Of course their real secret weapon is to confuse our scientists into using different measuring systems to calculate orbital/entry type information. They don't even need to waste any energy shooting the probes down, we burn them up for them !
You know they're reading this laughing at us don't you?!
Before the Columbia accident, NASA intended eventually to have a crew of astronauts maneuver the 43-foot-long telescope into a cargo bay and bring it home for installation in the National Air and Space Museum as an inspiration for future generations.
Is that 43 NASA feet or imperial feet ?
Can't you just see it, send up the shuttle and crew to fetch it back, throw a rope round it, haul it into grab range, everyone's watching from earth, turn it round and start pulling it into the cargo bay then.. Houston, this is Atlantis.. has anyone got a measuring tape ? We seem to have a problem
They often say it's for backhanders to officials to release documentation or shipments of whatever. Then they'll ask for a watch to bribe customs officials.
Depends on the advance warning. With 30-40 years notice, we'd probably have time to send out a scout team to characterize the asteroid. Then, we could send a follow on team with the proper explosives and nukes.
Couldn't we send in a team of negotiators to try reasoning with it ? Maybe offer it a bribe to hit the next planet along ? If all else fails we could try mocking it.
What with this..
'Lemming populations, they say, surge spectacularly and fall just as quickly, thanks to the combined feasting of four predators: the stoat, arctic fox, snowy owl and a seabird called the long-tailed skua.
and this..
This page was generated by a Group of Trained Rabbits for RabidStoat (689404) it's been quite a day !
Err, don't you know that Gator isn't spyware. They said it, so it must be true. We aren't allowed to say that Gator is spyware at all, even if we all know and think that it is spyware, we just can't say that it is spyware. I mean if Gator was spyware, they'd have admitted it was spyware wouldn't they ?
I seem to remember that the Strathclyde Fire Brigade were using something like this in Glasgow a few years ago. They had some form of tracking device in the fire engines and a centralised system would turn all traffic lights red as the unit approached.
still not always right though is it ! I mean depending on what it is you're doing pressing the shift key sometimes won't make any difference. Somebody should just sort it out once and for all and make a keyboard with a working "any" key mapped to "return" or some other configurable character. It'd make life so much easier.. dammit make it big and red while you're at it.
err, I think you need to read the mail that Valve sent..
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).
Who said they only got the source off one PC ? If they got onto a developer's PC it's a fair assumption that they can get to the source control system in place. Try thinking before assuming they only the source off one machine.
As sad as the situation is, I do hope the code has "only" been stolen and they, whoever they are, didn't modify any of the code at Valve. The last thing I'd want to hear from Valve is that aren't sure if the source has been compromised with potential trojan horses - imo that would be more damaging to them than the "mere" theft of their code. They'll still sell oodles of copies of the game and to be honest I can't see it damaging their potential licencing revenue.
Kids - don't try this at home. Sticking your thumb in soft asphalt isn't big and it isn't clever. Think about the police and ambulance crews turning up to try pulling yer thumb out from the now-not-so-soft asphalt - doesn't quite fit with the smart kid on the block image does it now.
Have a look at http://www.itsec.gov.uk and follow the links to security evaluation criteria and you'll find a lot of information about the various systems and products formally evaluated (that are in the public domains obviously).
Very high-quality code can be developed with enough care and enough cash. The software on the space shuttle is a common example. Still, it's worth pointing out that (as I'm sure you know) the absence of customer bug reports doesn't mean that bugs don't exist, or even that they weren't found. It just means that the bugs are few enough and sufficiently low-impact that no one was bothered by them.
Indeed you are absolutely right, I think I was just trying to point out that there are real, I'd say tangible benefits, to going through the whole evaluation process and getting a certification of whatever type.
Besides, I have this fear that due to pressure on development teams to get products to market, even in the usually more protected atmosphere of government/military systems, that decisions and requirements to enter and just as importantly actually complete evaluations are being removed. In the long term this can only damage the efforts to improve the emphasis that should be given to make products demonstrably secure and allow security and evaluations to be viewed as an expensive luxury by the people holding the purse strings.
As an aside, are you normally some kind of rabid troll? It's not often I come across a reasonable post at -1.
heh, no, I just tend to only get worked up enough to post when evaluations get mentioned and some inconsiderate and clearly misinformed individuals had already nicked my more common nicks.
There are, but they are expensive. There are much more secure and evaluated versions of UNIX floating around. GEMSOS is an A1 evaluated "operating system". Technically it is an A1 M-component of the TNI (Red Book) and is a reference monitor rather than an operating system, but you can develop useful applications on it and get extreme security underneath you for "free". HFSI used to have some offerings and still sell them for running very high assurance mail gateways on. Getronics have their IPR now I think.
