I take the third view. I believe you need the ability to (forgive the overused phrase) "think different". 100% of what we do every day in life is based on a world of assumptions. To be a good security researcher requires distancing yourself from the assumptions, breaking out of the ruts in the road, and trying different things. The majority of security holes exist because the developers and defenders are making the same assumptions as everyone else. Buffer overflows are the classic example, and we still see them constantly even though they've been recognized for years as a major security risk.
I did in-house beta testing for a time, and used to really piss off the developers because I had a knack for knowing what they weren't planning for. I wasn't so much looking for security holes, but rather ways to crash the app. (which probably many of which were exploitable) A classic I heard was a developer submitting a bug report for "program crashes when it says Press Any Key and you press letter A". The developer called her back to his cubicle, why did you press "A"??? She said her name was Alice, and it said press ANY KEY so she hit "A". "But you're not SUPPOSED to hit "A", you're SUPPOSED to hit the space bar!" At which point the other developer stood up from his cubicle and said "oh? I thought it meant RETURN?" This perfectly illustrates how persistent assumptions are in coding. Not only are they all making assumptions, but they aren't even making the same assumptions.
That's the sort of testing I did. Deleting the last element in a list, Select all in empty lists, saving a form before completing it, entering a 200 character filename for save, taking advantage of assumptions that the user knew what they were doing and would not ask the program to do something that was certain to produce undesirable results.
well again though, even limiting yourself to water, although water IS a nice, biologically-friendly element, having a neutral PH as it does, it's certainly not required. Then we just get back to the idea of trying to increase our odds of finding something by looking for a place that is more likely.
I suppose what I'm saying comes down to just this: to say that any location is inhospitable to life, is a mistake which the dice will eventually beat you at. Just to have genesis from nothing at all to begin with is already showing you can beat the odds by a wide margin.
Being a gas giant, there's almost no chance this discovery represents extrasolar life
considering how regularly we find life in places our usual view of where life can survive don't work, like around geothermal vents at the bottom of the ocean, or inside solid rock 2 miles below the surface, I find this comment incredibly narrow-minded. That gas giant is about on keel with the ocean here on earth, and last I checked, life here began in the seas.
"saccwg" doesn't exactly roll off the tongue. What happened to the awkward "searched the entire dictionary to put this together" acronym that tries to say what they do in a single word?
From the thread following the article: eg Dell Dimension 9200 stock box came with Vista Home Premium preinstalled. No upgrade because of onboard sound.
Kinda stinks if you can't just unplug it eh? How about if you are using onboard video and vista doesn't like your chipset? guess you have to go buy a new video card. Some of us don't have a video card slot because we have a micro board and use onboard video. Vista should be called Visa, now it's time to start getting out the plastic to pay for all the trouble it's going to cause.
Then we can get into the argument that a flakey driver should not be able to send your OS packing in fear.
Besides, were you a plaintiff in this suit? Did you make the effort of building the evidence and starting the fight against such a Big Scary Entity as Verizon?
Some climb the tree and pick the fruit, efforts of their labors.
Others stand at the base of the tree and catch anything you happen to drop while you're up there.
What's the timeline on something like this? When it says you have to release your source code, does it say how much time you have to do it? Or is there x days after the first request that you have, or what? Could verizon have just kept saying "just give us a few more weeks to tidy up our source code and comb for offensive comments etc" and stall indefinitely?
I keep reading they hacked the firmware. So what's to stop Apple from releasing a firmware update that breaks it? They release firmware updates for their computers periodically. Firmware is not impossible to upgrade.
You realize the whole point of an iPod is that you don't have to plug it in, right?
Actually, no, that's not the whole point of an ipod. It's certainly one of the bigger points though, agreed. The other major benefit of an ipod is portability of music. I can remember carrying around a small suitcase of cassette tapes with my battery-powered (4xC) cassette recorder. People still are aware of CD wallets, only because they want to consolidate their collection at home, not because they intend to lug around 500 CDs with them. Finding power on the go, be it a place to plug in the iPod for power, someone else's USB connector to jack into, or a fresh set of AA's, is a lot less of a hassle than hauling around all that media.
