personally own five mini-itx systems, and I've purchased about another 20 for my firm. Up until this past month, we didn't have the space to install real rack servers, so I started buying Epia 800 boards and Cubid 2677R cases--they're tiny, low power, and not very noticable, and more than fast enough for a firewall, mail server, web server, what-have-you. And they look a lot sexier lying around the office.
We also use them for forensic work. Put an IDE controller in the PCI slot, and you can pack the entire machine, plus an LCD monitor, keyboard, and mouse, into a breifcase-sized Pelican case. Pack a few extra PCI cards (SCSI, FW, MFM/RLL controller) and you can access just about any hard drive ever made. Many's the time we've made our reputation by being on the scene in hours, fully prepared and able to do a drive acquisition, for a job that the competition needed two days to prepare for. Clients eat that shit up.
Basically, you haven't lived until you've had a really portable system with actual PCI slots. I have a laptop, but this is a whole 'nother ball game.
how will we separate the people who know from the people who THINK they know?
I use this all the time in testing the technical limits of clients, prospective co-workers, and random techie people. You start a casual conversation about some absurbly technical topic, and wait for the buzzwords/jargon to come out--then you tease them into a potential mis-step, and see whether they fall in it.
People who honestly don't know what you're talking about won't feel pressured into lying to cover it up (unless there's a LARGE ego at stake). But the poor schmuck who doesn't even realize his own cluelessness won't, and will expose himself for the tool that he is.
It's pretty obvious that Timothy hasn't got a fucking clue about the US legal system--this is a convenient "litmus test".
Sorry, should have said "people who don't EVEN know calculus", and probably should have said "geometry", too. YOu're right.
The essential claim of "unlimited spectrum" that this fool is waving around is really, just barely sensible enough to fool someone who hasn't studied information theory. Take any finite dimensional span, like a foot-long ruler. You have, in theory, an infinite number of possible subdivisions of that 12-inch length--you can have arbitrarily many divisions, if you make them all small enough.
In short:
YOU CAN'T TRANSMIT AN ARBITRARILY LARGE AMOUNT OF DATA/SECOND ON A FINITE AMOUNT OF BANDWIDTH. No matter how good your equipment, or how clever your signaling patterns, you will never be able to increase your data rate above the amount determined by Shannon's equations.
The flaw in Reed's reasoning is that we're talking about subdivisions of frequency, and the amount of data that can be transmitted in a given wavelength band has an absolute upper limit. It's Shannon's rule about bandwidth. So yes, Reed can go around giving everybody a gnat's ball hair width of radio frequency to push their data, but each riny segment will only be able to transmit a piddle of bits per second.
This is like people who don't know Calculus, but who think they've disproved Special Relativity with a thought experiment. Anybody who's sat through a class on it, or read a book, will laugh and laugh, while everybody who hasn't had the benefit of learning will probably be suckered.
There is no "hard-limited" maximum of 4 IDE drives per motherboard. Most boards have two IDE channels built in, and IDE will only support 2 devices per channel, so you get four devices from the board. However, you can buy many, many boards that have more than that, especially lately (Abit's AT7/IT7 models come to mind).
Most board manufacturers include only two IDE channels because that's how many are generally built into north-bridge chipsets. The Abit boards mentioned above use an additional Promise HPT374 chip to provide FOUR extra IDE channels, for a total of TWELVE IDE devices, altogether.
If you want more IDE devices than your board supports natively, you can just buy PCI cards that have more IDE channels. Promise, SIIG, and Highpoint all make really cheap cards that have an extra two channels, or four more devices.
SCSI limitations are similar. You only get 15 devices PER BUS, but you can add as many devices into your system as you have PCI slots and IRQs for. You can buy an Adaptec 29160 card (dual busses) and plug 30 hard drives into it. Buy four of them, and can have more than 100 drives.
Right, thanks. I read the quote in the article ABOUT Schneier.
