Stop that! Just the thought that JU-T might ever read our precious slashdot and use it as a source for future works of fiction is going to lose me some sleep tonight.:-)
I'm going to chant over and over again, the moderator didn't read the article, and didn't understand who double-plus-ungoed is, and why all the higher moderated posts in this thread are all about the Times, JU-T, and...
I suppose if Taco and Hemos had posted this under a humour heading we would understand we should all laugh at it. But they are just re-posting drivel in the hopes of getting their failing andover stock to go up in price:-)
The article is by one of the most ridiculed "journalists" in Britian, which puts him out in front of a large pile of pathetic scandal-mongers. JU-T has been pointed out to the/. community several times before as a creator of the worst lies about computing we have seen. His job is to create shocking headlines to try and sell a few more papers in an overcrowded market. His dishonoured name makes a regular appearance on www.ntk.net, I would suggest you go on over there and do a search on double-plus-ungoed.
Some of the "stories" which only he has uncovered lately include one whereby his "highly placed source at the FBI" confirms that drug lords all over the world are hiring thousands of programmers to write software drugs, and then they can download them to cyber-junkies and make trillions of $$$ untraceably over the evil internet. Another story regurgatated the claim by a far right wing US research group that 70% of all material on the internet was hard-core pr0n.
The reason you don't see any other newspaper cover these stories or run more truthful versions is that these articles are completely works of fiction, and even the other scandalsheets in Britian won't stoop low enough to answer the Times garbage.
This story first broke last summer, when some kids tried to extort money from VISA. They were stupid, they even made the phone call from their home phone. Scotland Yard closed that case out without blinking. Now the Times pulls it up along with a few hints of other cases, but offers no facts or details, to prove to their readership the internet is a big evil thing which needs strong government regulation.
I can see there are a few other/.ers laying this one open as well. Its amusing how most/.ers are blaming VISA security, when the real story is in tearing apart this piece of "journalism" as the fiction it is.
I have a whole list of objections to this system, as well as several other proposed recently. This is certainly going to be a long thread on comp.risks, where a more reasoned discussion will take place than on/. Technology is now regularly being used to monitor your every action, and there is less and less you can do about it. By your argument everyone who doesn't like it can stay locked in their homes, and never come outside. That is wrong, I shouldn't have to stay locked inside my home just to have a little privacy or to avoid being treated like a criminal.
This system will make use of a GPS/CDROM unit similar to the ones currently on the market. I've got one of those, and it is not all that accurate or reliable. It quite often forgets where the car was parked last time it was powered down, so for the first 5-20 minutes it tries to figure out where the car is. And any type of reflections in a city render it unusable, as well as driving in hilly country.
The GPS system is an ex american military system, and although the US has turned most control over to a civilian agency, it can still be overridden by the US military at any time. The system regularly has problems, outages, position shifts and other glitches, which is why no commercial airline is allowed to use it except as a backup secondary navigation unit. I can't see other governments allowing their citizens to be so heavily influenced in daily affairs by a system still controlled by the US military.
The CDROMs containing the map database (which can easily have speed limits added for each segment of road) are often quite out of date. My system has a CD only 6 months old, but it is still missing 10% of the main roads in place for years. The system has a nervous breakdown whenever I take a new freeway section through a forest.
So what happens when a local council changes the speed limit on a local stretch of road (perhaps up, since repaving or straightening), and nobody can drive the new speed limit? Same question, but what if a speed limit is lowered in a dangerous area, but millions of cars are still allowed to drive faster? With this system in place, many drivers will go as fast as the system will let them, and pay less attention to the posted limits.
What happens when some drivers have one limit in their databases, and other drivers have another?
What happens when the unit mistakes which road you are on (say a parallel frontage road with a much slower speed limit), and force you down suddenly to 25 MPH in a normal 65 MPH area? What happens if this happens to 20% of the drivers in an area?
What happens during a GPS satellite outage? What is the default behaviour during LoS?
Will the system be able to compensate for rain/snow/broken water main conditions? Or will drivers start driving whatever the maximum is, despite the weather dictating a slower speed?
What happens to court cases, when someone has a perfectly functioning unit and still gets a ticket? How will this affect law enforcement credibility when people can use the existence of the system as a viable defence?
For those who are tracking how our liberties are being threatened by new technologies, there has been a parallel threat from cell phone companies. I have seen cell techs watch their debug screens and show me drivers who are speeding on the autoroutes, it is just a function of predicting how often to hand off a phone from one cell to another. Recently a cell phone company in the US has put together a package (they want to make more $$$) to sell to state police forces. It will track cell phones moving too rapidly from one cell site to another, and provide position info as well as subscriber info to a waiting police cruiser. Hey, instant tickets. Don't like it, dont own a phone.
I can predict this system will not be mandatory at first, but will be offered as an option with a reduction in insurance rates. The first adopters will be the old biddies who never get near a speed limit, and want to save some money. Next will be the families, followed by young people desperate to save some money. After 50% of the cars on the road have the system, expect the laws to change to require it on all vehicles within a few years. That also gives the system a while to be debugged, and for the initial panic to die down. But I expect a few hundred extra deaths due to this system before they get the kinks worked out, mostly due to large speed mis-matches.
And eToys are getting help from upstream, but probably not the kind they want.
The DoS attacks against eToys coming from.ru and many EU countries are causing problems on the trans-atlantic links. Since the traffic patterns contained every type of DoS, it was decided just to drop almost all traffic going to the eToys/27 subnet. The decision was made that eToys was in the wrong, and they clearly were targeting only the US market, so blocking them from Europe would not hurt their revenue.
Not all of the carriers on the European end of things have blocked traffic, but 80% of traffic, including HTTP, is going into a BGP4 black hole before it clogs the networks. With a little work I can get to eToys, but they are effectively shut out of Europe for now, and will stay that way until the end of the law suit against etoy.
I also can tell there are some tier 1 carriers in the US blocking traffic to eToys, so this DoS is having a wider effect than just a few ping floods and TFN. It is not just the 2% loss of business now, but a potential 50% or more. eToys actions in court are having an effect on ISPs, so ISPs consider their actions to be a type of attack on the internet, and are blocking their users from the evil eToys.
/.ers should remember to also write a letter to NSI, complaining about how the loss of etoy.com is hurting you personally, and how eToys are the new interloper causing havoc on the internet.
Since you are working on your thesis, I suppose you are already quite familiar with cryptography. The other slashdotters recommending Schneier's book is falling short of your question.
First thought, but not a true stream cipher:
One possible suggestion would be a winnowing and chaffing system. The drawback is that you need a huge channel to pass the w/c information. The w/c channel would need to be magnitudes larger than the original stream.
Second thought, also not a true stream cipher
There is a suggestion for a hybrid w/c system using pre-calculated hashes with an incrementing serial number, and sending the correct hash for that bit.
The hashes can be quite short, it depends on the length of the key and the serial number, and the entropy of your algorithm. Both sides can pre-calculate the hashes for many bits ahead, so the actual latency can be quite short.
This keeps your bandwidth low, but processing power is enormous.