If you've ever watched an EVA, there is no opportunity for the spacewalkers to listen to music, as they are constantly in communication with ground control. They also have to concentrate on, you know, making sure they're always tethered and not going to float away, that they're clear of hazardous objects, etc.
Listen to some more of them. When they run into a snag, it's not uncommon for them to sit there waiting for ground control for 10-15 minutes to research or test something. They take it very slow and relaxed to avoid mistakes. Many things you only get one shot to try because you have to get it right the first time. You don't think they're completely occupied the entire time of a 7 hr space walk?
This whole discussion is coming down to two basic points. 1) what they are doing is illegal, and 2) the law which makes it illegal is unfair.
The purists are just reinforcing the first point, and telling the pirates that the correct action for them to take is not point 1, but to deal with point 2 instead.
The pirates are using the reality that the industry and government are rigged such that it's not possible to fix point 2, to justify point 1.
I believe that most people that consider this situation will come to the same conclusion. You should not break the law even if the law is unjust, so long as you have the mechanism to get the law fixed. Once those efforts ("the system") fails to work in the favor of justice and fairness, then you have at least some moral standing to break the unjust law.
it's a bit like rebellion. Most people agree that trying to try to overthrow your government is a bad idea, so long as you the people have the ability to affect change. Once you have come to the conclusion that you cannot fix what is broken, it's time for revolution. Read the preamble to the constitution.
The same thing is happening here with copyright that happened every time there was a revolt in the past. People are "mad as hell and not going to take it anymore." And most sensible people can stand back and observe the situation, and agree that yes, they are breaking the law, and yes there is some justification to their actions.
Tightening the laws and controls never fixes these sorts of problems. (you cannot fix the problem by addressing point 1) As long as a significant injustice remains, there will always be a faction fighting for change. (you must address point 2) The examples are too numerous to mention, and exceptions all but nonexistent.
I was going to post asking about the ice cream before. I've heard of freeze dried ice cream on several occasions, there are even places you can buy it here on earth. I have no idea how the process works, but it makes ice cream that does not need to be frozen.
As for the iPods, I'm sure that's a technicality. They are a bit paranoid about safety up there since you can't just dial 911 in an emergency and get help on the way in 9 minutes. They probably remove the batteries and then attach them to the external packs you can buy around here, that take four AA batteries.
It's also very likely they have an alternate adapter to jack into the ISS's grid to power it, a bit like a cigarette lighter jack but something smaller I'm sure. The batteries are probably only needed when they are inconveniently away from an outlet, or say out on a space walk.
I bet they have even more stringent requirements though for what you can take on your person when on a space walk. It would not surprise me if ipods are barred. And for some of those 8 and 11 hour marathon walks we hear about from time to time, that's gotta be a bummer.
I'm surprised this article gave so few details though - I've heard offhand of numerous other issues I was expecting to read about in this article. It had all of what, five interesting factoids? Lets hear about
- toilets - showers - drinking liquids - anything to reduce weight on liftoff, like hair cutting - I wonder if there's an "in case of emergency" bean-o pack on board? heh... y'know, one recirculating air system and all... - the sorrid details of a long space walk. how do you drink? anything for food in 8-11 hr walks? yes, you get to wear a diaper and WILL be using it, etc - stories of what happens when an astronaut gets sick - flu etc. I recall someone on Appolo getting appendicitis in mission. - do astronauts sign an agreement not to have sex while up there? or how was that addressed? you know they had something to say about it. - personal limitations? we saw max height mentioned, but is there a minimum? how about weight? (of course!) are implants ok? glasses barred am guessing? are contacts ok? medical history? I assume the same rules of being a pilot apply, plus more, as far as medical are concerned. Minimum strength requirements? - what is their contingency plan for if an astronaut dies while up there? (aneurism, accident, whatever) Again you KNOW they have an action plan for this because they HAVE TO. Do they keep body bag(s) on board or just gonna wrap the body in a lot of duct tape? - cross training? I have to assume all astronauts have at least basic knowledge of 100% of the critical systems?
