Slashdot Mirror


User: Ungrounded+Lightning

Ungrounded+Lightning's activity in the archive.

Stories
0
Comments
8,936
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 8,936

  1. Re:Baloney on Does Open Source Encourage Rootkits? · · Score: 1

    McAfee places the blame for increased numbers of rootkits squarely on the shoulders of the open source community

    That's like saying Edison and Tesla are to blame every time someone gets electocuted.


    Actually, Edison DID try to claim that AC was an exceptional electrocution hazard (compared to AC) and blame Tesla and Westinghouse for loosing it upon the world.

    (He even suckered Tesla into licensing him to do one invention using AC - before letting on that the invention was the electric chair.)

  2. Re:Chemical Reaction? - yes, and a very efficient on Fuel Cell Powered Japanese Trains on Trial in July · · Score: 1

    Also I have heard that GE has a coal gassification turbine that runs in the area of 60% efficient.

    Sorry, those numbers aren't possible for a heat engine operating at reasonable temperatures (i.e. below plasma on the hot end and above cryogenic on the cold) You don't GET half the energy from heat into work - you gotta burn the fuel at some sane temperature and dump the heat in a cooler place, and there's a limit to both how hot you can run your combustion and how cool a heatsink you can dump gigawatts of heat into on the planet's surface.

    (That's why running fuel cells directly on fossil fuels - rather than on hydrogen generated by using post-carnot-cycle energy to crack water - is so attractive. Fuel cells are NOT heat engines and don't have a carnot cycle limit. They're batteries and can approach 100%.)

    I'd suspect they're talking about percentage of perfect carnot cycle efficiency, rather than fraction of heat energy turned into work or electricity. But in that case they sound a tad low.

    Perhaps they're talking about a plant that uses the "waste heat" for something else useful (like process steam for a manufacturing plant)?

  3. Re:Chemical Reaction? - yes, and a very efficient on Fuel Cell Powered Japanese Trains on Trial in July · · Score: 1

    But going from electricity to hydrogen you've already paid the carnot-cycle efficiency penalty. You used a power plant which (being big and stationary) can run a bit more efficiently than a portable plant like a diesel, but not all THAT more efficiently - just a few percent better. THEN you paid ANOTHER penalty, almost as steep, to make the hydrogen and run it through a fuel cell.

    The one big advangage of fuel cells is that the cycle is essentially the same as a storage battery, not a heat engine. It doesn't have to pay the carnot cycle tax again. In principle fuel cells COULD get very efficient - eventually.

    In practice the hydrogen-to-electricity part of the fuel cell cycle is already far ahead of anything a heat engine could ever do. So if you're already committed to using hydrogen to run your train, to avoid discharging pollution in an urban area, you're MUCH more energy efficient using fuel cells than if you use a heat engine to run a generator.

    But you're farther ahead to use a trolley wire.

  4. Was a Scientific American article on that... on Global Warming Dissenters Suppressed? · · Score: 1

    many experts were sure that we were going to have a new ice age only 30 years ago.

    They were probably right, but the ice age was forestalled by global warming. Maybe we'd all be living in igloos if it weren't for our contribution to greenhouse gases...


    Within the last year or so Scientific American published an article by some climate scientists who came up with a model which says exactly that. (I'll relate the impression I got of what they were saying...)

    Jist of it is that three orbital issues (axial precession vs. elipticity of the earth's orbit is one, I don't recall the other two - or if they were even explicitly called out in the popularized article) combine to produce a complicated function that compares very well with the global temperature as extimated by recent research (such as ice core sampling). It tracks ice ages and the like VERY closely - right up to the start of agriculture.

    Agriculture started at the top of a nice, smooth, inflection. According to the model the temperature should have started curving down gradually. About now it should be a couple degrees C below the peak and the cooling accellerating.

    Instead it held dead level right up to the start of the industrial age, creating a wedge of increasing deviation from the expected cooling. Then it started to climb a bit. Adding estimates of the greenhouse increases from carbon emissions, for the period where we have the info, seems to track the deviation pretty well. So from that you can assume it's JUST three orbital elements and human excess CO2 emission and make a predictive model.

    What happens next depends on the assumed burn rate of sequestered carbon - mainly from fossil fuels. And fossil fuels eventually run out, so it also depends on the assumed amount of exonomically-extractable fossil fuels. Plugging in a couple guesses they came up with a graph where the temperature humps up to about two degrees C ABOVE the start-of-agriculture level, about 400 years out, then curves down over the next couple hundred years to pretty much rejoin the ice age curve we've been avoiding for the last several thousand.

