Sure, the accelerometer/gyro navigation isn't accurate enough to make it 50+ miles to a safe landing zone, but it's probably enough to get it going in that general direction until it is out of range of whatever is interfering with GPS.
It would seem likely that drones have inertial navigation systems as well, for just that eventuality.
Sure, INS isn't the most accurate system around, but having some sort of fail-safe "If GPS is jammed and control signal is lost, go to $ALTITUDE and turn toward $DIRECTION until communications are restored (presumably by being out of ranging of the offending jamming)." rule would be a sensible thing to have programmed into the drone's control systems.
The loss of government funding wouldn't dramatically affect NPR itself (about 7% comes from "grants and contributions"). The largest single source (34%) of their funding comes from station programming fees.
However, it would affect many of the local public radio stations that re-broadcast NPR (and which, in turn, pay NPR for programming fees). According to this site, 16.4% of the average public radio station's funding comes from government funding and grants from the Corporation from Public Broadcasting. About 14.3% of a public radio station's funding comes from universities, which frequently get income from the feds.
Without funding from the government, many public radio stations would have insufficient funds to continue to operate and would need to close down. NPR would likely be able to continue without much trouble, but local radio stations that actually provide services to their local community would be shut down.
Many of the pledge weeks are for the local stations to raise funding, not for NPR itself (though the NPR radio staff often record "Give $local_station_name money!" ads for the stations).
Speaking of lightweight, I have it running on my WRT54GL wireless router (TomatoVPN firmware) and it works without a hitch. Even with the dinky 200MHz CPU in the router, the limiting factor is the upstream bandwidth of the network connection.
I particularly like the fact that it uses widely-tested methods for the secure connection (TLS, certificate-based authentication, etc.), rather than depending on some proprietary system.
Now, if only the Windows GUI client didn't need admin rights to open...
I seem to recall reading that Groupon allows businesses to limit the number of offers available. That is, rather than having to deal with 8,500 orders, Ms. Brown could have limited the offer to 100 (or some other arbitrary number) people.
If my understanding is correct and such a system exists, it would be foolish for a business to not use it.
GPS jammers are susceptible to anti-radiation missiles like HARM.
Also, common GPS-guided JDAM bombs can achieve a 30m CEP even under GPS jamming conditions, so long as the flight time in the area affected by jamming is less than 100 seconds. That'll likely do quite a number to a jammer.
A Malaysian CA was issuing bad certificates from their intermediate CA that was chained to Entrust. They were allowing weak, 512-bit RSA keys to be signed, as well as not including any certificate extensions (and thus the certificates were treated as valid for all purposes by many OSs and browsers, as opposed to being limited to only what the extensions stated). Entrust revoked the intermediate CA. Evidently the Malaysia CA also had broken CRL locations burned into the certs (or didn't include any CRL information, I don't quite recall), and
Since the certificate had no extensions, it was usable as a code-signing certificate and used to sign malware. The same thing would could have happened if the bad guys managed to steal a regular code-signing cert and the revocation was broken.
I've been an on-again-off-again desktop Linux user for about 5 years now. I started out with Debian, liked it, but found Ubuntu to be better suited for ordinary desktop needs. Fedora has been a bit too bleeding-edge for me, while the long-term stable systems like Red Hat and its derivatives get stale for desktop use really fast.
In particular, having things like the latest stable versions of Firefox/Thunderbird available through Ubuntu PPAs is a major plus, as is having Flash, Acrobat Reader, and Skype available through the Ubuntu Partner repository. Having such PPAs on long-term-support releases allows me to keep up to date on specific applications, while still maintaining stability for other aspects of the system.
