1 - They complement each other, yes, and they are intimately interrelated.. but they are not the same thing (for practical purposes). If you have a bar magnet in front of you, is their an electric field around it? no, there isn't.
There is no electrical field associated with a static magnetic field. Any change of position or intensity of the magnetic field will result in an electrical field and an electromagnetic wave (wavelength dependent upon rate of change). Any transmission of information implies changing the field in some way.
2 - A cruise of the whitepapers indicates that the magnetic field strength is related to distance via 1/d^6, as opposed to radiated power, where it's relatd to 1/d^2. This means a much sharper dropoff in power... meaning the point beyond which there is a negligible power level is much sharper.
1/d^6 is sharp drop, and I'm wondering what they're doing. 'Magnets' doesn't explain it. A
magnet does inherently have a dipole field (which has a sharper dropoff than inverse-square drop of a monopole field), but 1/d^6 sounds like a higher order field than that, which is interesting. I assume from the article that they've been using magnetic inductors rather than electrical conductors to construct and detect this particular electromagnetic field, which is also interesting.
Additional taxes on sales and business tend to reduce the sales and drive away the business, so the impact of the tax is likely to suppress the California economy a bit (how much depends on how big a part internet sales play in the CA economy to begin with, of course). Commerce and jobs relating to internet sales will be lost, and this will reduce the production of taxable wealth in the state.
So I expect the net effect (no pun intended) is to either pay later with interest, or pay now, and pay a hard to determine amount of 'interest' later.
This would be interesting, but a significant amount of 'hidden tax' would be hard to identify. Taxes charged to businesses are pretty hefty, and add directly (and invisibly) to the cost of the goods or services the businesses offer. The sales tax is generally only a tiny fraction of the tax-induced markup on an item purchased in a store, and is the most easily identified by the customer.
At least this particular tax proposal is a sales tax, and not on some hidden part of internet sales.
On a somewhat related note, I saw a show on Discovery Channel about an MIT team that
created a fake crop circle with all the usual 'authentic' crop circle features. They used a microwave gun to reproduce the expected heat-deformed wheat grains, and they had a helicopter providing a bird's eye view of the site.
When the helicopter's engine mysteriously failed, the narration suggested that the microwave gun might have caused the problem (the pilot managed to restart the engine before the 'copter hit the ground, so it wasn't a catastrophic failure).
I was disappointed that no one looked into this further. If it was the microwave gun, the range was in the hundreds of feet, and the exposure must have been momentary.
If you only get one pulse, and the pulse is brief (say a nanosecond), then 10^15 watts amounts to 10^6 joules. This comment might be expressing a wish for 10^15 joules in a single pulse.
I'm jumping in here because I wish they'd said what pulse duration they want. I'm assuming they're not looking for a long string of pulses. Someone who knows more about laser-induced fusion than I do would likely be able to guess, but I need this sort of thing spelled out. I remember that there was a lot of excitement about picosecond pulse lasers, because it was such a brief pulse that the energy was all absorbed by the target before enough plasma was created to reflect the energy. I'm figuring that this laser is designed for a longer pulse than that, though, or they'd have mentioned it.
I sure wouldn't want someone who's already proven their disregard for security controls designing them.
The interview posted above indicates that his company specializes in finding vulnerabilities by executing authorized attacks against their clients.
Where would he or his people become good at that, without breaking the law? I seem to recall seeing references to classes in this sort of thing, where the students are carefully vetted, but is that where this Razorpoint place got them?
I thought those were mostly for law enforcement, intelligence, and defense agencies (though that might have changed).
If it's not where he got them, then it seems to me that they are either inexperienced, or have systematically and repeated broken the law in the past (though they might not have been caught doing so). I don't think you can learn how to crack real-world security on paper.
The article is very brief, and I don't think it's very clear on the science.
an artificial sandwich of platinum atoms riddled with tiny holes.
At first glance it looked like the atoms were supposed to have tiny holes:), but they never give any indication of how big the 'nanoparticles' are or what else besides platinum is in the 'sandwich'. Perhaps they're saying that it's so porous that it's mostly 'gap'?