Okay, I'll bite. I did make a disparaging comment about an entire line of software products, so I'll do what I can to back it up. I stand by my assertion that recovery of wiped data is snake oil, and here's why.
e ed ings/sec96/gutmann.html
The most often cited source of opinions on MFM-related data recovery techniques is a paper from 1996 entitled "Secure Deletion of Data from Magnetic and Solid-State Memory", by Peter Gutmann. It's pretty readable if you have a good grounding in physics and hard drive operation, so I'd recommend checking it out:
http://www.usenix.org/publications/library/proc
Notice, though, that Gutmann isn't the actual first-person researcher. His paper is a compilation of data gleaned from other sources. I spent six weeks tracking down (among other things) his bibliography, and found out that MFM techniques had been used in laboratory tests to recover overwritten data, in the early 1990s. These tests were not field-usable. It amounted to "write a regular pattern on the disk, overwrite it with another regular pattern, and look for evidence of the first pattern." Furthermore, these papers all referred to disks which had been manufactured about 10 years ago.
I'll bet that someone HAS used this to a practical effect, somewhere, but just try finding out who, where, and (most importantly) how. There are no commercial vendors of this kind of technology--just try calling up OnTrack, or any of their competitors, and you'll hear the same thing. Desperate people in lawsuits and other dire straits have thrown millions of dollars down this hole (and that's just in the last few years, that I'm aware of), and gotten nothing for it.
To hear Gutmann describe it, though, any halfway competent lab technician could make this process work. Where are the papers describing those operations, done on actual post-1993 hard drives, describing their methodologies?
I personally watched a not-so-reputable data recovery firm tell a judge and some attorneys that they could recover single-pass deleted data if they had $750,000 in R&D and six months. They came up empty handed.
This kind of data recovery is PIXIE DUST. It's an urban legend of the tech industry, one that everybody knows is true but nobody can ever prove.
Can I prove to you that some spook lab buried ten miles beneath Ft. Meade, MD hasn't done this, and isn't buying computers thrown out by French businesses and reading every old secret? No, I can't, I don't work for the government and don't plan to start. But last I checked, it wasn't considered good logic to require absolute proof of a negation, when no proof has been shown of the posited statement.
So, sure. You can MAYBE read data from pre-1993 hard drives, and maybe in 10 years the examination technology will have advanced enough to read today's drives (if hard drive technology stands perfectly still, eh?). The only people who need protection, then, are folks whose adversaries are incredibly wealthy AND willing to spend gobs of money on getting to them, and who would still be harmed if their ten-year old data is read.
This does not include businesses--who cares what your business plan was ten years ago? This does not include common criminals--the government won't spend millions of dollars just to recover one piece of evidence. This certainly does not include you and I.
This include ONE type of entity: sovereign governments. Are you selling your disk wiping utilities to governments, or to businesses and consumers?
Here, here. Now I know how all the real sysadmins, network engineers, and programmers feel when they read Slashdot.
Um, have you ever heard of "contempt of court"? I'm not sure about other places, but in the US, the first thing that will happen when the cops see encrypted files is that the judge will order you to turn over your keys. If you fail to comply, or even if you "forget" them conveniently, the judge will most likely throw your ass in jail until you "remember" the passphrase. Now, if you turn over the keys in the beginning like a good boy, you MIGHT go to jail, if your lawyer isn't up to it. If you don't turn them over, you WILL go to jail, RIGHT NOW, and you will stay there until you change your mind.
And if you persist until after the trial is over, count on an obstruction of justice charge. I've seen people go away for five years for that.
So, tell me again, how does encrption protect you, again?
Oh, and how about Nicky Scarfo, the bookie in Jersey? He used PGP, and so the FBI installed a keystroke logger that grabbed his passphrase.
Wasn't it Bruce Schneier who said recently that ordinary people using strong crypto is like using an armored car to transport a message from a man sleeping on a park bench to a man living in a cardboard box?
