With just 2 people doing this, there would be a whole lot of clean drives going back and forth between them. You need something like a TTL to prevent a complete DoS.
I still have a hard time believing the people who decide such things are really that stupid. What message does that send to the next finder of classified information or material? "just post it on Flickr via anonymous proxy?"
They could have just asked for the camera, and offered a replacement for it, and a new computer with a copy of their data.
Indeed, it's a terrible idea. In any given system governed by such rules, people (students are people, too) will try to game the system.
In this case, it's really easy: if you get 70% or more on the first (=easiest) test, you can skip the entire second semester, and still pass!
This would, of course, mean that the student understands most of the contents of the first semester, and next to nothing of the contents of the second semester; hence, the student knows less the half of the contents of the entire course, and still passes.
A better idea would be to give the students a chance to either retake the first test, or take a weighted average of the test results (my high school and university did both). The first test is weighed at 25%, the second at 75% (for example). The reasoning is, that the second test covers all of the subjects matter. If you can pass the second test, you can also pass the first test, even if you couldn't pass it at the time.
I'm going to patent a "mall-intent" detector, based entirely on data from an image sensor, en determine the side contour and hair length of the individual. Preliminary results from field tests show the "mall-intent" base rate is about 50%.
If you are at the very top (which would be slightly above geostationary orbit), and you jump, which way do you expect to fall? (assuming the action of jumping doesn't add significant speed in any direction)
I don't know a whole lot about huge transformers, but I'd think the experts in that field have them perfected by now. This thing breaking could just be bad luck, like some undetected manufacturing error, or it could mean someone goofed up some calculations.
That guy holding the torque wrench looks he's never seen one of those things before. Aside from the fact that a picture of a guy in a suit tightening the bolts on a seemingly important flange is just stupid, he's holding it wrong. A torque wrench is only used to tighten a bolt, not loosen it, so he should be rotating it clockwise.
Pictures with people pretending to do something, especially if they don't have a clue about how to do it, are just plain stupid.
Actually, I can watch TV without getting a headache, but I do see the screen refresh on some models. It might have something to do with the viewing distance.
Watching TV without getting a headache is getting more difficult though, but I suspect that has something to do with the brainlessness level of the content.
I can see a single fluorescent tube flash as well, and I can assure you it will give me a headache.
a refresh rate of 120Hz still means you have an effective refresh rate of 60Hz for each eye.
Personally, I'm a little sensitive to low refresh rates; anything below 75Hz will give me a headache, and I prefer 85Hz or more. Some monitors can show 170 frames per second, but those are very rare.
Also, this won't work with LCD displays, because they are just to slow.
If they can establish that it actually was someone from the scientology church with authorization to send these notes, Google could refuse to take down any more videos without investigating the claims first. Their takedown notices, if they have merit, would still be honored, but the takedown would be delayed until they get a chance to look into the issue.
Of course I understand it's not going to happen. (I don't live in the US, but it's not going to happen over here, either)
The purpose is not to determine is someone if smart enough to vote, the purpose is to determine if someone cares enough to vote.
It's a rather old statement, but I think it's true: democracy is based on the misconception that half the people will always be right (of course, "right" is debatable, as different people have different agendas, but that's beside the point).
People who can't be bothered to think about what they think is important for a country, and which candidate fits that profile best, but instead just vote for the guy that looks good on TV and says funny thing, simply shouldn't be allowed to vote.
As much as I hate to admit is, the US has a fairly large influence on the rest of the western world, and I find it very frustrating that the majority of the US population just votes for the first guy that promises to cut taxes.
And don't get me started on the voting process. Every time there is a discussion about the gun laws in the US, somebody jumps up and screams "it's because we need the guns to be able to overthrow a corrupt government!"
Well, shouldn't you get started? I mean, judging from the past 2 presidential elections, and everything that has happened in the past 8 years, I can't help but wonder how much more corrupt a country can get. What are you waiting for?
