A blasting cap is very small... about the size of a crayon. It could be wrapped in cotton and stuck in a sock, for example. And then set off with a cell phone battery.
What I'm saying is if you're going to screen for explosives effectively, you need to screen everything: shoes, clothing, and even the body.
Whether or not screening for explosives is a cost-effective security measure for commercial air travel is another matter entirely. The Israelis who run El Al seem to think so, and the rest of the world's air transport system looks to El Al for leadership in security practices. Everybody, including Bruce Schneier, agrees that El Al's security measures are effective (but also quite intrusive).
1. the sole of a shoe can contain any significant amount of explosive
The sole of a pair of adult male shoes could easily carry 500 grams of C-4, Semtex, or other plastic explosive. This is more than enough to tear a steel girder in half. Or tear a commercial airliner's fuselage wide open, especially if detonated near a window.
2. that walking on such a shoe would not cause the explosive to go off
Plastic explosives are very stable, and almost impossible to detonate with out a blasting cap. Some can even survive bullet strikes without detonating, and have been burned as fuel for cooking fires by soldiers in the field without detonating. C-4 and Semtex are widely available, and would most definitely NOT detonate by being walked on.
3. that airport scanner technology can tell the difference between explosives and leather
The newer color tomography machines, which are deployed widely in the USA, can easily distinguish explosives from leather.
There are a lot of aspects of airport security that are stupid, but scanning shoes is actually a good idea if you're going to do scanning for explosives. Of course, a terrorist could always swallow baggies full of TNT and a basting cap on a wire.
My point is that he's using a PC to store ciritcal data and run business cirtical function. That should be on a server, and he should fish or wahtever into that. Losing even 1/2 day of staff productivity to an outage of that box - and it will happen - would easily pay for the cost of an equivalently powered server that is properly managed and backed up.
It's Rule #3 or maybe #4 in IT management: never let a programmer be a sysadmin, and vice-versa. The skill sets are divergent, and the goals of each are often at odds with the other. It's a developers job to say, "you can do this, or that, all I have to do is code it, and deploy the change". A sysadmin's job is to think about all of the risks in a setup, quanitify them, and try to address each as cost-effectively as possible.
People often store files, databases, and other such essential data and applications on centralized compters. Then they keep them running all the time, and provide multi-user access. These "servers" can be kept in rooms designed to protect and cool them, These "servers" and can even be backed up to offsite media on an automatic schedule. It's amazing.
Seriously - Apple in my experience pulls posts when their veracity can't be verified.
And that's downright unethical. Even Microsoft doesn't do that on their forums in my expeirence. Apple should not delete posts on a public forum unles they violate a law (slander, libel, CAN-SPAM, etc.). Instead they should tag them with an in-your-face administrative "Unverified - being investigated" label. Why have public forums at all if you're only going to delete unfavorable posts? Do they re-instate bug posts like this when it is verified? I'm guessing no...
I can't believe you didn't get a +1 Interesting mod for that.
Of course, we don't *know* that the DoD doesn't use DRM... the classified portion of the DoD network isn't exactly transparent to the public, and certainly there is some form of code-signing whitelist on all classified machines (is that DRM?).
In fact, DRM could actually be quite useful to the DoD for low-classification data, as it would stop the average enlisted clerk who might sell mildly interesting secrets to a Chinese hooker. DRM is useful against the tecnically ignorant, especially when you control all of the software to which they have access.
Censorship has everything to do with content. From Webster's: "an official (as in time of war) who reads communications (as letters) and deletes material considered sensitive or harmful".
Note to Slashdot readers under the age of 30: words mean things. Most actually have fairly unambiguous meanings. You can't just make it up as you go along, even if Bill Clinton once tried to redefine "is" on TV when you were 10.
I never really understood the vehement opposition most conservatives have towards ending global warming until now. You actually think that the real goal is destruction of the capitalist system. Wow, I need some of what you're smoking.
Seriously, what evidence do you have that that is the goal?
