Slashdot Mirror


User: Ungrounded+Lightning

Ungrounded+Lightning's activity in the archive.

Stories
0
Comments
8,936
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 8,936

  1. An early one... on Stealing From Banks One Cent at a Time · · Score: 1

    This kind of attack hardly an invention of the movies. The salami attack has been around for a long time.

    The rounding version of the "Salami slicing" attack, actually.

    One of the earliest ones that was discovered took advantage of a bank's interest computation program's method of processing the accounts in alphabetic order by primary accountholder's name. It collected the rounding fractions and deposited them in the last account processed. The program's author opened an account with a bogus last name starting with "Z" to collect the slivers. Thus there was no hard-coded account number and the extra code was small and hard to spot.

    Eventually somebody whose real name started with "Z" and was further along in the alphabet opened an account with the bank. When his interest payments far exceeded his balance he contacted the bank to find out what was wrong.

  2. Re:Beta? on KDE 4.1 Beta 1 Released · · Score: 3, Funny

    "The KDE Project is proud to announce the first beta release of KDE 4.1. Beta 1"

    What?! The first beta of beta?


    Naw. The Department of Redundancy Department got its hands on the press release.

  3. Y2K on Stealing From Banks One Cent at a Time · · Score: 1

    Too bad the big year 2000 crash did not happen :D

    Some of it did happen. But mostly only small stuff.

    The big foulup didn't happen because billions were spent to fix it in advance.

    (Amdahl had a two-rack mainframe available at the time for a few bux under a million and for a couple years leading up to the big day something like half their sales were to companies that wanted a completely separate machine to test their Y2K fixes without risking the live, mission-critical processes.)

  4. If so, couldn't You Tube / Google just say ... on YouTube Fires Back At Viacom · · Score: 3, Interesting

    The DMCA has a safe harbor provision for "platform" and "network" providers that, basically says - as long as you don't exercise control over the content on your platform/network, you cannot be sued for infringement, the plaintiff must sue the one who uploads/transfers using your service.

    However, YouTube has entered into agreements and instituted technology to pre-emptively purge it's "platform" of copyrighted material - Therefore, they are no longer protected by the safe harbor. ... As soon as a network or platform provider begins to filter the traffic or content, the safe harbor doesn't apply and they're fair game.


    If so, couldn't they just say this:

    "OK, we'll turn off the filtering starting immediately and discuss whether there are contract violations with our contract partners as a separate matter from this case. We ask the court to rule that the safe harbor is clearly in effect once the filtering has stopped and limit this case to the period when the filtering was occurring. If plaintiffs don't agree and do want us to continue filtering pending the resolution of this case, we ask them to request that the filtering remain in effect and either waive any claims that the filtering invalidates any safe harbor provision of the DMCA or waive any damages for the period from now until the resolution of the case should it be determined that the safe harbor provisions would immunize us and filtering invalidates them."

  5. Re:Another variant also had problems. on First Exotic Space Thruster Test Ends in Explosion · · Score: 1

    Power pole insulators, too.

    I recall back in the '50s or so coming across an article in a journal on a problem and solution with a new insulator design that was breaking over at an unexpectedly low voltage. (This was in the days before computer field modeling, when you could figure it out but it was a lot of work and expense so things tended to be done by rule-of-thumb until malperformance justified the expense.)

    It was a hollow glass cylinder with a series of half-circle cross-section rings along its side, with a grounded mount at the bottom, suitable for rigidly mounting on a power pole. The field was expected to be essentially uniform. Turns out it was actually concentrated near the base plate. A corona arc would start there then extend upward across the bumpy side to the top.

    Solution was to coat the inside of the base with a conductor for maybe a fifth of the height of the insulator to even out the field. (Don't recall if they did that by silverplating it or by having an extension like a short hunk of pipe on the metal baseplate.)

  6. Re:Another variant also had problems. on First Exotic Space Thruster Test Ends in Explosion · · Score: 2, Interesting

    "large-scale tethered orbital structures have an additional problem to be solved: Keeping the tethers intact despite kilovolts of induced voltage along the tether and the resulting arcing"

    Would those same issues apply to a Space Elevator?


