Slashdot Mirror


User: Rich0

Rich0's activity in the archive.

Stories
0
Comments
11,574
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,574

  1. Re:Setec Astronomy on Quantum Computing Regulation Already? · · Score: 4, Insightful

    You are referring no doubt to quantum cryptography. This is an area which actually is only related to quantum computing loosely at best. We are already capable of implementing it somewhat practically - unlike quantum computing.

    Quantum cryptography isn't really cryptography - it is instead a method of transmitting data between two points without relays which can allow sender and receiver to determine whether the transmission was intercepted. In practice it can be used for symmetric key exchange (such as a one time pad). If the key wasn't intercepted you use it, if it was then you just keep trying until the interceptor (or you) gives up.

    The problem with quantum crypto is that it requires a direct transmission of photons from Alice to Bob. You can't have a relay station in-between, unless you are willing to guarantee its security (any relay station would allow for interception of the signal when it isn't entangled - which cannot be detected).

    The bottom line right now is that it only works for very sensitive communications via line of sight or fiber optic. Most people submitting their credit card numbers to a website don't have a direct fiber optic line without retransmission between them and the merchant.

    My guess is that quantum crypto won't ever prove to be very practical for general use - except maybe in space (where lines of sight extend much farther).

  2. Re:Computer power on How Long to Crack an 'Encrypted' HD? · · Score: 1

    Who has a sixty-character passphrase?

    The solution to this of course is having a smartcard. The key is locked up in very-hard-to-crack hardware, still protected by a passphrase. However, if you go in the front door you only get a few guesses before the card just wipes itself completely. Going in the back door requires some really hard work - even by government standards. If the card is easily destroyable it might even be destroyed before the arrest can be carried out - eliminating all hope of recovering the key.

    Smartcard readers are becoming more popular. I'm just waiting for when they make models with built-in keyboards so that you can enter the PIN directly - bypassing any keylogs in operation.

  3. Re:It makes a lot of sense on No More Science on the ISS Until Further Notice · · Score: 1

    Why else would someone develop a piece of metal that acts like cloth.

    Well, either it is useful, or it isn't.

    If it isn't useful, why do we care if the space program invented it.

    If it is useful, why shouldn't we think that somebody would develop it?

  4. Re:Why don't they target IRCops? on AU Government To Pilot Target Zombies · · Score: 1

    One thing that he could have helped with was an IP for the bot master. That at least would have led the investigator to the next layer. I agree a k-line would be evaded, but the goal should be to find these guys in real life and get the feds on them...

  5. Re:Science and religion on Vatican Rejects Intelligent Design? · · Score: 2, Insightful

    Regardless of how you feel on evolution, creation, the bible, etc, this argument sounds like telling people just to follow their consciences and not worry about what the law says. After all, laws were created based on the consciences of various people, so why look at the law when you have your own conscience to follow. Of course, that would lead to chaos.

    Do you really want a world where morality is defined as whatever the Holy Spirit tells somebody to do? Nobody could hold up or condemn the behavior of another person since there would be no way of knowing whether the Holy Spirit really did tell them to kill somebody. Right now when people make that claim religious leaders typically debunk it on the grounds that the documents that this action was inconsistent with God's behavior as it is revealed in that religion.

    Your solution seems to fix the problem with every religion having different teachings on some topics with every religion not having any teachings on any topics...

  6. Re:Best Idea Yet on Storing Liquid CO2 in the Oceans? · · Score: 1

    The biggest drawback to all this is that it depletes a finite source of material over time. We only have so much of everything, and if we fire it out towards gas planets or just towards nothingness, well, it's gone for good.

    Uh, it might be finite, but it is VERY LARGE!

    And, the more of it you toss towards Jupiter, the less you need the elevator in the first place. If mass erosion really becomes a problem a billion years from now, you can sleep well knowing that as the Earth is carved up to make space stations, it will start to behave more like a space station itself - having low gravity and low cost to orbit, no gravitationally-bound atmosphere, and better access to solar power. I'm not holding my breath though...