I've always said a voting ballot should be a multiple-choice test, where the voter has to prove that he or she has at least some clue what the candidates stand for. It shouldn't be a test that requires above-average intelligence, just an above-average (current average) effort to make an informed decision. Only votes with x out of y questions answered correctly should be counted, and the questions could be something relatively objective, like matching key campaign issues to the candidates.
So basically, they are using the outcome of a fairly large number of race conditions to generate the responds.
Creating a second, identical chip might be nearly impossible, but emulating the whole thing in software shouldn't be that hard, provided you know the propagation times of the different paths.
I'd think it would be highly vulnerable to a specialized cryptanalysis attack. Each path is made up of a number of shorter paths, the propagation delay of those adding up to the total path delay. The number of short paths can't be very large, otherwise the thing would be impossible to manufacture.
If the attacker can get responses for intelligently chosen challenges (basically a chosen plaintext attack), he might be able to figure out the propagation delays of each individual path, and would be able to calculate the delay for any given longer path, and thus generate a valid response for any given challenge.
This attack could be rather complicated if they mangle the bits after the racing operation, by obscuring where each bit in the response came from. A decent hash algorithm will probably do the trick, as the attacker cannot deduce which bit has toggled between two slightly different challenges.
One thing an attacker could do, however, is steal the original chip, tear it apart to get at the bits before they are mangled, and create 2 cloned chips, using one the replace the stolen one.
Unless they have done something really stupid, these chips may not be impossible to clone, but it's at least a hell of a lot more difficult that most other RFID chips.
I'd think it's quite obvious this is not about ISO approving a standard some of us don't like; it's about how this standard was approved.
ISO has demonstrated that anyone can get anything approved, if they are willing to spend a whole lot of money in the process.
An organization like ISO should at the very least appear to be objective. Instead, the sold out, it's as simple as that.
The fact that OOXML was approved, and the process leading up to that verdict, proves two things: 1) Microsoft is a scummy as it has always been, if not worse, and 2) ISO is corrupt to it's core, and can no longer be trusted to be fair about anything, period.
Yes, that is what surprised me, too. However, I'd think they would know what they are doing, and are acting in good faith, because they could have tried to keep the whole incident secret instead.
I don't see why an attacker would sign the packages one that server, instead of just taking the key and signing them elsewhere. Because of this, Red Hat now has the signatures of the tampered OpenSSH packages. If the attacker had signed them elsewhere, they wouldn't, making the packages more valuable.
Is there a technical reason for this?
Also, I assume this means any historic packages, signed with the old key, not already in your possession at the time of the intrusion cannot be trusted. With this I mean any old versions of packages downloaded after the time the attacker got his hands on the passphrase.
What makes USB to be so CPU intensive? I though USB supported DMA transfers, which means they can transfer data without the CPU entirely, after the transfer parameters have been set up.
I'd really hate that, because I like to read the book myself, and I don't need somebody reading it to me. Having to write everything down distracts from trying to understand what he is saying. If you go home with a bunch of notes that you don't understand, what good is that?
in a way, digital photography has taken things away from us.
Photo's used to be precious, they carried a real cost (film, development and printing), and because of that, you used to think about what was worth taking a picture of. Today, a cheap memory card will hold hundreds of photo's, and digital cameras are cheaper than decent quality analog camera's have ever been. It's nearly impossible to find a new cellphone without a (crappy) digital camera in it.
Because a digital photo carries practically no cost, people tend to be less thoughtful about what they take pictures of.
Already, I've found myself frustrated and drowning in thousands of mediocre pictures.
These pictures reside everywhere and nowhere; some are uploaded to various websites, others are emailed, yet others exist only on a hard drive and maybe a backup somewhere. The ease and low cost of copying should mean that shouldn't ever get lost, but in reality, they do get lost, hard drives crash, optical disks go bad, or they are just forgotten in a swamp of old files never to be found again.
There is something about a box full of old, fading photographs that digital photo's just can't offer.
And that's just assuming the photo's haven't been altered. With analog photo's, you could be reasonably sure they weren't faked, because it was fairly difficult and time consuming to fake an analog picture. With the digital ones, it gets easier all the time. What's the point of having a photo of something that didn't happen? You might as well watch a movie, that's not real either.