A whole lot of companies. There can be significant tax advantages depending on the company and jurisdiction. It also makes cost allocation much simpler, as everything is a direct expense and goes straight into the "cost of goods sold" bucket.
Lease vs. buy is pretty basic accounting. I would suggest you take a business class or two. You might actually make yourself valuable enough to the IT organization and company that you don't get outsourced. "Heads-down" technical guys are the first to go when budget cuts arrive. The guys that can actually work with the rest of the company are kept even in the toughest of times, and not-so-coincidentally get promoted and paid more to boot.
Umm, dude, you can get a CO detector at your local hardware store for under $10.
There are a lot more dangerous chemicals and gasses in regular use than CO. Do you have a natural gas stove or oven? Drive a gasoline car? Both are far more dangerous in gasseous or vapor form.
But isn't that the point of TFA? The argument is "open source" produces little innovation, and adds little to the innovation process. Really, the "business model" of innovation in computer science has not changed: deep-pocketed vendors sponsor research in their own labs or indirectly through university grants. Or maybe it's DARPA or the NSF giving the grant money via the taxpayer. Same as it was back in the 1960s.
They have SPEC-Web benchmarks that show the perormance to be excellent. Running everything in kerned address space without hardware memory protection makes up for the strict type-checking and message passing. Supposedly. But Singularity's not even availble to end users for any price, it's just a "shared source" OS given to some Universities under NDA.
To me, this means MS wants to commercialize Singularity, and soon. They need something to replace the slowing Windows gravy train revenue. Combined with virtualization, this isn't far-fetched. Run a Windows VM for legacy stuff, and a Singularity VM on the same box for the newly developed, secure, provably-correct-and-stable code. It will sell.
Frankly, nothing I've seen that started in the open souce community, outside a university, that is as innovative as Singularity. Plan 9 came from Bell Labs. Even an oft-cited example, BitTorrent, was really and implementation of basic innovations (chunking, caching, and replication) made previously in distributed file systems such as Coda. Coda has been around since 1987 at Cernegie-Mellon.
Fortunately, many universities now release their research product as some form of open source. But without corporate or university sponsorship, the "open source community" itself doesn't seem to generate much innovation, only re-implementation and refinement of ideas that started in commercial or university settings.
I do it to future proof my collection. At some point down the line everyone will move away from lossy codec X to lossy codec X2 which will provide higher compression...
Not necessarily. At some point, the standard is "good enough". I think MP3 is already at the "good enough and ubiquitous enough to be permanent" stage with modern encoders.
Quad-stereo, HDCD, DVD-Audio, etc. have all failed to take off, as the incremental improvement isn't worth the pain of a change. Two-channel stereo is good enough for music, and 16 bits per channel @ 44+ Khz is good enough for just about every playback scenario. MP3 has been sucessful because it delivers that same audio experience with more convenience than CD.
Look at it this way: JPEG 2000 failed to replace JPEG, since JPEG is good enough, and bandwidth has only gotten cheaper. Nothing has replaced PDF yet, despite its shortcomings, as it is good enough for almost all use cases.
I feel confident storing all my music as 2-channel MP3s, and all of my videos as MPEG-2 with 5.1 channel AAC. Both formats are ubiquitous enough that there will be decoders available many decades into the future. We have tab-delimited ASCII files from the late 1960s at my company that are still used for statistical purposes. No need to change the format for 40 years; it was ubiquitous enough to be permanent. I imagine those files will remain readable for the next 100 years at least.
Your time has no value? How much time did you spend setting it up? How much time did it take you to assemble it, install and configure OpenSolaris, WA everything, and write the web-based administration tools?
The vast majority of SANs are not bandiwdth-bound, they are bound by the aggregate random IO throughput of all the spindles. We have a SAN in which each module added to the SAN adds 2 GBps of bandwidth. Each module has 4-12 spinles. With 6 mondules, the SAN has 12 GBps of bandwidth available to servers, all clustered and load-balanced. With 40 modules, that's 80 GBps. I don't think even the highest end Fiber Channel SANs can compete with that from a bandwidth perspective.