    To a much smaller extent - at least for the skyhook/beanstalk variety. (Some of the tumbing ones might have issues.)

    A skyhook is rotating with the Earth, which also means with the Earth's field lines. Or at least roughly:
      - Any waving back-and-forth in the beanstalk will induce voltages. (Climbers will cause it to wiggle, as will several kinds of weather.)
      - So will distortion of the Earth's field by bow shock (which will cause its position to vary with respect to a tide-locked beanstalk, depending on the time of day.
      - So will sudden distortions of the Earth's field by solar flares and such. (You think you get a big voltage induced in a power transmission line crossing a continent? Imagine what you get in one several times the diameter of the planet...)
      - And beyond the bow shock you're dealing with the the galactic field, which DOESN'T rotate with the earth. (I think the bow shock is beyond the Clarke orbit but I'm not sure at all.)

    And of course down here where the atmosphere is thicker than a neon sign's content you have all sorts of other electrical stuff - lightning, sprites/jets, voltages from the ionosphere, etc.

    So skyhooks have the issue, mitigated by moving generally with the field and by the extreme thickness of the cable but exacerbated by it's length.

    Upside: Charge collectors and electron guns at various heights along the tether can be used to induce currents in segments of the tether. This can be used to damp the component of any oscillations that's at right angles to the Earth's field. (That's the big ones.) (Also: Damping oscillations means throwing energy away. So the sense of the generated voltages should be helping, rather than hurting, the powering of the dampers.)

  7. Another variant also had problems. on First Exotic Space Thruster Test Ends in Explosion · · Score: 5, Informative

    Another variant of this is to have two weights connected by a wire tether and tide-locked to the primary, so the wire is oriented at roughly right angles to the orbit. Then you put a current in the wire by ejecting electrons on one end and collecting them at the other - making it into a motor that can accelerate or decelerate along the orbit. No reaction mass, run it off the solar collectors, etc. This also ran into issues with arcing.

    They tried an experiment on this with the shuttle and a tether to a satellite they were launching, and found a problem: The motion along the orbit also causes it to act like a generator, powered by the orbital momentum. (This was known - and also has possible uses.) This produces a voltage gradient along the wire tether. So the tether has to be insulated to prevent arcing to the very low-pressure plasma that constitutes the high atmosphere and solar wind.

    What they discovered was that minute flaws in the insulation caused localized arcs to the surrounding plasma. These were powered by the orbital motion relative to the earth's field and were very intense. They quickly melted through the thin tether.

    So such a motor is not an impossibility. But it will require some heavy engineering work to get around this problem.

    (It also says that large-scale tethered orbital structures have an additional problem to be solved: Keeping the tethers intact despite kilovolts of induced voltage along the tether and the resulting arcing.)

    It's easy to think of space as filled with a hard vacuum. Unfortunately it's actually filled with very low pressure conductive plasma and near the Earth that's dense enough to be a major engineering issue.

  8. I had heard this also worked on the other side. on 5th Circuit May Stop Patent Troll "Forum Shopping" · · Score: 3, Interesting

    Back in the '70s when I was first trying to patent something (that it turned out had been invented and patented back when I was 6 years old), I heard that similar forum shopping was done by those trying to break patents.

    Seems there was a federal judge in Chicago who thought everything was obvious (rather than "obvious only after it's pointed out and THEN you go 'Oh, of course!'"). So people trying to break patents would try to file their suits there, in the hope of getting that judge. Worst case was they got one of the other judges and actually had to prove their case.

    Don't know if this was actually true. And even if true that judge would either be retired or nicknamed Lazarus by now. But I thought I'd share.

  9. Re:I don't get what the big deal is... on Pushing a CPU to Heat Death, Intentionally · · Score: 1

    I mean, I can run for several hours without a heat sink or a fan.

    That's because you're water cooled.

  10. Re:"Heat Death" on Pushing a CPU to Heat Death, Intentionally · · Score: 1

    Sorry to nitpick, but doesn't the term "heat death" usually mean death by maximum entropy (i.e. no heat), and not death by heat?

