Once again, its a cool paper all by itself, and slightly (only slightly) off your topic, but the real gold mine, for you, will probably be the reference list at the end of the paper.
Its an interesting topic because its fun to think of how to build the experimental apparatus, possible sources of error and how to work around... Its almost as much fun as that "anomalous gravitational force" that ended up not existing. I'm just barely not old enough to have lived thru the polywater era which probably would have been equally entertaining.
So has there been any research done outside of this JH Jenkins guy and his crew at Purdue? Has this hypothesis been tested and proven elsewhere in this world? I can't find any other publishers...
(no this isn't an arxiv equivalent of a rickroll on my honor as a 5 digit/. uid. However, if someone can find the arxiv equivalent of a rickroll I'll be indebted to them.)
Aside from this individual example, obviously see the references at the end of the paper.
If the rate of radioactive decay can vary, how would this affect things like carbon 14 dating? Very interesting.
The article is behind a paywall which really sucks for scientific progress. Naughty scientists, naughty, naughty. Stuck in the pre internet 80s are we?
Anyway its a "percent or so" fluctuation with a power peak matching the decade or so long solar cycle. So if it applies to carbon exactly like it measured in chlorine (darn unlikely) you'll never be able to carbon date more accurately than, say 1% of the decade or so solar cycle or in other words about a month, at least on first principles. Its like there's an inherent, measurable source of time-jitter in the decay rate signal of about a month. So its nonsense to specify a carbon date beyond a single decimal point of years or there's only one digit of sig figs or however you wanna say it. By first principles I mean given one object and a miracle amazing decay sensor and perfect mass balance and an infinite amount of time to take measurements. By comparing something with an age known more accurately than a month from "about" the same era, you COULD (but in practice probably can't) null the variations that hit both objects to get a measurement more accurate than a month.
Another huge problem is the experiments were done on an obscure chlorine isotope. Since there seems to be no known mechanism in this case, but other known mechanisms that change decay rate are extremely specific to individual isotopes, there seems reason to guess there would be no similar variation in carbon. That combined with the extreme popularity of carbon dating compared to Fing around with radioactive chlorine, it seems very likely the effect is smaller or doesn't exist at all in carbon. "Seems unlikely" is not exactly an iron clad disproof.
So in general that half of the statement is wrong because there's a microscopic handful of really weird, pretty well understood outliers.
On the other hand your very specific ref to carbon isotope decay rate is apparently correct. That's very well understood, heavily studied, trivially cheaply and repeatedly tested (nice short half lives, more or less).
Don't forget their friends and family. Via the magic of social networking this is pretty trivial to figure out.
So... republican medium level state politician with enemies Appears to have a wife who's got memberships on all the major abortion rights discussion websites. Insta-scandal! Or vice versa. You can play the race card, orientation card...
Hell it might even be true without planting evidence... I remember some major federal level candidate a few years back who endlessly spouted off about his hatred of gays who had an out of the closet daughter. Finding this sort of family situation just got a whole lot simpler.
So basically these sites are stealing the abuse-prevention system of another site instead of implementing their own.
Only stealing if they don't have permission. They are collecting all kinds of tasty data mining information in exchange for hosting a login service. So FB knows when and where and who is logging into my local newspaper to post inane comments to their newswire stories. Because 99% of the newspaper site comments are repetitive political sloganeering spam that means FB knows exactly who are not-too-bright active proselytizer political "true believers", on one side or another anyway. That's monetizable information when you sell a mailing list to political parties. Title of the spamlist is probably something like "recently active political activists in zip code 12345" Some database JOINs can fine tune the list to your specific target audience.
Oh, and to avoid double posting, has anyone done some type of cross-check? Does Steve B. have an iTunes account? Does Cook use Hotmail?
Boring examples. Which upper level DEA executive leadership email accounts have NORML / 420 discussion site type of accounts? Which "family values" politicians have "frequent visitor" accounts at Nevada brothels (well, probably easier to ask which don't)?
Better question is if anyone is signing those email addresses up for those "services" right now. There should be a dirty tricks wiki out there with a list of fun places to give accounts to fun people.
Which "fun" account creation sites have poor input sanitation so an enterprising Bobby Tables could try to sign up *@fbi.gov and see if there are any accounts from that domain at all? You can probably Create-a-scandal (TM) just by proving there exists at least one on the job pr0n surfer at the us post office, or whatever.
in the email just put "you're already registered, your work here is done. That or, someone is trying to hack you, please ratchet paranoia accordingly"
And if you're trying to attack an enemy on that site, its something of a three sided coin flip if you're better off freaking them out by re-registering them exactly once, or once per day psuedo-stalking, or a thousand times per hour mailbomb.