My netbook is ideally suited for Linux: no legacy hardware, Intel graphics, and it's too wimpy for any sort of gaming. I have it set up to dual-boot Windows 7 Pro / Ubuntu 10.04 LTS. I'm likely going to change to Windows-only in the near future because: a. All my common software, including Firefox, Pidgin, etc. work just fine in Windows. b. Ubuntu 10.04 has about a year and a half of life left. After that, it's GNOME 3 and/or Unity. I'm not interested in either. The GNOME 3 "gnome-fallback" mode doesn't cut it. I'm not interested in wasting tons of time getting things set up just right (either on the new Ubuntu or another distro) only to have things break again in a few release cycles. If they can have GNOME 3 behave more or less like GNOME 2, I'll consider it...but the new "paradigm" of GNOME 3 (not to mention the abomination that is Unity) is a turn-off. c. Performance on Windows is better. Yes, Windows 7 uses more RAM (just the system, not counting SuperFetch caching and whatnot), but programs like Firefox, MATLAB, and so forth are more responsive (or at least seem so). d. Battery life on Windows 7 is far better than in Linux. e. Windows has a reasonably stable UI. Changes to the UI have tended to be subtle and useful (the addition of a search bar to the Start Menu was a boon). There haven't been major UI overhauls, like the GNOME 2-to-Unity change that Ubuntu did. f. Windows Updates don't break (much) stuff. Sure, there's always a few edge cases where some things break, but on all the systems I personally run, I've never had problems from Windows Updates.
I'm considering replacing the 10.04 LTS with Xubuntu 12.04 LTS. We'll see. Xubuntu looks promising.
At my former workplace, the servers run Linux exclusively (even though a Windows Server running AD would be far better than the Samba domain controller we had), and we had no problems. Linux as a server is incredibly mature, stable, and usable. We ran RHEL on internet-facing servers and CentOS on internal servers (most of them on Xen VMs) and their long-term stability was a great benefit for our servers. However, as a desktop OS, I've not found any Linux distro that's as well-polished and mature as Windows.
I want to use Linux on the desktop, but the functionality, stability, and usability of Windows keeps me using it as my primary OS.
When I was a freshman (majoring in physics with a math minor) at the University of Arizona, there was ~180 freshman who had declared their major as "astronomy".
When I graduated four years later, only 8 astro majors graduated.
Why? Probably because it's really hard. It's definitely not the idealized scenario that many new students think it might be.
Astronomy isn't just taking pretty pictures of space -- it involves a huge amount of theory and advanced mathematics.
Chemistry isn't all explosions and making visually-interesting reactions in test tubes -- again, there's a lot of theory, scary classes (see organic chemistry), and advanced mathematics.
Physics isn't just rolling balls down inclines and swinging pendulums -- lots of theory, advanced mathematics, and mind-warpingly weird stuff.
Even then, once one graduates, there's more of the same through graduate school. If one is lucky enough to get an academic position, there's intra- and inter-departmental politics and drama, budget and resource issues, and a zillion other things that "interactive teaching techniques" aren't going to help alleviate.
In short, science involves an enormous amount of work for remarkably little personal gain. The pay isn't that great, there's little chances for public recognition or fame, and the vast majority of other people will no have no idea what one does for a living. One has to really love it to succeed at it.
Not everyone is cut out to be a scientist, doctor, or engineer*. Having better teaching techniques will probably help keep some borderline students in the program, at least at the undergraduate level, but what about after that?
* That's not a bad thing. A lot of scientists, doctors, and engineers would make terrible high school teachers, lawyers, policemen, plumbers, astronauts, etc.
That's a good question. I will attempt to answer it, with the caveat that I'm also not a crypto expert.
Most of the relatively shorter key lengths you see these days, such as 128-bit and 256-bit refer to symmetric encryption algorithms like AES. At this point in time, such keylengths are secure for the foreseeable future. These algorithms tend to be quite fast (AES has hardware-acceleration in many CPUs, which can encrypt or decrypt data at 1GB+/sec in some cases, and around 300MB/sec on many non-accelerated CPUs), but require that both parties exchanging encrypted data share the same key. (Hence the name "symmetric" -- the same key is used for encrypting and decrypting.)
The two parties could previous exchange a shared symmetric key by means of a trusted channel, like a trusted courier, or meeting in person. This can be extremely difficult in the real-world, though.
The longer-length keys you often see (1024-bit, 2048-bit, 4096-bit and, in the case mentioned in the article, the not-very-secure-at-all 512-bit length) are "asymmetric" keys -- when they're created, one creates a "public key" and a "private key" that are linked a certain mathematical way. The public key can be distributed widely, while the private key must be kept secret. If Alice wants to send Bob a secure message, she can encrypt it with Bob's public key, but the message can only be decrypted with Bob's private key -- even if someone intercepts the encrypted message and has Bob's public key, they are unable to decrypt it.