    "We return you to your ice age, which is already in progress."

    Assuming their model is even roughly accurate:
      - Changing the burn rate trades height of the hump for length of time the ice age is held off.
      - Finding a whole bunch more fossil fuel than expected might help hold things off longer - or let you peak out a little higher.
      - But eventually the fossil fuels run out and then it's all over.

    So if you make sufficiently drastic cuts in carbon emission - like by creating an economic depression that would be closer to the medieval period than the relatively puny '30s, and you might eliminate the hump entirely and stretch out the level plain for, say, another couple hundred years. But then it's ice age time again - and you lost your chance to do anything about it.

    The only way to avoid an ice age, within probably less than another thousand years, is to find a way to deliberately create MORE global warming by something more sustainable than burning fossil carbon.

    Eisenhower warned us about a "military-industrial complex". It will be interesting to see what this "government-researcher complex" has to say about these folks' work. B-)

  5. Re:PC Phone Home on Wifi and Laptops Adds Up To Theft · · Score: 1

    We're not just talking thieves now - we're talking armed robbers - willing to stab the victim in the chest at the slightest sign of resistance.

    Also: If you let the cops know that you have the laptop located, can track it, and you'd like to arrange to assist them in recovering it and busting the bad guys in lieu of attempting to recover it yourself, the cops get a choice: An easy grand-theft bust with all the ducks aligned for conviction - or a possible later call out for felonious assault, battery, murder, etc. followed by bad press.

    Most cops really want to help the good guys and bust the bad guys. Most of the rest aren't too happy about the possibility of having to sort out a bloody mess when a good guy tries to take on a bad guy himself after the cops let him down. (Of course a few are on the take from the bad guys so your mileage may vary.)

  6. Re:There is a shopping center in the SF Bay Area on Wifi and Laptops Adds Up To Theft · · Score: 1

    There are a number of reasons to carry the laptop off on a lunch break:
      - It may be a stop on the way to somewhere else.
      - There may be a theft-of-laptop problem at the worksite, and carrying the laptop is an attepmt to avoid leaving it unattended.
    Just to name two.

    Yes there have been problems with laptop thefts from offices in the area, for some time. "Tailgaters" (who follow employees in when they card through the door) and contractors' employees have both been suspected. Breaking into cars where a laptop is visible, in a location where rapid escape is practical, is a logical alternative when the heat at the office buildings is getting too high.

  7. Re:I wouldn't steal a laptop on Wifi and Laptops Adds Up To Theft · · Score: 1

    On the other hand, I've never heard of a laptop being recovered [via phone-home programs].

    I recall a story about such a recovery being posted right here on slashdot, some time back. (It was an unintentional phone-home, due to some package (think autobackup but I'm pretty sure it was something else) trying to hit a server, that happened to stay alive after the laptop was stolen. But it serves as proof-of-concept.)

  8. Re:PC Phone Home on Wifi and Laptops Adds Up To Theft · · Score: 1

    Can you provide details on how this information would help you locate the stolen laptop? Especially if the laptop is used behind a wireless router that uses a RFC1918 address range for the local systems? You'd get a table of strange MAC addresses (which are useless) and "192.168.1.20, 192.168.1.22, etc." How would you use this information to locate your stolen laptop?

    When the PC "phones home" from behind a NATted box, the server gets a return IP address which identifies the subscriber or hotspot. This gets you to a very narrow location:
      - to the actual person holding the laptop if he's using it in a home on his own ISP subscription\
      - to his neighbor if he's mooching
      - to the ISP - probably down to the hotspot - if he's at a cybercafe or public wifilan
      - to the company if he's using it at work - and legit companies will usually be happy to help find stolen laptops that appear on their net.

    Reporting addresses, network names, and services (such as hotspots) it finds within its "earshot" in promiscuous mode can identify its rough location when one or more of them are in a public or private database - such as those the wardrivers and more officially-sanctioned projects collect. This gets you to the correct neighborhood.

    Once you're within a few blocks you can sniff the MAC address your self. Then you can wardrive and/or direction-find to get to the block, the house, the room, the park bench, ...

    Only got it down to a city? With a 24 db dish you can "radar" for a laptop with internal antenna from several miles away. (And a converted BUD can cover a lot more distance.)

    Phone-home IP to get the rough location, wardriving and direction-finding to zero in.

  9. Re:There is a shopping center in the SF Bay Area on Wifi and Laptops Adds Up To Theft · · Score: 1

    you won't be able to hit much more than the food court at a mall during a lunch break, and surely there's some cheaper, better food available closer to the office than what's at the mall food court.