While most of us can agree with you that there must be a line drawn somewhere, I believe also that most would agree that the line has been drawn in the wrong place. Your examples are all in one of two categories: personal privacy and safety. Generally speaking, those are the two primary scare factors that the government uses to herd the people around like sheep. Ignoring that for the moment, neither of those angles apply in this particular closed session. The purpose of this being a closed session is primarily to prevent the public (the US citizens) from learning what their government is really doing and wants to continue to do. (and to help continue the cooperation of other agencies and groups like AT&T in their efforts by immunizing them) I personally believe that these should not be acceptable grounds for a closed session.
So, the latter is being lumped in with the former, so they can get what they want, by threatening what we want. And that's just wrong.
I was told by one gambler that the correct way to play craps is to NOT be throwing the dice, and know how to bet. And at that point you can bring the odds to something like 49.5:50.5 odds but still not in your favor, and done correctly you can make your chips last all day long. How's this wash?
I would like to amend my comment though - the speed at which they take a browser that fails a test badly, and bring it up near full pass, and then the time it takes to actually pass the test, should be a much more respectable measure of the browser. Not of it's quality per se, but as a demonstration of the commitment and responsiveness that the development team has to making it work better.
Ideally the browser should do very well on the day the test is released, AND pass the test within a week.
I suppose this raises the basic question of just how meaningful a public test like this is if everyone is actively working on their project for the specific purpose of passing the test. That's not a whole lot better than the allegations we saw earlier of browsers whose rendering engines tried to detect test pages and adjust their rendering in an attempt to pass it. I give kudos to the safari team for getting that far into the test, but I question just how meaningful that is when you consider it didn't pass that far because of how well it was designed - it got that far because it was specifically worked on to get that far on that specific test.
The true measure of a browser's test is of course how well it does on the day the test is released, which as a previous post points out, smoked most browsers pretty bad.
Re:Maybe they wrote their server in 16K!!
on
Donkey Kong and Me
·
· Score: 1
Some of my most interesting projects back in the Apple II days were in assembly and were well under 16k. 8k seemed to be about the point where things leveled off at finished. The boot loader I wrote took two pages, but the start of it that was able to load the 2nd page was entirely in the first page, so with that it could cold boot an entire disk. Amazing what you can squeeze into 256 bytes of 6502. Considering that disk IO on the// was at the state machine controller level and not just calling a ROM/Firmware function to do your work with the bits, that's not too bad.
I thought the government network was an isolated intranet? I've been told by several IT people that work in the government that they have no mercy for someone caught creating a physical link between the internet and the military intranet. OK so maybe not the pentagon. Maybe that needs to change.
Tethered is not necessarily a big limitation. Imagine you need to inspect a 200ft long pipe. Send it down (or UP!) the pipe, the tether is not a big deal. Unteathered is only important if you have to go a long distance, or have to go far down something you have to roll over. (did you notice the teather start to wind up in a few of them?)
Whether or not you zero the drive before use is meaningless. Most drives ship from the manufacturer zero'd. Finding zero blocks is trivial under this system.
Even if we assume the drive was used for quite awhile before I got my hands on it, and thus had what will appear as random information in each block, I can do all sorts of analysis of it. I can still determine what filesystem is on it, and I can even scan the drive for more interesting things like count the number of (potential) files on the drive by searching for blocklists etc which are easy to find since I can determine which bytes are zeros.
Given a little time, I can start to build a translation table, since if I know the format I can start knowing combinations of bytes. In this particular system, bytes were encrypted in blocks of 16, but each 512 byte block was encrypted the same. Not using the block number for a salt was a disastrous mistake.
Formatting with random write to every block before use would be a good start, but who's going to do that? And it still does not prevent me from starting analysis based on the known parts of the partition table and partitions.
I'm no cryptographer, (though my grandfather was) but I'm certain that this provides someone with cryptographic breaking skills more than enough information to make a crack practical. Look at what they did with enigma before they even got their hands on an enigma machine. The japanese Purple machine was reconstructed almost 100% accurately based purely on cryptoanalysis, which really stunned them when they recovered a Purple machine after the war was over. And they had far less to go on than what this gave me.