The German team were able to achieve the same degree of movement as previous nanomuscles but without generating large volumes of heat. This is because their platinum nanoparticles have a much larger surface area that is electro-chemically accessible; this enables the alloy to store a large electric charge and yet only require a few volts to flex.
Maybe I'm just tired, but I don't really follow this. That is, I get the large surface area, but I don't get what exactly is reacting with the surface or what makes the material 'flex'.
Nanomuscles weigh just one gram but can lift 140 grams, and are preferred to electric motors as they are far cheaper to produce: 50 cents each compared to US$300.
For a pricetag of $300, I assume this would be a 'nanotech' electric motor, but are they saying such a motor would also be one gram and lift 140g?
The article refers to the (presumably more thorough:) article in Science magazine:
Muscles Made from Metal by Ray H. Baughman, Science 2003 April 11; 300: 268-269, but I couldn't access it.
"How dare you complain he was murdered... at least he wasn't tortured first!"
This style of argument is common enough (and as objectionable as you suggest), but I gather the original poster was saying something different -- he was complaining about extending the definition of the term 'disappeared'.
My understanding of the term agrees with his, i.e. that it refers to people being taken away and never heard from again. You don't know where they were taken, if they are dead or alive, and you can't find out because no one will answer your questions (and if you push too hard, you may be 'disappeared' yourself). This has been a common procedure in many places, from ancient history into modern times, and this isn't what happened to Hawash.
What did happen is that he was very publicly taken to prison, but not charged with anything for six weeks. I'm not a lawyer, but this sounds like a violation of the sixth amendment (right to a speedy trial, to be informed of the nature and cause of the accusation, etc.). Violating constitutional rights is serious, and trying to establish it as normal policy is more serious, but to be 'disappeared' is a different thing.
Using the term 'disappeared' is hyperbolic rhetoric, like calling the release of a virus 'terrorism' (a term that's supposed to refer to the attempt to dominate or control people by acts inducing fear and intimidation), or calling violation of copyright 'piracy' or 'theft' (the latter's traditional use refers to "feloniously removing personal property with an intent to deprive the rightful owner of same").
That means faster and more realistic video games and Sci-Fi/Fantasy movies folks, what could be bad about that?
As someone who as done 3D graphics work, I found the article rather depressing. Getting different shapes based on variations of the circle equation is very old work, and very commonly known (as a child I first read about the idea in a Piers Anthony novel).
And now this guy is patenting whatever he imagines he's discovered. Graphics Gems has some much more clever ideas in every book, and fortunately that work was published without strings attached, or producing 3D-graphics-related hardware or software might have become an unnegotiable legal minefield.
It seems to me people like this tend to make progress in any given field slower, so yes, my reaction to this alleged discovery was negative. On the other hand, this article tells us that after a 20 year absence, we will once again be able to see a Javan bateng. Now that's exciting....:)
I have a 20" monitor, and a tiny TV set. I don't really have room for more than one large display box, and the computer display is what I spend most of my time looking at. I never use the TV anymore, though, mostly because about 1-2 years ago I got a ViewSonic VB50 HRTV box (an older, cheaper version of this N6 thing, without HDTV input...NTSC only). The picture is so much better on a Samsung monitor, it's amazing. No scanlines or flicker with a higher sync rate and 1024x768 display resolution.
When I actually want to watch TV and work on the computer at the same time, I use a laptop. I have a TV card in the computer, but the ViewSonic box turns out to be a much better picture quality and easier to deal with.
I have a decent background in math and some of the hard sciences, and I find Science News really good as a means of keeping up to date. It doesn't go into depth...but I think anyone who reads Slashdot can appreciate a bunch of quick summaries with a few longer articles surveying topics of recent interest. Following up on pointers is a little more complicated, of course....
The part they get right is that the brief summaries tend to be descriptive and accurate...accessible to someone not in the field, and generally still informative to someone with a background in whatever they're covering.
Not perfect, but compared to the coverage I see elsewhere, it's excellent.
I heard there was a new thing where they call and leave an advertisement on your answering machine. I don't know if that's true, although I have received a fully automated telemarketing call (i.e. the calling party was a recording).
