If diagnosis from a distance is easy, it seems to me to be just as easy to (from a software perspective) to disable it from a distance. Shutting down the engine is just another command to engine management system. It would need some safeguards like only allowing the command when the vehicle were stopped and such.
That sort of capability is what worries me with respect to hackers, hijackers, and such.
Stph
I understand the philosophical disagreement with this new clause in XFree86 4.4, but I don't think it should be confused with the old BSD "advertising" clause. The latter posed a severe financial impact on each and every advertisement a company might want to deploy. This is simply asking for acknowledgement in the consuming product's documentation. It is a pain to keep track of, but no worse what any author and publisher has to deal with when using the works of others. I don't think acknowledgement in the docs in an unfair expectation.
Now the real question to ask is this. If they are impressing a signal on the near-field and taking advantage of its short range and low-power requirements, what are they doing to suppress the propated EM field? If nothing, what are they doing to secure it from snooping. I don't see how you could place a signal on the near field without duplicating it on the EM field. Ought to be a field day for data snooping. Probably no worse then bluetooth except that with that technology one presumably cuts the EM signal strength to keep it to "personal" distances.
Biometrics aren't just weak authentication. It makes lousy computer authentication. The problem is that the biometric data has to be stored in the clear in order for the system to work. Unlike a password which can be stored via one-way hash, the biometric has to be stored such that it can be statistically compared with the value presented for authentication. Now your biometric system has to have a secure database, on a secure OS, running secure authentication software. One buffer overflow and your biometric belongs to the world.
Such a system might be okay for physical access to a guarded secure facility, but it just doesn't work for remote (and I mean just down the hall sorts of remote) authentication. Too much important data has to be left in the clear.
It's not security, but liability you are talking about. That said, I've worked with several companies that happily outsourced various project development tasks to freelances (both small and large). The key requirments have been Non-Disclosure Agreements and other similar legal restraints. The NDA puts the burden not to disclose on the freelancer. You do have to know who your freelancers are, of course, so random contacts from the web rarely flew.
In a former job, the company I worked for used contrators and freelance developers extensively. Sometimes we needed expertise that we couldn't hire any other way. Sometimes a six-month contract was much less expensive than a fully burdened employee. Sometimes we had to live with budget constraints that limited us to contract workers (in some cases off-shore, specifically Indian vendors). Security was an issue, but rarely an insurmountable one.
I know at least a few sysadmins who would forever abandon their attempts to put Linux on desktops if they could just get their hands on the Windows source code to make modifications.
Most of the sysadmins I've worked with aren't interested in Linux on the desktop because it is open source. They aren't terribly interested in changing it at all. That's what the developers do. They like Linux because it is familiar. It is similiar (or in many cases identical) to the bankend systems; it offers well-understood (by Unix sysadmins) controls over who can access what services; and it reduces the things a sysadmin has to know to keep desktop customers happy. What frustrates about Linux is that its blasted GUI is so sluggish compared to Microsoft's. Unfortunately, any open source bits from MS aren't going to solve that problem, because it relates to how ponderous the X11 system is when all you want is a desktop.
I think Michael Robertson and co. should call his new OS License Violation and see if Microsoft will sue him then. I mean they seem to think they own that idea as well.
I wonder how many people ever download source and verify that it is indeed the source for the GPL'd product, of the correct version and such. I've downloaded and compiled source when pre-compiled wasn't available. Additionally, I've downloaded pre-compiled binary versions of GPL'd programs. But I don't think I've ever done both for a GPL'd program and compared the behavior of the two pieces of code. The raw laziness of human nature leaves a lot of weasel room in the GPL.
This review contains some spoilers, don't read it if you like your movie surprises.
Re:Amish h4x0r1n6 (I'm pretty much off-topic now)
on
Foot-Powered Laptop
·
· Score: 1
The latest issue of Fine Woodworking has a short article about an Amish woodworking shop that is powered by a diesel engine driving a big pump to run a bunch of hydraulic motors. All of the machines in the shop had been retrofitted with hydraulic motors. It seems the Amish gent who owns the shop, doesn't use electricity, but has no problem with using heavy machinery. Cost runs about $40/day and the diesel heats the shop as well.