Fiber Channel will be dead in less than 5 years, even at the high end. Commodity pricing makes running multiple GbE channels far cheaper than buying a single FC switch.
The NSA obviously needs a few good rootkits lying around just in case. Now, if you were the NSA, would you rather have a good rootkit or a good crack for RSA
A good rootlkit is an effective crack for most implementations of RSA, and allows you to do a whole lot more. A rootkit could even crack an electronic one time pad by copying the key.
As far as I know, nobody has proved that finding the prime factorization of a large number (or more directly, computing Euler's totient function of a large number) cannot be done quickly and easily. Until I see a proof that this is hard, I will not call attacking RSA "dumb."
Nobody has proven that 3DES, AES, or other symmetric cyphers are secure, either. But in many decades of study, not attacks better than 2^111 operations have been found in 3DES. The only encryption alogirthm wiht provabal rproperties is the oine time pad. So do you not trust any other crypto? Most mathemeticians would tell you RSA is very unlikely to be broken through a magical, as-yet-undiscovered polynomial-time factoring solution. Quantum computers that can operate on 512+ bit numbers are decades away, even for the NSA.
As for your second point, the advantage to breaking RSA over installing a rootkit or keystroke logger is that breaking RSA leaves no trace.
A goot rootkit leaves no trace either: it installs through exploit of choice, copies passphrases and private key over the network, and removes itself. Certainly writing something like that is a lot less resource intensive than trying to crask RSA (or any other strong cryptosystem).
Actually, the NSA is full of smart Ph.D.s, so they probably wouldn't even try to do something dumb like attack the cryptographic algorithms in PGP. The weak point of any respectable cryptographic system is the security of the endpoints, not the algorithms or protocols themselves. So the NSA wouldn't try to crack any crypto, they would instead rootkit your box through some reandom vulnerability and install a keystroke logger to capture your passphrase and private keyring. They would resort to physical intrustion of your machine if necessary. But hacking the host OS (Windows, Linux, OSX, whatever) is far easier than attacking even 512-bit RSA.
Oh, and piping compressed air is a fairly lossless ordeal. Why not?
You lose at least some energy as the compressed air (which increases in temp while being compressed) cools, radiating its heat out into the ocean or atmosphere. Whether or not that is significant percentage would depend on the materials, geometires, and temperature differentials in use.
I am not talking out of my ass. I run the IT shop for a company which publishes several magazines, hundreds of brochures and signs per year, as well as electronic media. I have interacted with literally thousands of graphic artists, print service bureaus, and photographers over 11 years. Not a single one has ever even mentioned the GIMP; most use Macs, although that has shifted a bit towards Windows in the last 5 years. Everybody shells out their yearly money to Adobe for Photoshop and usually Illustrator and InDesign too, becuase those are the tools that have the features graphics professionals require.
I personally use open source software a bit for other aspects of my job, so I really wanted to deploy the GIMP in the publishing group. Saving $50K in software licenses from our budget would have a very positive impact on my bonus. But the GIMPs limitations are crippling for anything but producing web graphics or personal photo work. How can you adjust the color balance of an advertiser's image without any on-screen calibration? Kinda-sorta-looks-okay-on-screen doesn't cut it for a $50,000 print run.
As a side note, I know professional photographers (they get paid big bucks for their work) which use GIMP without trouble. Does this mean it's ready for all photographers? No. What he does is a niche for sure. Nonetheless, with a zero digital editing background, he figured how to do what he needs to do with little effort or pain. This again suggests you're fighting a common bias rather than a fundamental UI flaw.
Nobody should be doing professional image work in this day and age without high-depth color (>8 bits per channel), as well as full-loop color calibration (input + monitor + output) and CMYK support.
If your image is the web, or video, I suppose GIMP would suffice. But then you don't really need a professional, as those are low-fidelity media. If you're printing anything on any sort of real printing press, or to film or photo stock, you really need Photoshop.
Except he's totally wrong. Some lame uninstallers require a reboot becuase they don't kill their parent process before uninstalling. So you have to reboot to finish the install, because you can't delete *open files* on Windows macnines. the pagefile has nothing to do with it.