Ofcourse, I understand why a professional photographer would want to change a picture, for artistic reasons, or to remove something ugly from a picture, like a piece of trash in the background of your best wedding photo.
Aside from the hardware keyloggers, which would take ayd remotely competent freshman CS student a whopping whole Saturday evening to build from scratch (the PS/2 keyboard protocol is very slow, simple en well documented), you reasoning contains one major flaw:
universities (at least in the Netherlands) are basically government institutions and are run as such. I have yet to see a university with half-way decent network security, given that the network has to be usable by clueless non-CS students (and worse, professors).
Usually, security takes a backseat to accessibility, because the elderly making the decisions are about as clueless as the general public.
The whole point of my post was to show that is certainly not possible to pinpoint any user *given the current infrastructure*. Sure, it is possible to change to infrastructure to make it possible, but who is going to pay for that? The RIAA?
This is almost exactly what I was thinking: aside from the difficulties and uncertainties of matching an IP to a MAC at any given time in the past, with NAT and everything adding a lot of ambiguity to whole mess, it's simply not possible to match a MAC address to any given NIC, much less to a user of the computing containing this NIC, let alone establish knowledge or intent of the alleged infringement.
MAC forgery for dummies: 1) start packet sniffer 2) start ping probe of network segment, record ARP replies 3) when you want to forge a MAC address, probe the network segment again 4) use MAC from any host that is not responding, but that you did record the MAC address for previously 5) enter MAC in advanced setting for the network card (in windows, all dummies use windows).
The only thing I can think of to prevent this, is tying the MAC address to the physical port on the router. This is, of course, not possible with a wireless network.
username/password systems won't work reliably either, passwords can be sniffed, keylogged, or brute-forced.
Slashdot Mirror
So, you'll get an insurance discount for playing games, like, Grand Theft Auto? That makes sense...
Like, a big box of CD-Rs or something. If he had stolen a single CPU, they might as well have claimed that he stole more than 40 million transistors.
That the last version of the virus does have very strong encryption, and that it fails to erase the plaintext files properly.
With just 2 people doing this, there would be a whole lot of clean drives going back and forth between them. You need something like a TTL to prevent a complete DoS.
I still have a hard time believing the people who decide such things are really that stupid. What message does that send to the next finder of classified information or material? "just post it on Flickr via anonymous proxy?" They could have just asked for the camera, and offered a replacement for it, and a new computer with a copy of their data.
That keeps irritating me, too. TFA is even in the "science" section! Can we at least agree to use the Kelvin scale for scientific articles?
-456 Fahrenheit is (almost) equal to 2 Kelvin.
Indeed, it's a terrible idea. In any given system governed by such rules, people (students are people, too) will try to game the system.
In this case, it's really easy: if you get 70% or more on the first (=easiest) test, you can skip the entire second semester, and still pass! This would, of course, mean that the student understands most of the contents of the first semester, and next to nothing of the contents of the second semester; hence, the student knows less the half of the contents of the entire course, and still passes.
A better idea would be to give the students a chance to either retake the first test, or take a weighted average of the test results (my high school and university did both). The first test is weighed at 25%, the second at 75% (for example). The reasoning is, that the second test covers all of the subjects matter. If you can pass the second test, you can also pass the first test, even if you couldn't pass it at the time.
I'm going to patent a "mall-intent" detector, based entirely on data from an image sensor, en determine the side contour and hair length of the individual.
Preliminary results from field tests show the "mall-intent" base rate is about 50%.
If you are at the very top (which would be slightly above geostationary orbit), and you jump, which way do you expect to fall? (assuming the action of jumping doesn't add significant speed in any direction)
I don't know a whole lot about huge transformers, but I'd think the experts in that field have them perfected by now. This thing breaking could just be bad luck, like some undetected manufacturing error, or it could mean someone goofed up some calculations.
That guy holding the torque wrench looks he's never seen one of those things before. Aside from the fact that a picture of a guy in a suit tightening the bolts on a seemingly important flange is just stupid, he's holding it wrong. A torque wrench is only used to tighten a bolt, not loosen it, so he should be rotating it clockwise.