  7. Re:I thought the movie was pretty bad on War of the Worlds by the Star Trek Cast · · Score: 2, Interesting

    Keep in mind that one of the book's themes was a criticism of imperialism - which was rampant at the time. The prevailing view was might makes right. Consequently, it was important that the human race be portrayed as completely impotent against the martians. That is what is so terrifying about the concept in the novel - that every counter devised by men to the invasion was doomed to failure from the start, as the martians were far superior in every respect, and had every advantage conceivable. Man was simply to be systematically exterminated.

    Just as rats in a home have no hope of resisting a human extermination plan, humans would have no hope of resisting an invasion from a far more technologically-developed culture.

    The idea of the humans turning things around and saving the day, while exciting, completely defeats the whole point of the novel. In some sense I was a bit disappointed by the recent movie adaption in that they had to factor in the cheap-shot missle attack against the staggering tripod. (Did a sick martian accidentally flip off the shield generator? I doubt that the bacteria made that sick...)

  8. Re:let the market decide! on mTLD to enforce Web standards in .mobi · · Score: 2, Insightful

    We already know what it will look like if domain owners are given free reign - we might as well drop the registrar and just do a zone transfer from .com...

    Anybody with a .com/net/whatever site will just register the corresponding .mobi domain and point it at their regular webserver. Viola, the mobile migration is over, and mobile users still won't be able to find sites to go to...

    If you want to drive mobile sites you should not only restrict content to certain standards, but you should also revoke ownership of any domain that doesn't have bona-fide content in 6 months after registration. (No under-construction pages allowed.) So, if Ford wants to keep ford.mobi they actually have to make a mobile website. If they don't then it goes up for grabs and Chevy can register it and put whatever they want on it as long as it is mobile-standards-compliant.

    Just a thought. It seems like all the new TLDs are just opportunities for registrars to make more money as all the .com owners register yet another pointer to the same IP. I'd be open to anything that would break that cycle...

  9. Re:Reed Sea - Red Sea? In Hebrew? on Is There Such A Thing As A Final Cut? · · Score: 1

    Well, the biggest problem in translating any ancient language is probably the nouns - especially references to places that don't come up often.

    Suppose I hand you a 5000 page history book from some ancient culture, whose language is long gone (or mutated beyond recognition). Suppose it mentions a major event that happened at the waters of niglopeth. That word occurs nowhere else in the book, or for that matter in other books, and no precise details are given from which its exact locations could be determined. So, you basically have to pick the most likely body of water in the region that doesn't have a name you know, and put in a footnote that you aren't sure where it is.

    My guess is that the whole Red/Reed sea business is similar to this.

    In any case, unless you're trying to mount an expedition to find sunken chariots does it really matter which one it was?

  10. Re:frivolous domains on Behind the Fight to Control the Internet · · Score: 1

    Perhaps you would like to change ISPs without having to tell everybody in the world your new URLs, email addresses, etc.?

    There are lots of reasons to have your own domain. It is only bytes in a database, why should it cost hundreds of dollars to own one?

    Face it, the days of the internet consisting of 200 domains are long gone. If you want to find something just do a google search. All raising prices is going to do is pare down the number of domains from billions to tens of millions. It isn't like you'll be able to go back to the days of just downloading a hosts file...

  11. Re:This is common on The H-1B Swindle · · Score: 1

    Obviously you aren't one of those people crying for cheaper drugs! :)

  12. Re:What industry? on Violating A Patent As Moral Choice · · Score: 1

    That is a value judgement. What do you do when people can't afford food? Do you regulate the price of bread?

    There will always be welfare, and society will always have to decide how much to spend on it.

    As far as food/vacations/wants/needs go - I've spent far more on food than I've ever spent on vacationing. That is because I need it. If I needed a drug I'd be a lot more willing to spend on it as well...

  13. Re:What industry? on Violating A Patent As Moral Choice · · Score: 1

    Also, patents create a virtual monopoly for the patent holder, so any discussion of "free market" is out the window. IN a free market, other poeple could purchase the forumula, or independently discover it, and manufacture it at whatever cost they liked.

    They are free to do so right now. They just need to come up with a different drug entity.