Third thought, look to new hybrids
There has been other work done in creating streaming ciphers with a self-shrinking generator coupled with a large starting key. The starting key would use standard PKI, and a secure channel to exchange the keys. The certificate would not be time-based, but bit-based. The keys would have to be re-negotiated before the permutation engine has the chance to roll over. This keeps the entropy of your encrypted stream low to foil cryptanalysis.
I like this idea best, because the whole PKI/IKE/DH system is becoming well known, and only minor changes to the certificate data would be needed to move from time limits to data limits. Now somebody has to cobble together a working system using OSS code, and we're set:-)
Good luck with your thesis. I think you've thrown this question right over the heads of most slashdotters, but you might find a good lead or two here.
The telephone company pre-paid cash cards contain a unique 80 bit ID number. The first 46 bits are a manufacturer code and lot number. The remaining bits are programable when the chip is finally tested after being assembled on the card. Then the programming fuse is blown and the card can only be used to count down remaining units. This allows police to track all usage of the card, so if it was used to make any other calls, they have a lead.
[obSecurity sideline: most cash card chips can be reprogrammed after use, and there is a *HUGE* black market all over europe for re-programmed cards. The telcos are now all gearing up to prosecute those who use them ]
The GSM cards contain the normal GSM identifying codes, and most countries require the selling store to check the ID of the buyer. In France and England the stores must record your details for the security forces, and you have to prove you have a legal residence. Germany is the opposite, requiring no data be collected on the buyers. Sweden sounds the same.
The GSM cards can be traced to the selling store, its a requirement built into the entire GSM distributuion system. This is to guarantee security for the telcos so someone can track stolen/hijacked/cloned cards. The GSM handset also contains the IMEI number, which is sent along with the chip ID for every call setup (and is tracked from cell to cell whether you are making calls or not).
You would be surprised how easily it is for law enforcement to track down crimes and terrorist threats made over the GSM network. The french anti-terrorist squad arrested a few dozen corsican terrorists earlier this year using cell site records containing channel, power, IMEI #, time, handoffs, not the billing info.
I am glad the Royal Family has the common sense to employ someone competent enough to choose linux for their website. I understand your work is more facing the public than managing their PCs. I hope you also have some influence on how they perceive the internet, with any luck Buckingham palace has a dedicated 24x7 leased line, and not a dial in to freeserve:-)
Many decisions today by our aging leadership are being made without a great deal of understanding of the scope or actual uses of the internet. Many children can explain how the internet works and what it is good for better than their parents. It causes the techno-savy crowd to complain when old fashioned laws are mis-applied to modern problems. Tony Blair just had his first contact with the web the other day.
Now that the royal family has had good access to the internet for a while, what do you feel is the competency level of the royal family, as regards to understanding the internet and its capabilities?
I hope that is not too sensitive a question, otherwise I will have to fall back on my second choice about load balancing, spanning multiple ISP connections with BGP4, and caching:-)
This has been discussed on slashdot before, and the story has been kicking around for a while. Sounds like some IBM PR flack decided it was a slow day and re-ran an announcement.
Combine these flex screens with flexible keyboards, and some flexible batteries, and wearable computers become possible. I could have a leather and flex-screen jacket connected to my leg computer via my PAN (Person Area Network), then put on the screen whatever interests me today {pr0n, motorcycles, requests for a date and my IP address, the latest SW video}
Then I could sell some scrollable advertising space available to eyeballs everywhere as I walk around town. I could have a small radio/GSM link to an internet server picking up bids on the advertising rates:-)
The days of Johnny Mnemonic are slowly coming true, and slashdot is the chronicler of the era.
As a disclaimer, I have worked with PWC as a partner on some large projects (and CL before the longestnameinaccountingmerger). Your comments are spot on, and offer an insight into what is wrong with many large companies trying to do it all.
PWCs chief negotiators walked out of a 600 million euro project because the client had a safety critical system and NT was on the blacklist. PWC was asked to send their best and brightest, but they just didn't understand why NT wasn't god's gift to safety. They toed the PWC company line, said that only NT could deliver 100% uptime with some type of mirroring, and tried to downplay HP-UX, AIX, Solaris, and MVS, since they could only claim 99.995% availability. That kind of shit doesn't play to a savvy customer, and they lost the whole deal (staffing, engineering, documentation, training, project management, procurement, auditing, ad infinitum). My client got the network and telecomms bit, so I'm happy.
PWC is a traditional accounting and auditing firm, but growth in that area is limited. They are trying to expand into managing huge telecoms and IT projects as well, assuming it is all the same game. But PWC doesn't have the expertise to slap some sense into the boardroom members. So they think they are cutting edge because they have a nice deal with MICROS~1, BillG told them all other technologies are obsolete and not to ever put them into a bid. Corporate herd mentality, kills every time.
Back to the original "ask slashdot" question.
What a client is looking for, when they purchase some commercial software, is that the supplier will have a small number of people available to respond to their questions in a timely manner. This is between 5 and 20 people at the absolute maximum. There will be a frontline customer service person always answering the phones, 24/24x365. Backing them up is an account rep whose bonus comes from keeping the client happy and renewing the maintenance agreement. Internally there is 1 or 2 technical support with intense knowledge of the product and the systems it runs on, and systems it connects to or deals with. Optionally, there is one person who knows what the product does from a business perspective. Finally, if there is a big enough problem, there is one engineer who wrote part of the code and can be interrogated for tiny details or forced to fix a bug or add a feature.
That is it. Get a handful of technically competent people together on staff, and you can support any free/OSS project. You need to have the helpline person available (4 or 5 fulltime staff or 2 and pagers). There has to be an account rep to keep the PHBs happy.
Then you need 3 to 5 programmers or systems people. With OSS, everyone will have access to the source code, so fixes can be implemented to the client's whim. If a problem crops up, have one of your programmers get on usenet or IRC or buy a linuxcare contract. Chances are they can research the problem and have an answer within 24 hours.
Compare that model to where you do not have a commercial software provider under a contract to provide you with near instant fixes. At best you can hope for is to get through the often clogged helplines, and then get told your fix will be in the next service pack in a few months.
Have you ever tried to negotiate with MICROS~1 for a 24 hour guaranteed response for a critical installation of NT boxen? I have, and when we mentioned that price was no object and we wanted access to the source code or the original programmers, the droids stared at us blankly. They didn't get it. The big client wanted some custom changes guaranteed, and an iron clad contract with penalty clauses for the supplier if they couldn't provide certain functionality. MICROS~1 only dictates, and they NEVER sign a contract with a guarantee for fixes. Sun got the contract.
What PWC can do...
If PWC were to create a linux or OSS or nearly-free OS (*BSD) support group internally, they could save a fortune on support costs. PWC bids on big projects, and passes on the support costs from the suppliers (M$, Sun, IBM, CA, SAP) to the client, without being able to take a cut for themselves. If PWC is the prime contractor, they face the liability for support, and for business losses of their clients if they can't provide a functioning project. If one of their suppliers, MICROS~1 for example, decides not to fix some problem for another 1.5 years, PWC is liable for all the clients losses, and for all their size there is nothing they can do to force M$ to fix something. M$ is never under a contract to fix or guarantee their soft. With an internal OSS support group, PWC themselves can generate a response to a client almost immediately, and keep the support costs for themselves.
