I did some theoretical work on this in my attempts to build a sound-seeking surface to air missile to take down R/C planes.
Building a missile system to seek a radiation source, be it emissive or reflected, is actually pretty easy. Building it so that it will damage said radiation source is very difficult. Why? Terminal Flight Profile.
Think about it. If you want to intercept a target object moving at a certain rate of speed at a certain aspect angle, you might have to make a severe turn in the final seconds of the closing maneuver to actually make contact with your target. If the seek logic therefore is simply to steer directly toward the source of radiation, your PK (probability of kill) will go way down, and it will be trivially easy to evade the missile. There are two basic ways to solve this problem:
proximity fusing
better TFP logic
Proximity fusing was used extensively by the Soviets in their very successful early model guided SAMs. The general concept goes something like this: screw trying to hit it, just get close and explode. In keeping with their design philosophy of simple, hardy weapons systems, their SA-2 missiles would detect the range to target, and their TFP was simply to go off like an aerial depth charge, filling the sky with searing shrapnel. The downside of this approach is that in order to be effective, you must use a significant quantity of explosive. This increases the fuel requirements, and the size of the missile, launch system, and supporting hardware, and makes the overall system more expensive to use.
Another problem with this approach is that by using very simple guidance logic, the weapon has virtually no capability to overcome enemy countermeasures. This became such a problem in Veitnam that during the defense of Hanoi, SA-2s were actually fired at attacking B-52s without the guidance system active, set to simply explode at a certain height, much like the function of a depth charge against submarines. Not a very effective way to bring down capitalist pigs.
In order to deal with any level of sophistication in enemy countermeasure technology, some level of intelligent guidance is required. This calls for some sort of logic, as demonstrated by the following simplified example:
At 1000 meters range to target, begin computing intercept solution for a turn to take place at 100 meters range to lead the target.
Update solution as frequently as hardware allows
Execute TFP turn at 100 meters range.
These sorts of instructions would be relatively easy to implement on any basic computer hardware, and once you have a platform capable of this sort of programming, adding features such as countermeasure detection and reacquisition after miss is relatively easy. The physics can be modelled on a computer, and you can develop what amounts to robotic intelligence to guide your missiles. Before you know it, you'll be firing your own AMRAAMs!
Re:communicate disconnected from the internet?
on
Omniscience Protocol
·
· Score: 1
Magnets aren't enough! You also have to scramble the electrical field. Here's what I use:
Set up a repeating fire tesla coil device, such as a stun gun or camera flash with the leads exposed, and place if very near your computer case. It must arc constantly to be effective. I have a friend who uses a jacob's ladder for this purpose, but I haven't tested that solution. You may have to provide additional ventilation to prevent ozone buildup.
Conspiracy alert! - the feds are on to this idea and have worked in collusion with the FCC to put embed technology in your computer to prevent electic field disruption. You can find out if your computer is affected by looking for an FCC label. If your machine has a "tested to comply with FCC standards" label, you are IN TROUBLE!
In order to work around this insidious attempt to prevent you from disrupting the electrical emissions of your own property, you must operate your computer with the case open, and with the electric field disruptor as close as possible to the internal components. Only then can you truly be safe.
This is more of a consumer activism issue than a political speach issue. If you know something is wrong with a product that is advertised as safe, how do you deal with it? Do you go to the company and ask them to fix it? Do you go to the responsible government agency and inform them of the problem?
The only problem is that in the case of computer security, "working within the system" bars me from discussing the problem publicly - with people who may be affected by it. My whole point is that the level of secrecy involved in computer vulnerability reporting does not have precedent in other aspects of society or economy.
Since the issue at hand is secrecy, this has everything to do with free speech. The media engage in protected speech every day dealing with subjects that have nothing to do with politics. Your having attached the qualifier: "political speech" tends to suggest that free speech is a question of whether the ends justifies the means. You seem to be willing to risk a politician's career in exchange for free speech, but not the embarassment of a software company. That is neither in keeping with the original intent of the first amendment, nor is it logically consistent.
I don't disagree that getting the word out is the right thing to do, I'm just a little puzzled as to the method, motivation, and response.
Agreed. I was sounding off on the philosophy of vulnerability reporting in general.
Did he make any effort to alert the creators of the software before he published the info? Not that I could tell from the linked info.