Human Powered Computer Systems at MIT
on
Foot-Powered Laptop
·
· Score: 2, Informative
Some interesting research into human-powered computer systems has been done at MIT Media Lab. Here are some links:
This report matches my own experience. While at a public library awhile back, I opened a hotmail account in order to mail a few URLs to my home account. I did nothing consciously to advertise this account other than the default hotmail settings. Out of curiosity, I checked this account the following day and had 20 SPAM advertisements. So much for privacy on the web. By the end of the week, I had received just under a hundred messages, all to an account I had never actively given out. Turns out it was those account defaults that bit me. Hotmail automatically publishes your account on their directory, to make it possible for other Hotmail members to find your address. Sigh....
Amazing little machines
on
Tandys Never Die
·
· Score: 2, Interesting
When I was in graduate school studying rhetoric, all the journalism folks swore by these things. They fit in a briefcase, they had a real keyboard, and they ran forever. It was (still is in my opinion) a great tool for writing anywhere.
The terrorist doesn't have to set up an adhoc 802.11 network. They're already being set up all over the place. Personal Telco is already seeing to that in the Northwest metro areas. Freely available 802.11 nets will be popping up all over the place. All you need is some protocol to exchange IP addresses with devices nearby in the net. Kind of a reverse DHCP or something like that: "Here's my current IP and capabilties."
The few that I know usually have better things to do than hang out in the park with their music sniffer and bust people swapping tunes.
This is true today, but in 10 years or so when law enforcement agencies (and other bits of government) have begun to move into the private sector, who's to say that media-entertainment conglomerates won't hire their own enforcement personnel. I could see the digital equivalent of a plain clothes retail security guard.
These kinds of articles raise more questions than they answer. I have to ask what does Java native compilation gain me? Martyn writes in the article that performance and memory consumption were basically a wash on the more complex app, so what are the other considerations that might drive me to use a native compiler?
Does it make programming in Java easier? Not really. Most of my development environments for Java would take serious tweaking to get something like gcj to work. And somethings, like WebObjects where much of my stuff has to run might never be made to work with native code.
Does it make debugging easier? Now this might be a useful avenue to explore. Debugging an app that works in one JVM but not the other(s) can be a serious pain. I do a fair bit of developing on a PC and deploying on a Linux server, where the former has Sun's JVM and latter uses IBM's JVM. Maybe native compilation would help solve that, especially if you could hook back to the source code. Without source support, though, it would be troublesome.
Can I support my customers more efficiently with native compilation? I don't see how native compilation would make this easier. Instead of JVM differences, now I have hardware differences.
Does it reduce the load on my servers when I fire up these applications? We get a lot of individual JVMs running on our application servers when they are loaded up with lots of multithreaded apps and other such things. It is possible that the total footprint across a bunch of threaded apps would make this a compeling reason to explore, but Martyn's article doesn't really address that issue. Of course, our JVM proliferation could be the result of the various frameworks we're plugged into: WebObjects talking to DB2 and SQL Server databases.
Native compilers have been here for a long time and they haven't really taken off. They either need to offer something absolutely necessary that I can't get via regular Java compilation and runtime, or they need to offer performance improvements that are orders of magnitude better than what we already have. If the vendors can do that, then I want to talk to them. Otherwise it's just another experiment in an already too busy world.
Stph
Hmm... I had no trouble with my router (A Linksys with the four-port switch). It took a bit of fiddling, though. First I shut off (unplugged from the power actually) the router and waited 30 seconds. Then I plugged the unit back in. After about 5 seconds I got a link active signal on the WAN. Then I went back to one of the PCs (two-flights up, dang switch panel is in the basement). Still all I got was the help.broadband.att.com page telling me to switch. So I opened the admin console on the Linksys (from MSIE) and issued a DHCP release and then a renew. This got me a new attbi.com IP address. After about 30 seconds all of the machines in the house were up and talking but one. That one took a reboot and everything went fine after that. One thing AT&T was stressing in the "Home Networking" document was that the router had to get its IP address via DHCP. A friend of mine confirmed that static IPs are gone.