    I currently work near McCarthy Ranch. It's more like a giant strip mall with a BUNCH of standalone restaurants - and except for it and another mall on the opposite side of the freeway it's nearly a services-dead area for miles in all directions. (MIlipitas proper has a few restaurants in the old downtown. But the bulk of them are in those two malls and a third one a few miles away.)

    Don't think "mall". Think "downtown" - essentially the only one around.

    And there's a LOT of hi-tek around it - including Cisco's eastern campus, Redback, Agere, ... I could go on for pages.

  10. PC Phone Home on Wifi and Laptops Adds Up To Theft · · Score: 3, Informative

    Seems to me there's a couple things one could do as a precaution:

      - Load an application that would have the laptop occasionally contact a server to see if it's been reported stolen, and if it has been, start reporting IP and MAC addresses it hears on WiFi in its vicinity, connections it has made for landline internet, perhaps taps on email going through it, and so on - and turn on the WiFi transmitter to broadcast the occasional "Here I Am" packet for direction finding.

      - Record the WiFi MAC address of the PC and sniff for it once it's stolen.

      - Record whatever info the PC will use to identify itself to Microsoft if/when somebody tries to register/authorize a fresh load of one of their products. (Here's where Microsoft could do the law abiding a service by reporting IP address and date/time to law enforcement when a stolen machine is reauthorized.)

    Sort of a software LoJack.

    If the theives don't eload the software the PC will "phone home" once the ultimate recipient starts running it, and it will be trackable. If they DO reload it the may call the cops down on themselves directly - and even if they do workarounds they still need to leave enough identity info on the machine for it to be usable - and forgeries in a global namespace also leave tracks.

    Wardrivers could do a service by reporting approximate locations of reported-as-stolen MAC addresses, as a starting point for a direction-finding bunny hunt. A public-service distributed application (in the same vein as SETI-at-home) could do the same - or could blanket userland with beacons of known location for a WiFi-only replacement for GPS that would let the phone-home software identify its own location (if it can't do that adequately via currently known WiFi beacons such as hotspots.)

    Recover a few (and identify and question the people who got them, with the threat of a "receiving stolen property" bust if they don't cooperate) and police can work back up the reselling chain to the thieves.

    And yes I'm QUITE aware of how such systems could be abused.

    Note that some of these can be done privately and in a moderately secure fashion. (For instance: open source phone-home app with strong encryption, using an owner-generated key to enable its reporting functions.)

  11. Dual-boot infector? on Ambidextrous Linux/Windows Virus · · Score: 2, Insightful

    I'm not sure from TFA exactly what concept this thing is "proving".

    But one I've been waiting for is a dual-boot virus or worm.

    When you're running windows, for instance, your unix filesystems are all there to be twiddled with, if the malware knows how. Unix' protection mechanisms would be useless because they're not what's running. So the virus could infect the unix partition and do all sorts of nasties later when you boot Linux. (The virus infection head or payload could include enough filesystem code to twiddle the linux files even if the windows system doesn't know how - all it needs is access to the raw bits, which good 'ol windows will be happy to grant.)

    It could also work the other way, of course, with a linux virus or worm infecting things on the Windows partition. But given the relative vulnerabilities I expect most will work the other way.

    Point is, a dual-boot system is only as secure as the weaker OS.

  12. Why are they always prattling about missing mass? on Neutrino Mass Confirmed · · Score: 1

    One thing that drives me NUTS is that the physicists are always talking about neutrinos only being all or part of the explanation of the "dark matter" mass of the universe if they have rest mass - and this ends up in the media as if only the rest mass has gravitation.

    ALL mass has gravitation - both rest mass and the mass equivalent of all the other forms of energy (including momentum) that go into the creation of the particle. So neutrinos have the same damned mass and gravitation whether they have rest mass or not.

    Now if the issue is that they can't explain the galactic spin anomalies if they don't have rest mass because if they have none they fly away at the c and if they have some part of them get decellerated and stick around in clouds, somebody should bloody well SAY so.

  13. So does that mean... on Slashdot Design Changes for Wider Appeal · · Score: 1

    So does that mean we can get back to serious news about 4PM Pacific time?

    Or are we going to have to go through TWO days of this crud?

  14. Re:overkill on Totally Random One Time Pads · · Score: 1

    Instead you just distribute a specifier of what info to grab from the quasars' broadcast ...and when to grab it. You are now adding a time synchronization requirement to the process.