And exactly how profitable would it be to spend $2700/seat for a system to telemarket to people who are going to great lengths to avoid telemarketers? Isn't that paying extra to reach the least profitable demographic? I can see collection agencies being interested, but telemarketers?
Yeah, but what if your build takes over an hour? (Like where I work) Say you need something checked in, like now. You're sure it works, but you have to hang out for an hour to make sure it went in?
In my experience, if the modification affects enough code to make it an hour rebuild, that's when you have to be extra careful. An hour-long build is generally something people don't sit and watch...they run it over lunch or something. Anyone who grabs the broken update will come back after an hour, find it didn't work, have to revert to a previous version, spend another hour compiling, and then have to do it all again once it's fixed.
If several people have to do this, that's a lot of wasted engineering time. If it's such a simple change that it should be just fine, then an alternative might be to call in a couple reasonably paranoid engineers to have a look. If everyone says 'no problem', then maybe skip the test-compile. Better 3 people waste 5 minutes than everyone waste an hour. If more than a couple lines are changed, though, I'd go for the test compile, regardless.
Re:Disabling the Use of Trace in Apache
on
Cross-Site-TRACE
·
· Score: 2, Informative
I just tried it, and it worked (response to a trace request changed from successful to 403 Forbidden).
The Apache Week article points out that since the vulnerability is in the browser, this doesn't address the issue very well...IE apparently supports other forms of cross-site scripting and header access.
This does contradict the claim in that other article that Apache needed a source code patch if you wanted to block TRACE. Fifteen seconds of editing and a SIGHUP to reread the configuration files are all you need, if that's what you want to do.
Regarding what use a P133 could have for a school or church,
I think it would make an excellent teaching device: a big part of
using examples to teach students is having enough variety in the examples.
A student is more likely to understand
distinctions like 'user interface', 'executable', 'client', 'server' and
so on,
if they get to see them in different contexts. They'd benefit from
knowing these distinctions, even if they're just learning to be 'users'.
Whatever they're learning in high school on contemporary machines will be
obsolete by the time they're out of college, so breadth of experience is
probably as important as depth.
My mother's church has a large community associated with it, a website, and
a congregation large enough to have a few computer hobbiests who do volunteer
work for the church. I don't know if they need any more equipment than they
have, but if they did, a P133 could be useful.
Incidently, I currently use a P133 for DNS, file service, and shell access.
For low traffic volume it's perfectly adequate. I run NetBSD on it,
since that was a trivial install. It can handle a Netscape browser
and any lightweight X apps, but I wouldn't try running heavier graphical
environments like Gnome or KDE.
In general, though, there are probably poorly funded student computer clubs and hobbiest activities
all over the place that could benefit from working hardware. The trick would
be connecting the equipment with the need...not sure how that would be done.
'Free' isn't as valuable if you add in significant shipping costs.
As you point out, though, it eventually has to be recycled at the component or material level.
In my experience, example code is frequently copied from documentation and used as the foundation for production code, particularly in Microsoft shops. I have heard phrases like 'I just used the sample code' or 'Why don't you just copy from the example' many times, though to be fair the code generally gets reworked a little (to beef up error handling, for instance) after it's added. The programmers are assuming that the code was written to demonstrate correct usage, rather than simply to clarify some details of usage. Obviously Microsoft anticipates this reaction if they are now going back and correcting the code samples in their documentation.
The fact that Microsoft had code samples with this flaw suggests to me that it will be found repeated in many, many places.
Under surveillance it's not enough to avoid doing anything illegal...you have to avoid doing anything suspicious or matching the wrong profiles, or you might become the target of an active investigation
(brought in for questioning, search warrants on your home, etc.). They can't tell you what patterns they're searching for (or they would be easily avoided by the criminals), so it won't be possible to know what behaviors to avoid unless you're picked up by the police, or know someone who has been.
All they'll see is that there's a decline in sales. Where do you think they'll place the blame? Hint: Their first assumption won't be that they're being boycotted.