The cost is the killer. I know how much time and money Gemini/NCSC (GEMSOS) spent evaluating their system and it's scary. We spent a huge amount of money developing and evaluating our applications on top of it and even that was with the benefit of the A1 evaluation report as the basis of our system.
In the good old days security was more important than useability, but to be honest none of the really secure systems are easy to manage, integrate or maintain so have become dinosaurs.
This is an OS designed from the ground up with peer review at every stage (architecture, design, implementation) and independent verification on top of that. It is utterly restrictive--you wouldn't be able to put a web browser on an EAL7 system (or more to the point, you wouldn't be allowed to write and install one for the system without breaking the certification). This is the software that runs the shuttle and nuclear bases.
Might be reading this wrong but don't confuse the security accreditation of a system with the type of software running complex mission critical systems for the shuttle and so on. Obivously there is great care taken in both types of system, but the focus on the mission critical systems is on resilience and reliability, yes out of that process you also sometimes get security, but there is a great deal more functionality in those systems compared to the amount you would want when developing a EAL6/7 system.
Systems at EAL7 tend to be so functionally minimal they do one very specific task very very predictably. It doesn't actually matter that much that there might be bugs in the system, the important thing is that the behaviour of the system must be predictable. Once you can mathematically "guarantee" the behaviour of the system or provide a "convincing argument" to the correspondence between system and design/model then you are halfway there.
for a mission critical system like you describe, you have to go much further down those paths to handle the situation, on a very high security system you just decide you are under attack and shut down! Yes, you often take the DOS attack on the chin and shut down the system to give that extra bit of confidence that nothing is going to leak out - it keeps the owners of the data happy. Obviously you don't do that sort of thing on a system like a nuclear power plant or the shuttle or a plane or a hospital life support system or whatever.
Just as an aside to the above comment. I've developed a few UKL5/6 and E6 systems under the UKSEC and ITSEC schemes respectively very roughly equivalent to EAL6/7.
Generally at this level the functionality of the system is so minimal that they aren't particularily interesting to watch but fun to develop. The whole development of these systems does mean you need really rigorous standards and processes to make sure you do all the work required by the evaluation, this has a very beneficial side effect that, on one particular system, we never had a customer reported bug in 8/9 years of constant use.
Although initially (very) expensive to develop, purchase and support due to the high skill level required you do end up with way above average quality.
I'm always very skeptical about the real value of evaluations at levels below the discretionary/mandatory access control boundary as you tend to be retrofitting security into an existing system and that horse has been flogged enough here and elsewhere. You only really start to get confidence in the overall security of the product at the higher levels where you tend to be developing from scratch and have more money/resource available to the development process.
I've been playing this game for more than 30 years now and I feel I'm being ripped off. I've introduced loads of new players... I play every day and yet every year they charge me more and more !
Why aren't they encouraging the founder players to stay in the game with more high level content ?
Slashdot Mirror
You know they're reading this laughing at us don't you?!
Is that 43 NASA feet or imperial feet ?
Can't you just see it, send up the shuttle and crew to fetch it back, throw a rope round it, haul it into grab range, everyone's watching from earth, turn it round and start pulling it into the cargo bay then .. Houston, this is Atlantis .. has anyone got a measuring tape ? We seem to have a problem
They often say it's for backhanders to officials to release documentation or shipments of whatever. Then they'll ask for a watch to bribe customs officials.
Couldn't we send in a team of negotiators to try reasoning with it ? Maybe offer it a bribe to hit the next planet along ? If all else fails we could try mocking it.
now that's just going too far ! All these conspiracy therioes are one thing, but a heterosexual slashdot .. NEVER !
and this ..
This page was generated by a Group of Trained Rabbits for RabidStoat (689404) it's been quite a day !
Shush!! don't you know that we don't mention the possibility of advertising in MMOGs in case some advertising is listening ?!
Err, don't you know that Gator isn't spyware. They said it, so it must be true. We aren't allowed to say that Gator is spyware at all, even if we all know and think that it is spyware, we just can't say that it is spyware. I mean if Gator was spyware, they'd have admitted it was spyware wouldn't they ?
I seem to remember that the Strathclyde Fire Brigade were using something like this in Glasgow a few years ago. They had some form of tracking device in the fire engines and a centralised system would turn all traffic lights red as the unit approached.
still not always right though is it ! I mean depending on what it is you're doing pressing the shift key sometimes won't make any difference. Somebody should just sort it out once and for all and make a keyboard with a working "any" key mapped to "return" or some other configurable character. It'd make life so much easier .. dammit make it big and red while you're at it.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).