Is there any alternative to throwing out a "this email address is already in use" error if a user attempts to register with someone else's email?
Unfortunately yes, and its called "login with your facebook account"
The other alternative since no one uses email anymore except old people, spammers, and presumably old people spammers, is to use something equally trendy. Require twitter handle. Or/. nickname. Or that MS live gamer-tag gamer-handle whatever its called (you can tell the only thing I've ever used it for is GTA4 on a PC)
Boring. Next thing you know we'll have a breathless account of how the secret leaked that they have facebook accounts too.
A much more entertaining social hack would be to sign up for "exotic" hard core pr0n services, then change the sock puppet account email address to these famous execs addresses, then "leak" to journalists. Oh, look, a certain well known patent troll has an account on sheeplovers.com and NORML, whoever would have guessed?
Or how about signing up prominent Republicans (Even better, Democrats!) for Pravda and Russia Today and CPUSA type-of accounts.
...and the most internationally well know country on a planet of 4 billion people...
7.
There are 7(+) billion living humans on Earth.
Otherwise, spot on.
Only 4 billion of them own cellphones the other 3 billion don't count in an article like this.
No, I'm not making this up, there really are 4 billion world wide cell phone owners. Do not confuse this with total subscriber numbers as there are plenty of people with more than one account. There are (insane as it sounds) almost exactly the same number of cell phone company accounts/active devices as human beings.
I doubt there's 18 million people that interested in him.
In him, sure, more than 18 million are probably objectively interested in him. Interested in his spammy twitter feed? Have you seen that thing? Good lord no. Most of those 18 million have to be zombie accounts which haven't been logged into for years or purchased accounts.
""20% of Iowa’s electricity now comes from wind, powering our homes and our businesses in a way that’s clean and renewable."—President Obama"
"Summer sale: Pick up a tank top for 25% off with the code VOTEOBAMA: http://ofa.bo/UhQJeo "
A feed with important stuff to say, sure, I could see that. Now one post a day, sure. But a spam drivel deluge every 30 minutes all day every day? Who would want to be constantly interrupted with a spam stream like that?
the average dealer has the capacity to control as many as 150,000 followers at a time, sometimes more. Those who can control 20,000 fake accounts and can attract sales of $20 or more — the going rate is 1,000 followers for a minimum of $18 — stand to earn roughly $800 per day,
Throw in some "unlimited" and some "caps" and it sounds like a cellphone confuseopoly plan. Break it down simple for a fool like me... Lets look at the market. Say you're 18 and hired as the "social media director" at your F500 megacorp for $250K/yr and your key performance indicator is gaining 1000 twitter followers per month. That means you'll have to whip out your personal credit card for... What, $18 every month, or $18 for every 1000 PER month, or $20 for 20 kiloaccounts or what?
So... twitter is basically a "service" where fake media personalities have their PR agent write fake posts for fake followers to read, because it makes money, huh?
I dropped out of spanish because by third year my fellow classmates were entirely English as a Second Language students who were native speakers only showing up for an easy A, and as one of the last anglos I was way out of my league.
In a similar way the 1st semester CS classes are oriented toward walking total noobs thru "hello_world" at a speed they can follow, but by junior year or so almost all my classmates were like me, doing this stuff since we were like 6 years old, already know most of what the class would teach, better software/hardware/network at home that at school, already have industry jobs, etc.
Much as I can teach you "beer please?" and "where's the bathroom?" and "my/. UID is lower than yours" in spanish in about a day, I can probably teach you the crudest basics of any programming language in about a day.
I'm told that learning your 2nd 3rd 4th spoken language gets easier, every time you learn one you learn the next easier. Programming languages are certainly like that.
Even the epic overconfidence is similar. "I know how to ask for a beer in Spanish, I'm now fully qualified, lets book our flight to Spain!"
Also the teasing is similar. Sure kid, that "O(n^n^n) algorithm is perfectly scalable, you just roll that right out into production, testing in for wussies anyway" is the computer equivalent of teaching a noob that the foreign equivalent of "nice rack, wanna F" actually translates in English to "thank you"
but sooner or later, you'll need to fill that system with reliable content.
... reliable and useful content that's profitable. Or write it off as advertising expense.
I donno about making money off travel guides on the internet. I imagine they sell a heck of a lot of books to people who never use them. So they don't have to be that accurate or up to date and they profit off people who never use the data. Its a gift type of product.