One of our vendors sent us a demo drive, it was a small enclosure for a laptop size drive, and had a firewire interface. Instead of two firewire ports on the back, it had a firewire port and another identical looking firewire port, which was for the key. I assume the key was merely a very small firewire flash drive with the encryption key on the drive.
The vendor assured us it was properly secured, and I got first crack at it. We were quite disappointed.
I found that while each block on the hard drive WAS encrypted (by the firewire-to-ide bridge board), they were each encrypted using the same key, and no salt. This means that every block was encrypted in the same way.
This by itself probably seems harmless, but it reveals information that should not be revealed. Let me propose a scenario:
I engineer myself a position working at a rival company, and get physical access to their R&D lab, unsupervised. I have a 1/2 hr lunch break of time to find the drive containing the comany's secret recipes. I open the cabinet and find 30 of these secured drives. I was intending on taking the drive and copying it, but christ, there's 30 of them. I brought along a portable 1gb drive which would fit maybe 5 of them, but not 30.
So which ones do I copy? The bad news... I can tell which ones to copy.
I can look at the blocks on the disk and immediately spot any drives that have not been formatted, because their first 50 blocks are all going to contain the same random garbage in each block. OK that narrows it down to 8 drives. I can only image 5. So I look further.
I can now tell which drives are formatted FAT32, APS (apple HFS), etc. I can do this because I know what blocks are zeros (because there are a lot of them and they are all the same) and so I can tell which bytes in the other blocks are NOT zeros, and this makes determingin format AND used space trivial. I know the drive I'm looking for is FAT32, and that breaks it down to 3 drives. I could just go with the one drive that clearly has 30 gb used on it, and skip the others that appear very lightly used, but this has given me plenty of time so I happily image the 3 drives to my portable and sneak out in under 20 minutes.
Now of course we have to break the data, but the moral of the story here is, they allowed me way too much information from the supposedly secure drive, and it was enough to make what could have been a fruitless attempt into what may be a very successful attempt.
I brought this issue to the manufacturers, and was brushed off. They did not consider this a problem. riiiiight.
A heat sink's main job is to speed up the process of getting heat removed from the component, and dumping it into the surrounding air. It does this by increasing the surface area of contact between the heat source and the cool source. (which is why they have all those fins, more surface area) From there, exhaust fans pull in cooler air and remove the air warmed by the heat sink. The more surface area they have to blow air across, the faster the heat is transferred from the sink to the air. The heat sinks are made of copper because it's an excellent conductor of heat, and keeps the fins of the heat sink very close to the temp of the item being cooled, for maximum temperature difference between heat source and cool source. The greater this difference, the faster the heat transfers.
This thing is behaving no better than a heat sink. It doesn't remove the heat any better than a heat sink, and since it has moving parts, it's generating heat of its own. It's just powering the thing FROM the heat it's claiming to remove, so it's not accomplishing anything useful. It's removing heat, and using it to create more heat, and in the end the same amount of heat is being removed from the chip as with a heat sink.
Now if they'd have placed the "cold side" radiator OUTSIDE the computer, that would accomplish something. Just a variation on a "heat pump", to perform the hot air / cool air exchange process outside the case, which makes the inside of the case relatively cooler than the outside of the case.
Though my original point gets back to The greater this difference, the faster the heat transfers. When you stick a sterling engine in there, it produces mechanical energy due to a DIFFERENCE in temperatures. That means that its radiator MUST be cooler than its heat source. Since the radiator is functionally the same thing as a heat sink, that means the heat sink is warmer in a sterling arrangement than in a plain old heat sink on the core arrangement. And since the engine doesn't run unless there's a difference, that means the hot side of the sterling is warmer than the surrounding air to function. That means that the temp difference between the core and what's cooling it (the hot side of the sterling) must be at least a little less than with a plain heat sink. Back to The greater this difference, the faster the heat transfers, that means this thing should cool more slowly since the core sees a lower temperature difference to its cooling source. To a small degree, the sterling is producing the same result as adding a very small insulator between the core and the heat sink.
Wonder what they would charge to remove Windows completely
and the correct answer is $1499
Yes that's a lot, but you must admit, getting rid of Windows is worth it!