You just have to pass it off as a business case, and hope they take notice. Up till recently, they haven't. So do yourself a favor and find an employer who has an OSS support group and bids linux into big projects. KPMG and Anderson both support OSS at this point, and the profit is all theirs. Do the math, a 10 box server installation typically gets a US$30,000/year support contract, and a 15 person team of linux hacks can support 2000-2500 boxes.
Do you think Shamrock really has worse spelling and grammar than Hemos, or did he Hemosize his article to get Hemos to post it?
So, the guy hacks MTV, pulls one over on them, and now is trying to explain himself to the hacking community. Something is fishy.
Shamrock and his coworkers need to get together and present every fact of their side of the story. Dates, places, names of MTV flacks, what got said, what got rejected. If they do that, then I will have more confidence this was a real media hack, and not some snotty wannabe script-kiddie who pulled a fast one and found himself in shit.
But given the shallowness of MTV, it is not surprising some illiterate kid could take them for a ride. Didn't see the show myself, but from descriptions here on/. it sounded exactly like entertainment, not a documentary. When was the last time someone turned to MTV for their journalistic capabilities?
I expect a lot of "told you so" here on/. but the server isn't serving up the other replies for the moment. The best thing slashdotters could do is ignore this, or at least name and shame MTV.
The market for wide screen and digital TVs will be huge. The manufacturing industry are looking at how computers become obsolete after 6 months and need to be regularly replaced by consumers. Converting to digital is like intel coming out with a faster processor and a radical new PC design. There is a ton of money to be made getting all consumers to switch from analog to digital TV broadcasts, and as long as they are buying you have to show them something new, so widescreen is there to impress even the most stupid TV watcher.
Companies in the U.S. know they can make a ton of $$$$$ by switching, but they want even more. Not only do they want the money from the consumer, they want the ability to lock in customers by controlling cable companies, grabbing precious RF bands, snagging satellite slots.
Every major player in the U.S. is refusing to make an investment in wide screen TVs until the FCC rolls over like a good little whore and gives them what they want. And the FCC under the greedy clinton administration is doing just that. There have already been many stories about cable monopolies on slashdot, there are tons of other stories about bandwidth allocation manipulation, exclusive deals, unholy alliances. Slashdot only covers the stories that directly impact internet access to their little toy home PCs (only slight flamebait there).
In a few years the U.S. will be almost 50% digital broadcasts, and widescreen TVs will be the only model available on the market. The sad fact is there will still be competing broadcast standards which make the NTSC/PAL/SECAM fight seem silly. I have read there are at least 12 different competing wide screen digital systems approved by the FCC in the US, and 2 different broadcast specs. Until there is a shakeout like the beta/VHS market went through, consumers will stay away from the digital stuff. But I expect that to happen with a few years.
Almost everyone I know here in Europe has widescreen TVs, they are not that much more expensive that the old ones, and there are now thousands of widescreen DVD titles available. Plus they still can watch the old-style analog broadcasts as well.
I was going to list all the crypto books on my bookshelf, but some self-styled cypherpunk has borrowed Schneier's Applied Crypto and Menezes' disjointed Handbook of Applied Crypto.
One good book for working your way up from easy intro to much tougher advanced material is William Stalling's Cryptography and Network Security. It also has a great reference section for finding other texts. The book is used in a lot of university intro to crypto courses.
For math, try Concrete Mathematics: A Foundation for Computer Science, by Donald Knuth, Oren Patashnik, and Ronald Graham.
Doug Stinson Cryptography: Theory and Practice (Discrete Mathematics and Its Applications), is also good.
There are a lot of very advanced technical papers available on the web. This stuff will make your head hurt if you don't already have a decent background to draw on. Search the web for postings of the Crypto consortiums, look especially for Proceedings, Crypto '9x, EuroCrypt 9x, AsiaCrypt, IEEE Transactions on Information Theory, Communications of the ACM, and Cryptobytes, or try the legendary names in your favorite search engine.
When passport was first announced more than a year ago looking for early implementers, the serious hackers targetted it with an intensity unseen in recent years. Imagine a service with all the quality of a M$ product, the track record of M$ for lax security, holding thousands or millions of credit card numbers.
This is an infocriminals dream, because just one copy of this database could be exploited for billions of $$$ of bogus charges. There are organized crime groups around the world already set up to rip off the credit card companies with thousands of electronic scams. All they need is a valid credit card number, expiration date, and the holders name.
So when the hotmail hack was discovered, it was by a group probing every aspect of the passport service, and all the connections MICROS~1.OFT was making into other web sites.
Now there are hundreds of sites with an end point leading into passport. What do you want to bet that one of them has some other security problems because they run IIS, and some crackers will be able to get thru the encrypted tunnel back into the passport service. Not likely they will get more than a handful of CC numbers before the hole gets closed. Crackers tend to be immature kiddies looking for some attention, so they will blab about their exploits. The serious infocriminals will milk any hole for all it is worth, and not make any announcements to HNN or attrition.
Microsloth's only publicly acknowledged security aspect of passport is they are going to seed the database with 'tripwire' records, which will trigger anti-fraud measures when someone tries to use them with the CC companies (oh, and they use encryption).
There are rumours it will be built into the desktop of millenium, so it will always be a click away, with annoying warnings to those lusers who are not using it. I doubt this service will become widespread, since it is bound to get abused at some point. Public confidence will go down when the press has a field day when the system is cracked once, even if it doesn't lead to the loss of any CC records.
Since I'm stuck on a win machine, I went to look. Both on 95 and NT.
In the network control panel, select the card driver, then properties. Go to the advanced tab, in properties there should be a Network Address. Change it from Not Present to Value, and enter a valid 12 character string, with no colons or dots or spaces.
I think you have to reboot after that. I know this is becoming wider spread because home users on cable systems find they are tied to their original MAC address, and when they swap machines the internet stops working:-) There are lots of how-to for dummies cheat sheets going around for cable subscribers.
I've read the RFCs, and there was no outrage on my part. I've sniffed v6 packets off of ethernet and from frame relay and ATM, with nothing triggering any moral alarms.
The field can be anything, it exists so that a bunch of machines plugged into a hub without a router can route packets to each other. It is also there so a router can make some fast decisions about what needs routing, and what is local.
The EUI field can also contain IPv4 addresses, Novell IPX addresses, OSI NSAP, etc. So anything can be put there, and as long as the u/l bit is switched to local, nobody cares. It is the local router who has to decide how to deal with incoming packets.
the AC
read RFCs 2460 to 2473, and especially 2373. Worry less, read more.
And I'm one of the biggest privacy freaks you will ever come across.
Read the spec, and understand what that part of the IPv6 address is for. Then you will realise it is not a big bad privacy violation.
The MAC address section of IPv6 is used mostly for locally addressable destinations. It makes an easier job for routers to figure out whether to route the packet.