But the only people using the online data are "actually using it" and they're going to be pissed off when its out of date. So less profit and more hassle... may be better off sticking to selling the books.
On the plus side, I donno I guess file it as advertising expense or a loss leader. On the minus side people who get inaccurate data are going to be mad at you...
They are seen as a... environmentally friendly way to overcome the limitations and inconvenience of QR codes...
I'm mystified how that works. Its not like QR codes are inherently toxic by shape, like prions, nanoparticles, or asbestos fibers.
The only QR code I've ever used for a "real" purpose is holding my phone up to the screen to scan a google authenticator QR code. I'm not sure how that would translate to a NFC solution like this... have to print out on a 3-d printer or something?
it will be very difficult to break this unless the targeted party comes forth.
Difficult to break it legally, you mean... All you need do is release a new virus/worm that only does the first hash step, then if by some miracle a match is found the victim gets a popup "You won, to collect your winnings please contact contest@nsa.gov" or whatever.
As sort of a running joke / meme I can imagine black hats doing this purely for fun. The IRC channel for the bot net gets spammed with the PATH and PROGRAMFILES once it finds a match.
Might also make a hilarious "antivirus update" as part of perfectly legit anti-virus suites. Run this test to see if you're vulnerable to the "whatever its called" targeted worm.
Never overlook the obvious. Want to piss off a small security team? Put a small sample of/dev/urandom into a binary blob and release it. They'll spend all their time trying to decrypt that white noise source and never notice the Really Interesting thing nearby it.
Researchers at Kaspersky Lab... publishing encrypted sections and hashes
Ha ha they fell for it. The interesting stuff is going to be around or nearby the distractor, not the distractor itself.
This part makes no sense:
They're publishing encrypted sections and hashes in the hope that cryptographers will be able to help them out.
If that happens it'll be a first in the serious crypto field. How do they expect that to happen? This being from a worm or whatever doesn't make it special.
Look I'll give you a baby example.
"13cbffe03010f846f46f123675bfc3c3"
I'll even make it more baby by telling you its a md5 hash and the plaintext is 11 chars of letters and spaces. The ultimate in baby examples and its still utterly hopeless.
P.S. its not a rickroll URL although that would be funnier than hell. The only thing funnier than the worm designers using/dev/random would be embedding a rickroll or a goatse instead of real worm payload.
Another advantage of my decades old model M is the keys don't stick. I have a POS dell mushboard at work and my biggest annoyance is you need to hit the keys, especially the larger keys, precisely up and down or they stick half way or slip-stick-slip-stick before they hit. So unconsciously the poor quality makes repetitive stress injuries more likely.
Slashdot Mirror
oh and another good one.
http://arxiv.org/abs/1205.7015
Once again, its a cool paper all by itself, and slightly (only slightly) off your topic, but the real gold mine, for you, will probably be the reference list at the end of the paper.
Its an interesting topic because its fun to think of how to build the experimental apparatus, possible sources of error and how to work around... Its almost as much fun as that "anomalous gravitational force" that ended up not existing. I'm just barely not old enough to have lived thru the polywater era which probably would have been equally entertaining.
So has there been any research done outside of this JH Jenkins guy and his crew at Purdue? Has this hypothesis been tested and proven elsewhere in this world? I can't find any other publishers...
http://arxiv.org/abs/0810.3265
(no this isn't an arxiv equivalent of a rickroll on my honor as a 5 digit /. uid. However, if someone can find the arxiv equivalent of a rickroll I'll be indebted to them.)
Aside from this individual example, obviously see the references at the end of the paper.
If the rate of radioactive decay can vary, how would this affect things like carbon 14 dating? Very interesting.
The article is behind a paywall which really sucks for scientific progress. Naughty scientists, naughty, naughty. Stuck in the pre internet 80s are we?
Anyway its a "percent or so" fluctuation with a power peak matching the decade or so long solar cycle. So if it applies to carbon exactly like it measured in chlorine (darn unlikely) you'll never be able to carbon date more accurately than, say 1% of the decade or so solar cycle or in other words about a month, at least on first principles. Its like there's an inherent, measurable source of time-jitter in the decay rate signal of about a month. So its nonsense to specify a carbon date beyond a single decimal point of years or there's only one digit of sig figs or however you wanna say it. By first principles I mean given one object and a miracle amazing decay sensor and perfect mass balance and an infinite amount of time to take measurements. By comparing something with an age known more accurately than a month from "about" the same era, you COULD (but in practice probably can't) null the variations that hit both objects to get a measurement more accurate than a month.