Call this off-topic if you must, but I've seen gazillions of posts in this and many other threads about forensics and data recovery that are terribly misinformed about the realities of the field. Here's the two cents of a real, live forensic examiner:
/dev/hdX in vi, and starts paging through 5 GB or hex? Oh, god, no--that would take years. Making the bitstream image is the easy part, and your choices are virtually unlimited. For the actual analysis (what does it MEAN), you need something that can examine an allocation table, interpret the results, and display the contents in an easy-to-understand format. You need software that can quickly search across a drive for a particular keyword, regular expression, or file signature. You need something that can analyze data for randomness in order to re-assemble images that have been chunked out across virtual memory. Linux does NOT have basic utilities for all of this, and neither does Windows.
First, it is NOT realistically possible to recover data that has been overwritten ONE time. Yes, yes--I've read all the white papers on magnetic force microscopy (MFM) and I understand that a theory exists about recovery of overwritten data. In practice, nobody actually does it. Maybe one time, six years ago, some dude at NASA or MIT actually made this work conditions on an older disk with a lower bit density, but anyone telling you that old patterns can be read in the real world is full of shit. And yes, it's been tried. Millions have been spent on this, and nobody can do it. Anybody selling you software that claims under laboratory to be "more secure" because it overwrites more than once is being silly. It's not even paranoia, just lacking a clue.
That's why forensic examiners don't need to have the original media. In fact, one of the big tenets of the job is to never, ever, ever perform analysis on the originals. You make a bitstream copy of the perp's (excuse me, "client's") disk, and you work with that.
Oh, and electron microscopes have nothing to do with this theorized recovery process. MFM is a related but very different technology.
Second, Linux versus Windows versus LogicCube versus ImageMasster (another brand) is utterly beside the point. Forensic shops use what they find to be cost effective, fast, and convenient. The dd command is great, and all, and many examiners use it on Linux platforms for their disk imaging needs, but it's not an analytical tool.
Let me put it this way: do you actually think that a forensic examiner sits down, opens
Last, a good forensic examiner is less constrained by his/her knowledge of computers than by his/her investigative skills. I know more about operating systems, file allocation, and troubleshooting than any of the 30-50 year old former cops/feds/spooks that I work with, but they're capable of far more effective work than I am. Why? Because once you have a few basic computer operations taken care of, the work has as much to do with computers as Computer Science does.
The folks that put the child pornographers, embezzlers, script kiddies, and the rest of the computer criminals in jail generally know much, much less than you about computers, Slashdotters. They also don't give a rat's ass about Linux, Windows, Bill Gates, RMS, or any of it.
I'm not a professional progammer, and I'm not even a good programmer. I don't think I've ever written more than two or three programs that actually intended to achieve some practical goal. Mostly, I like to play around with mathematical puzzles and number games.
The bulk of the programs I've written and studied are learning tools. Page through a CS textbook or something similar, and it becomes painfully obvious that programs often serve no function other than to explicate a general algorithm or concept. To that end, source code makes up an essential part of academic and scientific expression. It would take pages to adequetely explain sorting algorithms to a reader in plain English, while a few blocks of code do it better and faster. Plus, code can demonstrate concepts that regular language just doesn't seem to be equipped to handle.
At that point, the question really becomes an issue of whether the academic discussion of copyright-dodging technique merits protection--because without the source code, that discussion is crippled. And regardless of what the DCMA says, the US Constitution does protect such speech. If we're free to post articles on making bombs, defrauding credit card companies, or similarly illegal and dangerous activities, we are most certainly free to take on copyright infringement. Use is another matter, entirely, of course.
Any individual or group interest, from Joe /. to the MPAA, will seek to minimize the costs and maximize the benefits that government may grant to it. Every January, I spend hours thinking up tax deductible items that will save me a few bucks to Uncle Sam. And every time a new technology appears, the "landed interests" of intellectual property will spend millions of space-bucks on lawyers to preserve their profit margin. The important thing is that the rest of us (in spirit, mostly) keep an eye out for those who would push it too far.