    The problem with drugs is that the big pharma companies don't really sell drugs - they sell information. The information they are really selling you is whether a particular molecule cures a disease. The problem is that there really is no way right now to just sell the information, so instead they tie it to a physical drug which they sell to you instead.

    The fundamental problem is one of "information wants to be free" - once it is discovered it is really impossible to keep secret. Anybody can cheaply reproduce big drugs generically as a result.

    If the big pharma companies could get out of manufacturing entirely they'd do so in a heartbeat - they really aren't competitive in this market and they know it. They compete in R&D and marketing.

    Perhaps a solution would be for some entity (a government/etc) to offer a bounty for evidence that a drug has some level of safety/efficacy. Then anybody could offer their data and claim the prize. The bounty would have to be on the order of a few billion dollars though for anybody to go for it. (This would be for a fully developed and tested drug - not for some tissue culture proof of concept - which academia generates all the time and which usually don't go anywhere.)

  14. Re:Firefighting was once privatized. It burned us. on Violating A Patent As Moral Choice · · Score: 1

    This meant that if one's house was on fire and a competing firefighting truck saw the house in flames, it would roll on by. After all, you had a contract with a different firefighter. Eventually, people figured out that this was a silly arrangement and we collectively paid to fight fires in the country regardless of where they were; we nationalized firefighting.

    What is so odd about this? Presumably you contracted with a firefighting company that had a good response rate, so as long as the fire is out in time, why do you care if somebody else isn't sprining to action.

    Presumably you could have a market where you'd pay big money to a fire protection company, and they would have peering agreements with other companies in case they were too busy to respond. You'd put a plate on your house stating that company xyz is to put out fires, but if you see it burning for 15 minutes and they haven't shown up, you'll pay the non-contract rate for anybody who shows up.

  15. Re:What industry? on Violating A Patent As Moral Choice · · Score: 1

    Pharmaceutical research, like fire departments, should give people what they NEED. The market is dreadful at this. The actual manufacturing can be left to the market, it ought to be, keeps prices down on something vital to survival.

    Uh, I thought this was the whole idea of the free market - it gives people what they really do need. What people need is defined as what they are willing to pay for. After all, if you aren't willing to pay for it, how much do you really "need" it?

    The whole idea of the free market are that resources are scarce, and as a result you should spend your money where it will do the most good. The people most in need of drugs are the ones most likely to pay for it.

    There are very few areas that the market does a bad job of allocating resources in. I'd argue that fire departments would work fine in a free market. They are already paid-for at the local level, so why wouldn't it work?

  16. Re:I don't blame them. on Violating A Patent As Moral Choice · · Score: 1

    The upshot is that if you look at it over the long run, we would be much better off if we violated all the patents, let the patent-dependent drug companies go out of business, and funded an equivalent amount of research in the public sector, making the results available to anyone who wished to sell the resulting drugs on the market.

    Well, duh. Of course drugs cost more to the public than the raw costs - that is called "profits".

    By that reasoning we'd be better off banning all patents, doing all R&D of any kind publicly, and letting anybody put the resulting products on the market. While we're at it, we'd also do better by banning corporations in general and operating under communism. After all, those profits are just a waste.

    However, in practice this has never tended to work well.

    The fact is that you can have your cake and eat it too in this case. Don't ban any patents, but instead try doing public drug R&D exactly as you say. Any drugs discovered in the process would be patent-free. In the meantime the drug industry could operate as it presently does. And in 10 years everybody can see how it all works out. If publicly-developed drugs make up 95% of the market the commercial drug industry would have already collapsed. If not, there might be something to the drug industry...

  17. Re:Misuse of the term on Rootkit Creators Turn Professional · · Score: 2, Informative

    Actually, all of this is exactly what tripwire does. It stores a database of file attributes (hashes, mtimes, etc.).

    You can also easily run it on a running system.