Asymmetric encryption is extremely slow, relative to symmetric encryption (I seem to recall reading that they're about a thousand times slower). Sending large amounts of data over secure connections would be extremely slow. Fortunately, modern cryptosystems use a hybrid model: they use asymmetric keys to exchange a shared secret key that is then used for faster symmetric encryption -- this allows for quick symmetric encryption methods to be used by solving the problem of exchanging the symmetric key without needing to meet in person.
SSL, for example, uses such a method. A simplified description follows: when your browser connects to a secure website the server sends you its public key (which has been digitally signed by a certificate authority who vouches for the identity of the server). Your browser checks the signature to make sure it's actually been issued by the authority and, if it checks out, creates a random symmetric key, encrypts it with the server's public key and sends it to the server. The server decrypts the symmetric key with its private key. Both client and server then encrypt all future communications with the symmetric key.
Because asymmetric and symmetric encryption keys use entirely different mathematical methods to secure data, their keylengths aren't directly comparable. According to NIST, a 3072-bit asymmetric key is about as strong as a 128-bit symmetric key.
My main curiosity is why any administrator would generate 512-bit RSA keys for their own servers, knowing that they're weak.
I wonder if there's some old Malaysian-language "Guide to setting up SSL" website that they're following? I'd be curious if there's any commonality between all the 512-bit keys. That, or some particular software that has that keylength in the default configuration file.
RSA-512 has been known to be weak for a long time.
Who in their right mind would generate such a certificate for (presumably) a production system?
Why didn't the CA have some sort of system to detect such short keys?
The CA I use doesn't allow anything less than 2048-bits to be signed. While the policy may be a bit strict, as 1024-bit keys still have their uses (there's a lot of hardware that only deals with 1024-bit keys), at least they're erring on the side of caution. I'm sure they're not the only one with such a policy.
I figure that diluting things a bit also helps, and often shred some non-sensitive documents. When I empty the shredded paper (consisting of shredded sensitive and non-sensitive documents) into the recycling bag, I mix up the paper so pieces from the same document aren't grouped together.
Perhaps a bit overkill, but it's only a slight bit of extra work. It's also fun to feed stuff into the shredder.
Re:Why not focus on quality instead of major revs?
on
Ubuntu Turns 7
·
· Score: 1
*shrugs* LTS releases are meant to be stable.
In general, they should only get security and bug fixes, with updates not delivering new features (like a change in UI, as happened with Firefox).
PPAs exist for adding new features where desired. I use 10.04 LTS with the firefox-stable and pidgin PPAs, as well as the private repos for Dropbox and Google Chrome.
My OS is stable for several years, upgrades between LTS releases are well-supported, and I have modern versions of software that I choose. Seems like all-around win for me.
Ah, pardon me. I misunderstood -- I thought moehoward was implying that the driver of the test vehicle would be placing the calls. Mea culpa.
That said, I agree that buildings (specifically their interior) should have better coverage.
Here in Switzerland, several of the mobile networks categorize their coverage as "GSM/2G", "UMTS/HSPA (Outdoors)", and "UMTS/HSPA (Indoors)" and have appropriately-shaded regions on their coverage maps. Quite handy, but I wish they'd also have a "GSM/2G (Indoors)" option. Oh well.
The email service for the department at the university I used to work for used greylisting, and incoming mail was routinely delayed for 30+ minutes. While I realize that email is not a time-critical service, it is still a hassle to wait for incoming email.
Even if greylisting could completely eliminate all spam, I would rather tolerate a small amount of spam than deal with the delays. Google Mail (who provides email for my domain)'s spam filter is so good that it is a rare occasion when spam slips through to my inbox.
Slashdot Mirror
Red Hat seems to have no problem profiting while selling mostly-GPL'ed code...
More like 3.9%.
Sure, the accelerometer/gyro navigation isn't accurate enough to make it 50+ miles to a safe landing zone, but it's probably enough to get it going in that general direction until it is out of range of whatever is interfering with GPS.