    OK, in the spirit of open source I'll telly you this rather than trying to patent it. B-)

    The synchronization can be approximate.

    Part of your key is a string to look for in the quasar data and use for a starting point. You pick its length so it occurs often enough that you don't suffer a major delay waiting for it but rarely enough that there are only a handfull of them in the interval of interest. The first speaker picks the first one that comes along, listeners start a tad early and buffer several potential key streams until they identify the correct one.

    Several countries provide redundant broadcast time services suitable for initial synchronization. while Stratum III quality clocks are inexpensive for stable rate generation and if they're not sufficiently stable while free-running several things (like GPS, its proposed EU brother, LORAN-C (which still was active last I looked), telephone carriers, cellphone networks, and television framing rates from broadcast or satellite source) can be used to stabilize the local clocks further and keep them synchronized.

    is much easier than doing the same for a pile of data as big as all the messages you'll ever need to send or receive and keeping it secure FOREVER.

            1) All the OTP's you're every going to use don't have to be distributed at once.
            2) They do not need to be kept secure forever, just until they are used and subsequently destroyed. ...

    the only additional security here is in the strange situation where an attacker can get only delayed access to your keys. There is no good reason for saying an attacker is subject to this restriction. It's like assuming safe-cracker can only turn the dial clockwise. It's silly.


    In fact, assuring that both keys get destroyed after use, so they can't be used to decrypt recorded messages, is one of the weak points of one-time-pad key administration. Failure to do so has resulted in a number of compromises high-profile enough to make the open media (and thus no doubt quite a bunch the intelligence community aren't mentioning).

    Using something like quasar noise - with an intractably large selection-key space - lets you get away with distributing only a small amount of information by your initial secure channel without limiting the amount of information you want to transmit later, while the nature of the pad source makes insuring pad destruction trivial. (Just don't keep a record of it and insure your caches are at least as flushed of key as of clear data.)

  15. Re:overkill on Totally Random One Time Pads · · Score: 1

    The POINT is that you DON'T HAVE TO DISTRIBUTE the one time pad info. Instead you just distribute a specifier of what info to grab from the quasars' broadcast - a specifier that is from a keyspace too large for an attacker to brute-force grab it all.

    Securely distributing a small message once, in advance of the events you want to communicate about, and keeping the message secure until your later communication, is much easier than doing the same for a pile of data as big as all the messages you'll ever need to send or receive and keeping it secure FOREVER.

  16. Re:That's not randomness at all on Totally Random One Time Pads · · Score: 1

    Seriously, given an accurate model of how it's generated, nothing is random.

    But Heisenberg's Uncertainty Principle puts limits on how accurate your model can be.

    As a result you can get truly random bits by measuring the effects of quantum-mechanical events that are below that threshold.

  17. Re:Actual advancement on Totally Random One Time Pads · · Score: 0

    The gain, if any, will be using the quasar info as a session key.

    You use your 1 GB flash-drive one-time pad for the initial key-exchange communication, agreeing on (or prescribing to a silent listener) the quasar parameters. Then you use the quasar info to encrypt a message as large as you like.

    Normally a session key would be for some non-one-time-pad cryptosystem. So messages encrypted with this two step process can be broken in two ways:
      - The session cryptosystem is broken.
      - The session is recorded and later the one-time-pad (or other key-exchange cryptosystem) is compromised, allowing the decryption of the recorded message.

    With enough quasars available that it's impractical (even for NSA with its computer and disk drive inventory measured in acres) to record it all, later compromises of the key-exchange information don't let them crack recorded communications. (Perhaps there are too many for them to even record all the potential possibilities for the duration of your message when they know you're communicating.)

    Since the key-exchange protocol consumes only a small amount of your precious hand-distributed pad, you can use it for a LOT of messages before you need a new one. And you might even use it to distribute additional key-exchange pad when you're running out with negligible increase in eavesdropping risk. (Though if one side is compromised it now means you stay compromised.)

    That could lead to practical bootstrapping protocols driven from rather small initial pads - or built on other key-exchange protocols, even cracked ones, by taking advantage of the need for eve to break the initial key exchange in time to hitch her wagon to the correct star.

  18. Re:Happy 5th on Trustix, a Worthy Contender? · · Score: 1

    Thanks. (Not being familiar with it I was just responding to the posting's assertions. Guess the birthday party is VERY belated. B-) )

    So how IS their track record?