I take the third view. I believe you need the ability to (forgive the overused phrase) "think different". 100% of what we do every day in life is based on a world of assumptions. To be a good security researcher requires distancing yourself from the assumptions, breaking out of the ruts in the road, and trying different things. The majority of security holes exist because the developers and defenders are making the same assumptions as everyone else. Buffer overflows are the classic example, and we still see them constantly even though they've been recognized for years as a major security risk.
I did in-house beta testing for a time, and used to really piss off the developers because I had a knack for knowing what they weren't planning for. I wasn't so much looking for security holes, but rather ways to crash the app. (which probably many of which were exploitable) A classic I heard was a developer submitting a bug report for "program crashes when it says Press Any Key and you press letter A". The developer called her back to his cubicle, why did you press "A"??? She said her name was Alice, and it said press ANY KEY so she hit "A". "But you're not SUPPOSED to hit "A", you're SUPPOSED to hit the space bar!" At which point the other developer stood up from his cubicle and said "oh? I thought it meant RETURN?" This perfectly illustrates how persistent assumptions are in coding. Not only are they all making assumptions, but they aren't even making the same assumptions.
That's the sort of testing I did. Deleting the last element in a list, Select all in empty lists, saving a form before completing it, entering a 200 character filename for save, taking advantage of assumptions that the user knew what they were doing and would not ask the program to do something that was certain to produce undesirable results.
well again though, even limiting yourself to water, although water IS a nice, biologically-friendly element, having a neutral PH as it does, it's certainly not required. Then we just get back to the idea of trying to increase our odds of finding something by looking for a place that is more likely.
I suppose what I'm saying comes down to just this: to say that any location is inhospitable to life, is a mistake which the dice will eventually beat you at. Just to have genesis from nothing at all to begin with is already showing you can beat the odds by a wide margin.
Being a gas giant, there's almost no chance this discovery represents extrasolar life
considering how regularly we find life in places our usual view of where life can survive don't work, like around geothermal vents at the bottom of the ocean, or inside solid rock 2 miles below the surface, I find this comment incredibly narrow-minded. That gas giant is about on keel with the ocean here on earth, and last I checked, life here began in the seas.
ok time for me to dig around for my tinfoil hat. I was THINKING about your .sig when I made that post. you are a scary person.
"saccwg" doesn't exactly roll off the tongue. What happened to the awkward "searched the entire dictionary to put this together" acronym that tries to say what they do in a single word?
From the thread following the article: eg Dell Dimension 9200 stock box came with Vista Home Premium preinstalled. No upgrade because of onboard sound.
Kinda stinks if you can't just unplug it eh? How about if you are using onboard video and vista doesn't like your chipset? guess you have to go buy a new video card. Some of us don't have a video card slot because we have a micro board and use onboard video. Vista should be called Visa, now it's time to start getting out the plastic to pay for all the trouble it's going to cause.
Then we can get into the argument that a flakey driver should not be able to send your OS packing in fear.
fish and chips I would assume?
Besides, were you a plaintiff in this suit? Did you make the effort of building the evidence and starting the fight against such a Big Scary Entity as Verizon?
Some climb the tree and pick the fruit, efforts of their labors.
Others stand at the base of the tree and catch anything you happen to drop while you're up there.
What's the timeline on something like this? When it says you have to release your source code, does it say how much time you have to do it? Or is there x days after the first request that you have, or what? Could verizon have just kept saying "just give us a few more weeks to tidy up our source code and comb for offensive comments etc" and stall indefinitely?
I keep reading they hacked the firmware. So what's to stop Apple from releasing a firmware update that breaks it? They release firmware updates for their computers periodically. Firmware is not impossible to upgrade.
You realize the whole point of an iPod is that you don't have to plug it in, right?
Actually, no, that's not the whole point of an ipod. It's certainly one of the bigger points though, agreed. The other major benefit of an ipod is portability of music. I can remember carrying around a small suitcase of cassette tapes with my battery-powered (4xC) cassette recorder. People still are aware of CD wallets, only because they want to consolidate their collection at home, not because they intend to lug around 500 CDs with them. Finding power on the go, be it a place to plug in the iPod for power, someone else's USB connector to jack into, or a fresh set of AA's, is a lot less of a hassle than hauling around all that media.