Yes, the RIAA appears to be attributing any declines in sales to piracy, but this tactic might be turned around, if some advertising money can be scraped together. Take out ads announcing the boycott, give enough details that people know how to participate, and then publicly take credit for further declines in sales. If the boycotters make enough noise, the boycotters' complaints (and not piracy) will be what comes to mind when 'reduced sales' is mentioned.
A well publicized campaign also allows attributing previous sales declines to reasons specified on the boycotters' complaint list (e.g. inflated prices due to monopolistic price fixing), further weakening the RIAA arguments.
Removing water from the air releases heat, it doesn't cool the air. You can mechanically cool a room by compressing a gas (which increases the temperature of the gas), letting it radiate the extra heat outside, bringing it back inside, and then letting it expand and cool. The gas is in a closed loop, and you run a fan over the cool bit to chill the room.
You can use pumps for this, and I believe the same gas-law principle is used in sonic fridges.
The fact that air conditioners tend to dehumidify at the same time (water condenses on the chilled coils, and then is usually drained outside) actually tends to reduce the effectiveness of the air conditioner, since some of the heat pumped out of the room is actually the heat of vaporization of the water.
That's possible, but human review generally costs a lot more than a trivial pattern-matching database search script, so I thought they might either have a filter script that removes listings or a prefilter script that passes listings to human review. In either case, avoiding keyword triggers would be a good plan if you can't trust the review process (and obviously you can't).
Of course, if you get on a 'suspicious users' list, then all your listings might be reviewed by hand. That would be a problem.
Hayden's description of the events has the string 'CD-R' in every listing that got pulled, and the messages are obviously automated. Could it be that eBay just has a filter program that automatically pulls any listing with 'CD-R' present?
If so, he could say 'the copyright holder has personally recorded these CDs on standard recordable media', the filter wouldn't trip over 'CD-R' or 'recordable CD', the buyer would be adequately informed, and no rules would be broken.
I haven't seen these pirate listings, but do they
actually say 'CD-R' in them , or is it implied?
A corollary to the 'more work to set up' issue you mention is that a method that adds 'finer grained security' can actually reduce security by adding too much complexity to be easily reviewed and maintained by sysadmins. The two errors I've observed have been either failing to apply a complex system properly, or granting permissions too broadly in order to simplify or speed up a necessary configuration change. This is especially bad when more than one person is involved in maintaining the configuration, but it can happen over time to a single sysadmin.
The standard Unix security model, despite the 'courseness' of the method, is admirable for the ease with which one can set up a security policy, as well as audit the effects of an existing arrangement.
I would agree that some finer control over root privilege is probably worth the cost in complexity, and 'systrace' looks like one promising contender in providing a means of doing that.
The Alcubierre warp is arguably 'mathematically viable', contradicting the guy posting above, but it does require negative mass/energy, which might not be physically possible (though it would be fun stuff...providing wormholes, antigravity, and maybe time travel). This Scientific American
article mentions that "It has since been shown by Ken D. Olum of Tufts University and by Visser, together with Bruce Bassett of Oxford and Stefano Liberati of the International School for Advanced Studies in Trieste, that any scheme for
faster-than-light travel requires the use of negative energy."
This could be a problem if there's no such thing as negative mass/energy.
Slashdot Mirror
There is no electrical field associated with a static magnetic field. Any change of position or intensity of the magnetic field will result in an electrical field and an electromagnetic wave (wavelength dependent upon rate of change). Any transmission of information implies changing the field in some way.
2 - A cruise of the whitepapers indicates that the magnetic field strength is related to distance via 1/d^6, as opposed to radiated power, where it's relatd to 1/d^2. This means a much sharper dropoff in power... meaning the point beyond which there is a negligible power level is much sharper.
1/d^6 is sharp drop, and I'm wondering what they're doing. 'Magnets' doesn't explain it. A magnet does inherently have a dipole field (which has a sharper dropoff than inverse-square drop of a monopole field), but 1/d^6 sounds like a higher order field than that, which is interesting. I assume from the article that they've been using magnetic inductors rather than electrical conductors to construct and detect this particular electromagnetic field, which is also interesting.