That raises an interesting question about responsible/ethical/legal vulnerability reporting practices. Could you imagine how absurd it would be to require similar restrictions upon political speech?:
If you find a vulnerability in a candidate, you must privately contact the candidate to discuss remediation terms
Only after a remediation period determined by said candidate can you discuss the flaw publicly.
Even in civil law relating to libel and slander, your only problem is usually whether or not the information is true.
Everyone files for declaratory (tell that SOB that he's full of shit!) or summary (we don't need no stinking trial, find me innocent right now!) judgement in civil cases. Judges almost never issue them. While it is emotionally good to see IBM responding in some way, this really doesn't indicate or change anything about the status of the case.
Applications - build from source.
Things applications depend on - install packages.
Libraries and things of that sort tend to have complex dependency relationships with other libraries and applications. I tend to let my distro worry about that sort of thing.
By compiling the application from source, things tend to go a lot smoother (surprising, I know) and you usually get a more recent version of the application. Just keep a copy of the source under/usr/src in case you want to recompile later with different options or uninstall the application.
Unlike a chemical explosion, a nuclear explosion is rarely more than 10% efficient.
In the E=mc^2 sense, that is true. But that has absolutely no bearing on the amount of Plutonium you'll have left after a fission event.
The vast majority of fissionable material ever used for explosions has been put into the atmosphere where it has gradually settled back to Earth.
No, the vast majority of fissionable material (Plutonium) ever used for exploision underwent fission and thereby turned into non-fissionable material (cadmium, iodine, oxygen, etc. etc.).
Transit 5-BN-3 (1964), returned to Earth in 1965, Its RTG split open spilling 17 000 curies of plutonium 238 into the environment (all nuclear testing to that point had released only 9 000 curies of plutonium 238).
If I were to pour a cup of liquid methane on the ground, I would release more methane than every gasoline explosion in history. The reason, of course, is that gasoline is cataclysmically unlikely to decompose into methane in an explosive oxidation event, just as Pu-239 is unlikely to react to a supercritical fission event by poppping off a neutron and going on about its business.
Um... many companies base their entire inventory tracking and accounting systems on complex macro programs. (Not a good idea in my opinion, but hey, what can we do).
So the assumption that using Word's macro engine as an integrated business database application suite is inadvisable (as opposed to a screaming train wreck) is sound, but assuming that there aren't significant user training issues isn't?
It amazes me that you would consider anyone stupid enough to use Word macros as an application platform to be capable of retaining sufficient knowledge for product familiarity to be an issue. I wouldn't trust such a group of users to retain the knowledge not to beat themselves to death with sticks, regardless of their experience with sticks. Whether they were made of pine or oak wouldn't make much difference. I would count on a daily expense overhead of a human at the help desk whose job it is to stop fatal self-beatings.
It would pollute the statistics for website developers that describe how many people are using Mozilla/whatever, possibly making it appear less popular than it actually is
Agreed, but I would rather web developers think in terms of standards as opposed to platforms. I would like it if web developers knew they couldn't trust the useragent strings, referrer, etc. to define presentation behavior, because in practice, that capability goes beyond controlling presentation behavior. Many web sites use the referrer header to block deep linking, and the useragent string to deliberately make a particular browser appear to be broken.
Yeah, I am sort of generally referring to "everything you tell me about who you are, where you came from, and what you want" as the referrer, which I guess isn't technically accurate.
The hardest thing about testing relativity
on
Testing Relativity
·
· Score: 1
Amendments, that is. Because this is doubtlessly a reporting mechanism as well as an information gathering one, your employer can now violate your fourth amendment rights to unreasonable search and seizure. Now, if this database comes to contain nefarious information about you, the FBI can prevent you from getting a job, thus violating your rights to due process and to be punished only as the result of a lawful trial. That is covered under number five. For the grand finale, by allowing private organizations to submit data about you which will (as previously mentioned) be used to your detriment, the protections granted under the sixth amendment, the right to face your accuser, is also circumvented.
All this AND the government makes money off of it! It's a win-win scenario!
Don't pretend that those haven't had remote root exploits before.
Don't pretend that a megaworm is the same thing as a remote root exploit. While the Apache worm did affect Linux, it wasn't anywhere near this destructive, despite having more fertile ground to spread - Apache is the world's most popular web server software.