This is really a problem with software that installs bullshit task-bar applets (Apple and Adobe, I am looking at you). The vast majority of Microsoft's own software does not require a reboot to install or uninstall. Even fairly major items like SQL Server, Excahnge, or Sharepoint can be installed or uninstalled without a reboot. The same goes for Office apps since 2000.
The reason many MS security patches require a reboot is beacuse they patch explorer, the kernel, or some other subystem (such as the Worksation service) which is always open. But even that has improved quite a bit lately; several of the last few rounds of MS patches have not required reboots on most of our servers.
Slashdot Mirror
A blasting cap is very small... about the size of a crayon. It could be wrapped in cotton and stuck in a sock, for example. And then set off with a cell phone battery.
What I'm saying is if you're going to screen for explosives effectively, you need to screen everything: shoes, clothing, and even the body.
Whether or not screening for explosives is a cost-effective security measure for commercial air travel is another matter entirely. The Israelis who run El Al seem to think so, and the rest of the world's air transport system looks to El Al for leadership in security practices. Everybody, including Bruce Schneier, agrees that El Al's security measures are effective (but also quite intrusive).
The sole of a pair of adult male shoes could easily carry 500 grams of C-4, Semtex, or other plastic explosive. This is more than enough to tear a steel girder in half. Or tear a commercial airliner's fuselage wide open, especially if detonated near a window.
Plastic explosives are very stable, and almost impossible to detonate with out a blasting cap. Some can even survive bullet strikes without detonating, and have been burned as fuel for cooking fires by soldiers in the field without detonating. C-4 and Semtex are widely available, and would most definitely NOT detonate by being walked on.
The newer color tomography machines, which are deployed widely in the USA, can easily distinguish explosives from leather.
There are a lot of aspects of airport security that are stupid, but scanning shoes is actually a good idea if you're going to do scanning for explosives. Of course, a terrorist could always swallow baggies full of TNT and a basting cap on a wire.
My point is that he's using a PC to store ciritcal data and run business cirtical function. That should be on a server, and he should fish or wahtever into that. Losing even 1/2 day of staff productivity to an outage of that box - and it will happen - would easily pay for the cost of an equivalently powered server that is properly managed and backed up.
It's Rule #3 or maybe #4 in IT management: never let a programmer be a sysadmin, and vice-versa. The skill sets are divergent, and the goals of each are often at odds with the other. It's a developers job to say, "you can do this, or that, all I have to do is code it, and deploy the change". A sysadmin's job is to think about all of the risks in a setup, quanitify them, and try to address each as cost-effectively as possible.
People often store files, databases, and other such essential data and applications on centralized compters. Then they keep them running all the time, and provide multi-user access. These "servers" can be kept in rooms designed to protect and cool them, These "servers" and can even be backed up to offsite media on an automatic schedule. It's amazing.
And that's downright unethical. Even Microsoft doesn't do that on their forums in my expeirence. Apple should not delete posts on a public forum unles they violate a law (slander, libel, CAN-SPAM, etc.). Instead they should tag them with an in-your-face administrative "Unverified - being investigated" label. Why have public forums at all if you're only going to delete unfavorable posts? Do they re-instate bug posts like this when it is verified? I'm guessing no...
I can't believe you didn't get a +1 Interesting mod for that.
Of course, we don't *know* that the DoD doesn't use DRM... the classified portion of the DoD network isn't exactly transparent to the public, and certainly there is some form of code-signing whitelist on all classified machines (is that DRM?).
In fact, DRM could actually be quite useful to the DoD for low-classification data, as it would stop the average enlisted clerk who might sell mildly interesting secrets to a Chinese hooker. DRM is useful against the tecnically ignorant, especially when you control all of the software to which they have access.
Censorship has everything to do with content. From Webster's: "an official (as in time of war) who reads communications (as letters) and deletes material considered sensitive or harmful".
Note to Slashdot readers under the age of 30: words mean things. Most actually have fairly unambiguous meanings. You can't just make it up as you go along, even if Bill Clinton once tried to redefine "is" on TV when you were 10.