It is stripped off (or obfuscated) by a router when sending packets out into the big bad internet. Of course, your implementation of a routing process may vary, but other routers would strip it out as meaningless (i.e. the first cisco router).
the AC
And besides, YOU don't have any privacy, get over it!:-) (the rest of us are still fighting, but mostly the good fights)
But the server is already starting to get slashdotted.
Check out the fragments of code flying around in the background. Kernel source? Crypto code?
Now, if only Hemos would fix the post to read correctly. The video is of Jon 'Maddog' Hall, for those who haven't seen him speak (bouncing and handwaving included)
Pretty much everything related to space and orbital mechanics is done in the metric system. Especially when working with any international project.
Time for the U.S. congress to outlaw using any non-american system, and to limit the export of any strong measurement system.:-)
Really, it will be interesting to see who finally gets the blame, other than the obvious hand waving and blame sharing. Final result will be a big report with no one team to blame, just a recommendation to increase the funding of the review process.
Yeah, my traceroute to slashdot last night went through australia. But it was late, and I didn't bother saving the trace. Just another artifact of the internet:-)
When you are aware of the econonmic backlash from cutting through a fat pipe, adrenaline is the first thing that hits:-) Then you start worrying about your new career "would you like fries with that?". Then you leap up and go tearing around the building looking for the laser splicer kit.
Laser splicers are expensive, so they are kept in a locked cabinet. Fire axes are your friend, and handles come right off with the first few blows. Then a quick rush back to the site of the break. It was in the ingress vault, carrying a few dozen fibre cables to the head end equipment, so there isn't a lot of room to manoeuvre, and the closest electrical outlet is 2 extension cords away. Breaks never happen anyplace nice, like in a well lighted place with a table nearby. Breaks are always at the bottom of a sewage ditch, or in a crawlspace or under the ocean. Murphy has a law about this.
Time lost, about 7 minutes until repairs started. Time to repair is about 12 minutes, if you are good. 20 if your hands are shaking and the sweat is pouring off your brow.
The fat pipes, an OC-12 in this case, are actually very small mono-mode fibre optic threads, less than a millimetre in diameter. They are inside a thin plastic sheath, wrapped in some other protective materials, but those protective materials are stripped back inside of the vaults, so eejits can drop some heavy equipment on them, and slice them right through without any resistance at all.
To re-splice a fibre requires that the protective sheath be stripped back a few inches on either side of the break, then the fibre has to be cleaned with alcohol and other contaminant free cleaners so there are no impurities sitting on the outside of the fibre.
Then you have to put the ends into a cleaver, which looks like an old film splicer or a paper shear. The fibre has to have a nice clean break on the end, so the ends can be butted against each other before fusing with almost no loss of signal. Most backhoe induced breaks shear the fibre at a long angle, so you lose an inch or so. That is why there are always loops of extra fibre every so often, for slack.
Then you put the two ends into the fusion unit, which hold the ends together. Then you hit the button, and a powerful laser melts the ends slightly so they flow together, then cool into a new, not quite perfect optical path.
Then you have to re-cover the exposed fibre carefully with a new sheath, then wrap the splice with some more protective tape, and THEN you can wrap the whole area in duct (gaffers) tape:-)
Then comes the paperwork to document the splice, the new losses introduced, the higher BER, etc.
And if you are lucky, nobody noticed the break since it was late on a saturday evening and only AOLers were affected for about 20 minutes. I love routers and backup routes.
the AC
[the names, places, dates have all been written in the third person so as to not identify the guilty party or service provider affected. No packets were hurt during the writing of this post. Stunt doubles were used for the dangerous cabinet opening scene:-]
Imagine if this gets into a courtroom somewhere in Europe. Here is a little company, with maybe 12 million euros worth of funding to hire some lawyers. They decide to tackle some small e-something site first, but Amadeus (AirFrance version of Sabre) takes note and decides to help out. It is in the best interest of Amadeus, and some other big companies doing e-commerce to swat this first suit down FAST.
So this little.no company will find itself fighting a huge court case, as well as defending against the counter-lawsuits. I doubt they will be able to win against something like that. Don't worry about this, its just the.no patent office being stupid, and a small company trying to get rich.
I noticed that too. Maybe its time to start moderating RobLimo:-) If he posts too many poorly translated or inflamatory stories, his karma drops and he can no longer post new stories.:-)
There is nothing in this article about damaging equipment, just in the poorly translated header from First Person. (can someone say FlameBait?)
Inside the article there is the word "brouiller", which means to interfere or scramble. There is nothing about damage, either to the airPorts or military.
What the article does talk about is the new concept of licensing mobile radio systems. The french have a hard enough time with basic CB radio licensing (the CBers have been fighting to keep their rights for years), and the frequencies used by analog and digital mobile phones took years to wrest away from the goverment by France Telecom, even though they were the state run phone company. Apple doesn't have a lot of clout to force a major change.
Every radio transmitter in France has to have a license, and the administration only allows fixed site installations. With the airPort, every owner of an iMac has to get permission for every place they take their airPort. The basic concept of frequency allocation in France gives the governement (read, the military) the rights to any band not specifically licensed to other uses.
As the article says, if the iMac is going to be very popular, and if every citizen asks to licence their 2.4 GHz airPorts, the ART will get overwhelmed by the requests. The French government hasn't the brains to realize it would be simpler to grant a license to the airPorts and make it legal, since that would lose them some control.
And the French Gendarmerie has a section of the 2.4 GHz 802.11 band they use for their own data comms. Although France (through their rep to the ETSI) signed an international treaty at the WARC convention in Geneva a few years ago, they gave the Gendarmerie 10 years to move completely out of the band. But inside of any city with more than 50,000 population the 802.11 frequencies can be used without a license, but only by fixed stations. So the AirPort is TSOL.
The most likely solution is for apple to offer an ETSI approved model for sale in France (or all of Europe). Then the drivers can limit the card to only a few channels, and disable the channels used by the French governement.
Like I said, the DNS Con hackers are civic minded. They gave the web masters plenty of notice of the holes, with the exact details of what needed to be fixed, and plenty of time to do it in. The web masters did nothing until DNS Con made headlines, then applied ONE patch recommended by micros~1, and didn't go any further. Various security mailing lists in Europe have had fun picking apart the Scottish Executive's responce.
The crackers who later defaced the website put a lot of work into a careful spoof of the contents of the site. They even speled most wurds corectly:-) I would classify it as a harmless hack, since it was done with some foresight and planning and didn't really cost the SExec anything but a slightly redder face.
But since I work in the security industry, I've noticed a lot of UK businesses are asking for fast and easy security for their websites, since web site cracks are happening almost all the time. For some reason telling them to hire a competent admin and install the latest patches falls on deaf ears. But tell them that for twice the price they can buy a handful of firewalls, and they hand us a blank cheque.:-)
Slashdot Mirror
Ungoed-Thomas has moderator access!!! :-)
:-)
Stop that! Just the thought that JU-T might ever read our precious slashdot and use it as a source for future works of fiction is going to lose me some sleep tonight.
