I almost completely agree with you - but I still like some of the 'funny' posts, cheap shots can still be fun;-) More productively, this incident should be part of a larger story about how open source works better than closed source. A government agency does a serious investigation (using the open source) and finds one explitable flaw and outlines other possible, as yet unrealized, attacks (hence 'theoretical'). The actual attack is fixed and the theoretical attacks are being investgated by the developers. How is this a bad thing? This is 'many eyes' in action. Any 'shoot from the lip' attack on the messenger (French Defense Ministry) is counterproductive. Lets celebrate in the fact that a serious flaw was found and fixed and other fixes are underway. The world is larger than Redmond, so let a world full of eyes find and fix bugs.
Don't you think that people who do statistical analysis have thought of this? Of course, P(zombie ) is not the same as P(zombie | OS ) is not the same as P( OS | zombie ). P(x|y) reads 'probability of x given y'. I am quite willing and able to use Bayes theorem to relate these. What would actually be more interesting would be the cases were I seem that one OS is not found in my 'zombie' population, e.g. if P( OS = 'OpenBSD' | zombie ) = 0. Then I have something useful. I can then infer that, P( zombie | OpenBSD ) = 0, since P(OpenBSD) 0 (even if it is small). This is now actionable because I can choose the OS that minimizes my risk, P(zombie|OS). If I choose to run OpenBSD (and if I am as competent as the existing OpenBSD users), then I can be (resonably) confident that my computer will not be turned into a zombie.
The shock of a 45 can kill. Look at some of the slow motion pictures of a hand breaking boards, you can see the body flowing as the shockwave travels down the arm. Now replace the impulse (change in momentum per time) of a hand with the impulse of a 45 slug, the shockwave can kill - your heart is liquid filled, after all.
It would be interesting to see this arranaged by the operating system of the infected computer. Given the frequency of infections by OS and the frequency of the OS on the internet, I can use Bayes theorem to deermine how suceptable a computer is to become a Zombie spammer. Im just guessing that this would not be flattering number for Microsoft, espicially the older versions of Windows. This sort of information could be used by Microsoft to encourage upgrades and by everyone else to recommend migrating from Windows altogether. In either case, this would give users actionable information to reduce risk - moving to a 'low spam' country simply isn't actionable for most people. As you pointed out, showing data by ISP would also be actionable. In either case, it allows for users to have some control.
Not if you are talking about the sorts of primates in TFA. This article is dicussing the early (proto)primates that were alive in the age of dinosaurs - much more like lemurs that humans. The snakes at this time were not venomous but were constrictors, so think 'python' rather than 'cobra'. The claim that these primates were prey for these snakes is quite plausible. Its easy for small mamals to hide from reptiles in holes or thick brush. But a snake is almost uniquely able to go right through these obstructions and get at the prey. I am not convnced by the article, but it seems plausible.
The fourth dimension it time, seeing things at past points of time is called 'memory'. Unless, you are trying to see into the future, which is called 'guessing' or 'predicting'.
The PC and Internet revolutions were Geek-driven. The non-Geek office workers were quite happy with secretaries and file clerks. Remember when 'file' meant a pile of papers sitting in folder and 'file search' meant rummaging though cabinets trying to figure out if the file was misplaced or if you simply had the wrong key work (e.g. 'Car Insurance', 'Auto Insurance ' or 'Insurance for the Honda'). The non-Geek office worker was satified with this.
So who cares what the non-Geek users are using? Thats like trying to understand where a herd of horses is going without looking at the lead stallion. Of course most of us are not as physically imposing as a stallion, but the analogy has some validity: If the lead stallion is considering the needs of the herd, he can succeed. If the open source Geeks are looking our for the needs of the non-Geek office worker, they too can succeed and that success is good for all. There are many forms of leadership, Geeks provide the technical leadership of society.
Cool down some. Nobody is using force against you. There is simply an aruguement (partly rational and partly emotional) about what you can do with a resource that you have and that you can share at almost no cost to yourself. There is a competition between scientists for your free clock cycles. People have opinions about which ones are valuable, and they want to share their viewpoint and attempt to sway your opinion. That all that is happening here. If this causes to to curse him, I think you need a bit less coffee.