I did have a lot of trouble last night talking to their DNS servers. They would responding to ping but failed to respond to gethostbyname() calls. My networking was up and running fine, but I couldn't get out to the cloud. It's possible that you ran into a related problem, and your troubles were with the conversion per se but with the DNS grief. Just a poorly educated guess.
Slashdot Mirror
If diagnosis from a distance is easy, it seems to me to be just as easy to (from a software perspective) to disable it from a distance. Shutting down the engine is just another command to engine management system. It would need some safeguards like only allowing the command when the vehicle were stopped and such. That sort of capability is what worries me with respect to hackers, hijackers, and such. Stph
Well that's just unamerican or something, isn't it.
I understand the philosophical disagreement with this new clause in XFree86 4.4, but I don't think it should be confused with the old BSD "advertising" clause. The latter posed a severe financial impact on each and every advertisement a company might want to deploy. This is simply asking for acknowledgement in the consuming product's documentation. It is a pain to keep track of, but no worse what any author and publisher has to deal with when using the works of others. I don't think acknowledgement in the docs in an unfair expectation.
My two cents.... for all it's worth.
Stph
Okay, I understand the ice pick and pipe cutters, but what are you going to do with the rope?
stph
Now the real question to ask is this. If they are impressing a signal on the near-field and taking advantage of its short range and low-power requirements, what are they doing to suppress the propated EM field? If nothing, what are they doing to secure it from snooping. I don't see how you could place a signal on the near field without duplicating it on the EM field. Ought to be a field day for data snooping. Probably no worse then bluetooth except that with that technology one presumably cuts the EM signal strength to keep it to "personal" distances.
Stph
Biometrics aren't just weak authentication. It makes lousy computer authentication. The problem is that the biometric data has to be stored in the clear in order for the system to work. Unlike a password which can be stored via one-way hash, the biometric has to be stored such that it can be statistically compared with the value presented for authentication. Now your biometric system has to have a secure database, on a secure OS, running secure authentication software. One buffer overflow and your biometric belongs to the world.
Such a system might be okay for physical access to a guarded secure facility, but it just doesn't work for remote (and I mean just down the hall sorts of remote) authentication. Too much important data has to be left in the clear.
Stph
Holy 1970 Batman! The fiend has built his own computer! What nefarious plans he must have?
It's not security, but liability you are talking about. That said, I've worked with several companies that happily outsourced various project development tasks to freelances (both small and large). The key requirments have been Non-Disclosure Agreements and other similar legal restraints. The NDA puts the burden not to disclose on the freelancer. You do have to know who your freelancers are, of course, so random contacts from the web rarely flew.
In a former job, the company I worked for used contrators and freelance developers extensively. Sometimes we needed expertise that we couldn't hire any other way. Sometimes a six-month contract was much less expensive than a fully burdened employee. Sometimes we had to live with budget constraints that limited us to contract workers (in some cases off-shore, specifically Indian vendors). Security was an issue, but rarely an insurmountable one.
I know at least a few sysadmins who would forever abandon their attempts to put Linux on desktops if they could just get their hands on the Windows source code to make modifications.
Most of the sysadmins I've worked with aren't interested in Linux on the desktop because it is open source. They aren't terribly interested in changing it at all. That's what the developers do. They like Linux because it is familiar. It is similiar (or in many cases identical) to the bankend systems; it offers well-understood (by Unix sysadmins) controls over who can access what services; and it reduces the things a sysadmin has to know to keep desktop customers happy. What frustrates about Linux is that its blasted GUI is so sluggish compared to Microsoft's. Unfortunately, any open source bits from MS aren't going to solve that problem, because it relates to how ponderous the X11 system is when all you want is a desktop.
stph
I think Michael Robertson and co. should call his new OS License Violation and see if Microsoft will sue him then. I mean they seem to think they own that idea as well.