It would seem likely that drones have inertial navigation systems as well, for just that eventuality.
Sure, INS isn't the most accurate system around, but having some sort of fail-safe "If GPS is jammed and control signal is lost, go to $ALTITUDE and turn toward $DIRECTION until communications are restored (presumably by being out of ranging of the offending jamming)." rule would be a sensible thing to have programmed into the drone's control systems.
I think the point was that the US has never gone to war with an adversary who has nuclear weapons of their own.
It's a reference to this scene from the Pixar movie "Up".
The loss of government funding wouldn't dramatically affect NPR itself (about 7% comes from "grants and contributions"). The largest single source (34%) of their funding comes from station programming fees.
However, it would affect many of the local public radio stations that re-broadcast NPR (and which, in turn, pay NPR for programming fees). According to this site, 16.4% of the average public radio station's funding comes from government funding and grants from the Corporation from Public Broadcasting. About 14.3% of a public radio station's funding comes from universities, which frequently get income from the feds.
Without funding from the government, many public radio stations would have insufficient funds to continue to operate and would need to close down. NPR would likely be able to continue without much trouble, but local radio stations that actually provide services to their local community would be shut down.
Many of the pledge weeks are for the local stations to raise funding, not for NPR itself (though the NPR radio staff often record "Give $local_station_name money!" ads for the stations).
Hear, hear.
Speaking of lightweight, I have it running on my WRT54GL wireless router (TomatoVPN firmware) and it works without a hitch. Even with the dinky 200MHz CPU in the router, the limiting factor is the upstream bandwidth of the network connection.
I particularly like the fact that it uses widely-tested methods for the secure connection (TLS, certificate-based authentication, etc.), rather than depending on some proprietary system.
Now, if only the Windows GUI client didn't need admin rights to open...
No, probably something like "LAUNCH PHASE COMPLETE. PRESS ENTER TO CONTINUE.", but it only accepts input from the on-board keyboard.
I seem to recall reading that Groupon allows businesses to limit the number of offers available. That is, rather than having to deal with 8,500 orders, Ms. Brown could have limited the offer to 100 (or some other arbitrary number) people.
If my understanding is correct and such a system exists, it would be foolish for a business to not use it.
GPS jammers are susceptible to anti-radiation missiles like HARM.
Also, common GPS-guided JDAM bombs can achieve a 30m CEP even under GPS jamming conditions, so long as the flight time in the area affected by jamming is less than 100 seconds. That'll likely do quite a number to a jammer.
They don't.
A Malaysian CA was issuing bad certificates from their intermediate CA that was chained to Entrust. They were allowing weak, 512-bit RSA keys to be signed, as well as not including any certificate extensions (and thus the certificates were treated as valid for all purposes by many OSs and browsers, as opposed to being limited to only what the extensions stated). Entrust revoked the intermediate CA. Evidently the Malaysia CA also had broken CRL locations burned into the certs (or didn't include any CRL information, I don't quite recall), and
Since the certificate had no extensions, it was usable as a code-signing certificate and used to sign malware. The same thing would could have happened if the bad guys managed to steal a regular code-signing cert and the revocation was broken.
In my experience, yes. It's available anytime Steam can't connect to the mothership.
I've been an on-again-off-again desktop Linux user for about 5 years now. I started out with Debian, liked it, but found Ubuntu to be better suited for ordinary desktop needs. Fedora has been a bit too bleeding-edge for me, while the long-term stable systems like Red Hat and its derivatives get stale for desktop use really fast.
In particular, having things like the latest stable versions of Firefox/Thunderbird available through Ubuntu PPAs is a major plus, as is having Flash, Acrobat Reader, and Skype available through the Ubuntu Partner repository. Having such PPAs on long-term-support releases allows me to keep up to date on specific applications, while still maintaining stability for other aspects of the system.