So I expect the net effect (no pun intended) is to either pay later with interest, or pay now, and pay a hard to determine amount of 'interest' later.
At least this particular tax proposal is a sales tax, and not on some hidden part of internet sales.
When the helicopter's engine mysteriously failed, the narration suggested that the microwave gun might have caused the problem (the pilot managed to restart the engine before the 'copter hit the ground, so it wasn't a catastrophic failure).
I was disappointed that no one looked into this further. If it was the microwave gun, the range was in the hundreds of feet, and the exposure must have been momentary.
I'm jumping in here because I wish they'd said what pulse duration they want. I'm assuming they're not looking for a long string of pulses. Someone who knows more about laser-induced fusion than I do would likely be able to guess, but I need this sort of thing spelled out. I remember that there was a lot of excitement about picosecond pulse lasers, because it was such a brief pulse that the energy was all absorbed by the target before enough plasma was created to reflect the energy. I'm figuring that this laser is designed for a longer pulse than that, though, or they'd have mentioned it.
The interview posted above indicates that his company specializes in finding vulnerabilities by executing authorized attacks against their clients.
Where would he or his people become good at that, without breaking the law? I seem to recall seeing references to classes in this sort of thing, where the students are carefully vetted, but is that where this Razorpoint place got them? I thought those were mostly for law enforcement, intelligence, and defense agencies (though that might have changed).
If it's not where he got them, then it seems to me that they are either inexperienced, or have systematically and repeated broken the law in the past (though they might not have been caught doing so). I don't think you can learn how to crack real-world security on paper.
The article refers to the (presumably more thorough :) article in Science magazine:
Muscles Made from Metal by Ray H. Baughman, Science 2003 April 11; 300: 268-269, but I couldn't access it.
This style of argument is common enough (and as objectionable as you suggest), but I gather the original poster was saying something different -- he was complaining about extending the definition of the term 'disappeared'.
My understanding of the term agrees with his, i.e. that it refers to people being taken away and never heard from again. You don't know where they were taken, if they are dead or alive, and you can't find out because no one will answer your questions (and if you push too hard, you may be 'disappeared' yourself). This has been a common procedure in many places, from ancient history into modern times, and this isn't what happened to Hawash.
What did happen is that he was very publicly taken to prison, but not charged with anything for six weeks. I'm not a lawyer, but this sounds like a violation of the sixth amendment (right to a speedy trial, to be informed of the nature and cause of the accusation, etc.). Violating constitutional rights is serious, and trying to establish it as normal policy is more serious, but to be 'disappeared' is a different thing.
Using the term 'disappeared' is hyperbolic rhetoric, like calling the release of a virus 'terrorism' (a term that's supposed to refer to the attempt to dominate or control people by acts inducing fear and intimidation), or calling violation of copyright 'piracy' or 'theft' (the latter's traditional use refers to "feloniously removing personal property with an intent to deprive the rightful owner of same").
As someone who as done 3D graphics work, I found the article rather depressing. Getting different shapes based on variations of the circle equation is very old work, and very commonly known (as a child I first read about the idea in a Piers Anthony novel).
And now this guy is patenting whatever he imagines he's discovered. Graphics Gems has some much more clever ideas in every book, and fortunately that work was published without strings attached, or producing 3D-graphics-related hardware or software might have become an unnegotiable legal minefield.
It seems to me people like this tend to make progress in any given field slower, so yes, my reaction to this alleged discovery was negative. On the other hand, this article tells us that after a 20 year absence, we will once again be able to see a Javan bateng. Now that's exciting.... :)
When I actually want to watch TV and work on the computer at the same time, I use a laptop. I have a TV card in the computer, but the ViewSonic box turns out to be a much better picture quality and easier to deal with.
It has an NTSC tuner, not an HDTV tuner. For $400 an HDTV tuner alone would have made the box worth buying... :(
The part they get right is that the brief summaries tend to be descriptive and accurate...accessible to someone not in the field, and generally still informative to someone with a background in whatever they're covering. Not perfect, but compared to the coverage I see elsewhere, it's excellent.
