Yep, I didn't find any detailed materials on their project online. The authors held a lecture here in Cracow on Confidence 2007 though and talked about the second mode of operation too.
You can go with the bag around some airport or just down a street and send out your data to all open devices, infecting them with malware or such. But you can just as well place it outside a building of given company, say, in your car trunk, and let it brute force the devices in the building. The authors didn't admit to anything illegal but they implied some very interesting possiblities that sounded a whole lot like talking from experience.
Some points from the lecture: - if you have the device key, you're in, no questions asked. In 'discovery mode' you ask for the key and the device may deny it to you. in 'stealth' mode no questions are asked, you have the key, you're in, you don't - try again. - there's no penalty, no fallback time, no delay upon using wrong key. You can brute force them as fast as bluetooth goes. You can use all of the 64 channels in paralell to try cracking them (64 tries at once). Wrong frequencies are quietly ignored. - If you know the key of given device once, you have it forever. Most "good" devices "forget" the key, so they need confirmation in discovery mode and having the key re-sent upon reconnection. But you can just as well store the key for later use. - the mentioned 6 hours are if you need to crack the whole key. Actually, a large part of it is a device type ID. If you narrow your search, say, to Bluetooth dongles, and exclude all the earphones, keyboards, phones etc, you drastically shorten the cracking time. - there are still all the standard "next level" protections, like the computer may restrict bluetooth-available resources, but devices like PDAs, phones, keyboards etc are wide open.
Bluebag Project can crack any bluetooth device in some 6 hours. The current form of it has a potential to increase the speed 8 times (currently it uses 8 dongles to scan possible 64 channels in paralell. If you use 64 bluetooth dongles to scan one channel each, you gain a lot of speed).
But if I was in a crew of a real nuclear silo, after 50 drill alarms and unable to tell a real launch code apart from a training code, I'd launch the real rockets on a real city and wouldn't even twitch. Maybe until after I know the nuke hit.
Making a simulation game that runs exactly the same way as the real thing is not all that difficult. Keeping a trained crew running the simulation over and over, then just switching from 'simulator' to 'controller' mode transparently, without letting the 'players' know, you can get them to nuke cities and kill millions without a twitch. "It's just a game."
The first time I played it, a pirated version shortly after the release, I was genuinely touched. When my first nukes fell on Warsaw and Wienna, I was quite shaken. My friends live there. The music, the crying woman in the background, this all added to the game experience immensely. My conscience at work was quite strong. "Yeah, that's just a game", I'd rationalize, but I still felt for the virtual humanity.
Yesterday I got the original Defcon and played it for the first time in a long time again. I launched a mass attack. Tokyo, Cairo, New York, Mexico, London. And when they broke through the defences, I'd go like "Wow! Yeah!", I enjoyed the huge score and didn't feel the least bit sorry. I knew the counter-strike would wipe my country entirely, but cool calculation was "I have 100 mln people at -1 per million, I can lose at most 100 points. There's +2 for each million of enemy people I kill, so if I get to strike the biggest cities first, I'll reap enough points no loss at a later time will outweight. Screw all the defense, attack all big cities ASAP, hard." I won with over 300 points with the next best player getting just above 100 points. Considering the losses this translates to gameplay murder of about 400 millions people in the game. Yeah, the game was fun.
You can dual-license a program you wrote from scratch. Legally it looks like this: you have 'root' version which is 'closeware' - "Nobody but me is allowed to use it, and I am allowed to change the license", and two 'branches' - GPL and the other license. Practically you don't but that's somewhat moot. You're allowed to develop the 'root' and upgrade the 'branches' according to your changes to 'root' but you're not allowed to backport users' changes to the GPL branch into the 'root' and Commercial branch.
You can't dual-license a program that has GPL components in itself. Your root is GPL and you can't relicense it. And even if the original author of the program you based your own on releases a second version under some license you need, your own 'root' is based on the GPL branch and is GPL. You can't change it. You may at best write a second version, a total rewrite from scratch, using the commercial version of the library as basis.
Fell victim of dumbing things down. Stupid society is easier to control and has lower expectations. Interest in science tends to make people smarter. Making science, learning etc unfashionable lowered the supply of smart people, and the consumer industry drained the remaining human resources leaving nearly none for actual science.