    The problem is that on a running system your executable is subject to the whims of the currently-running kernel, glibc, linker, etc. If the rootkit installed a kernel module, or a modified glibc, or something else, then when you scan ps it could just point you to a saved unmodified copy of ps, and then your scan would miss the changes. When you look for running processes via a system call, the kernel patch could deceive you. Even if you are statically linked you are still subject to the kernel for file access. Even if you run as root and directly access the hard drive device, you are going through the kernel device driver. Even if you make low-level hardware calls you are still in userland and a very clever rootkit running in ring 0 could interrupt your program and make it do whatever it wants. Of course, all of these tricks are very difficult to pull off, and most rootkits rely only on a subset of them.

    Also, if your hash database is not stored on read-only media it could have been tampered with.

    However, the safest way to scan for a rootkit is to boot from known-good media and scan against a known-good database. There is no way to defeat this. In the same way, the safest way to clean a virus is to boot off of a clean disk and purge the virus when it has not been loaded into memory.

    Usually the best practice is to run tripwire and do online scans frequently, and offline scans anytime you suspect malicious activity or one some less frequent schedule.

    The problem with tripwire is people like me who are constantly upgrading packages. Your tripwire database needs to be updated anytime you install software, making it best suited to infrequently-changing servers...

  18. Re:Misuse of the term on Rootkit Creators Turn Professional · · Score: 5, Interesting

    I think at this point the burden of proof is on you to come up with a reference. I've personally always heard the term rootkit used in the manner used now by about three people who have replied to you, and as described on three different fairly-definitive websites referenced in this thread.

    We can sit here all night posting back and forth "is not," "is too" but I don't think that we'll get any further. If you're so certain on your position please take 30 seconds and find something reasonably definitive to support your position.

    Mods - before modding anything else in this thread please take the time to actually look up what a rootkit is... :)

    For the record, an exploit is software designed to gain unauthorized access to a system. A rootkit is a set of tools used to maintain such access without the knowledge of the admin of the cracked system. Typically it includes modified ps, login/su/sshd, etc.

    The whole idea of a rootkit is to make sure you can get back into the system a week later when the admin has patched the original vulnerability. If you rm the ps command it probably won't take long for the admin to figure out what happened.

    The best way to detect a rootkit is via tripwire, run from a boot CD. There really isn't any way of defeating this method of detection, but it is very inconvenient since it requires brining the system offline for scanning. There are tools like rkhunter which search for rootkits on running systems, and in theory these can be defeated by a very clever rootkit.

  19. Re:Xen is not a competitor to VMWare on VMWare Inc. Releases Free Virtual Machine Runtime · · Score: 2, Informative

    In my experience custom-building isn't a big deal. You just run the config program, and it notes that it doesn't have a compatible kernel module handy, and asks you if you want to build one. As long as you have your kernel sources installed it just builds the module and runs it, and it usually doesn't take much effort. Then you just rerun the config program any time you install a new kernel.

    If you're willing to use vmware on linux I doubt the kernel module will slow you down much...

  20. Re:One more damn thing to carry around on Banks to Use 2-factor Authentication by End of 2006 · · Score: 1

    Well, that would explain a lot.

    However, I thought that as long as the merchant got the authorization code from the bank, they were guaranteed payment. I could easily be wrong on this point. Obviously the situation you describe wouldn't give the banks much incentive to fix things...

  21. Re:One more damn thing to carry around on Banks to Use 2-factor Authentication by End of 2006 · · Score: 1

    Agreed. There is still card theft (unless you use a PIN), and the possibility of viruses using a physically-present card to authenticate extra transactions. There are ways around all the problems, but user-acceptance is a big question.

    Also, merchants might balk at buying new card-processing machines.

    There really isn't any reason that smartcards couldn't be used to eliminate virtually all card fraud. Just put a keypad on the credit card along with a display and a short-range wireless capability. Cashier sends transaction to card, which displays total. Cardholder authorizes transaction by entering PIN directly into the card, which then uses an internal certificate to sign the transaction - one signature per PIN, so no piggybacking, and no PIN theft since no external keyboard is used. A reader could be used for online transactions, and if a small modem were built in it could handle phone transactions ("please hold your card up to the phone now").