And exactly how profitable would it be to spend $2700/seat for a system to telemarket to people who are going to great lengths to avoid telemarketers? Isn't that paying extra to reach the least profitable demographic? I can see collection agencies being interested, but telemarketers?
In my experience, if the modification affects enough code to make it an hour rebuild, that's when you have to be extra careful. An hour-long build is generally something people don't sit and watch...they run it over lunch or something. Anyone who grabs the broken update will come back after an hour, find it didn't work, have to revert to a previous version, spend another hour compiling, and then have to do it all again once it's fixed.
If several people have to do this, that's a lot of wasted engineering time. If it's such a simple change that it should be just fine, then an alternative might be to call in a couple reasonably paranoid engineers to have a look. If everyone says 'no problem', then maybe skip the test-compile. Better 3 people waste 5 minutes than everyone waste an hour. If more than a couple lines are changed, though, I'd go for the test compile, regardless.
The Apache Week article points out that since the vulnerability is in the browser, this doesn't address the issue very well...IE apparently supports other forms of cross-site scripting and header access.
This does contradict the claim in that other article that Apache needed a source code patch if you wanted to block TRACE. Fifteen seconds of editing and a SIGHUP to reread the configuration files are all you need, if that's what you want to do.
My mother's church has a large community associated with it, a website, and a congregation large enough to have a few computer hobbiests who do volunteer work for the church. I don't know if they need any more equipment than they have, but if they did, a P133 could be useful.
Incidently, I currently use a P133 for DNS, file service, and shell access. For low traffic volume it's perfectly adequate. I run NetBSD on it, since that was a trivial install. It can handle a Netscape browser and any lightweight X apps, but I wouldn't try running heavier graphical environments like Gnome or KDE.
In general, though, there are probably poorly funded student computer clubs and hobbiest activities all over the place that could benefit from working hardware. The trick would be connecting the equipment with the need...not sure how that would be done. 'Free' isn't as valuable if you add in significant shipping costs.
As you point out, though, it eventually has to be recycled at the component or material level.
The fact that Microsoft had code samples with this flaw suggests to me that it will be found repeated in many, many places.
Under surveillance it's not enough to avoid doing anything illegal...you have to avoid doing anything suspicious or matching the wrong profiles, or you might become the target of an active investigation (brought in for questioning, search warrants on your home, etc.). They can't tell you what patterns they're searching for (or they would be easily avoided by the criminals), so it won't be possible to know what behaviors to avoid unless you're picked up by the police, or know someone who has been.
Yes, the RIAA appears to be attributing any declines in sales to piracy, but this tactic might be turned around, if some advertising money can be scraped together. Take out ads announcing the boycott, give enough details that people know how to participate, and then publicly take credit for further declines in sales. If the boycotters make enough noise, the boycotters' complaints (and not piracy) will be what comes to mind when 'reduced sales' is mentioned.
A well publicized campaign also allows attributing previous sales declines to reasons specified on the boycotters' complaint list (e.g. inflated prices due to monopolistic price fixing), further weakening the RIAA arguments.
You can use pumps for this, and I believe the same gas-law principle is used in sonic fridges.
The fact that air conditioners tend to dehumidify at the same time (water condenses on the chilled coils, and then is usually drained outside) actually tends to reduce the effectiveness of the air conditioner, since some of the heat pumped out of the room is actually the heat of vaporization of the water.
Is this really an accurate thing to say to the Slashdot crowd? :)
Of course, if you get on a 'suspicious users' list, then all your listings might be reviewed by hand. That would be a problem.
If so, he could say 'the copyright holder has personally recorded these CDs on standard recordable media', the filter wouldn't trip over 'CD-R' or 'recordable CD', the buyer would be adequately informed, and no rules would be broken.
I haven't seen these pirate listings, but do they actually say 'CD-R' in them , or is it implied?
The standard Unix security model, despite the 'courseness' of the method, is admirable for the ease with which one can set up a security policy, as well as audit the effects of an existing arrangement.
I would agree that some finer control over root privilege is probably worth the cost in complexity, and 'systrace' looks like one promising contender in providing a means of doing that.
This could be a problem if there's no such thing as negative mass/energy.