I am quite in agreement with the parent poster about the problems with analogies. You bring up bank vaults. During WWII, there was no secret more valuable than the work of the Manhatten Project. General Groves, the commanding officer, had a safe for his top secrets. Richard Feynmann, a physicist on the project, is famous for 'cracking' the safe. Feynmann didn't end up in prison, he got a Nobel Prize for some of his later work. Feynann's method was very simple. 1) He read the f***ing manual, 2) he tried the default password, 3) he left a note suggesting that they change the password. This is an almost perfect analogy to the white hat hacker. In a perfect world, I would argue that Gen. Grove should have been severely repremanded, with the understanding that similar elementary security failures would result in dismissal or even court martial. He should be allowed to learn from his mistake, but he darn with better not do it again.
The intent of Gen. Grove's safe was to protect the data of the Manhatten Project. By breaking in, Feynmann improved security.
Population increase doesn't apply much to the US over the last 25 years. Our population has been rather stable. You might want to argue that there has been an increase in urbanization. That has certainly been the case in Iowa, which is my home state. Rural communities have been shrinking and the suburbs have been growing. Personally, I think this is closer to the truth. In the burbs, you cannot walk or bicycle like I did as a child in a town of 10,000. The population density in the burbs means that schools are often a few miles away, rather than within a reasonable walking distance.
My grandmother was told to get X-rays of her children since it was then the 'modern' tool to monitor development. So even though there was absolutely no way she would choose to abort, she exposed my aunt and my father to a series of X-rays. My aunt is sterile and my father had only one functioning kidney. It is hard to prove that these are the results of the x-rays, but it is quite suspicious.
If you are the hardware guy, this is the correct analysis of their problem space. They are trying to figure out stuff like 'how do I make a stable, high-q oscillator?' and 'what is the capacitive coupling between parallel conductors seperated by 300 nm' , not 'how many MIPS does this turn out?' Building cell phones doesn't require processing power as much as it requires being able to fabricate cheap gigahertz oscillators. What I want to know is if IBM can mass produce these strained layer semiconductors and if they can scale up to millions of components. If IBM can support Linux and violate Moore's Law, they will really be a cool company. Perhaps its time to invest in Big Blue:-)
I was thinking about this too. But I think it is even worse than that....
I think you need to divide this by the permittivity of silicon relative to the permittivity of free space is around 12, light is only going to travel about 0.1 mm. (Extra credit to anyone that knows the speed of light varies inversely with the product of permittivity * permiablity. For anything other than a ferromagnetic material, the relative permiablity is very nearly 1, so only the relative permittivity is need for 'back of the envelope' estimates.) At this frequency, the static permitivity is probably a bad value to use. Does anyone know reasonable values for this sort of frequency?
This must make is tough to build a device. It would be like keeping marching bands 'on beat' along a long parade route (long means the time delay is a beat or two) where they can only use sound to keep the beat.
Each time I install OpenBSD, it just works. They support a wide range of hardware, but they insist on coding it correctly. You cannot be sure that you are coding 'by the spec' if you have to reverse engineer. You might be pretty sure you have it right, but you can't be certain. The OpenBSD team is limited in size and they don't have the resources to fool around with hardware becuase some prick in management doesn't see that giving the data freely to the OpenBSD team will only lead to better support for their hardware. The 'worst case' for the manager would be if the OpenBSD folks find that the hardware doesn't meet its own specifications. In the long run, finding this is a good thing - nobody stopped buying Intel becuase of the Pentium division error. Finding and fixing it improves the hardware but it is costly in the short run, so it will harm the manager's bonus this quarter. Theo seems to be taking the long view and sticking to principle, not convenience.
If I have the choice, I run OpenBSD on servers because when it fits, it fits like a glove. If Theo acts like everyone else and just rolls over when a suit tells him no, OpenBSD would be just like every other Linux/BSD distro. This sort of attention to details (in both software and licenses) makes OpenBSD distictive. In marketing-speak, this is called 'developing a niche'. Within its niche, OpenBSD has no equal. If it looses its niche, then it will loose its market share. So I think the best thing Theo can do is to be Theo.
Where did I claim to have used an M-16? Everything I stated has been widely documented in the press. Other posters have listed some references. James Fallows also wrote articles in the Atltantic about this. For the record, I tried to get into the Naval Academy, but I failed the physical because of scarring on my chest and back.
I see that this can 'kinda work'. Now, if we have something that 'kinda works' we can use it a a trigger for more in depth analysis. At CERN, there are (m|b|tr)illions of boring collisions in a collider. Only a tiny fraction of these result in a shower of particles that set off the first level of trigger circuit. If the trigger fires, the data gets recorded for more analysis. Without the trigger, CERN counldn't afford the bandwidth, storage and CPU time to analyze all of the 'boring' transactions. The triggers are a cost saving tool.