I'm going to chant over and over again, the moderator didn't read the article, and didn't understand who double-plus-ungoed is, and why all the higher moderated posts in this thread are all about the Times, JU-T, and...
the AC
I suppose if Taco and Hemos had posted this under a humour heading we would understand we should all laugh at it. But they are just re-posting drivel in the hopes of getting their failing andover stock to go up in price :-)
/. community several times before as a creator of the worst lies about computing we have seen. His job is to create shocking headlines to try and sell a few more papers in an overcrowded market. His dishonoured name makes a regular appearance on www.ntk.net, I would suggest you go on over there and do a search on double-plus-ungoed.
/.ers laying this one open as well. Its amusing how most /.ers are blaming VISA security, when the real story is in tearing apart this piece of "journalism" as the fiction it is.
The article is by one of the most ridiculed "journalists" in Britian, which puts him out in front of a large pile of pathetic scandal-mongers. JU-T has been pointed out to the
Some of the "stories" which only he has uncovered lately include one whereby his "highly placed source at the FBI" confirms that drug lords all over the world are hiring thousands of programmers to write software drugs, and then they can download them to cyber-junkies and make trillions of $$$ untraceably over the evil internet. Another story regurgatated the claim by a far right wing US research group that 70% of all material on the internet was hard-core pr0n.
The reason you don't see any other newspaper cover these stories or run more truthful versions is that these articles are completely works of fiction, and even the other scandalsheets in Britian won't stoop low enough to answer the Times garbage.
This story first broke last summer, when some kids tried to extort money from VISA. They were stupid, they even made the phone call from their home phone. Scotland Yard closed that case out without blinking. Now the Times pulls it up along with a few hints of other cases, but offers no facts or details, to prove to their readership the internet is a big evil thing which needs strong government regulation.
I can see there are a few other
the AC
I have a whole list of objections to this system, as well as several other proposed recently. This is certainly going to be a long thread on comp.risks, where a more reasoned discussion will take place than on /. Technology is now regularly being used to monitor your every action, and there is less and less you can do about it. By your argument everyone who doesn't like it can stay locked in their homes, and never come outside. That is wrong, I shouldn't have to stay locked inside my home just to have a little privacy or to avoid being treated like a criminal.
This system will make use of a GPS/CDROM unit similar to the ones currently on the market. I've got one of those, and it is not all that accurate or reliable. It quite often forgets where the car was parked last time it was powered down, so for the first 5-20 minutes it tries to figure out where the car is. And any type of reflections in a city render it unusable, as well as driving in hilly country.
The GPS system is an ex american military system, and although the US has turned most control over to a civilian agency, it can still be overridden by the US military at any time. The system regularly has problems, outages, position shifts and other glitches, which is why no commercial airline is allowed to use it except as a backup secondary navigation unit. I can't see other governments allowing their citizens to be so heavily influenced in daily affairs by a system still controlled by the US military.
The CDROMs containing the map database (which can easily have speed limits added for each segment of road) are often quite out of date. My system has a CD only 6 months old, but it is still missing 10% of the main roads in place for years. The system has a nervous breakdown whenever I take a new freeway section through a forest.
So what happens when a local council changes the speed limit on a local stretch of road (perhaps up, since repaving or straightening), and nobody can drive the new speed limit? Same question, but what if a speed limit is lowered in a dangerous area, but millions of cars are still allowed to drive faster? With this system in place, many drivers will go as fast as the system will let them, and pay less attention to the posted limits.
What happens when some drivers have one limit in their databases, and other drivers have another?
What happens when the unit mistakes which road you are on (say a parallel frontage road with a much slower speed limit), and force you down suddenly to 25 MPH in a normal 65 MPH area? What happens if this happens to 20% of the drivers in an area?
What happens during a GPS satellite outage? What is the default behaviour during LoS?
Will the system be able to compensate for rain/snow/broken water main conditions? Or will drivers start driving whatever the maximum is, despite the weather dictating a slower speed?
What happens to court cases, when someone has a perfectly functioning unit and still gets a ticket? How will this affect law enforcement credibility when people can use the existence of the system as a viable defence?
For those who are tracking how our liberties are being threatened by new technologies, there has been a parallel threat from cell phone companies. I have seen cell techs watch their debug screens and show me drivers who are speeding on the autoroutes, it is just a function of predicting how often to hand off a phone from one cell to another. Recently a cell phone company in the US has put together a package (they want to make more $$$) to sell to state police forces. It will track cell phones moving too rapidly from one cell site to another, and provide position info as well as subscriber info to a waiting police cruiser. Hey, instant tickets. Don't like it, dont own a phone.
I can predict this system will not be mandatory at first, but will be offered as an option with a reduction in insurance rates. The first adopters will be the old biddies who never get near a speed limit, and want to save some money. Next will be the families, followed by young people desperate to save some money. After 50% of the cars on the road have the system, expect the laws to change to require it on all vehicles within a few years. That also gives the system a while to be debugged, and for the initial panic to die down. But I expect a few hundred extra deaths due to this system before they get the kinks worked out, mostly due to large speed mis-matches.
the AC
And eToys are getting help from upstream, but probably not the kind they want.
.ru and many EU countries are causing problems on the trans-atlantic links. Since the traffic patterns contained every type of DoS, it was decided just to drop almost all traffic going to the eToys /27 subnet. The decision was made that eToys was in the wrong, and they clearly were targeting only the US market, so blocking them from Europe would not hurt their revenue.
The DoS attacks against eToys coming from
Not all of the carriers on the European end of things have blocked traffic, but 80% of traffic, including HTTP, is going into a BGP4 black hole before it clogs the networks. With a little work I can get to eToys, but they are effectively shut out of Europe for now, and will stay that way until the end of the law suit against etoy.
I also can tell there are some tier 1 carriers in the US blocking traffic to eToys, so this DoS is having a wider effect than just a few ping floods and TFN. It is not just the 2% loss of business now, but a potential 50% or more. eToys actions in court are having an effect on ISPs, so ISPs consider their actions to be a type of attack on the internet, and are blocking their users from the evil eToys.
/.ers should remember to also write a letter to NSI, complaining about how the loss of etoy.com is hurting you personally, and how eToys are the new interloper causing havoc on the internet.
the AC
Since you are working on your thesis, I suppose you are already quite familiar with cryptography. The other slashdotters recommending Schneier's book is falling short of your question.
:-)
First thought, but not a true stream cipher:
One possible suggestion would be a winnowing and chaffing system. The drawback is that you need a huge channel to pass the w/c information. The w/c channel would need to be magnitudes larger than the original stream.
Second thought, also not a true stream cipher
There is a suggestion for a hybrid w/c system using pre-calculated hashes with an incrementing serial number, and sending the correct hash for that bit.
The hashes can be quite short, it depends on the length of the key and the serial number, and the entropy of your algorithm. Both sides can pre-calculate the hashes for many bits ahead, so the actual latency can be quite short.
This keeps your bandwidth low, but processing power is enormous.
Third thought, look to new hybrids
There has been other work done in creating streaming ciphers with a self-shrinking generator coupled with a large starting key. The starting key would use standard PKI, and a secure channel to exchange the keys. The certificate would not be time-based, but bit-based. The keys would have to be re-negotiated before the permutation engine has the chance to roll over. This keeps the entropy of your encrypted stream low to foil cryptanalysis.