    Actually not "no heat" but "everything the same temperature". And all the other forms of stored energy evened out and/or randomized until there's no unevenness left to run an engine (or other thermodynamic process) on.

    But there are information-theory interpretations of entropy, which are applicable:

    The high degree of organization of the components in the chip (order) - with carefully controlled doping of some regions and not others, conductors configured to act as wires, etc. - represents a low entropy state. Raising the temperature until the atoms start moving around will reduce the order of this state - increasing its entropy - until the chip is no longer able to function.

    So you could claim that it died as a result of too much entropy. B-)

  11. Such antennas are cheap and small. on Parent-Friendly Wireless Bridge To Span 500 Meters? · · Score: 4, Informative

    We've done 5 mile links with a pair of *old* wallmount AT&T Wavelan bridges and proper antennas on 915 Mhz. Those units were 400mw.

    Such antennas are cheap and small, too. Under $100 in singles at a number of companies with online ordering facilities.

    A 24db skeleton-parabola can get you miles of range even without a high-gain antenna on the other end, and is about the size of a UHF TV antenna. (I know one guy who war-scans the business district of San Francisco with one - from his apartment deck in Berkeley. B-) ) With antennas on both ends you should be able to go with the little lozenge types.

    To give you an idea of range: My Nevada house is about 5 miles from the cell tower where the local WiSP has its POP, with a directional antenna pointed generally my way. His customers normally use a lozenge antenna with built in AP mounted on an outside wall, and I'll probably do that when I sign up (because my computer room is on the far side of the house). But my picture window faces the tower and my laptop catches the ID beacon just fine sitting in my lap using the builtin antenna.

    So for a half-mile putting an AP in each attic and even a low-gain external antenna on the roof or outside wall should do the job just fine.

    Want a cheap do-it-yourself high-gain directional antenna? Get a big wok strainer (woks and their strainers are pretty good parabolas), put a USB-stick WiFI adapter on a USB extension cord, and mount it with its backside at the focus of the strainer. B-)

  12. So why isn't fiberglass insulation banned? on Nanotubes "As Deadly as Asbestos" · · Score: 1

    The problem is when said micro particle are supposed to be indestructible (an attribute shared by both asbestos and nanotubes).

    Another problem is shape. The system is designed to process round solids, not very long thin ones.


    Which brings up an Issue I've wondered about a lot...

    Why isn't fiberglass insulation just as much of a problem as asbestos? Or IS it as much of a problem but not yet recognized as such?

    And while we're at it: Is the level of risk from asbestos exaggerated?

    There's reason to believe that lung cancer risk goes up, not linearly, but with something like the sixth power of the irritant exposure. So (as with radon exposure from uranium miners) extrapolation of homeowner risk from cancer rates observed in people who literally worked up to their knees in powdered asbestos would enormously overstate the problem.

    Also: You have to take into account smoking - which both inhibits the action of the cilia that help clear particles from the airways and produces carcinogenic compounds that can be carried into the tissues and the cells themselves by the mechanical action of the sharp fibers - whether mineral or nanotube.

  13. Re:heh on Paypal Founder Puts a Half Million Dollars Into Seasteading · · Score: 4, Interesting

    Also wondering about food, waste disposal and power.

    The ocean is full of tasty critters.

    The critters dump their organic waste into the water, where it is recycled by other critters. Why shouldn't the humans? (They already do it on ocean-going vessels. Blackwater is an issue on land and enclosed waterways, not in mid ocean.)

    For non-biodegradable waste: Jetsam dumped overboard in deep water won't be an issue for geologic time. That leaves flotsam, which would have to be dealt with in more ordinary ways. (Fortunately, that's a small amount of the waste and mostly imported anyhow. So it can be shipped out to some place that can handle it.)

    At most latitudes there's lots of wind available, with no mountains, trees, and buildings to slow it down. (Sometimes there's a bit more wind than you'd like.)