I think that the NSA is using the pattern matching to identify POTENTIAL terrorist activity. They are smart enought to know Bayes theorem, so they know that they are going to have a lot of false positives at this point, but they have eleminated a huge number of boring calls. Then they do some analysis that is too expensive to do for every call. My guess is that after a trigger event, say in international call, that everything else to the same phone number is recorded using the technology in the AT&T secret rooms that are the object of the EFF law suite. There is some voice recognition that might try to automatically act as a second level trigger by keying on some what is said in the call. So far, everything is automatic and quite scalable, at least to an organization that measures server farms in acres. If enough triggers fire on any given call, the NSA will get a person involved. They can go to FISA and use the traffic patterns to establish 'probable cause' - assuming that they care enough about law enforcement to make sure that they can use the data in court. They have to do this within 3 days of the call if they want to be able to present the contents of the call as evidence in a trial. Now, with a FISA court order (or not, maybe they are interested in intelligence and they don't give a damn about 'legally admissible'), they can have a person listen to the data and still be able to use the data in court if they need to. Humans listening to calls is expensive/rare, especially if you are trying to find Arabic speakers with top secret clearance. This system uses cheap computers & cheap fiber optic networks to maximize the utility of the limited human resources.
I think that I sound paranoid, but what else explains the data?
is that you can sound like you are saying something even when you say nothing. The parent comment could be applied to almost any article. Each statement in the comment may be true, but without even an anology between the truisms in the comment and the story what good does a comment like this do? Do you see a solution that is needlessly complex, or something that is only a complex as needed by the problem?
I find it ironic that you used an M-16 as an example of 'reliable'. In the Vietnam War/Confict/Police Action, the M-16 had a terrible reputation for reliablity. The M-14 was considered tough and reliable, but the M-16 has a reputation as a plastic toy that fired 'varmit rounds' (22 caliber) and constantly jammed. The poor reliablity seemed to be due mainly to the fact that Eugine Stoner designed the gun to use gun cotton and the DOD used rounds with gun powder from a favored contractor. Stoner also designed the gun so that the bullets spun 'just enough' to fly straight for about 100 yards, but not so much that they wouldn't tumple upon impact (and cause signficant damage, even though they were only 22 calibre). The DOD forced Colt to increase the spin so that the range was extended but the letality was decreased. For jungle warfare, this seems like a really stupid tradeoff. Stoner designed a fine gun for close combat, but the DOD managed to mess it up.
To be fair, the modern M-16 doesn't suffer from these woes. But the only reason it works as advertised is because enough people bitched that the beaurocrats and contractors had to back down and deliver the gun as originally designed.
How can you say this? I don't agree with all of RMS's statements, but he is perfectly free to hold them. He is living in the 'real world', even if he has a lifestyle that I wouldn't choose. I don't see him demanding that Sun stop acting as a for-profit organization. He is simply expressing he personal views.
Against my intutions, and appearantly against yours as well, his ideas are actually successful. I can think of a few projects that conform to his idea of "free" and are surviving quite well in the 'real world'. Many of us are using Linux, Apache, MySQL/PostgreSQL, Perl/Python/Ruby/PHP to earn a living in a capitalist economy. Between GPL-like and BSD-like licenses, there is a great deal of practical software available. His ideals are most certainly are suviving outside of his personal Utopia, they are used in a great deal of practical software.
It seems this needs to be repeated. Monopolies are not illegal. Abusing a monopoly in product A to coerce customers to use product B is a violation of the Sherman Act.
If the Apache foundation was conquered by crazy quilters, they might force you to by an Apache quilt in order to run their monopoly. They too would be in violation of the Sherman Act. This is a silly example, but the point is that monopolies may be bad for security or free markets but they are not illegal.
A monopoly is a bit like a spouse. Having a spouse is not illegal, but abusing your spouse for personal gain is both illegal and repugnent.
Slashdot Mirror
This may be why BSD is not dead yet. Remember to run Opera from {Free|Net|Open|PC}PCBSD to remain truely chic.
I almost completely agree with you - but I still like some of the 'funny' posts, cheap shots can still be fun;-) More productively, this incident should be part of a larger story about how open source works better than closed source. A government agency does a serious investigation (using the open source) and finds one explitable flaw and outlines other possible, as yet unrealized, attacks (hence 'theoretical'). The actual attack is fixed and the theoretical attacks are being investgated by the developers. How is this a bad thing? This is 'many eyes' in action. Any 'shoot from the lip' attack on the messenger (French Defense Ministry) is counterproductive. Lets celebrate in the fact that a serious flaw was found and fixed and other fixes are underway. The world is larger than Redmond, so let a world full of eyes find and fix bugs.