If you've ever watched an EVA, there is no opportunity for the spacewalkers to listen to music, as they are constantly in communication with ground control. They also have to concentrate on, you know, making sure they're always tethered and not going to float away, that they're clear of hazardous objects, etc.
Listen to some more of them. When they run into a snag, it's not uncommon for them to sit there waiting for ground control for 10-15 minutes to research or test something. They take it very slow and relaxed to avoid mistakes. Many things you only get one shot to try because you have to get it right the first time. You don't think they're completely occupied the entire time of a 7 hr space walk?
This whole discussion is coming down to two basic points. 1) what they are doing is illegal, and 2) the law which makes it illegal is unfair.
The purists are just reinforcing the first point, and telling the pirates that the correct action for them to take is not point 1, but to deal with point 2 instead.
The pirates are using the reality that the industry and government are rigged such that it's not possible to fix point 2, to justify point 1.
I believe that most people that consider this situation will come to the same conclusion. You should not break the law even if the law is unjust, so long as you have the mechanism to get the law fixed. Once those efforts ("the system") fails to work in the favor of justice and fairness, then you have at least some moral standing to break the unjust law.
it's a bit like rebellion. Most people agree that trying to try to overthrow your government is a bad idea, so long as you the people have the ability to affect change. Once you have come to the conclusion that you cannot fix what is broken, it's time for revolution. Read the preamble to the constitution.
The same thing is happening here with copyright that happened every time there was a revolt in the past. People are "mad as hell and not going to take it anymore." And most sensible people can stand back and observe the situation, and agree that yes, they are breaking the law, and yes there is some justification to their actions.
Tightening the laws and controls never fixes these sorts of problems. (you cannot fix the problem by addressing point 1) As long as a significant injustice remains, there will always be a faction fighting for change. (you must address point 2) The examples are too numerous to mention, and exceptions all but nonexistent.
I was going to post asking about the ice cream before. I've heard of freeze dried ice cream on several occasions, there are even places you can buy it here on earth. I have no idea how the process works, but it makes ice cream that does not need to be frozen.
As for the iPods, I'm sure that's a technicality. They are a bit paranoid about safety up there since you can't just dial 911 in an emergency and get help on the way in 9 minutes. They probably remove the batteries and then attach them to the external packs you can buy around here, that take four AA batteries.
It's also very likely they have an alternate adapter to jack into the ISS's grid to power it, a bit like a cigarette lighter jack but something smaller I'm sure. The batteries are probably only needed when they are inconveniently away from an outlet, or say out on a space walk.
I bet they have even more stringent requirements though for what you can take on your person when on a space walk. It would not surprise me if ipods are barred. And for some of those 8 and 11 hour marathon walks we hear about from time to time, that's gotta be a bummer.
I'm surprised this article gave so few details though - I've heard offhand of numerous other issues I was expecting to read about in this article. It had all of what, five interesting factoids? Lets hear about
- toilets
- showers
- drinking liquids
- anything to reduce weight on liftoff, like hair cutting
- I wonder if there's an "in case of emergency" bean-o pack on board? heh... y'know, one recirculating air system and all...
- the sorrid details of a long space walk. how do you drink? anything for food in 8-11 hr walks? yes, you get to wear a diaper and WILL be using it, etc
- stories of what happens when an astronaut gets sick - flu etc. I recall someone on Appolo getting appendicitis in mission.
- do astronauts sign an agreement not to have sex while up there? or how was that addressed? you know they had something to say about it.
- personal limitations? we saw max height mentioned, but is there a minimum? how about weight? (of course!) are implants ok? glasses barred am guessing? are contacts ok? medical history? I assume the same rules of being a pilot apply, plus more, as far as medical are concerned. Minimum strength requirements?
- what is their contingency plan for if an astronaut dies while up there? (aneurism, accident, whatever) Again you KNOW they have an action plan for this because they HAVE TO. Do they keep body bag(s) on board or just gonna wrap the body in a lot of duct tape?