    If you want to settle the "horse latitudes" (where there's rarely wind), there's plenty of solar power. And a handy way to tap it is to pump up cold water from deeper down and run a heat engine on the temperature difference between it and the upper-level water. Then you dump the nutrient-rich deep water locally and farm the resulting massive explosion of plants and critters.

    The idea that purchasing a flag of convenience will providing meaningful protection seems a bit naive..

    Flags of convenience are a protection against GOVERNMENT predation. (Which is essentially the point of this whole exercise.)

    Will every citizen be a trained firefighter? Who will provide emergency medical services?

    The same sort of people who provide such services on ocean-going vessels or in houses in very rural areas. These are already solved problems - with solutions that vary depending on the size of the community and the degree of its location's isolation.

  14. I want a quagga on Bits of Tassie Tiger Brought Back from Extinction · · Score: 2, Interesting

    When they get around to recreating recently extinct species I think a particularly good candidate is the Quagga. (And I'd love to have some breeding stock for it.)

    One thing that the wikipedia article doesn't mention: Zebras are essentially a striped donkey, but they (and their hybrids) are generally vicious and impossible to break and train. The Quagga was an exception: It domesticated very nicely.

    Others that would be fun to bring back:
      - Dodo.
      - Passenger Pigeon. (If only for the humor of having the eastern states paved in pigeon droppings twice a year as the sky-obscuring migration goes through.)
    Both were apparently very tasty.

  15. That baby will be born dead. on Comcast Invests in P2P · · Score: 4, Insightful

    An ISP will be stuck carrying traffic for whatever systems are deployed. It can't deploy one of its own and try to force people to use it (at least not without coming under fire on antitrust grounds).

    And the commercial product will not become widely adopted and displace the other P2P applications. To do that it would have to be about 10 times as good an application and there isn't that much headroom available. (As for slowing down the other P2P applications, see above.)

    Finally, it won't even be able to compete equally on a level playing field because it will certainly be hobbled with DRM.

  16. Can YOU buy it for $30? on French Judge Orders Refund For Pre-Installed XP · · Score: 1

    I don't know that I have anything solid to base this on, but I've always guessed that the real cost per copy that larger systems makers have to pass on to Microsoft is more in the $30 range.

    That may be the cost to the manufacturer. But what's the cost to the consumer? How do you KNOW that's all the cost that the Microsoft software added to your computer?

    As another poster (talking about HIS attempts to get a refund from a US manufacturer - at the stage where they said "OK, but it's only $30" or whatever) said (approximately): "Windows only costs $30? Good! I want a hundred licenses for starters. Tell me where to send the $3,000." Needless to say the manufacturer didn't go along with that.

    In the absence of both information about the actual prices paid (a trade secret) and any other valuable considerations given to Microsoft by the manufacturer, a court has no reasonable basis to use to determine the price other than the retail price at which the item trades. And because the decision is AGAINST the manufacturer, it's not appropriate to let the losing defendant pick an arbitrarily lower figure with no publicly available evidence to support it.

  17. Analog of hardware "false path". on Do Static Source Code Analysis Tools Really Work? · · Score: 1

    In the design of synchronous digital circuits the tools measure how long it takes signals to propagate through networks of logic from one layer of flops to another, try to optimize the organization and physical layout of the logic to meet timing requirements, and tell you how fast you can run your clocks and still have everything settled at flop inputs in time for them to correctly capture the data.

    They do this by making worst-case assumptions: How long after a clock the output of a flop is stable, how long it takes to get through gates of each type, how soon before a clock it must arrive at the input to the next flop, and so on.

    But one of these assumptions is that ANY input to the combinatorial logic might change on one clock and that change might propagate through any available path to affect any output, which must be stable by the next clock. This assumption might be wrong for a number of reasons.

    For instance: A complicated logic block might be used differently on different cycles. An adder might be adding two values near the output of a combinatorial block on some cycles, two near the beginning (with its output driving something else complicated) on others. The tools see that there's a long path on the way to the adder's input and another coming from it's output. But they may not see that both can't happen at the same time (either though not checking all the possible combinations of inputs, or not being able to see the circuitry that creates the guarantee - which may be in another block that's not available to the tool).