I like this idea best, because the whole PKI/IKE/DH system is becoming well known, and only minor changes to the certificate data would be needed to move from time limits to data limits. Now somebody has to cobble together a working system using OSS code, and we're set
Good luck with your thesis. I think you've thrown this question right over the heads of most slashdotters, but you might find a good lead or two here.
the AntiCypher
Imagine what a beowulf cluster with a few trillion of these could do.
:-)
Someone just has to do the first beowulf post
the AC
The telephone company pre-paid cash cards contain a unique 80 bit ID number. The first 46 bits are a manufacturer code and lot number. The remaining bits are programable when the chip is finally tested after being assembled on the card. Then the programming fuse is blown and the card can only be used to count down remaining units. This allows police to track all usage of the card, so if it was used to make any other calls, they have a lead.
[obSecurity sideline: most cash card chips can be reprogrammed after use, and there is a *HUGE* black market all over europe for re-programmed cards. The telcos are now all gearing up to prosecute those who use them ]
The GSM cards contain the normal GSM identifying codes, and most countries require the selling store to check the ID of the buyer. In France and England the stores must record your details for the security forces, and you have to prove you have a legal residence. Germany is the opposite, requiring no data be collected on the buyers. Sweden sounds the same.
The GSM cards can be traced to the selling store, its a requirement built into the entire GSM distributuion system. This is to guarantee security for the telcos so someone can track stolen/hijacked/cloned cards. The GSM handset also contains the IMEI number, which is sent along with the chip ID for every call setup (and is tracked from cell to cell whether you are making calls or not).
You would be surprised how easily it is for law enforcement to track down crimes and terrorist threats made over the GSM network. The french anti-terrorist squad arrested a few dozen corsican terrorists earlier this year using cell site records containing channel, power, IMEI #, time, handoffs, not the billing info.
the AC (back from 2 weeks in Mongolia)
I am glad the Royal Family has the common sense to employ someone competent enough to choose linux for their website. I understand your work is more facing the public than managing their PCs. I hope you also have some influence on how they perceive the internet, with any luck Buckingham palace has a dedicated 24x7 leased line, and not a dial in to freeserve :-)
:-)
Many decisions today by our aging leadership are being made without a great deal of understanding of the scope or actual uses of the internet. Many children can explain how the internet works and what it is good for better than their parents. It causes the techno-savy crowd to complain when old fashioned laws are mis-applied to modern problems. Tony Blair just had his first contact with the web the other day.
Now that the royal family has had good access to the internet for a while, what do you feel is the competency level of the royal family, as regards to understanding the internet and its capabilities?
I hope that is not too sensitive a question, otherwise I will have to fall back on my second choice about load balancing, spanning multiple ISP connections with BGP4, and caching
the AntiCypher
This has been discussed on slashdot before, and the story has been kicking around for a while. Sounds like some IBM PR flack decided it was a slow day and re-ran an announcement.
:-)
Combine these flex screens with flexible keyboards, and some flexible batteries, and wearable computers become possible. I could have a leather and flex-screen jacket connected to my leg computer via my PAN (Person Area Network), then put on the screen whatever interests me today {pr0n, motorcycles, requests for a date and my IP address, the latest SW video}
Then I could sell some scrollable advertising space available to eyeballs everywhere as I walk around town. I could have a small radio/GSM link to an internet server picking up bids on the advertising rates
The days of Johnny Mnemonic are slowly coming true, and slashdot is the chronicler of the era.
the AC
As a disclaimer, I have worked with PWC as a partner on some large projects (and CL before the longestnameinaccountingmerger). Your comments are spot on, and offer an insight into what is wrong with many large companies trying to do it all.
PWCs chief negotiators walked out of a 600 million euro project because the client had a safety critical system and NT was on the blacklist. PWC was asked to send their best and brightest, but they just didn't understand why NT wasn't god's gift to safety. They toed the PWC company line, said that only NT could deliver 100% uptime with some type of mirroring, and tried to downplay HP-UX, AIX, Solaris, and MVS, since they could only claim 99.995% availability. That kind of shit doesn't play to a savvy customer, and they lost the whole deal (staffing, engineering, documentation, training, project management, procurement, auditing, ad infinitum). My client got the network and telecomms bit, so I'm happy.
PWC is a traditional accounting and auditing firm, but growth in that area is limited. They are trying to expand into managing huge telecoms and IT projects as well, assuming it is all the same game. But PWC doesn't have the expertise to slap some sense into the boardroom members. So they think they are cutting edge because they have a nice deal with MICROS~1, BillG told them all other technologies are obsolete and not to ever put them into a bid. Corporate herd mentality, kills every time.
Back to the original "ask slashdot" question.
What a client is looking for, when they purchase some commercial software, is that the supplier will have a small number of people available to respond to their questions in a timely manner. This is between 5 and 20 people at the absolute maximum. There will be a frontline customer service person always answering the phones, 24/24x365. Backing them up is an account rep whose bonus comes from keeping the client happy and renewing the maintenance agreement. Internally there is 1 or 2 technical support with intense knowledge of the product and the systems it runs on, and systems it connects to or deals with. Optionally, there is one person who knows what the product does from a business perspective. Finally, if there is a big enough problem, there is one engineer who wrote part of the code and can be interrogated for tiny details or forced to fix a bug or add a feature.
That is it. Get a handful of technically competent people together on staff, and you can support any free/OSS project. You need to have the helpline person available (4 or 5 fulltime staff or 2 and pagers). There has to be an account rep to keep the PHBs happy.
Then you need 3 to 5 programmers or systems people. With OSS, everyone will have access to the source code, so fixes can be implemented to the client's whim. If a problem crops up, have one of your programmers get on usenet or IRC or buy a linuxcare contract. Chances are they can research the problem and have an answer within 24 hours.
Compare that model to where you do not have a commercial software provider under a contract to provide you with near instant fixes. At best you can hope for is to get through the often clogged helplines, and then get told your fix will be in the next service pack in a few months.
Have you ever tried to negotiate with MICROS~1 for a 24 hour guaranteed response for a critical installation of NT boxen? I have, and when we mentioned that price was no object and we wanted access to the source code or the original programmers, the droids stared at us blankly. They didn't get it. The big client wanted some custom changes guaranteed, and an iron clad contract with penalty clauses for the supplier if they couldn't provide certain functionality. MICROS~1 only dictates, and they NEVER sign a contract with a guarantee for fixes. Sun got the contract.
What PWC can do...
If PWC were to create a linux or OSS or nearly-free OS (*BSD) support group internally, they could save a fortune on support costs. PWC bids on big projects, and passes on the support costs from the suppliers (M$, Sun, IBM, CA, SAP) to the client, without being able to take a cut for themselves. If PWC is the prime contractor, they face the liability for support, and for business losses of their clients if they can't provide a functioning project. If one of their suppliers, MICROS~1 for example, decides not to fix some problem for another 1.5 years, PWC is liable for all the clients losses, and for all their size there is nothing they can do to force M$ to fix something. M$ is never under a contract to fix or guarantee their soft. With an internal OSS support group, PWC themselves can generate a response to a client almost immediately, and keep the support costs for themselves.