*woosh*
I was joking, but if you consider Al Gore "center right", you must be the reincarnation of ol' V.I. Lenin himself.
Umm... Al Gore?
A whole lot of companies. There can be significant tax advantages depending on the company and jurisdiction. It also makes cost allocation much simpler, as everything is a direct expense and goes straight into the "cost of goods sold" bucket.
Lease vs. buy is pretty basic accounting. I would suggest you take a business class or two. You might actually make yourself valuable enough to the IT organization and company that you don't get outsourced. "Heads-down" technical guys are the first to go when budget cuts arrive. The guys that can actually work with the rest of the company are kept even in the toughest of times, and not-so-coincidentally get promoted and paid more to boot.
Umm, dude, you can get a CO detector at your local hardware store for under $10.
There are a lot more dangerous chemicals and gasses in regular use than CO. Do you have a natural gas stove or oven? Drive a gasoline car? Both are far more dangerous in gasseous or vapor form.
But isn't that the point of TFA? The argument is "open source" produces little innovation, and adds little to the innovation process. Really, the "business model" of innovation in computer science has not changed: deep-pocketed vendors sponsor research in their own labs or indirectly through university grants. Or maybe it's DARPA or the NSF giving the grant money via the taxpayer. Same as it was back in the 1960s.
They have SPEC-Web benchmarks that show the perormance to be excellent. Running everything in kerned address space without hardware memory protection makes up for the strict type-checking and message passing. Supposedly. But Singularity's not even availble to end users for any price, it's just a "shared source" OS given to some Universities under NDA.
To me, this means MS wants to commercialize Singularity, and soon. They need something to replace the slowing Windows gravy train revenue. Combined with virtualization, this isn't far-fetched. Run a Windows VM for legacy stuff, and a Singularity VM on the same box for the newly developed, secure, provably-correct-and-stable code. It will sell.
One word: Singularity.
Frankly, nothing I've seen that started in the open souce community, outside a university, that is as innovative as Singularity. Plan 9 came from Bell Labs. Even an oft-cited example, BitTorrent, was really and implementation of basic innovations (chunking, caching, and replication) made previously in distributed file systems such as Coda. Coda has been around since 1987 at Cernegie-Mellon.
Fortunately, many universities now release their research product as some form of open source. But without corporate or university sponsorship, the "open source community" itself doesn't seem to generate much innovation, only re-implementation and refinement of ideas that started in commercial or university settings.
Not necessarily. At some point, the standard is "good enough". I think MP3 is already at the "good enough and ubiquitous enough to be permanent" stage with modern encoders.
Quad-stereo, HDCD, DVD-Audio, etc. have all failed to take off, as the incremental improvement isn't worth the pain of a change. Two-channel stereo is good enough for music, and 16 bits per channel @ 44+ Khz is good enough for just about every playback scenario. MP3 has been sucessful because it delivers that same audio experience with more convenience than CD.
Look at it this way: JPEG 2000 failed to replace JPEG, since JPEG is good enough, and bandwidth has only gotten cheaper. Nothing has replaced PDF yet, despite its shortcomings, as it is good enough for almost all use cases.
I feel confident storing all my music as 2-channel MP3s, and all of my videos as MPEG-2 with 5.1 channel AAC. Both formats are ubiquitous enough that there will be decoders available many decades into the future. We have tab-delimited ASCII files from the late 1960s at my company that are still used for statistical purposes. No need to change the format for 40 years; it was ubiquitous enough to be permanent. I imagine those files will remain readable for the next 100 years at least.
Your time has no value? How much time did you spend setting it up? How much time did it take you to assemble it, install and configure OpenSolaris, WA everything, and write the web-based administration tools?
The vast majority of SANs are not bandiwdth-bound, they are bound by the aggregate random IO throughput of all the spindles. We have a SAN in which each module added to the SAN adds 2 GBps of bandwidth. Each module has 4-12 spinles. With 6 mondules, the SAN has 12 GBps of bandwidth available to servers, all clustered and load-balanced. With 40 modules, that's 80 GBps. I don't think even the highest end Fiber Channel SANs can compete with that from a bandwidth perspective.