    Without this knowledge the tools may perform unnecessary optimizations to "fix" the non-problem: Using fast gates (with higher power and more silicon area), rearranging the logic to improve the long path (ditto and lengthening some that DO get used). And/or it may report timing violations for the user to fix (masking any shorter but real ones) or prescribe an unrealistically low clock rate (reducing the part's performance).

    To avoid this, such tools provide the ability for the users to declare such paths to be "false paths", which should be ignored in optimization. (Unfortunately, the paths often cross module boundaries, so the ability to declare them is generally provided OUTSIDE the source code, in some separate configuration file for the build.)

    IMHO many of the bogus warnings from static analysis tools are a similar problem. As a result, such tools need a couple of similar features to solve it.

    At a minimum they need the ability for the code author to say "This is really OK." in a way the tool can process. This gets rid of the bogus warning - clearing the output so that REAL warnings won't be buried in the false cries of wolf and will be acted upon.

    A useful addition would be an ability to say "This is really OK because of X". That way the tool could then check that X actually still holds and sound off if it gets broken later. (Unfortunately, X can be pretty general. So you still need the ability to say "This is really OK because I told you so.")

    This already arose in C++ and ANSI C strong type checking. But idioms were available to tell the compiler you really meant it. (Cast to void then cast to another type, store in a union as one thing and load as another, argument type of void or pointer-to-void, encapsulating such idioms in typecast defined operators, etc.) Now we have another checking tool that needs its own flavor of communication from the designer to the tool.

  18. Another line to use. on Do Static Source Code Analysis Tools Really Work? · · Score: 3, Insightful

    Me: "ok, but you said not everything it flags there is a bug, right?"
    Him: "Yes, you need to actually look at them and see if they're bugs or not."
    Me: "Then what sense does it make to generate charts based on wholesale counting
                entities which may, or may not be bugs?"
    Him: "Well, you can use the charts to see, say, a trend that you have less
              of them over time, so the project is getting better."
    Me: "But they may or may not be actual bugs. How do you know if this week's
              mix has more or less actual bugs than last weeks, regardless of what the
              total there is?"
    Him: "Well, yes, you need to actually look at them in turn to see which are actual bugs."
    Me: "But that's not what the tool counts. It counts a total which includes an
                unknown, and likely majority, number of false positives."
    Him: "Well, yes."
    Me: "So what use is that kind of a chart then?"
    Him: "Well, you can get a line or bar graph that shows how much progress
              is made in removing them."

    Your next line is:

    Me: "So you're selling us a tool that generates a lot of false warnings
              and a measurement on how much unnecessary extra work we've done to
              eliminate the false warnings. Wouldn't it make more sense not to use
              the tool in the first place and spend that time actually fixing real bugs?"

    To work this question must be asked with the near-hypnotized manager watching.

  19. Re:If so there goes battery life, too. on Microsoft and OLPC Agree To Put XP On the XO Laptop · · Score: 1

    I was under the impression that OLPC was talking about expanding the RAM (because Windows needs so much of it to operate) and I was talking about the power consumption of the RAM in the operating state.

    Are you claiming that the XO uses FLASH for main memory, rather than as a disk replacement?

  20. How appropriate... on Streamlining and Testing RFID Technology · · Score: 4, Funny

    privacy, rfid, security, technology (tagging beta)

    For once "tagging beta" is appropriate. B-)

  21. Re:I wonder... on Air Force Aims for Control of 'Any and All' Computers · · Score: 1

    The government can't station a policeman in your house to spy on you even WITH a court order. Why can it get away with doing the same function with a hunk of hardware or software?

    Heck. Even the names are the same. They're both the government's "agents".

  22. I wonder... on Air Force Aims for Control of 'Any and All' Computers · · Score: 1

    Humorously, I could see a lawsuit from this opening up the door for the first expansion of the 3rd Amendment since Engblom v. Carey if they did compromise the machines of US citizens to use in an offensive botnet. Arguably being forced to host Air Force activities on your private property violates the same kinds of rights that the 3rd Amendment protects.