Sucessful FUD attack against an emerging competitor ... priceless
Perhaps 'Google Images' should be rebranded G-oogle when the adult content filters are off.
Don't you think that people who do statistical analysis have thought of this? Of course, P(zombie ) is not the same as P(zombie | OS ) is not the same as P( OS | zombie ). P(x|y) reads 'probability of x given y'. I am quite willing and able to use Bayes theorem to relate these. What would actually be more interesting would be the cases were I seem that one OS is not found in my 'zombie' population, e.g. if P( OS = 'OpenBSD' | zombie ) = 0. Then I have something useful. I can then infer that, P( zombie | OpenBSD ) = 0, since P(OpenBSD) 0 (even if it is small). This is now actionable because I can choose the OS that minimizes my risk, P(zombie|OS). If I choose to run OpenBSD (and if I am as competent as the existing OpenBSD users), then I can be (resonably) confident that my computer will not be turned into a zombie.
The shock of a 45 can kill. Look at some of the slow motion pictures of a hand breaking boards, you can see the body flowing as the shockwave travels down the arm. Now replace the impulse (change in momentum per time) of a hand with the impulse of a 45 slug, the shockwave can kill - your heart is liquid filled, after all.
It would be interesting to see this arranaged by the operating system of the infected computer. Given the frequency of infections by OS and the frequency of the OS on the internet, I can use Bayes theorem to deermine how suceptable a computer is to become a Zombie spammer. Im just guessing that this would not be flattering number for Microsoft, espicially the older versions of Windows. This sort of information could be used by Microsoft to encourage upgrades and by everyone else to recommend migrating from Windows altogether. In either case, this would give users actionable information to reduce risk - moving to a 'low spam' country simply isn't actionable for most people. As you pointed out, showing data by ISP would also be actionable. In either case, it allows for users to have some control.
Not if you are talking about the sorts of primates in TFA. This article is dicussing the early (proto)primates that were alive in the age of dinosaurs - much more like lemurs that humans. The snakes at this time were not venomous but were constrictors, so think 'python' rather than 'cobra'. The claim that these primates were prey for these snakes is quite plausible. Its easy for small mamals to hide from reptiles in holes or thick brush. But a snake is almost uniquely able to go right through these obstructions and get at the prey. I am not convnced by the article, but it seems plausible.
The fourth dimension it time, seeing things at past points of time is called 'memory'. Unless, you are trying to see into the future, which is called 'guessing' or 'predicting'.
Hey, up in the sky, its a bird, its a plane, its Tim O'Reilly!
So who cares what the non-Geek users are using? Thats like trying to understand where a herd of horses is going without looking at the lead stallion. Of course most of us are not as physically imposing as a stallion, but the analogy has some validity: If the lead stallion is considering the needs of the herd, he can succeed. If the open source Geeks are looking our for the needs of the non-Geek office worker, they too can succeed and that success is good for all. There are many forms of leadership, Geeks provide the technical leadership of society.
Just use barbed wire. It's not your fault that your electric fence works backwards :-)
Cool down some. Nobody is using force against you. There is simply an aruguement (partly rational and partly emotional) about what you can do with a resource that you have and that you can share at almost no cost to yourself. There is a competition between scientists for your free clock cycles. People have opinions about which ones are valuable, and they want to share their viewpoint and attempt to sway your opinion. That all that is happening here. If this causes to to curse him, I think you need a bit less coffee.
The intent of Gen. Grove's safe was to protect the data of the Manhatten Project. By breaking in, Feynmann improved security.
Population increase doesn't apply much to the US over the last 25 years. Our population has been rather stable. You might want to argue that there has been an increase in urbanization. That has certainly been the case in Iowa, which is my home state. Rural communities have been shrinking and the suburbs have been growing. Personally, I think this is closer to the truth. In the burbs, you cannot walk or bicycle like I did as a child in a town of 10,000. The population density in the burbs means that schools are often a few miles away, rather than within a reasonable walking distance.
My grandmother was told to get X-rays of her children since it was then the 'modern' tool to monitor development. So even though there was absolutely no way she would choose to abort, she exposed my aunt and my father to a series of X-rays. My aunt is sterile and my father had only one functioning kidney. It is hard to prove that these are the results of the x-rays, but it is quite suspicious.