  22. Re:One more damn thing to carry around on Banks to Use 2-factor Authentication by End of 2006 · · Score: 1

    I daresay that major credit card issuers could issue smartcard readers to all their customers and make a profit off of the reduced fraud.

    Keep in mind that those credit card companies lose money every time identity is stolen. They are out the charges as laws protect consumers from credit card fraud. They are out all the administrative expense associated with handling the theft. They also lose out every time somebody chooses not to buy something online for fear of having their identity stolen, or otherwise chooses to use cash instead of a card.

    If these companies knew that a onetime expense of $20 for each person of the country would end these woes for good, they'd spend it in a heartbeat...

  23. Re:Interesting on The exhaustion of IPv4 address space · · Score: 1

    What you're call a "value statement" is in fact resource efficiency. IPv4 address space is a finite, non-renewable resource. Once it's been divided up, there isn't anymore. Unlike an empty cookie jar, you cannot go to the store to get more.

    Which is why we should switch to v6 rather than whine about people wasting addresess in v4...

    It is, again, very highly unlikely they have any real (read: IANA acceptable) need for 16 million world accessable IP addresses.

    And most people in any kind of a position to make a difference in the real world (ie judges) are unlikely to care what the IANA considers acceptable.

    My point is that it should't be the job of some big committee to make you prove you've used up 90% of your current addresses before asking for more.

    First off, a /8 is not cheap; those companies are paying a huge wad of cash for that space.

    I looked it up at ARIN - looks like the fee is about $18k/yr. Compared to their bandwidth costs that is VERY minimal.

    30 years ago when this whole system was being dreamed up, 32-bits was brain damagingly HUGE. Today, 128-bits does the same thing for us. In another 30 years, people might look back at IPv6 and think we must've been idiots to use such a "small" address space. Going back to a resource efficiency view, we're falling into the same "/8 trap" again. Just look at how the IPv6 address space is being sliced up... it looks a lot like the same classful slicing that's led us to the current day mess we have in IPv4.

    I couldn't agree more. My complaint wasn't the folks who designed the 32-bit system. It is the folks who seem bent on perpetuating it past its usefulness (arguing that everybody should just use NAT, that normal people shouldn't be able to run servers, etc). When the time for IPv6 passes I hope I'm not some old geezer saying that people should just learn to live within the bounds like we did in the old days.

    When you think about it, there really isn't any reason that ISPs need to hand out globally-routable addresses at all - only web hosting companies really need them (if you are of the broadcast-model crowd). Companies like yahoo would get routable addresses, and everybody else would be buried behind 4 layers of NAT - beyond any hope of receiving any kind of incoming connection. Such a model eliminates many of the potential benefits of the net, although I'm sure the likes of AOL and MPAA would love such a world, which is just TV over ethernet...

  24. Re:quiet fans aren't too expensive on Noise Cancelling in Software? · · Score: 1

    In low-profile servers the fans are also needed for redundancy. I think the 2U HP G3 proliant I've played with had around 7 fans - each pretty noisy. They were hot-swappable, and arranged side-by-side along the entire width of the server. They probably moved a ton of air in this way (no way for air to recirculate), and probably had redundancy factored in so that if one or two failed it wouldn't be the end of the world.

    High-end servers can tolerate the loss of just about any part other than the CPU or motherboard, and all of the fault-tolerant parts can be hot-swapped for minimum downtime. Sure, you should have backups, but it is very satisfying emotionally just to pull out the drive with the flashing LED and plug in a new one and not have to touch a setting on the entire system.

  25. Re:Replace? or Augment? on Replacing Sports Referees With Technology? · · Score: 1

    Just how much of a beating can a sensor take before it is useless? How much would it cost to put a sensor in every baseball used in a game? How long would a sensor improved football last? And, would it really be worth it? Sure there are some games that are won or lost on controversial calls (see the White Sox, last week). However, is it worth the cost of putting a sensor in every baseball, when it is only going to really matter once in ten thousand pitches?

    Uh, let's break down the costs and income from a game. My guess is that each mount in the tens of millions of dollars.

    My guess is that spending a few thousand dollars on sensors isn't going to be a big deal. Not when the players are making $10M per year.