  19. Re:...sometimes on Sandals and Ponytails Behind Slow Linux Adoption · · Score: 1

    [...] dragging along scruffy looking geeks to business meetings [...] often works to convince businessmen of the credibility of tech. "Wow look at all those piercings, if the company lets him get away with that he must be brilliant!" This works well in smaller, more technical markets I imagine.

    There's a term for this in management theory: "Idiosyncracy credit." One of the fringe benefits of being a rare talent is that suits let you do a few odd things - and then other suits notice you doing them and figure you must be important.

    Rule one for walking the exposition floor at trade shows: Try to talk to the company guy (or gal) in the booth who is NOT all dressed up. He's probably the guy from the development team with the inside knowlege, there to support the sales droids and booth babes (or dropping in on his way past the booth on HIS visit to the show.) And yes, sometimes it's a gal who's the key player.

  20. Re:Ummm on Trustix, a Worthy Contender? · · Score: 1

    But there's no doubt that with flexibility comes a lot of responsibility.

    On the other hand, there is no doubt at all that putting a layer of eye candy application between the administrator and the actual configuration adds risk and obscures what is going on.

    Thanks, but I'll take the command line over menu-driven configuration tools for any configuration issue that might touch on security (which is essentially all of them, isn't it?)

    I expect security tools designed to make it easy for the mousketeers to produce mickey mouse levels of security.

  21. Gotta start sometime. on Trustix, a Worthy Contender? · · Score: 2, Insightful

    It's an OpenBSD wannabee without the proven track record?

    EVERYTHING starts without a track record. The only way to accumulate one is to go down to the track and start running.

    Happy belated zeroeth birthday, Trustix!

  22. I dunno, man... on Sandals and Ponytails Behind Slow Linux Adoption · · Score: 1

    If Quinn thinks that my footwear is the deciding factor, I wish he'd quit bogarting that joint.

    I dunno, man ...

    If that stuff leaves him F***ed up THAT bad AFTER he comes down and tries to go to work, I'd rather he smokes it all up himself.

  23. Re:Works both ways, too. on Sandals and Ponytails Behind Slow Linux Adoption · · Score: 1

    But I took the duit coat off first thing when I got there and saw nobody else - not even the "suits" were wearing suits. Didn't help.

    Turns out in Silicon Valley at the time (mid '80s) the T-shirt-and-shorts crowd was quite convinced that anybody who would wear a tie at all was not up to snuff - even if they were from an area where it was mandatory.

    (I'd been doing SW in the auto industry, where there was a strict dress code separation between the salaried and the unionized hourly personnel. Software was "engineering" - wear a suit, dress shirt, and tie, drop the coat at the office but the tie stays on even in the plant. Stay away from rotating machinery and keep your hands off it - a guy in a tie touching certain things was cause for union greviance or even a walkout.)

  24. Works both ways, too. on Sandals and Ponytails Behind Slow Linux Adoption · · Score: 2, Interesting

    I'd gotten unsolicited offers at trade conference visits before (when I was casually dressed). But the first time I came out to Silicon Valley for a deliberate job hunt I caved in to my 'ol dad's suggestion and wore a suit to interviews. I didn't get a single offer on that trip.

    Don't know what happened at most of 'em, but I later heard that, at one place, everybody was impressed by my tech prowess and wanted to hire me - except one key guy who was SO offended by my suit that he flat-out refused to work in the same company with me, strictly because of it.

    Know your audience. B-)

  25. Re:More FUD from MS on Ballmer Won't Dismiss Idea of Suits Against Linux · · Score: 1

    Uhhh, actually, the interviewer brought it up and Ballmer avoided the question ...

    No, Balmer brought it up, fishing for it by mentioning "intellecutal property indemnification" in the preceeding answer. ... and Ballmer avoided the question without limiting his options by committing to a course of action. "No, we aren't suing anyone (but that doesn't mean we can't.)"

    From what I read of their behavior, it seems to be an unwritten policy of theirs to only file defensive patents.


    If that IS their general policy, and he was only keeping the option open, he could have said that. Instead he said that they had a fiduciary duty to their stockholders to protect their IP by going after infringement.

    Sounds like he orchestrated an opportunity to make a non-disprovable but credible threat: to use the Microsoft Billions for legal harassment of any Open Source author against whom they think they might have a plausible infringment case, and to say that it isn't their fault, they HAD to do it.

    It's definitely sewing FUD: Fear of suit, uncertainty of where the hammers might fall, doubt that open source suppliers can survive to support and improve their competing products and thus serve the customers' needs.

    It falls short of terroristic threats because the action would be legal and proper if Microsoft's executives believe they have a case.