Pictures with people pretending to do something, especially if they don't have a clue about how to do it, are just plain stupid.
Actually, I can watch TV without getting a headache, but I do see the screen refresh on some models. It might have something to do with the viewing distance.
Watching TV without getting a headache is getting more difficult though, but I suspect that has something to do with the brainlessness level of the content.
I can see a single fluorescent tube flash as well, and I can assure you it will give me a headache.
a refresh rate of 120Hz still means you have an effective refresh rate of 60Hz for each eye.
Personally, I'm a little sensitive to low refresh rates; anything below 75Hz will give me a headache, and I prefer 85Hz or more. Some monitors can show 170 frames per second, but those are very rare.
Also, this won't work with LCD displays, because they are just to slow.
If they can establish that it actually was someone from the scientology church with authorization to send these notes, Google could refuse to take down any more videos without investigating the claims first. Their takedown notices, if they have merit, would still be honored, but the takedown would be delayed until they get a chance to look into the issue.
Of course I understand it's not going to happen. (I don't live in the US, but it's not going to happen over here, either)
The purpose is not to determine is someone if smart enough to vote, the purpose is to determine if someone cares enough to vote.
It's a rather old statement, but I think it's true: democracy is based on the misconception that half the people will always be right (of course, "right" is debatable, as different people have different agendas, but that's beside the point).
People who can't be bothered to think about what they think is important for a country, and which candidate fits that profile best, but instead just vote for the guy that looks good on TV and says funny thing, simply shouldn't be allowed to vote.
As much as I hate to admit is, the US has a fairly large influence on the rest of the western world, and I find it very frustrating that the majority of the US population just votes for the first guy that promises to cut taxes.
And don't get me started on the voting process. Every time there is a discussion about the gun laws in the US, somebody jumps up and screams "it's because we need the guns to be able to overthrow a corrupt government!"
Well, shouldn't you get started? I mean, judging from the past 2 presidential elections, and everything that has happened in the past 8 years, I can't help but wonder how much more corrupt a country can get. What are you waiting for?
I've always said a voting ballot should be a multiple-choice test, where the voter has to prove that he or she has at least some clue what the candidates stand for. It shouldn't be a test that requires above-average intelligence, just an above-average (current average) effort to make an informed decision. Only votes with x out of y questions answered correctly should be counted, and the questions could be something relatively objective, like matching key campaign issues to the candidates.
So basically, they are using the outcome of a fairly large number of race conditions to generate the responds.
Creating a second, identical chip might be nearly impossible, but emulating the whole thing in software shouldn't be that hard, provided you know the propagation times of the different paths.
I'd think it would be highly vulnerable to a specialized cryptanalysis attack. Each path is made up of a number of shorter paths, the propagation delay of those adding up to the total path delay. The number of short paths can't be very large, otherwise the thing would be impossible to manufacture.
If the attacker can get responses for intelligently chosen challenges (basically a chosen plaintext attack), he might be able to figure out the propagation delays of each individual path, and would be able to calculate the delay for any given longer path, and thus generate a valid response for any given challenge.
This attack could be rather complicated if they mangle the bits after the racing operation, by obscuring where each bit in the response came from. A decent hash algorithm will probably do the trick, as the attacker cannot deduce which bit has toggled between two slightly different challenges.
One thing an attacker could do, however, is steal the original chip, tear it apart to get at the bits before they are mangled, and create 2 cloned chips, using one the replace the stolen one.
Unless they have done something really stupid, these chips may not be impossible to clone, but it's at least a hell of a lot more difficult that most other RFID chips.
I'd think it's quite obvious this is not about ISO approving a standard some of us don't like; it's about how this standard was approved.
ISO has demonstrated that anyone can get anything approved, if they are willing to spend a whole lot of money in the process.
An organization like ISO should at the very least appear to be objective. Instead, the sold out, it's as simple as that.
The fact that OOXML was approved, and the process leading up to that verdict, proves two things: 1) Microsoft is a scummy as it has always been, if not worse, and 2) ISO is corrupt to it's core, and can no longer be trusted to be fair about anything, period.