Hard drives hate sub-zero temperatures. LCDs will work like a snail below some 4C, and may break permanently at minus several. Coolers wear off faster (though that's not a big problem). Anything non-solid-state parts is at risk - grease and axle oil solidifies, plastic bearings become brittle, thermal distortion locks axles in metal bearings and displaces micrometer-aligned mechanisms. Also, in serious frost, capacitors freeze. But I think you need more than Siberia for that.
A system that was kept in sub-zero temperature while switched off, should be left for some time in a plus temperature to 'thaw' before you switch it on, because of moisture condensing on the cool parts.
OTOH, as long as the systems keep running, they will keep themselves at a positive temperature. The CPUs are good heaters.
The shield was a movable part making it possible to shut the reaction down in non-selfdestructive manner. After it melts, you're stuck with several tons of nuclear waste. Something breaks or needs maintenance, you lift the shield, fix it.
Here you count on the coolant circuit never to fail, and if it does, at best you're left with several tons of nuclear waste. There's no way to safely shut it down. You can either keep it running or break it permanently.
Devices without an 'off' switch are usually a bad idea. Nuclear devices especially so.
Whenever any of my european friends hears americans pay for incoming SMS or calls, they just open their eyes wide in amazement. "Huh? That's retarded. So I send you 100 SMS using a WWW gateway and you have to pay for them?"
Yeah. WWW gateways where you can send SMS for free. Actually getting an EXTRA CREDIT for RECEIVING calls - 2 minutes of incoming call gives you 1 minute of outgoung call extra in some plans. When your prepaid card runs out of credit, you can receive calls and SMS for a year without paying any extra. Then buy a $10 worth of calling credit and you have another year of incoming calls.
There's one situation when you pay for incoming calls. Roaming - you're in a different country, then you pay for calls from your home country. But the method is simple: prepaid starters are usually cheaper than prepaid recharges. Just remove the SIM-lock before leaving, then the first thing you do while there: buy a local pre-paid, put your own SIM in the wallet, put the pre-paid in the phone, send SMS with your number to all your friends. International SMS between networks native to respective countries count the same as local SMS.
There were nice plans of a pretty safe reactor: a core that is too subcritical to sustain the reaction by itself, plus a mirror shield lowered around it, reflecting neutrons back into the core, increasing their density to sustain the reaction. How deep the shield is lowered decides upon how much power is drawn, raising it stops the reaction, and if raising mechanism was to fail for any reason, the first thing to melt would be said shield (made from material of melting temperature much lower than the core), stopping the reaction by ceasing to reflect neutrons back into the core.
In case of this thing, if the turbine stops, if the coolant circuit goes empty for any reason, I can't see how this could be stopped if it starts melting.
Google easily found out that one hardly ever uses the button. They removed it. Then users began complaining, where did it go? Users don't use it, but they simply feel happier, more secure, having it around.
Personally I'm missing the "I feel lucky" capability from Firefox search bar. Say, enter a text - a partial URL, a set of 100% sure keywords etc and press shift-enter, or shift-click the magnifying glass. Quite often I KNOW the result will be first, sometimes because I used this search before, sometimes because there's no way anything else could have beaten it. Sometimes I don't remember if the domain was com, org, us, de, net, eu, etc.
112 is not only european. It's universally international.
In Poland, there's 997 for the Police, 998 for the fire service and 999 for medical rescue crew. You can call any of those to ask for given kind of help and simultaneously ask to have the message forwarded to other services if there's such need. You get given specific service with a certain 'time bonus' for direct connection, and the others with a certain 'time penalty' (given person must forward your info elsewhere).
Calling 112 puts you in contact with an operator who relays your report to any of the three services (or others which numbers you might not know - gas emergency service, chemical contamination emergency team and so on) - the time is slightly higher in all cases but there's never any doubt which number to call or problem you'll forget to ask to have the info forwarded.