If you are the hardware guy, this is the correct analysis of their problem space. They are trying to figure out stuff like 'how do I make a stable, high-q oscillator?' and 'what is the capacitive coupling between parallel conductors seperated by 300 nm' , not 'how many MIPS does this turn out?' Building cell phones doesn't require processing power as much as it requires being able to fabricate cheap gigahertz oscillators. What I want to know is if IBM can mass produce these strained layer semiconductors and if they can scale up to millions of components. If IBM can support Linux and violate Moore's Law, they will really be a cool company. Perhaps its time to invest in Big Blue :-)
I think you need to divide this by the permittivity of silicon relative to the permittivity of free space is around 12, light is only going to travel about 0.1 mm. (Extra credit to anyone that knows the speed of light varies inversely with the product of permittivity * permiablity. For anything other than a ferromagnetic material, the relative permiablity is very nearly 1, so only the relative permittivity is need for 'back of the envelope' estimates.) At this frequency, the static permitivity is probably a bad value to use. Does anyone know reasonable values for this sort of frequency?
This must make is tough to build a device. It would be like keeping marching bands 'on beat' along a long parade route (long means the time delay is a beat or two) where they can only use sound to keep the beat.
If I have the choice, I run OpenBSD on servers because when it fits, it fits like a glove. If Theo acts like everyone else and just rolls over when a suit tells him no, OpenBSD would be just like every other Linux/BSD distro. This sort of attention to details (in both software and licenses) makes OpenBSD distictive. In marketing-speak, this is called 'developing a niche'. Within its niche, OpenBSD has no equal. If it looses its niche, then it will loose its market share. So I think the best thing Theo can do is to be Theo.
Where did I claim to have used an M-16? Everything I stated has been widely documented in the press. Other posters have listed some references. James Fallows also wrote articles in the Atltantic about this. For the record, I tried to get into the Naval Academy, but I failed the physical because of scarring on my chest and back.
I think that the NSA is using the pattern matching to identify POTENTIAL terrorist activity. They are smart enought to know Bayes theorem, so they know that they are going to have a lot of false positives at this point, but they have eleminated a huge number of boring calls. Then they do some analysis that is too expensive to do for every call. My guess is that after a trigger event, say in international call, that everything else to the same phone number is recorded using the technology in the AT&T secret rooms that are the object of the EFF law suite. There is some voice recognition that might try to automatically act as a second level trigger by keying on some what is said in the call. So far, everything is automatic and quite scalable, at least to an organization that measures server farms in acres. If enough triggers fire on any given call, the NSA will get a person involved. They can go to FISA and use the traffic patterns to establish 'probable cause' - assuming that they care enough about law enforcement to make sure that they can use the data in court. They have to do this within 3 days of the call if they want to be able to present the contents of the call as evidence in a trial. Now, with a FISA court order (or not, maybe they are interested in intelligence and they don't give a damn about 'legally admissible'), they can have a person listen to the data and still be able to use the data in court if they need to. Humans listening to calls is expensive/rare, especially if you are trying to find Arabic speakers with top secret clearance. This system uses cheap computers & cheap fiber optic networks to maximize the utility of the limited human resources.
I think that I sound paranoid, but what else explains the data?
is that you can sound like you are saying something even when you say nothing. The parent comment could be applied to almost any article. Each statement in the comment may be true, but without even an anology between the truisms in the comment and the story what good does a comment like this do? Do you see a solution that is needlessly complex, or something that is only a complex as needed by the problem?
To be fair, the modern M-16 doesn't suffer from these woes. But the only reason it works as advertised is because enough people bitched that the beaurocrats and contractors had to back down and deliver the gun as originally designed.
Against my intutions, and appearantly against yours as well, his ideas are actually successful. I can think of a few projects that conform to his idea of "free" and are surviving quite well in the 'real world'. Many of us are using Linux, Apache, MySQL/PostgreSQL, Perl/Python/Ruby/PHP to earn a living in a capitalist economy. Between GPL-like and BSD-like licenses, there is a great deal of practical software available. His ideals are most certainly are suviving outside of his personal Utopia, they are used in a great deal of practical software.
If the Apache foundation was conquered by crazy quilters, they might force you to by an Apache quilt in order to run their monopoly. They too would be in violation of the Sherman Act. This is a silly example, but the point is that monopolies may be bad for security or free markets but they are not illegal.
A monopoly is a bit like a spouse. Having a spouse is not illegal, but abusing your spouse for personal gain is both illegal and repugnent.