Another huge problem is the experiments were done on an obscure chlorine isotope. Since there seems to be no known mechanism in this case, but other known mechanisms that change decay rate are extremely specific to individual isotopes, there seems reason to guess there would be no similar variation in carbon. That combined with the extreme popularity of carbon dating compared to Fing around with radioactive chlorine, it seems very likely the effect is smaller or doesn't exist at all in carbon. "Seems unlikely" is not exactly an iron clad disproof.
Nothing can effect the rate of decay of radioactive materials; it is, has been, and always will be constant. Just like the carbon 12/14 balance.
Half right half wrong.
Here's a whole section of crazy weird isotopes in crazy weird situations undergoing crazy weird decay modes that can be altered:
http://en.wikipedia.org/wiki/Radioactive_decay#Changing_decay_rates
So in general that half of the statement is wrong because there's a microscopic handful of really weird, pretty well understood outliers.
On the other hand your very specific ref to carbon isotope decay rate is apparently correct. That's very well understood, heavily studied, trivially cheaply and repeatedly tested (nice short half lives, more or less).
using the email addresses of famous people
Don't forget their friends and family. Via the magic of social networking this is pretty trivial to figure out.
So... republican medium level state politician with enemies Appears to have a wife who's got memberships on all the major abortion rights discussion websites. Insta-scandal! Or vice versa. You can play the race card, orientation card...
Hell it might even be true without planting evidence... I remember some major federal level candidate a few years back who endlessly spouted off about his hatred of gays who had an out of the closet daughter. Finding this sort of family situation just got a whole lot simpler.
So basically these sites are stealing the abuse-prevention system of another site instead of implementing their own.
Only stealing if they don't have permission. They are collecting all kinds of tasty data mining information in exchange for hosting a login service. So FB knows when and where and who is logging into my local newspaper to post inane comments to their newswire stories. Because 99% of the newspaper site comments are repetitive political sloganeering spam that means FB knows exactly who are not-too-bright active proselytizer political "true believers", on one side or another anyway. That's monetizable information when you sell a mailing list to political parties. Title of the spamlist is probably something like "recently active political activists in zip code 12345" Some database JOINs can fine tune the list to your specific target audience.
could try to sign up *@fbi.gov
Good lord its early in the morning here. %@fbi.gov obviously.
Oh, and to avoid double posting, has anyone done some type of cross-check? Does Steve B. have an iTunes account? Does Cook use Hotmail?
Boring examples. Which upper level DEA executive leadership email accounts have NORML / 420 discussion site type of accounts? Which "family values" politicians have "frequent visitor" accounts at Nevada brothels (well, probably easier to ask which don't)?
Better question is if anyone is signing those email addresses up for those "services" right now. There should be a dirty tricks wiki out there with a list of fun places to give accounts to fun people.
Which "fun" account creation sites have poor input sanitation so an enterprising Bobby Tables could try to sign up *@fbi.gov and see if there are any accounts from that domain at all? You can probably Create-a-scandal (TM) just by proving there exists at least one on the job pr0n surfer at the us post office, or whatever.
in the email just put "you're already registered, your work here is done. That or, someone is trying to hack you, please ratchet paranoia accordingly"
And if you're trying to attack an enemy on that site, its something of a three sided coin flip if you're better off freaking them out by re-registering them exactly once, or once per day psuedo-stalking, or a thousand times per hour mailbomb.
Is there any alternative to throwing out a "this email address is already in use" error if a user attempts to register with someone else's email?
Unfortunately yes, and its called "login with your facebook account"
The other alternative since no one uses email anymore except old people, spammers, and presumably old people spammers, is to use something equally trendy. Require twitter handle. Or /. nickname. Or that MS live gamer-tag gamer-handle whatever its called (you can tell the only thing I've ever used it for is GTA4 on a PC)
Starwood hotel chain... Dropbox accounts ...
Boring. Next thing you know we'll have a breathless account of how the secret leaked that they have facebook accounts too.
A much more entertaining social hack would be to sign up for "exotic" hard core pr0n services, then change the sock puppet account email address to these famous execs addresses, then "leak" to journalists. Oh, look, a certain well known patent troll has an account on sheeplovers.com and NORML, whoever would have guessed?
Or how about signing up prominent Republicans (Even better, Democrats!) for Pravda and Russia Today and CPUSA type-of accounts.
Geeze isn't it simpler to just install linux or get a mac?
You're right if he was going to get killed by a professional group it would not be something so obvious as a drone strike.
Agreed. They'd probably start by framing the guy in some kind of sex scandal, as is traditional for the US. Oh wait...
Khan tapped jQuery creator John Resig, who chose JavaScript as the worst language to teach students.