Extra exceptions with calling the 112:
- You can call with keys locked. No fumbling what odd combination unlocks the keyboard. - You can call without knowing the PIN number. Just enter 112 as your PIN and press ok. - You can call without the SIM card. - You can call without the battery. Have the phone plugged into the charger, battery missing - it's the only number working. - You can call from a locked out phone - exceeded number of wrong PIN and PUK codes, lock-out due to messing with operator unlock code etc. The phone may be a total brick save for 112. - Some phones allow you to call 112 no matter how deep in submenus you are. Java games, SMS writing and so on. That's not universal feature though.
Besides, this could automatically initialize some default data exchange: "Knock me your number" - you touch the phones and the phonebooks in both are updated with each other's numbers. Fast, easy and simple.
You could likely even use the same hardware as for bluetooth - just make the signal 1000 times weaker, so that only if two antennas are touching, the signal is strong enough to get through.
...or they obtained all the patent rights, not just the license itself. This way they can relicense the patent as they see fit - like, release it on GPL.
By voting one party or another you make a certain somewhat random, somewhat informed investment: you expect certain profits for your decision, if the party wins you expect they will support your interests and will provide you with certain amount of goods, material or not. Now what kind of goods, what value of them can you expect? You're retired and you expect your pension to be raised? You expect the state to fund the police better, providing you with protection of value equal to service of private security company costing some kind of money, they invest in research that will make your kids' lives better by the amount they'd get if you paid on their accounts... how much is it?
Removing the randomness factor from the profit (what if my vote is wasted on a loser? what if my winner lied to me and did opposite as promised?) is worth a lot of the final percentage, all by itself. Immediate results (getting what is promised now, and not in some distant future) is worth a lot too. Freedom of choice as to what you get with the money given ("I'll spend the money on a better janitor and my kids' education" instead of getting the whole package of what the politician promises) is valuable too. Meaning the expected profits from voting on a certain candidate better be significantly better than what you get right now for not voting, or voting whoever buys your vote, better be really good.
It's not giving up the right to decide about your future. It's a very conscious choice - dropping your right to vote means you agree to whatever others choose and consider the risk costing less than immediate profits. An iPod? That's some $300. I can't count the service of "my" candidate will give me more than $300 worth of profit over leaving the country to "the other".
This program creates given X files from one file, and you need Y of them (Y=X) to re-create the original.
Each of the files is way less than complete data. It's much more of a key than the cryptogram. There is NO cryptogram as such, only keys. Say, they found two out of 12 (and they need 10 to re-create the original). Can they request me to provide another 8 keys, when they have 20% of the cryptogram? Especially if it's extremely unlikely that what they have does actually contain anything incriminating (the data is not only random, it's way incomplete!) and providing them with the rest of the data WILL mean providing them with incriminating material (other files contain more of the data and combined may produce something actually incriminating).
To imagine thing easier: there's 500MB of incriminating material and 500MB of total randomness. Guy 0 XORs them then saves the result of the XOR result and the 10kb or random noise to separate CDs, erases the original, shuffles the CDs and hands them to Guy 1 and Guy 2. It's impossible to tell which of the CDs is the cryptogram and which is random noise. They are worthless without each other. XORed together they create the compromising material. Now the Police bursts through the doors and windows of Guy 1 and demands the key to the CD. He says this is the key and the Guy 2 has the cryptogram. So they get the CD from Guy 2 but he says it was his CD that was the key... The data obviously IS incomplete in both cases (you must provide exactly as many bits of data to have it recreated from the noise as the data contains originally - you could just as well provide the data itself and discard the noise, or make up virtually any kind of data by XORing the right input with one of the results.)
So...?
Take a gun apart, into 15 pieces. Hand each of the pieces to one of your friends. None of them is carrying a weapon, or even "incomplete weapon". Then they meet and put the gun together. Unless there are laws that specifically prohibit carrying weapon parts, they can bring the gun anywhere they want.
Slashdot Mirror
Yep, I didn't find any detailed materials on their project online.
The authors held a lecture here in Cracow on Confidence 2007 though and talked about the second mode of operation too.
You can go with the bag around some airport or just down a street and send out your data to all open devices, infecting them with malware or such. But you can just as well place it outside a building of given company, say, in your car trunk, and let it brute force the devices in the building. The authors didn't admit to anything illegal but they implied some very interesting possiblities that sounded a whole lot like talking from experience.