Fiber Channel will be dead in less than 5 years, even at the high end. Commodity pricing makes running multiple GbE channels far cheaper than buying a single FC switch.
A good rootlkit is an effective crack for most implementations of RSA, and allows you to do a whole lot more. A rootkit could even crack an electronic one time pad by copying the key.
Nobody has proven that 3DES, AES, or other symmetric cyphers are secure, either. But in many decades of study, not attacks better than 2^111 operations have been found in 3DES. The only encryption alogirthm wiht provabal rproperties is the oine time pad. So do you not trust any other crypto? Most mathemeticians would tell you RSA is very unlikely to be broken through a magical, as-yet-undiscovered polynomial-time factoring solution. Quantum computers that can operate on 512+ bit numbers are decades away, even for the NSA.
A goot rootkit leaves no trace either: it installs through exploit of choice, copies passphrases and private key over the network, and removes itself. Certainly writing something like that is a lot less resource intensive than trying to crask RSA (or any other strong cryptosystem).
Actually, the NSA is full of smart Ph.D.s, so they probably wouldn't even try to do something dumb like attack the cryptographic algorithms in PGP. The weak point of any respectable cryptographic system is the security of the endpoints, not the algorithms or protocols themselves. So the NSA wouldn't try to crack any crypto, they would instead rootkit your box through some reandom vulnerability and install a keystroke logger to capture your passphrase and private keyring. They would resort to physical intrustion of your machine if necessary. But hacking the host OS (Windows, Linux, OSX, whatever) is far easier than attacking even 512-bit RSA.
You lose at least some energy as the compressed air (which increases in temp while being compressed) cools, radiating its heat out into the ocean or atmosphere. Whether or not that is significant percentage would depend on the materials, geometires, and temperature differentials in use.
Tell me about it. According to the GP, Neiman Marcus and Tiffany's should not exist, but my wife has certainly proven that they do.
I am not talking out of my ass. I run the IT shop for a company which publishes several magazines, hundreds of brochures and signs per year, as well as electronic media. I have interacted with literally thousands of graphic artists, print service bureaus, and photographers over 11 years. Not a single one has ever even mentioned the GIMP; most use Macs, although that has shifted a bit towards Windows in the last 5 years. Everybody shells out their yearly money to Adobe for Photoshop and usually Illustrator and InDesign too, becuase those are the tools that have the features graphics professionals require.
I personally use open source software a bit for other aspects of my job, so I really wanted to deploy the GIMP in the publishing group. Saving $50K in software licenses from our budget would have a very positive impact on my bonus. But the GIMPs limitations are crippling for anything but producing web graphics or personal photo work. How can you adjust the color balance of an advertiser's image without any on-screen calibration? Kinda-sorta-looks-okay-on-screen doesn't cut it for a $50,000 print run.
Nobody should be doing professional image work in this day and age without high-depth color (>8 bits per channel), as well as full-loop color calibration (input + monitor + output) and CMYK support.
If your image is the web, or video, I suppose GIMP would suffice. But then you don't really need a professional, as those are low-fidelity media. If you're printing anything on any sort of real printing press, or to film or photo stock, you really need Photoshop.
Except he's totally wrong. Some lame uninstallers require a reboot becuase they don't kill their parent process before uninstalling. So you have to reboot to finish the install, because you can't delete *open files* on Windows macnines. the pagefile has nothing to do with it.
This is really a problem with software that installs bullshit task-bar applets (Apple and Adobe, I am looking at you). The vast majority of Microsoft's own software does not require a reboot to install or uninstall. Even fairly major items like SQL Server, Excahnge, or Sharepoint can be installed or uninstalled without a reboot. The same goes for Office apps since 2000.
The reason many MS security patches require a reboot is beacuse they patch explorer, the kernel, or some other subystem (such as the Worksation service) which is always open. But even that has improved quite a bit lately; several of the last few rounds of MS patches have not required reboots on most of our servers.