Who said they only got the source off one PC ? If they got onto a developer's PC it's a fair assumption that they can get to the source control system in place. Try thinking before assuming they only the source off one machine.
As sad as the situation is, I do hope the code has "only" been stolen and they, whoever they are, didn't modify any of the code at Valve. The last thing I'd want to hear from Valve is that aren't sure if the source has been compromised with potential trojan horses - imo that would be more damaging to them than the "mere" theft of their code. They'll still sell oodles of copies of the game and to be honest I can't see it damaging their potential licencing revenue.
Is it African or European chocolate we're using here ?
Kids - don't try this at home. Sticking your thumb in soft asphalt isn't big and it isn't clever. Think about the police and ambulance crews turning up to try pulling yer thumb out from the now-not-so-soft asphalt - doesn't quite fit with the smart kid on the block image does it now.
Have a look at http://www.itsec.gov.uk and follow the links to security evaluation criteria and you'll find a lot of information about the various systems and products formally evaluated (that are in the public domains obviously).
Indeed you are absolutely right, I think I was just trying to point out that there are real, I'd say tangible benefits, to going through the whole evaluation process and getting a certification of whatever type.
Besides, I have this fear that due to pressure on development teams to get products to market, even in the usually more protected atmosphere of government/military systems, that decisions and requirements to enter and just as importantly actually complete evaluations are being removed. In the long term this can only damage the efforts to improve the emphasis that should be given to make products demonstrably secure and allow security and evaluations to be viewed as an expensive luxury by the people holding the purse strings.
As an aside, are you normally some kind of rabid troll? It's not often I come across a reasonable post at -1.
heh, no, I just tend to only get worked up enough to post when evaluations get mentioned and some inconsiderate and clearly misinformed individuals had already nicked my more common nicks.
There are, but they are expensive. There are much more secure and evaluated versions of UNIX floating around. GEMSOS is an A1 evaluated "operating system". Technically it is an A1 M-component of the TNI (Red Book) and is a reference monitor rather than an operating system, but you can develop useful applications on it and get extreme security underneath you for "free". HFSI used to have some offerings and still sell them for running very high assurance mail gateways on. Getronics have their IPR now I think.
The cost is the killer. I know how much time and money Gemini/NCSC (GEMSOS) spent evaluating their system and it's scary. We spent a huge amount of money developing and evaluating our applications on top of it and even that was with the benefit of the A1 evaluation report as the basis of our system.
In the good old days security was more important than useability, but to be honest none of the really secure systems are easy to manage, integrate or maintain so have become dinosaurs.
Might be reading this wrong but don't confuse the security accreditation of a system with the type of software running complex mission critical systems for the shuttle and so on. Obivously there is great care taken in both types of system, but the focus on the mission critical systems is on resilience and reliability, yes out of that process you also sometimes get security, but there is a great deal more functionality in those systems compared to the amount you would want when developing a EAL6/7 system.
Systems at EAL7 tend to be so functionally minimal they do one very specific task very very predictably. It doesn't actually matter that much that there might be bugs in the system, the important thing is that the behaviour of the system must be predictable. Once you can mathematically "guarantee" the behaviour of the system or provide a "convincing argument" to the correspondence between system and design/model then you are halfway there.
for a mission critical system like you describe, you have to go much further down those paths to handle the situation, on a very high security system you just decide you are under attack and shut down! Yes, you often take the DOS attack on the chin and shut down the system to give that extra bit of confidence that nothing is going to leak out - it keeps the owners of the data happy. Obviously you don't do that sort of thing on a system like a nuclear power plant or the shuttle or a plane or a hospital life support system or whatever.
Generally at this level the functionality of the system is so minimal that they aren't particularily interesting to watch but fun to develop. The whole development of these systems does mean you need really rigorous standards and processes to make sure you do all the work required by the evaluation, this has a very beneficial side effect that, on one particular system, we never had a customer reported bug in 8/9 years of constant use.
Although initially (very) expensive to develop, purchase and support due to the high skill level required you do end up with way above average quality.
I'm always very skeptical about the real value of evaluations at levels below the discretionary/mandatory access control boundary as you tend to be retrofitting security into an existing system and that horse has been flogged enough here and elsewhere. You only really start to get confidence in the overall security of the product at the higher levels where you tend to be developing from scratch and have more money/resource available to the development process.
Why aren't they encouraging the founder players to stay in the game with more high level content ?
What billing plans are people on ?
Any discounts for buying a few years up front ?