- cross training? I have to assume all astronauts have at least basic knowledge of 100% of the critical systems?
That article is soooo lacking.
While most of us can agree with you that there must be a line drawn somewhere, I believe also that most would agree that the line has been drawn in the wrong place. Your examples are all in one of two categories: personal privacy and safety. Generally speaking, those are the two primary scare factors that the government uses to herd the people around like sheep. Ignoring that for the moment, neither of those angles apply in this particular closed session. The purpose of this being a closed session is primarily to prevent the public (the US citizens) from learning what their government is really doing and wants to continue to do. (and to help continue the cooperation of other agencies and groups like AT&T in their efforts by immunizing them) I personally believe that these should not be acceptable grounds for a closed session.
So, the latter is being lumped in with the former, so they can get what they want, by threatening what we want. And that's just wrong.
I was told by one gambler that the correct way to play craps is to NOT be throwing the dice, and know how to bet. And at that point you can bring the odds to something like 49.5:50.5 odds but still not in your favor, and done correctly you can make your chips last all day long. How's this wash?
Well, it has never been successfully tested.
MOST tests are successful. Not so many of them produce a desirable outcome however.
I would like to amend my comment though - the speed at which they take a browser that fails a test badly, and bring it up near full pass, and then the time it takes to actually pass the test, should be a much more respectable measure of the browser. Not of it's quality per se, but as a demonstration of the commitment and responsiveness that the development team has to making it work better.
Ideally the browser should do very well on the day the test is released, AND pass the test within a week.
I suppose this raises the basic question of just how meaningful a public test like this is if everyone is actively working on their project for the specific purpose of passing the test. That's not a whole lot better than the allegations we saw earlier of browsers whose rendering engines tried to detect test pages and adjust their rendering in an attempt to pass it. I give kudos to the safari team for getting that far into the test, but I question just how meaningful that is when you consider it didn't pass that far because of how well it was designed - it got that far because it was specifically worked on to get that far on that specific test.
The true measure of a browser's test is of course how well it does on the day the test is released, which as a previous post points out, smoked most browsers pretty bad.
Some of my most interesting projects back in the Apple II days were in assembly and were well under 16k. 8k seemed to be about the point where things leveled off at finished. The boot loader I wrote took two pages, but the start of it that was able to load the 2nd page was entirely in the first page, so with that it could cold boot an entire disk. Amazing what you can squeeze into 256 bytes of 6502. Considering that disk IO on the // was at the state machine controller level and not just calling a ROM/Firmware function to do your work with the bits, that's not too bad.
I thought the government network was an isolated intranet? I've been told by several IT people that work in the government that they have no mercy for someone caught creating a physical link between the internet and the military intranet. OK so maybe not the pentagon. Maybe that needs to change.
Tethered is not necessarily a big limitation. Imagine you need to inspect a 200ft long pipe. Send it down (or UP!) the pipe, the tether is not a big deal. Unteathered is only important if you have to go a long distance, or have to go far down something you have to roll over. (did you notice the teather start to wind up in a few of them?)
Whether or not you zero the drive before use is meaningless. Most drives ship from the manufacturer zero'd. Finding zero blocks is trivial under this system.
Even if we assume the drive was used for quite awhile before I got my hands on it, and thus had what will appear as random information in each block, I can do all sorts of analysis of it. I can still determine what filesystem is on it, and I can even scan the drive for more interesting things like count the number of (potential) files on the drive by searching for blocklists etc which are easy to find since I can determine which bytes are zeros.
Given a little time, I can start to build a translation table, since if I know the format I can start knowing combinations of bytes. In this particular system, bytes were encrypted in blocks of 16, but each 512 byte block was encrypted the same. Not using the block number for a salt was a disastrous mistake.
Formatting with random write to every block before use would be a good start, but who's going to do that? And it still does not prevent me from starting analysis based on the known parts of the partition table and partitions.
I'm no cryptographer, (though my grandfather was) but I'm certain that this provides someone with cryptographic breaking skills more than enough information to make a crack practical. Look at what they did with enigma before they even got their hands on an enigma machine. The japanese Purple machine was reconstructed almost 100% accurately based purely on cryptoanalysis, which really stunned them when they recovered a Purple machine after the war was over. And they had far less to go on than what this gave me.