The article was a little sketchy on the specifics of JumpTV's business model, but it seems to center on the idea of "TV on demand". Whether you watch broadcast, cable, or satellite, you're stuck with the fact that you can only watch a particular program if you sit down and view it at the particular time it's shown. If JumpTV has the show available, though, it seems that you would be able to watch it anytime you want.
Of course, there's always the VCR--but that means buying tapes, programming the VCR, storing tapes, and remembering where you put last week's Law & Order. Not exactly "point 'n' click". TiVo and its clones make the process MUCH, much easier (my rich friends just bought one), but they cost an arm and a leg.
Being as I'm on a shared T3, a service like JumpTV makes perfect sense to me. The storage and playback hardware are all maintained by someone else, and (assuming they have the content I want) accessibility is pretty easy. We save a bundle by sharing hardware costs, and get the same effect as long as the Net doesn't crash, or something.
'Props for good science!
Actually, it's quite a bit easier than you would lead us to believe. Being as this is a mine site (man-made), it's likely that there are a small number of entrances, possibly even a single entrance, and that all ventilation access is known. Therefore, it's a simple construction job to make it airtight.
As far as size goes, you're not quite correct. Strictly speaking, any additional amount of air forced into a closed space will raise the pressure, and thereby store energy in the difference in pressures between the inside space and the outside (the atmosphere). Even if it's a gallon-jug of nitrogen at 14 PSI (sea-level atmospheric pressure), energy will be stored. Remember, a smaller pressure differential will produce as much energy as a larger differential if the volume of the enclosed space is larger. Basically, it will take longer for the pressure to equalize when you "uncork" the mine, and therefore you will drive the receiving mechanism for a longer period of time. Energy = Force * TIME.
As to strength, I seriously doubt that the pressure differential created will threaten the integrity of the mine. Rock is REALLY STRONG, especially below ground, in an unweathered and contiguous state. You couldn't stick Lake Meade on top of it, but I'm sure a few residential subdivisions wouldn't be a problem.
The kind of calculus employed by the music and software industries to obtain an estimated loss to pirates, I think, strikes everybody (on one level or another) as the absurdity that it truly is. We all understand that something is wrong with those numbers--millions per day in ringtones? Right, and I have a bridge in Brooklyn to sell you...
I would assume that they aim to either drum up business for an anti-piracy product line (as in this case), or to garner public support based on the sheer scale of the quoted losses. But when the public senses that the numbers don't correspond to reality, we see them as simply liars. With a scarlet letter like that, it's no wonder anti-piracy initiatives work like old people screw.
Now that I think about it, this particular firm might gain from that effect--more people pirating music or software out of pure spite is an additional loss to the industry, which increases demand for anti-piracy products! Or maybe I'm just paranoid.
Economics tell us that the losses attributable to any kind of piracy, be it software, MP3, or ring-tone, cannot be boiled down to a simple "X illegal copies in existence times Y cost per retail copy equals Z space-bucks lost".
In the real world, people will tend to use something more if the cost is lower. Free ring tones mean that the fad is quite popular. Start charging (and enforcing, if you could) $100/tone fees, though, and next to nobody will use them--it's just not worthwhile. Microsoft and the RIAA's constituents WOULD make more money if nobody ever pirated anything, but the true amount lies somewhere between 0 and the XY=Z figure mentioned above.
Really, I think, the incredible numbers quoted by Coppin amount to little more than a publicity stunt--and guess what? IT WORKED.
Does anyone else ever wonder if some of these people are evidence that humanity had progressed to the point where the gene pool is becoming weakened by the lack of Darwinian selection in modern society?
If you get to Hardocp.com they should have a few links to case-modding pages and other relavant info.
Anyway, as a guy who appreciates even case-hacking, I hope you go with something cool. There's nothing quite like having a unique-looking box to show off.