Some points from the lecture:
- if you have the device key, you're in, no questions asked. In 'discovery mode' you ask for the key and the device may deny it to you. in 'stealth' mode no questions are asked, you have the key, you're in, you don't - try again.
- there's no penalty, no fallback time, no delay upon using wrong key. You can brute force them as fast as bluetooth goes. You can use all of the 64 channels in paralell to try cracking them (64 tries at once). Wrong frequencies are quietly ignored.
- If you know the key of given device once, you have it forever. Most "good" devices "forget" the key, so they need confirmation in discovery mode and having the key re-sent upon reconnection. But you can just as well store the key for later use.
- the mentioned 6 hours are if you need to crack the whole key. Actually, a large part of it is a device type ID. If you narrow your search, say, to Bluetooth dongles, and exclude all the earphones, keyboards, phones etc, you drastically shorten the cracking time.
- there are still all the standard "next level" protections, like the computer may restrict bluetooth-available resources, but devices like PDAs, phones, keyboards etc are wide open.
Yeah, right.
Bluebag Project can crack any bluetooth device in some 6 hours. The current form of it has a potential to increase the speed 8 times (currently it uses 8 dongles to scan possible 64 channels in paralell. If you use 64 bluetooth dongles to scan one channel each, you gain a lot of speed).
Maybe not.
But if I was in a crew of a real nuclear silo, after 50 drill alarms and unable to tell a real launch code apart from a training code, I'd launch the real rockets on a real city and wouldn't even twitch. Maybe until after I know the nuke hit.
Making a simulation game that runs exactly the same way as the real thing is not all that difficult. Keeping a trained crew running the simulation over and over, then just switching from 'simulator' to 'controller' mode transparently, without letting the 'players' know, you can get them to nuke cities and kill millions without a twitch. "It's just a game."
Defcon being a prime example.
The first time I played it, a pirated version shortly after the release, I was genuinely touched. When my first nukes fell on Warsaw and Wienna, I was quite shaken. My friends live there. The music, the crying woman in the background, this all added to the game experience immensely. My conscience at work was quite strong. "Yeah, that's just a game", I'd rationalize, but I still felt for the virtual humanity.
Yesterday I got the original Defcon and played it for the first time in a long time again. I launched a mass attack. Tokyo, Cairo, New York, Mexico, London. And when they broke through the defences, I'd go like "Wow! Yeah!", I enjoyed the huge score and didn't feel the least bit sorry. I knew the counter-strike would wipe my country entirely, but cool calculation was "I have 100 mln people at -1 per million, I can lose at most 100 points. There's +2 for each million of enemy people I kill, so if I get to strike the biggest cities first, I'll reap enough points no loss at a later time will outweight. Screw all the defense, attack all big cities ASAP, hard." I won with over 300 points with the next best player getting just above 100 points. Considering the losses this translates to gameplay murder of about 400 millions people in the game. Yeah, the game was fun.
I don't know about Bush, but Mikael Jackson is certainly a marvel of animatronics.
Even worse than that...
GPL is non-revokable.
You can dual-license a program you wrote from scratch. Legally it looks like this: you have 'root' version which is 'closeware' - "Nobody but me is allowed to use it, and I am allowed to change the license", and two 'branches' - GPL and the other license. Practically you don't but that's somewhat moot. You're allowed to develop the 'root' and upgrade the 'branches' according to your changes to 'root' but you're not allowed to backport users' changes to the GPL branch into the 'root' and Commercial branch.
You can't dual-license a program that has GPL components in itself. Your root is GPL and you can't relicense it. And even if the original author of the program you based your own on releases a second version under some license you need, your own 'root' is based on the GPL branch and is GPL. You can't change it. You may at best write a second version, a total rewrite from scratch, using the commercial version of the library as basis.
It's a contraction, not its possessive.
I have not had any speed issues and only a few software compatibility issues.
Lucky, rich bastard.
Fell victim of dumbing things down. Stupid society is easier to control and has lower expectations. Interest in science tends to make people smarter. Making science, learning etc unfashionable lowered the supply of smart people, and the consumer industry drained the remaining human resources leaving nearly none for actual science.