One of our vendors sent us a demo drive, it was a small enclosure for a laptop size drive, and had a firewire interface. Instead of two firewire ports on the back, it had a firewire port and another identical looking firewire port, which was for the key. I assume the key was merely a very small firewire flash drive with the encryption key on the drive.
The vendor assured us it was properly secured, and I got first crack at it. We were quite disappointed.
I found that while each block on the hard drive WAS encrypted (by the firewire-to-ide bridge board), they were each encrypted using the same key, and no salt. This means that every block was encrypted in the same way.
This by itself probably seems harmless, but it reveals information that should not be revealed. Let me propose a scenario:
I engineer myself a position working at a rival company, and get physical access to their R&D lab, unsupervised. I have a 1/2 hr lunch break of time to find the drive containing the comany's secret recipes. I open the cabinet and find 30 of these secured drives. I was intending on taking the drive and copying it, but christ, there's 30 of them. I brought along a portable 1gb drive which would fit maybe 5 of them, but not 30.
So which ones do I copy? The bad news... I can tell which ones to copy.
I can look at the blocks on the disk and immediately spot any drives that have not been formatted, because their first 50 blocks are all going to contain the same random garbage in each block. OK that narrows it down to 8 drives. I can only image 5. So I look further.
I can now tell which drives are formatted FAT32, APS (apple HFS), etc. I can do this because I know what blocks are zeros (because there are a lot of them and they are all the same) and so I can tell which bytes in the other blocks are NOT zeros, and this makes determingin format AND used space trivial. I know the drive I'm looking for is FAT32, and that breaks it down to 3 drives. I could just go with the one drive that clearly has 30 gb used on it, and skip the others that appear very lightly used, but this has given me plenty of time so I happily image the 3 drives to my portable and sneak out in under 20 minutes.
Now of course we have to break the data, but the moral of the story here is, they allowed me way too much information from the supposedly secure drive, and it was enough to make what could have been a fruitless attempt into what may be a very successful attempt.
I brought this issue to the manufacturers, and was brushed off. They did not consider this a problem. riiiiight.
A heat sink's main job is to speed up the process of getting heat removed from the component, and dumping it into the surrounding air. It does this by increasing the surface area of contact between the heat source and the cool source. (which is why they have all those fins, more surface area) From there, exhaust fans pull in cooler air and remove the air warmed by the heat sink. The more surface area they have to blow air across, the faster the heat is transferred from the sink to the air. The heat sinks are made of copper because it's an excellent conductor of heat, and keeps the fins of the heat sink very close to the temp of the item being cooled, for maximum temperature difference between heat source and cool source. The greater this difference, the faster the heat transfers.
This thing is behaving no better than a heat sink. It doesn't remove the heat any better than a heat sink, and since it has moving parts, it's generating heat of its own. It's just powering the thing FROM the heat it's claiming to remove, so it's not accomplishing anything useful. It's removing heat, and using it to create more heat, and in the end the same amount of heat is being removed from the chip as with a heat sink.
Now if they'd have placed the "cold side" radiator OUTSIDE the computer, that would accomplish something. Just a variation on a "heat pump", to perform the hot air / cool air exchange process outside the case, which makes the inside of the case relatively cooler than the outside of the case.
Though my original point gets back to The greater this difference, the faster the heat transfers. When you stick a sterling engine in there, it produces mechanical energy due to a DIFFERENCE in temperatures. That means that its radiator MUST be cooler than its heat source. Since the radiator is functionally the same thing as a heat sink, that means the heat sink is warmer in a sterling arrangement than in a plain old heat sink on the core arrangement. And since the engine doesn't run unless there's a difference, that means the hot side of the sterling is warmer than the surrounding air to function. That means that the temp difference between the core and what's cooling it (the hot side of the sterling) must be at least a little less than with a plain heat sink. Back to The greater this difference, the faster the heat transfers, that means this thing should cool more slowly since the core sees a lower temperature difference to its cooling source. To a small degree, the sterling is producing the same result as adding a very small insulator between the core and the heat sink.