Yes, that is what surprised me, too. However, I'd think they would know what they are doing, and are acting in good faith, because they could have tried to keep the whole incident secret instead.
I don't see why an attacker would sign the packages one that server, instead of just taking the key and signing them elsewhere. Because of this, Red Hat now has the signatures of the tampered OpenSSH packages. If the attacker had signed them elsewhere, they wouldn't, making the packages more valuable.
Is there a technical reason for this?
Also, I assume this means any historic packages, signed with the old key, not already in your possession at the time of the intrusion cannot be trusted. With this I mean any old versions of packages downloaded after the time the attacker got his hands on the passphrase.
What makes USB to be so CPU intensive? I though USB supported DMA transfers, which means they can transfer data without the CPU entirely, after the transfer parameters have been set up.
It sort of depends on where he lives.
Some people here actually don't live in the I'll-sue-your-pants-off US of A.
I'd really hate that, because I like to read the book myself, and I don't need somebody reading it to me. Having to write everything down distracts from trying to understand what he is saying. If you go home with a bunch of notes that you don't understand, what good is that?
in a way, digital photography has taken things away from us.
Photo's used to be precious, they carried a real cost (film, development and printing), and because of that, you used to think about what was worth taking a picture of. Today, a cheap memory card will hold hundreds of photo's, and digital cameras are cheaper than decent quality analog camera's have ever been. It's nearly impossible to find a new cellphone without a (crappy) digital camera in it.
Because a digital photo carries practically no cost, people tend to be less thoughtful about what they take pictures of.
Already, I've found myself frustrated and drowning in thousands of mediocre pictures.
These pictures reside everywhere and nowhere; some are uploaded to various websites, others are emailed, yet others exist only on a hard drive and maybe a backup somewhere. The ease and low cost of copying should mean that shouldn't ever get lost, but in reality, they do get lost, hard drives crash, optical disks go bad, or they are just forgotten in a swamp of old files never to be found again.
There is something about a box full of old, fading photographs that digital photo's just can't offer.
And that's just assuming the photo's haven't been altered. With analog photo's, you could be reasonably sure they weren't faked, because it was fairly difficult and time consuming to fake an analog picture. With the digital ones, it gets easier all the time. What's the point of having a photo of something that didn't happen? You might as well watch a movie, that's not real either.
Ofcourse, I understand why a professional photographer would want to change a picture, for artistic reasons, or to remove something ugly from a picture, like a piece of trash in the background of your best wedding photo.
Aside from the hardware keyloggers, which would take ayd remotely competent freshman CS student a whopping whole Saturday evening to build from scratch (the PS/2 keyboard protocol is very slow, simple en well documented), you reasoning contains one major flaw:
universities (at least in the Netherlands) are basically government institutions and are run as such. I have yet to see a university with half-way decent network security, given that the network has to be usable by clueless non-CS students (and worse, professors).
Usually, security takes a backseat to accessibility, because the elderly making the decisions are about as clueless as the general public.
The whole point of my post was to show that is certainly not possible to pinpoint any user *given the current infrastructure*. Sure, it is possible to change to infrastructure to make it possible, but who is going to pay for that? The RIAA?
This is almost exactly what I was thinking: aside from the difficulties and uncertainties of matching an IP to a MAC at any given time in the past, with NAT and everything adding a lot of ambiguity to whole mess, it's simply not possible to match a MAC address to any given NIC, much less to a user of the computing containing this NIC, let alone establish knowledge or intent of the alleged infringement.
MAC forgery for dummies:
1) start packet sniffer
2) start ping probe of network segment, record ARP replies
3) when you want to forge a MAC address, probe the network segment again
4) use MAC from any host that is not responding, but that you did record the MAC address for previously
5) enter MAC in advanced setting for the network card (in windows, all dummies use windows).
The only thing I can think of to prevent this, is tying the MAC address to the physical port on the router. This is, of course, not possible with a wireless network.
username/password systems won't work reliably either, passwords can be sniffed, keylogged, or brute-forced.