"stories from Stanisaw Lem and other soviet sci-fi writers"
ekhm, ekhm.
Smuggling a nuke wrapped in a bale of marijuana will no longer be plausible option.
Hard drives hate sub-zero temperatures. LCDs will work like a snail below some 4C, and may break permanently at minus several. Coolers wear off faster (though that's not a big problem). Anything non-solid-state parts is at risk - grease and axle oil solidifies, plastic bearings become brittle, thermal distortion locks axles in metal bearings and displaces micrometer-aligned mechanisms. Also, in serious frost, capacitors freeze. But I think you need more than Siberia for that.
A system that was kept in sub-zero temperature while switched off, should be left for some time in a plus temperature to 'thaw' before you switch it on, because of moisture condensing on the cool parts.
OTOH, as long as the systems keep running, they will keep themselves at a positive temperature. The CPUs are good heaters.
The shield was a movable part making it possible to shut the reaction down in non-selfdestructive manner. After it melts, you're stuck with several tons of nuclear waste. Something breaks or needs maintenance, you lift the shield, fix it.
Here you count on the coolant circuit never to fail, and if it does, at best you're left with several tons of nuclear waste. There's no way to safely shut it down. You can either keep it running or break it permanently.
Devices without an 'off' switch are usually a bad idea. Nuclear devices especially so.
Whenever any of my european friends hears americans pay for incoming SMS or calls, they just open their eyes wide in amazement. "Huh? That's retarded. So I send you 100 SMS using a WWW gateway and you have to pay for them?"
Yeah. WWW gateways where you can send SMS for free. Actually getting an EXTRA CREDIT for RECEIVING calls - 2 minutes of incoming call gives you 1 minute of outgoung call extra in some plans. When your prepaid card runs out of credit, you can receive calls and SMS for a year without paying any extra. Then buy a $10 worth of calling credit and you have another year of incoming calls.
There's one situation when you pay for incoming calls. Roaming - you're in a different country, then you pay for calls from your home country. But the method is simple: prepaid starters are usually cheaper than prepaid recharges. Just remove the SIM-lock before leaving, then the first thing you do while there: buy a local pre-paid, put your own SIM in the wallet, put the pre-paid in the phone, send SMS with your number to all your friends. International SMS between networks native to respective countries count the same as local SMS.
There were nice plans of a pretty safe reactor: a core that is too subcritical to sustain the reaction by itself, plus a mirror shield lowered around it, reflecting neutrons back into the core, increasing their density to sustain the reaction. How deep the shield is lowered decides upon how much power is drawn, raising it stops the reaction, and if raising mechanism was to fail for any reason, the first thing to melt would be said shield (made from material of melting temperature much lower than the core), stopping the reaction by ceasing to reflect neutrons back into the core.
In case of this thing, if the turbine stops, if the coolant circuit goes empty for any reason, I can't see how this could be stopped if it starts melting.
Only if it finds that unlikely to be a valid URL. If it's my URL with an error, it will just go to the error page.
Google easily found out that one hardly ever uses the button. They removed it. Then users began complaining, where did it go?
Users don't use it, but they simply feel happier, more secure, having it around.
Personally I'm missing the "I feel lucky" capability from Firefox search bar. Say, enter a text - a partial URL, a set of 100% sure keywords etc and press shift-enter, or shift-click the magnifying glass. Quite often I KNOW the result will be first, sometimes because I used this search before, sometimes because there's no way anything else could have beaten it. Sometimes I don't remember if the domain was com, org, us, de, net, eu, etc.
112 is not only european. It's universally international.
In Poland, there's 997 for the Police, 998 for the fire service and 999 for medical rescue crew. You can call any of those to ask for given kind of help and simultaneously ask to have the message forwarded to other services if there's such need. You get given specific service with a certain 'time bonus' for direct connection, and the others with a certain 'time penalty' (given person must forward your info elsewhere).
Calling 112 puts you in contact with an operator who relays your report to any of the three services (or others which numbers you might not know - gas emergency service, chemical contamination emergency team and so on) - the time is slightly higher in all cases but there's never any doubt which number to call or problem you'll forget to ask to have the info forwarded.