My netbook is ideally suited for Linux: no legacy hardware, Intel graphics, and it's too wimpy for any sort of gaming. I have it set up to dual-boot Windows 7 Pro / Ubuntu 10.04 LTS. I'm likely going to change to Windows-only in the near future because:
a. All my common software, including Firefox, Pidgin, etc. work just fine in Windows.
b. Ubuntu 10.04 has about a year and a half of life left. After that, it's GNOME 3 and/or Unity. I'm not interested in either. The GNOME 3 "gnome-fallback" mode doesn't cut it. I'm not interested in wasting tons of time getting things set up just right (either on the new Ubuntu or another distro) only to have things break again in a few release cycles. If they can have GNOME 3 behave more or less like GNOME 2, I'll consider it...but the new "paradigm" of GNOME 3 (not to mention the abomination that is Unity) is a turn-off.
c. Performance on Windows is better. Yes, Windows 7 uses more RAM (just the system, not counting SuperFetch caching and whatnot), but programs like Firefox, MATLAB, and so forth are more responsive (or at least seem so).
d. Battery life on Windows 7 is far better than in Linux.
e. Windows has a reasonably stable UI. Changes to the UI have tended to be subtle and useful (the addition of a search bar to the Start Menu was a boon). There haven't been major UI overhauls, like the GNOME 2-to-Unity change that Ubuntu did.
f. Windows Updates don't break (much) stuff. Sure, there's always a few edge cases where some things break, but on all the systems I personally run, I've never had problems from Windows Updates.
I'm considering replacing the 10.04 LTS with Xubuntu 12.04 LTS. We'll see. Xubuntu looks promising.
At my former workplace, the servers run Linux exclusively (even though a Windows Server running AD would be far better than the Samba domain controller we had), and we had no problems. Linux as a server is incredibly mature, stable, and usable. We ran RHEL on internet-facing servers and CentOS on internal servers (most of them on Xen VMs) and their long-term stability was a great benefit for our servers. However, as a desktop OS, I've not found any Linux distro that's as well-polished and mature as Windows.
I want to use Linux on the desktop, but the functionality, stability, and usability of Windows keeps me using it as my primary OS.
When I was a freshman (majoring in physics with a math minor) at the University of Arizona, there was ~180 freshman who had declared their major as "astronomy".
When I graduated four years later, only 8 astro majors graduated.
Why? Probably because it's really hard. It's definitely not the idealized scenario that many new students think it might be.
Astronomy isn't just taking pretty pictures of space -- it involves a huge amount of theory and advanced mathematics.
Chemistry isn't all explosions and making visually-interesting reactions in test tubes -- again, there's a lot of theory, scary classes (see organic chemistry), and advanced mathematics.
Physics isn't just rolling balls down inclines and swinging pendulums -- lots of theory, advanced mathematics, and mind-warpingly weird stuff.
Even then, once one graduates, there's more of the same through graduate school. If one is lucky enough to get an academic position, there's intra- and inter-departmental politics and drama, budget and resource issues, and a zillion other things that "interactive teaching techniques" aren't going to help alleviate.
In short, science involves an enormous amount of work for remarkably little personal gain. The pay isn't that great, there's little chances for public recognition or fame, and the vast majority of other people will no have no idea what one does for a living. One has to really love it to succeed at it.
Not everyone is cut out to be a scientist, doctor, or engineer*. Having better teaching techniques will probably help keep some borderline students in the program, at least at the undergraduate level, but what about after that?
* That's not a bad thing. A lot of scientists, doctors, and engineers would make terrible high school teachers, lawyers, policemen, plumbers, astronauts, etc.
That's a good question. I will attempt to answer it, with the caveat that I'm also not a crypto expert.
Most of the relatively shorter key lengths you see these days, such as 128-bit and 256-bit refer to symmetric encryption algorithms like AES. At this point in time, such keylengths are secure for the foreseeable future. These algorithms tend to be quite fast (AES has hardware-acceleration in many CPUs, which can encrypt or decrypt data at 1GB+/sec in some cases, and around 300MB/sec on many non-accelerated CPUs), but require that both parties exchanging encrypted data share the same key. (Hence the name "symmetric" -- the same key is used for encrypting and decrypting.)
The two parties could previous exchange a shared symmetric key by means of a trusted channel, like a trusted courier, or meeting in person. This can be extremely difficult in the real-world, though.