That brings up a point. Perhaps the author was pointing out that ubiquity of the Windows operating system and software written for it is not what makes it a target for virus writers. When you compare this event to the Apache worm, it seems to suggest that poor code quality, as opposed to popularity, is to blame for Windows megaworms.
Witty spread through a population almost an order of magnitude smaller than that of previous worms, demonstrating the viability of worms as an automated mechanism to rapidly compromise machines on the Internet, even in niches without a software monopoly.
How many Linux, BSD, and Mac machines were infected?
You know, if we take care of the Earth we can live here for billions of years.
Our care of the Earth has little to do with our long-term prospects. Pollution is new. Mass extinctions wiping out most living things on the planet are not.
a question of goals
on
The Wrong Stuff
·
· Score: 4, Insightful
There are two issues here - exploration and discovery. The precept of the article falls solidly on the latter. The future of mankind depends on the former.
I agree with the general sentiment so far - that this is good for the industry. But think about what this means long-term.
Even if you are interested in Computer Science or Engineering, you are fighting an uphill battle trying to do that for a living in the United States, because you are so expensive compared to overseas labor. We are therefore going to see a brain drain in the long term, resulting in a condition wherein we no longer posess the skills necessary to support our civilization - all because we insist upon placing unmaintainable burdens on our economy, such as artificially controlled markets by a business oligarchy (vote Bush!) and the suffocating support of aging baby boomers by a public geriocracy(vote Kerry!).
Yes, why blame badly thought out and horribly insecure features/applications/operating systems when we can blame the user? I mean, after all, the Pinto is a perfectly good automobile if the user takes reasonable precaution against being hit from behind.
I did a dual boot on my desktop for many years (right now it has Redhat 9, Windows XP, Mandrake 9.2, SuSE 8.2 and Debian (installed Woody but went up to Sarge)). XP crashed maybe *5 times throughout a span of a couple years while Linux distributions crashed similarly or more times with less usage.
What type of crashes did you experience on the Linux distros?
I run XP and Mandrake 10 (beta) on my laptop at work. My experience with using both OS's on a daily basis makes me wonder what facts you base that statement on.
Slashdot Mirror
Building a missile system to seek a radiation source, be it emissive or reflected, is actually pretty easy. Building it so that it will damage said radiation source is very difficult. Why? Terminal Flight Profile.
Think about it. If you want to intercept a target object moving at a certain rate of speed at a certain aspect angle, you might have to make a severe turn in the final seconds of the closing maneuver to actually make contact with your target. If the seek logic therefore is simply to steer directly toward the source of radiation, your PK (probability of kill) will go way down, and it will be trivially easy to evade the missile. There are two basic ways to solve this problem:
- proximity fusing
- better TFP logic
Proximity fusing was used extensively by the Soviets in their very successful early model guided SAMs. The general concept goes something like this: screw trying to hit it, just get close and explode. In keeping with their design philosophy of simple, hardy weapons systems, their SA-2 missiles would detect the range to target, and their TFP was simply to go off like an aerial depth charge, filling the sky with searing shrapnel. The downside of this approach is that in order to be effective, you must use a significant quantity of explosive. This increases the fuel requirements, and the size of the missile, launch system, and supporting hardware, and makes the overall system more expensive to use.Another problem with this approach is that by using very simple guidance logic, the weapon has virtually no capability to overcome enemy countermeasures. This became such a problem in Veitnam that during the defense of Hanoi, SA-2s were actually fired at attacking B-52s without the guidance system active, set to simply explode at a certain height, much like the function of a depth charge against submarines. Not a very effective way to bring down capitalist pigs.
In order to deal with any level of sophistication in enemy countermeasure technology, some level of intelligent guidance is required. This calls for some sort of logic, as demonstrated by the following simplified example:
- At 1000 meters range to target, begin computing intercept solution for a turn to take place at 100 meters range to lead the target
.
- Update solution as frequently as hardware allows
- Execute TFP turn at 100 meters range.
These sorts of instructions would be relatively easy to implement on any basic computer hardware, and once you have a platform capable of this sort of programming, adding features such as countermeasure detection and reacquisition after miss is relatively easy. The physics can be modelled on a computer, and you can develop what amounts to robotic intelligence to guide your missiles. Before you know it, you'll be firing your own AMRAAMs!Magnets aren't enough! You also have to scramble the electrical field. Here's what I use:
Set up a repeating fire tesla coil device, such as a stun gun or camera flash with the leads exposed, and place if very near your computer case. It must arc constantly to be effective. I have a friend who uses a jacob's ladder for this purpose, but I haven't tested that solution. You may have to provide additional ventilation to prevent ozone buildup.