You just have to pass it off as a business case, and hope they take notice. Up till recently, they haven't. So do yourself a favor and find an employer who has an OSS support group and bids linux into big projects. KPMG and Anderson both support OSS at this point, and the profit is all theirs. Do the math, a 10 box server installation typically gets a US$30,000/year support contract, and a 15 person team of linux hacks can support 2000-2500 boxes.
the AC
Do you think Shamrock really has worse spelling and grammar than Hemos, or did he Hemosize his article to get Hemos to post it?
/. it sounded exactly like entertainment, not a documentary. When was the last time someone turned to MTV for their journalistic capabilities?
/. but the server isn't serving up the other replies for the moment. The best thing slashdotters could do is ignore this, or at least name and shame MTV.
So, the guy hacks MTV, pulls one over on them, and now is trying to explain himself to the hacking community. Something is fishy.
Shamrock and his coworkers need to get together and present every fact of their side of the story. Dates, places, names of MTV flacks, what got said, what got rejected. If they do that, then I will have more confidence this was a real media hack, and not some snotty wannabe script-kiddie who pulled a fast one and found himself in shit.
But given the shallowness of MTV, it is not surprising some illiterate kid could take them for a ride. Didn't see the show myself, but from descriptions here on
I expect a lot of "told you so" here on
the AC
The market for wide screen and digital TVs will be huge. The manufacturing industry are looking at how computers become obsolete after 6 months and need to be regularly replaced by consumers. Converting to digital is like intel coming out with a faster processor and a radical new PC design. There is a ton of money to be made getting all consumers to switch from analog to digital TV broadcasts, and as long as they are buying you have to show them something new, so widescreen is there to impress even the most stupid TV watcher.
Companies in the U.S. know they can make a ton of $$$$$ by switching, but they want even more. Not only do they want the money from the consumer, they want the ability to lock in customers by controlling cable companies, grabbing precious RF bands, snagging satellite slots.
Every major player in the U.S. is refusing to make an investment in wide screen TVs until the FCC rolls over like a good little whore and gives them what they want. And the FCC under the greedy clinton administration is doing just that. There have already been many stories about cable monopolies on slashdot, there are tons of other stories about bandwidth allocation manipulation, exclusive deals, unholy alliances. Slashdot only covers the stories that directly impact internet access to their little toy home PCs (only slight flamebait there).
In a few years the U.S. will be almost 50% digital broadcasts, and widescreen TVs will be the only model available on the market. The sad fact is there will still be competing broadcast standards which make the NTSC/PAL/SECAM fight seem silly. I have read there are at least 12 different competing wide screen digital systems approved by the FCC in the US, and 2 different broadcast specs. Until there is a shakeout like the beta/VHS market went through, consumers will stay away from the digital stuff. But I expect that to happen with a few years.
Almost everyone I know here in Europe has widescreen TVs, they are not that much more expensive that the old ones, and there are now thousands of widescreen DVD titles available. Plus they still can watch the old-style analog broadcasts as well.
the AC
I was going to list all the crypto books on my bookshelf, but some self-styled cypherpunk has borrowed Schneier's Applied Crypto and Menezes' disjointed Handbook of Applied Crypto.
One good book for working your way up from easy intro to much tougher advanced material is William Stalling's Cryptography and Network Security. It also has a great reference section for finding other texts. The book is used in a lot of university intro to crypto courses.
For math, try Concrete Mathematics: A Foundation for Computer Science, by Donald Knuth, Oren Patashnik, and Ronald Graham.
Doug Stinson Cryptography: Theory and Practice (Discrete Mathematics and Its Applications), is also good.
There are a lot of very advanced technical papers available on the web. This stuff will make your head hurt if you don't already have a decent background to draw on. Search the web for postings of the Crypto consortiums, look especially for Proceedings, Crypto '9x, EuroCrypt 9x, AsiaCrypt, IEEE Transactions on Information Theory, Communications of the ACM, and Cryptobytes, or try the legendary names in your favorite search engine.
the AC
Yes, passport is the reason for the hotmail security hole.
When passport was first announced more than a year ago looking for early implementers, the serious hackers targetted it with an intensity unseen in recent years. Imagine a service with all the quality of a M$ product, the track record of M$ for lax security, holding thousands or millions of credit card numbers.
This is an infocriminals dream, because just one copy of this database could be exploited for billions of $$$ of bogus charges. There are organized crime groups around the world already set up to rip off the credit card companies with thousands of electronic scams. All they need is a valid credit card number, expiration date, and the holders name.
So when the hotmail hack was discovered, it was by a group probing every aspect of the passport service, and all the connections MICROS~1.OFT was making into other web sites.
Now there are hundreds of sites with an end point leading into passport. What do you want to bet that one of them has some other security problems because they run IIS, and some crackers will be able to get thru the encrypted tunnel back into the passport service. Not likely they will get more than a handful of CC numbers before the hole gets closed. Crackers tend to be immature kiddies looking for some attention, so they will blab about their exploits. The serious infocriminals will milk any hole for all it is worth, and not make any announcements to HNN or attrition.
Microsloth's only publicly acknowledged security aspect of passport is they are going to seed the database with 'tripwire' records, which will trigger anti-fraud measures when someone tries to use them with the CC companies (oh, and they use encryption).
There are rumours it will be built into the desktop of millenium, so it will always be a click away, with annoying warnings to those lusers who are not using it. I doubt this service will become widespread, since it is bound to get abused at some point. Public confidence will go down when the press has a field day when the system is cracked once, even if it doesn't lead to the loss of any CC records.
the AC
Since I'm stuck on a win machine, I went to look. Both on 95 and NT.
:-) There are lots of how-to for dummies cheat sheets going around for cable subscribers.
In the network control panel, select the card driver, then properties.
Go to the advanced tab, in properties there should be a Network Address. Change it from Not Present to Value, and enter a valid 12 character string, with no colons or dots or spaces.
I think you have to reboot after that. I know this is becoming wider spread because home users on cable systems find they are tied to their original MAC address, and when they swap machines the internet stops working
the AC
I've read the RFCs, and there was no outrage on my part. I've sniffed v6 packets off of ethernet and from frame relay and ATM, with nothing triggering any moral alarms.
The field can be anything, it exists so that a bunch of machines plugged into a hub without a router can route packets to each other. It is also there so a router can make some fast decisions about what needs routing, and what is local.
The EUI field can also contain IPv4 addresses, Novell IPX addresses, OSI NSAP, etc. So anything can be put there, and as long as the u/l bit is switched to local, nobody cares. It is the local router who has to decide how to deal with incoming packets.
the AC
read RFCs 2460 to 2473, and especially 2373. Worry less, read more.
And I'm one of the biggest privacy freaks you will ever come across.
:-) (the rest of us are still fighting, but mostly the good fights)
Read the spec, and understand what that part of the IPv6 address is for. Then you will realise it is not a big bad privacy violation.