The longer-length keys you often see (1024-bit, 2048-bit, 4096-bit and, in the case mentioned in the article, the not-very-secure-at-all 512-bit length) are "asymmetric" keys -- when they're created, one creates a "public key" and a "private key" that are linked a certain mathematical way. The public key can be distributed widely, while the private key must be kept secret. If Alice wants to send Bob a secure message, she can encrypt it with Bob's public key, but the message can only be decrypted with Bob's private key -- even if someone intercepts the encrypted message and has Bob's public key, they are unable to decrypt it.
Asymmetric encryption is extremely slow, relative to symmetric encryption (I seem to recall reading that they're about a thousand times slower). Sending large amounts of data over secure connections would be extremely slow. Fortunately, modern cryptosystems use a hybrid model: they use asymmetric keys to exchange a shared secret key that is then used for faster symmetric encryption -- this allows for quick symmetric encryption methods to be used by solving the problem of exchanging the symmetric key without needing to meet in person.
SSL, for example, uses such a method. A simplified description follows: when your browser connects to a secure website the server sends you its public key (which has been digitally signed by a certificate authority who vouches for the identity of the server). Your browser checks the signature to make sure it's actually been issued by the authority and, if it checks out, creates a random symmetric key, encrypts it with the server's public key and sends it to the server. The server decrypts the symmetric key with its private key. Both client and server then encrypt all future communications with the symmetric key.
Because asymmetric and symmetric encryption keys use entirely different mathematical methods to secure data, their keylengths aren't directly comparable. According to NIST, a 3072-bit asymmetric key is about as strong as a 128-bit symmetric key.
See and for more details.
Understood.
My main curiosity is why any administrator would generate 512-bit RSA keys for their own servers, knowing that they're weak.
I wonder if there's some old Malaysian-language "Guide to setting up SSL" website that they're following? I'd be curious if there's any commonality between all the 512-bit keys. That, or some particular software that has that keylength in the default configuration file.
RSA-512 has been known to be weak for a long time.
Who in their right mind would generate such a certificate for (presumably) a production system?
Why didn't the CA have some sort of system to detect such short keys?
The CA I use doesn't allow anything less than 2048-bits to be signed. While the policy may be a bit strict, as 1024-bit keys still have their uses (there's a lot of hardware that only deals with 1024-bit keys), at least they're erring on the side of caution. I'm sure they're not the only one with such a policy.
Or you could just politely say "I opt-out of going through the scanner." with the same results.
Hasn't been a problem.
X-rays are ionizing radiation.
I figure that diluting things a bit also helps, and often shred some non-sensitive documents. When I empty the shredded paper (consisting of shredded sensitive and non-sensitive documents) into the recycling bag, I mix up the paper so pieces from the same document aren't grouped together.
Perhaps a bit overkill, but it's only a slight bit of extra work. It's also fun to feed stuff into the shredder.
*shrugs* LTS releases are meant to be stable.
In general, they should only get security and bug fixes, with updates not delivering new features (like a change in UI, as happened with Firefox).
PPAs exist for adding new features where desired. I use 10.04 LTS with the firefox-stable and pidgin PPAs, as well as the private repos for Dropbox and Google Chrome.
My OS is stable for several years, upgrades between LTS releases are well-supported, and I have modern versions of software that I choose. Seems like all-around win for me.
Ah, pardon me. I misunderstood -- I thought moehoward was implying that the driver of the test vehicle would be placing the calls. Mea culpa.
That said, I agree that buildings (specifically their interior) should have better coverage.
Here in Switzerland, several of the mobile networks categorize their coverage as "GSM/2G", "UMTS/HSPA (Outdoors)", and "UMTS/HSPA (Indoors)" and have appropriately-shaded regions on their coverage maps. Quite handy, but I wish they'd also have a "GSM/2G (Indoors)" option. Oh well.
The phones are connected to automatic equipment that makes the calls, measures the various properties, etc. The driver is not placing the calls.
It's also an enormous pain.
The email service for the department at the university I used to work for used greylisting, and incoming mail was routinely delayed for 30+ minutes. While I realize that email is not a time-critical service, it is still a hassle to wait for incoming email.
Even if greylisting could completely eliminate all spam, I would rather tolerate a small amount of spam than deal with the delays. Google Mail (who provides email for my domain)'s spam filter is so good that it is a rare occasion when spam slips through to my inbox.