Conspiracy alert! - the feds are on to this idea and have worked in collusion with the FCC to put embed technology in your computer to prevent electic field disruption. You can find out if your computer is affected by looking for an FCC label. If your machine has a "tested to comply with FCC standards" label, you are IN TROUBLE!
In order to work around this insidious attempt to prevent you from disrupting the electrical emissions of your own property, you must operate your computer with the case open, and with the electric field disruptor as close as possible to the internal components. Only then can you truly be safe.
SPREAD THE WORD
Of course, I could just be cynical. :-)
No, as regards this guy, I think you're dead on.
This is more of a consumer activism issue than a political speach issue. If you know something is wrong with a product that is advertised as safe, how do you deal with it? Do you go to the company and ask them to fix it? Do you go to the responsible government agency and inform them of the problem?
The only problem is that in the case of computer security, "working within the system" bars me from discussing the problem publicly - with people who may be affected by it. My whole point is that the level of secrecy involved in computer vulnerability reporting does not have precedent in other aspects of society or economy. Since the issue at hand is secrecy, this has everything to do with free speech. The media engage in protected speech every day dealing with subjects that have nothing to do with politics. Your having attached the qualifier: "political speech" tends to suggest that free speech is a question of whether the ends justifies the means. You seem to be willing to risk a politician's career in exchange for free speech, but not the embarassment of a software company. That is neither in keeping with the original intent of the first amendment, nor is it logically consistent.
I don't disagree that getting the word out is the right thing to do, I'm just a little puzzled as to the method, motivation, and response.
Agreed. I was sounding off on the philosophy of vulnerability reporting in general.
That raises an interesting question about responsible/ethical/legal vulnerability reporting practices. Could you imagine how absurd it would be to require similar restrictions upon political speech?
- If you find a vulnerability in a candidate, you must privately contact the candidate to discuss remediation terms
- Only after a remediation period determined by said candidate can you discuss the flaw publicly.
Even in civil law relating to libel and slander, your only problem is usually whether or not the information is true.Everyone files for declaratory (tell that SOB that he's full of shit!) or summary (we don't need no stinking trial, find me innocent right now!) judgement in civil cases. Judges almost never issue them. While it is emotionally good to see IBM responding in some way, this really doesn't indicate or change anything about the status of the case.
Applications - build from source.
/usr/src in case you want to recompile later with different options or uninstall the application.
Things applications depend on - install packages.
Libraries and things of that sort tend to have complex dependency relationships with other libraries and applications. I tend to let my distro worry about that sort of thing.
By compiling the application from source, things tend to go a lot smoother (surprising, I know) and you usually get a more recent version of the application. Just keep a copy of the source under
Unlike a chemical explosion, a nuclear explosion is rarely more than 10% efficient.
In the E=mc^2 sense, that is true. But that has absolutely no bearing on the amount of Plutonium you'll have left after a fission event.
The vast majority of fissionable material ever used for explosions has been put into the atmosphere where it has gradually settled back to Earth.
No, the vast majority of fissionable material (Plutonium) ever used for exploision underwent fission and thereby turned into non-fissionable material (cadmium, iodine, oxygen, etc. etc.).
Transit 5-BN-3 (1964), returned to Earth in 1965, Its RTG split open spilling 17 000 curies of plutonium 238 into the environment (all nuclear testing to that point had released only 9 000 curies of plutonium 238).
If I were to pour a cup of liquid methane on the ground, I would release more methane than every gasoline explosion in history. The reason, of course, is that gasoline is cataclysmically unlikely to decompose into methane in an explosive oxidation event, just as Pu-239 is unlikely to react to a supercritical fission event by poppping off a neutron and going on about its business.
Um... many companies base their entire inventory tracking and accounting systems on complex macro programs. (Not a good idea in my opinion, but hey, what can we do).
So the assumption that using Word's macro engine as an integrated business database application suite is inadvisable (as opposed to a screaming train wreck) is sound, but assuming that there aren't significant user training issues isn't?