I wonder how many people ever download source and verify that it is indeed the source for the GPL'd product, of the correct version and such. I've downloaded and compiled source when pre-compiled wasn't available. Additionally, I've downloaded pre-compiled binary versions of GPL'd programs. But I don't think I've ever done both for a GPL'd program and compared the behavior of the two pieces of code. The raw laziness of human nature leaves a lot of weasel room in the GPL.
This review contains some spoilers, don't read it if you like your movie surprises.
The latest issue of Fine Woodworking has a short article about an Amish woodworking shop that is powered by a diesel engine driving a big pump to run a bunch of hydraulic motors. All of the machines in the shop had been retrofitted with hydraulic motors. It seems the Amish gent who owns the shop, doesn't use electricity, but has no problem with using heavy machinery. Cost runs about $40/day and the diesel heats the shop as well.
Some interesting research into human-powered computer systems has been done at MIT Media Lab. Here are some links:
Before you know it we'll all be wired for sound, uh MPEG-3. Stph
Wait just a minute there buster. That's what us unemployed Journalism majors are for. Don't be cuttin' into my quality employment opportunities.
This report matches my own experience. While at a public library awhile back, I opened a hotmail account in order to mail a few URLs to my home account. I did nothing consciously to advertise this account other than the default hotmail settings. Out of curiosity, I checked this account the following day and had 20 SPAM advertisements. So much for privacy on the web. By the end of the week, I had received just under a hundred messages, all to an account I had never actively given out. Turns out it was those account defaults that bit me. Hotmail automatically publishes your account on their directory, to make it possible for other Hotmail members to find your address. Sigh....
When I was in graduate school studying rhetoric, all the journalism folks swore by these things. They fit in a briefcase, they had a real keyboard, and they ran forever. It was (still is in my opinion) a great tool for writing anywhere.
The terrorist doesn't have to set up an adhoc 802.11 network. They're already being set up all over the place. Personal Telco is already seeing to that in the Northwest metro areas. Freely available 802.11 nets will be popping up all over the place. All you need is some protocol to exchange IP addresses with devices nearby in the net. Kind of a reverse DHCP or something like that: "Here's my current IP and capabilties."
Tantrum420 writes:
This is true today, but in 10 years or so when law enforcement agencies (and other bits of government) have begun to move into the private sector, who's to say that media-entertainment conglomerates won't hire their own enforcement personnel. I could see the digital equivalent of a plain clothes retail security guard.
More fatalistic...? Hmm, how about: "Woo Hoo, billions more planets to despoile!"
These kinds of articles raise more questions than they answer. I have to ask what does Java native compilation gain me? Martyn writes in the article that performance and memory consumption were basically a wash on the more complex app, so what are the other considerations that might drive me to use a native compiler?
Native compilers have been here for a long time and they haven't really taken off. They either need to offer something absolutely necessary that I can't get via regular Java compilation and runtime, or they need to offer performance improvements that are orders of magnitude better than what we already have. If the vendors can do that, then I want to talk to them. Otherwise it's just another experiment in an already too busy world. Stph
Hmm... I had no trouble with my router (A Linksys with the four-port switch). It took a bit of fiddling, though. First I shut off (unplugged from the power actually) the router and waited 30 seconds. Then I plugged the unit back in. After about 5 seconds I got a link active signal on the WAN. Then I went back to one of the PCs (two-flights up, dang switch panel is in the basement). Still all I got was the help.broadband.att.com page telling me to switch. So I opened the admin console on the Linksys (from MSIE) and issued a DHCP release and then a renew. This got me a new attbi.com IP address. After about 30 seconds all of the machines in the house were up and talking but one. That one took a reboot and everything went fine after that. One thing AT&T was stressing in the "Home Networking" document was that the router had to get its IP address via DHCP. A friend of mine confirmed that static IPs are gone.
I did have a lot of trouble last night talking to their DNS servers. They would responding to ping but failed to respond to gethostbyname() calls. My networking was up and running fine, but I couldn't get out to the cloud. It's possible that you ran into a related problem, and your troubles were with the conversion per se but with the DNS grief. Just a poorly educated guess.