    Seriously, I wonder if the same argument could be made against keyloggers and other government-operated spyware.

    The third amendment wasn't (just) about being forced to house the king's soldiers. The main objection was that the soldiers doubled as spies and informants against the members of the hosting household. Like the fourth amendment it was a check on the government's investigative abilities, rather than against the government's consumption of your resources, like the "takings" clause of the fifth.

    Forcing you to host spyware on your own computer, chewing up processor and perhaps network resources while it is continuously capturing what you are doing (especially: what you're communicating and who you're doing it with), without your explicit knowledge, is a precise automated analog of housing a soldier in your house so he can eavesdrop on the conversations of the family, their friends, and their co-conspirators.

    The government can't station a policeman in your house to spy on you even WITH a court order. Why can it get away with doing the same function with a hunk of hardware or software?

  23. Re:Open Farce on Air Force Aims for Control of 'Any and All' Computers · · Score: 3, Informative

    Better get a few pairs of eyes to start guarding the guards. Since the NSA is a spying organization, it kind of seems silly to take them at their word about trying to make Linux more secure.

    The open security community has been turning a jaundiced eye on NSA ever since its existence was leaked.

    As far as I can tell, trapdoor algorithms and public-key cryptography in the public sector were developed based on speculation on the sort of thing NSA MIGHT have built into what became DES.

    (Eventually - about the end of DES' design lifetime - it turned out that the funny symmetries that were noticed in the NSA-prescribed S-boxes were apparently a defense against a type of cryptoanalysis that the public sector hadn't reinvented yet. NSA has a dual charter: Spy on everybody else, but protect info in the US, both public and private sector, from bad guys foreign and domestic. Apparently they were actually living up to the nicer side of the coin. THAT time. B-) )
    I'm sure the private sector crypto researchers will continue keeping a sharp eye out for shenanigans. (But it doesn't hurt to publish a reminder now and then. B-) )

  24. If so there goes battery life, too. on Microsoft and OLPC Agree To Put XP On the XO Laptop · · Score: 3, Insightful

    Why does dual boot require extra hardware??

    More storage probably.


    If so, that means shorter battery life - even when the memory isn't being used. (Even if you turn off the clocking, leakage current is a honking big fraction of power consumption with the recent generations of semiconductors.)

    So by changing the machine to handle Windows (and raising its price) they've also reduced one aspect of its functionality under a free OS.

  25. Re:Huh? on Judge in Capitol v. Thomas Considers New Trial · · Score: 3, Informative

    In particular:

      - Offering it to be downloaded may not be "nice" but no laws are broken until somebody actually DOES download it. So said the 8th Circuit Court of Appeals - the appellate court above the one where this trial was held. This court within the 8th Circuit and must follow the decisions of law made above it. (The 8th Circuit, and the Supreme Court above that, are its "controlling authorities".)

      - Unfortunately, neither the defendant nor the RIAA mentioned this to the judge and he didn't think of it himself. So he told the jury that (as the RIAA claims), "making available" is a crime. OOPS! The jury then convicted and asked for a BIG punishment.

      - Since then he noticed (probably got a lot of letters about) the ruling. So when the defendant's attorneys filed a complaint that the punishment was too big and asking for the judge to reduce it, the judge said: "I goofed. Sorry. (But nobody mentioned this ruling from my boss court during the trial. Tisk, tisk.) And the law lets me fix that by ordering a new trial (where I'll be careful not to make this goof again). And the law lets me tell you that when I'm answering you about this other issue (which will just go away if we hold another trial.) So both sides send me your written thoughts about this by June 5 and we'll all get together and talk about it on July 1. Then I'll decide what to do. (Hint: If the defendant asks and the plaintiffs don't have a good argument why not, I'll order a new trial."

      - The RIAA's methodology only shows that the content is available on the server, not that anybody downloaded it. So once there's a new trial they'll have to come up with evidence they didn't present at this one. (I think the judge might ask them if they have such evidence and give them an opportunity to just go away and let the defendant off if they don't, rather than scheduling another trial they can't win.)