It amazes me that you would consider anyone stupid enough to use Word macros as an application platform to be capable of retaining sufficient knowledge for product familiarity to be an issue. I wouldn't trust such a group of users to retain the knowledge not to beat themselves to death with sticks, regardless of their experience with sticks. Whether they were made of pine or oak wouldn't make much difference. I would count on a daily expense overhead of a human at the help desk whose job it is to stop fatal self-beatings.
It would pollute the statistics for website developers that describe how many people are using Mozilla/whatever, possibly making it appear less popular than it actually is
Agreed, but I would rather web developers think in terms of standards as opposed to platforms. I would like it if web developers knew they couldn't trust the useragent strings, referrer, etc. to define presentation behavior, because in practice, that capability goes beyond controlling presentation behavior. Many web sites use the referrer header to block deep linking, and the useragent string to deliberately make a particular browser appear to be broken.
Yeah, I am sort of generally referring to "everything you tell me about who you are, where you came from, and what you want" as the referrer, which I guess isn't technically accurate.
Is finding a control group.
(ha ha)
If it randomized the broswer ID in the referrer as well. Unfortunately, I just checked, and it doesn't.
Amendments, that is. Because this is doubtlessly a reporting mechanism as well as an information gathering one, your employer can now violate your fourth amendment rights to unreasonable search and seizure. Now, if this database comes to contain nefarious information about you, the FBI can prevent you from getting a job, thus violating your rights to due process and to be punished only as the result of a lawful trial. That is covered under number five. For the grand finale, by allowing private organizations to submit data about you which will (as previously mentioned) be used to your detriment, the protections granted under the sixth amendment, the right to face your accuser, is also circumvented.
All this AND the government makes money off of it! It's a win-win scenario!
Don't pretend that those haven't had remote root exploits before.
Don't pretend that a megaworm is the same thing as a remote root exploit. While the Apache worm did affect Linux, it wasn't anywhere near this destructive, despite having more fertile ground to spread - Apache is the world's most popular web server software.
That brings up a point. Perhaps the author was pointing out that ubiquity of the Windows operating system and software written for it is not what makes it a target for virus writers. When you compare this event to the Apache worm, it seems to suggest that poor code quality, as opposed to popularity, is to blame for Windows megaworms.
Witty spread through a population almost an order of magnitude smaller than that of previous worms, demonstrating the viability of worms as an automated mechanism to rapidly compromise machines on the Internet, even in niches without a software monopoly.
How many Linux, BSD, and Mac machines were infected?
You know, if we take care of the Earth we can live here for billions of years.
Our care of the Earth has little to do with our long-term prospects. Pollution is new. Mass extinctions wiping out most living things on the planet are not.
There are two issues here - exploration and discovery. The precept of the article falls solidly on the latter. The future of mankind depends on the former.
I agree with the general sentiment so far - that this is good for the industry. But think about what this means long-term.
Even if you are interested in Computer Science or Engineering, you are fighting an uphill battle trying to do that for a living in the United States, because you are so expensive compared to overseas labor. We are therefore going to see a brain drain in the long term, resulting in a condition wherein we no longer posess the skills necessary to support our civilization - all because we insist upon placing unmaintainable burdens on our economy, such as artificially controlled markets by a business oligarchy (vote Bush!) and the suffocating support of aging baby boomers by a public geriocracy(vote Kerry!).
I'm sure that if someone wanted to take the time and analyze the source for Thunderbird, they could easily write the same type of worm/virus.
The virus writers have the source code for Outlook? No wonder there are so many viruses for it!
It isn't Microsofts fault.
Yes, why blame badly thought out and horribly insecure features/applications/operating systems when we can blame the user? I mean, after all, the Pinto is a perfectly good automobile if the user takes reasonable precaution against being hit from behind.
I did a dual boot on my desktop for many years (right now it has Redhat 9, Windows XP, Mandrake 9.2, SuSE 8.2 and Debian (installed Woody but went up to Sarge)). XP crashed maybe *5 times throughout a span of a couple years while Linux distributions crashed similarly or more times with less usage.
What type of crashes did you experience on the Linux distros?
I think Mandrake is less stable than Windows XP.
I run XP and Mandrake 10 (beta) on my laptop at work. My experience with using both OS's on a daily basis makes me wonder what facts you base that statement on.
Would you work somewhere where the secretary was dating the owner?
If you answered no, the good news is that you have some objectivity left. Make good use of it.