The MAC address section of IPv6 is used mostly for locally addressable destinations. It makes an easier job for routers to figure out whether to route the packet.
It is stripped off (or obfuscated) by a router when sending packets out into the big bad internet. Of course, your implementation of a routing process may vary, but other routers would strip it out as meaningless (i.e. the first cisco router).
the AC
And besides, YOU don't have any privacy, get over it!
But the server is already starting to get slashdotted.
Check out the fragments of code flying around in the background. Kernel source? Crypto code?
Now, if only Hemos would fix the post to read correctly. The video is of Jon 'Maddog' Hall, for those who haven't seen him speak (bouncing and handwaving included)
the AC
Pretty much everything related to space and orbital mechanics is done in the metric system. Especially when working with any international project.
:-)
Time for the U.S. congress to outlaw using any non-american system, and to limit the export of any strong measurement system.
Really, it will be interesting to see who finally gets the blame, other than the obvious hand waving and blame sharing. Final result will be a big report with no one team to blame, just a recommendation to increase the funding of the review process.
the AC
Yeah, my traceroute to slashdot last night went through australia. But it was late, and I didn't bother saving the trace. Just another artifact of the internet :-)
the AC
When you are aware of the econonmic backlash from cutting through a fat pipe, adrenaline is the first thing that hits :-) Then you start worrying about your new career "would you like fries with that?". Then you leap up and go tearing around the building looking for the laser splicer kit.
:-)
:-]
Laser splicers are expensive, so they are kept in a locked cabinet. Fire axes are your friend, and handles come right off with the first few blows. Then a quick rush back to the site of the break. It was in the ingress vault, carrying a few dozen fibre cables to the head end equipment, so there isn't a lot of room to manoeuvre, and the closest electrical outlet is 2 extension cords away. Breaks never happen anyplace nice, like in a well lighted place with a table nearby. Breaks are always at the bottom of a sewage ditch, or in a crawlspace or under the ocean. Murphy has a law about this.
Time lost, about 7 minutes until repairs started. Time to repair is about 12 minutes, if you are good. 20 if your hands are shaking and the sweat is pouring off your brow.
The fat pipes, an OC-12 in this case, are actually very small mono-mode fibre optic threads, less than a millimetre in diameter. They are inside a thin plastic sheath, wrapped in some other protective materials, but those protective materials are stripped back inside of the vaults, so eejits can drop some heavy equipment on them, and slice them right through without any resistance at all.
To re-splice a fibre requires that the protective sheath be stripped back a few inches on either side of the break, then the fibre has to be cleaned with alcohol and other contaminant free cleaners so there are no impurities sitting on the outside of the fibre.
Then you have to put the ends into a cleaver, which looks like an old film splicer or a paper shear. The fibre has to have a nice clean break on the end, so the ends can be butted against each other before fusing with almost no loss of signal. Most backhoe induced breaks shear the fibre at a long angle, so you lose an inch or so. That is why there are always loops of extra fibre every so often, for slack.
Then you put the two ends into the fusion unit, which hold the ends together. Then you hit the button, and a powerful laser melts the ends slightly so they flow together, then cool into a new, not quite perfect optical path.
Then you have to re-cover the exposed fibre carefully with a new sheath, then wrap the splice with some more protective tape, and THEN you can wrap the whole area in duct (gaffers) tape
Then comes the paperwork to document the splice, the new losses introduced, the higher BER, etc.
And if you are lucky, nobody noticed the break since it was late on a saturday evening and only AOLers were affected for about 20 minutes. I love routers and backup routes.
the AC
[the names, places, dates have all been written in the third person so as to not identify the guilty party or service provider affected. No packets were hurt during the writing of this post. Stunt doubles were used for the dangerous cabinet opening scene
Imagine if this gets into a courtroom somewhere in Europe. Here is a little company, with maybe 12 million euros worth of funding to hire some lawyers. They decide to tackle some small e-something site first, but Amadeus (AirFrance version of Sabre) takes note and decides to help out. It is in the best interest of Amadeus, and some other big companies doing e-commerce to swat this first suit down FAST.
.no company will find itself fighting a huge court case, as well as defending against the counter-lawsuits. I doubt they will be able to win against something like that. Don't worry about this, its just the .no patent office being stupid, and a small company trying to get rich.
So this little
the AC
I noticed that too. Maybe its time to start moderating RobLimo :-) If he posts too many poorly translated or inflamatory stories, his karma drops and he can no longer post new stories. :-)
There is nothing in this article about damaging equipment, just in the poorly translated header from First Person. (can someone say FlameBait?)
Inside the article there is the word "brouiller", which means to interfere or scramble. There is nothing about damage, either to the airPorts or military.
What the article does talk about is the new concept of licensing mobile radio systems. The french have a hard enough time with basic CB radio licensing (the CBers have been fighting to keep their rights for years), and the frequencies used by analog and digital mobile phones took years to wrest away from the goverment by France Telecom, even though they were the state run phone company. Apple doesn't have a lot of clout to force a major change.
Every radio transmitter in France has to have a license, and the administration only allows fixed site installations. With the airPort, every owner of an iMac has to get permission for every place they take their airPort. The basic concept of frequency allocation in France gives the governement (read, the military) the rights to any band not specifically licensed to other uses.
As the article says, if the iMac is going to be very popular, and if every citizen asks to licence their 2.4 GHz airPorts, the ART will get overwhelmed by the requests. The French government hasn't the brains to realize it would be simpler to grant a license to the airPorts and make it legal, since that would lose them some control.
And the French Gendarmerie has a section of the 2.4 GHz 802.11 band they use for their own data comms. Although France (through their rep to the ETSI) signed an international treaty at the WARC convention in Geneva a few years ago, they gave the Gendarmerie 10 years to move completely out of the band. But inside of any city with more than 50,000 population the 802.11 frequencies can be used without a license, but only by fixed stations. So the AirPort is TSOL.
The most likely solution is for apple to offer an ETSI approved model for sale in France (or all of Europe). Then the drivers can limit the card to only a few channels, and disable the channels used by the French governement.
the AC
Now if only my wife could understand this logic!
:-)
as well as your girlfriend and mistress do
the AC
Like I said, the DNS Con hackers are civic minded. They gave the web masters plenty of notice of the holes, with the exact details of what needed to be fixed, and plenty of time to do it in. The web masters did nothing until DNS Con made headlines, then applied ONE patch recommended by micros~1, and didn't go any further. Various security mailing lists in Europe have had fun picking apart the Scottish Executive's responce.
:-) I would classify it as a harmless hack, since it was done with some foresight and planning and didn't really cost the SExec anything but a slightly redder face.
.attrition.org
:-)
The crackers who later defaced the website put a lot of work into a careful spoof of the contents of the site. They even speled most wurds corectly
Check out the defaced page on http://www
But since I work in the security industry, I've noticed a lot of UK businesses are asking for fast and easy security for their websites, since web site cracks are happening almost all the time. For some reason telling them to hire a competent admin and install the latest patches falls on deaf ears. But tell them that for twice the price they can buy a handful of firewalls, and they hand us a blank cheque.
the AC