Extra exceptions with calling the 112:
- You can call with keys locked. No fumbling what odd combination unlocks the keyboard.
- You can call without knowing the PIN number. Just enter 112 as your PIN and press ok.
- You can call without the SIM card.
- You can call without the battery. Have the phone plugged into the charger, battery missing - it's the only number working.
- You can call from a locked out phone - exceeded number of wrong PIN and PUK codes, lock-out due to messing with operator unlock code etc. The phone may be a total brick save for 112.
- Some phones allow you to call 112 no matter how deep in submenus you are. Java games, SMS writing and so on. That's not universal feature though.
when he's over a submachine gun? I agree.
Besides, this could automatically initialize some default data exchange: "Knock me your number" - you touch the phones and the phonebooks in both are updated with each other's numbers. Fast, easy and simple.
You could likely even use the same hardware as for bluetooth - just make the signal 1000 times weaker, so that only if two antennas are touching, the signal is strong enough to get through.
...or they obtained all the patent rights, not just the license itself. This way they can relicense the patent as they see fit - like, release it on GPL.
Unlikely but not impossible.
...how does it compare to capacity equivalent in SD cards plus RAID/reader glue logic piece of hardware?
By voting one party or another you make a certain somewhat random, somewhat informed investment: you expect certain profits for your decision, if the party wins you expect they will support your interests and will provide you with certain amount of goods, material or not. Now what kind of goods, what value of them can you expect? You're retired and you expect your pension to be raised? You expect the state to fund the police better, providing you with protection of value equal to service of private security company costing some kind of money, they invest in research that will make your kids' lives better by the amount they'd get if you paid on their accounts... how much is it?
Removing the randomness factor from the profit (what if my vote is wasted on a loser? what if my winner lied to me and did opposite as promised?) is worth a lot of the final percentage, all by itself. Immediate results (getting what is promised now, and not in some distant future) is worth a lot too. Freedom of choice as to what you get with the money given ("I'll spend the money on a better janitor and my kids' education" instead of getting the whole package of what the politician promises) is valuable too. Meaning the expected profits from voting on a certain candidate better be significantly better than what you get right now for not voting, or voting whoever buys your vote, better be really good.
It's not giving up the right to decide about your future. It's a very conscious choice - dropping your right to vote means you agree to whatever others choose and consider the risk costing less than immediate profits. An iPod? That's some $300. I can't count the service of "my" candidate will give me more than $300 worth of profit over leaving the country to "the other".
http://www.erikyyy.de/multikey/
This program creates given X files from one file, and you need Y of them (Y=X) to re-create the original.
Each of the files is way less than complete data. It's much more of a key than the cryptogram. There is NO cryptogram as such, only keys. Say, they found two out of 12 (and they need 10 to re-create the original). Can they request me to provide another 8 keys, when they have 20% of the cryptogram? Especially if it's extremely unlikely that what they have does actually contain anything incriminating (the data is not only random, it's way incomplete!) and providing them with the rest of the data WILL mean providing them with incriminating material (other files contain more of the data and combined may produce something actually incriminating).
To imagine thing easier: there's 500MB of incriminating material and 500MB of total randomness. Guy 0 XORs them then saves the result of the XOR result and the 10kb or random noise to separate CDs, erases the original, shuffles the CDs and hands them to Guy 1 and Guy 2. It's impossible to tell which of the CDs is the cryptogram and which is random noise. They are worthless without each other. XORed together they create the compromising material.
Now the Police bursts through the doors and windows of Guy 1 and demands the key to the CD. He says this is the key and the Guy 2 has the cryptogram. So they get the CD from Guy 2 but he says it was his CD that was the key... The data obviously IS incomplete in both cases (you must provide exactly as many bits of data to have it recreated from the noise as the data contains originally - you could just as well provide the data itself and discard the noise, or make up virtually any kind of data by XORing the right input with one of the results.)
So...?
Take a gun apart, into 15 pieces. Hand each of the pieces to one of your friends. None of them is carrying a weapon, or even "incomplete weapon". Then they meet and put the gun together. Unless there are laws that specifically prohibit carrying weapon parts, they can bring the gun anywhere they want.
Is there Truecrypt or something alike for OpenBSD?