FTFY
Oh please. Visual basic. Intercal. Assembly language / raw machine code. Cobol. Pascal. Awk !
...and the most internationally well know country on a planet of 4 billion people...
7.
There are 7(+) billion living humans on Earth.
Otherwise, spot on.
Only 4 billion of them own cellphones the other 3 billion don't count in an article like this.
No, I'm not making this up, there really are 4 billion world wide cell phone owners. Do not confuse this with total subscriber numbers as there are plenty of people with more than one account. There are (insane as it sounds) almost exactly the same number of cell phone company accounts/active devices as human beings.
I doubt there's 18 million people that interested in him.
In him, sure, more than 18 million are probably objectively interested in him. Interested in his spammy twitter feed? Have you seen that thing? Good lord no. Most of those 18 million have to be zombie accounts which haven't been logged into for years or purchased accounts.
https://twitter.com/BarackObama
""20% of Iowa’s electricity now comes from wind, powering our homes and our businesses in a way that’s clean and renewable."—President Obama"
"Summer sale: Pick up a tank top for 25% off with the code VOTEOBAMA: http://ofa.bo/UhQJeo "
A feed with important stuff to say, sure, I could see that. Now one post a day, sure. But a spam drivel deluge every 30 minutes all day every day? Who would want to be constantly interrupted with a spam stream like that?
the average dealer has the capacity to control as many as 150,000 followers at a time, sometimes more. Those who can control 20,000 fake accounts and can attract sales of $20 or more — the going rate is 1,000 followers for a minimum of $18 — stand to earn roughly $800 per day,
Throw in some "unlimited" and some "caps" and it sounds like a cellphone confuseopoly plan. Break it down simple for a fool like me... Lets look at the market. Say you're 18 and hired as the "social media director" at your F500 megacorp for $250K/yr and your key performance indicator is gaining 1000 twitter followers per month. That means you'll have to whip out your personal credit card for... What, $18 every month, or $18 for every 1000 PER month, or $20 for 20 kiloaccounts or what?
So... twitter is basically a "service" where fake media personalities have their PR agent write fake posts for fake followers to read, because it makes money, huh?
Whoa I just thought of another crazy comparison.
I dropped out of spanish because by third year my fellow classmates were entirely English as a Second Language students who were native speakers only showing up for an easy A, and as one of the last anglos I was way out of my league.
In a similar way the 1st semester CS classes are oriented toward walking total noobs thru "hello_world" at a speed they can follow, but by junior year or so almost all my classmates were like me, doing this stuff since we were like 6 years old, already know most of what the class would teach, better software/hardware/network at home that at school, already have industry jobs, etc.
The similarity with spoken language is uncanny.
Much as I can teach you "beer please?" and "where's the bathroom?" and "my /. UID is lower than yours" in spanish in about a day, I can probably teach you the crudest basics of any programming language in about a day.
I'm told that learning your 2nd 3rd 4th spoken language gets easier, every time you learn one you learn the next easier. Programming languages are certainly like that.
Even the epic overconfidence is similar. "I know how to ask for a beer in Spanish, I'm now fully qualified, lets book our flight to Spain!"
Also the teasing is similar. Sure kid, that "O(n^n^n) algorithm is perfectly scalable, you just roll that right out into production, testing in for wussies anyway" is the computer equivalent of teaching a noob that the foreign equivalent of "nice rack, wanna F" actually translates in English to "thank you"
Though, arguably, you CAN put such a loader and throw in random data just for trolling.
Exactly.
but sooner or later, you'll need to fill that system with reliable content.
... reliable and useful content that's profitable. Or write it off as advertising expense.
I donno about making money off travel guides on the internet. I imagine they sell a heck of a lot of books to people who never use them. So they don't have to be that accurate or up to date and they profit off people who never use the data. Its a gift type of product.
But the only people using the online data are "actually using it" and they're going to be pissed off when its out of date. So less profit and more hassle... may be better off sticking to selling the books.
On the plus side, I donno I guess file it as advertising expense or a loss leader. On the minus side people who get inaccurate data are going to be mad at you...
They are seen as a ... environmentally friendly way to overcome the limitations and inconvenience of QR codes...
I'm mystified how that works. Its not like QR codes are inherently toxic by shape, like prions, nanoparticles, or asbestos fibers.
The only QR code I've ever used for a "real" purpose is holding my phone up to the screen to scan a google authenticator QR code. I'm not sure how that would translate to a NFC solution like this... have to print out on a 3-d printer or something?
it will be very difficult to break this unless the targeted party comes forth.
Difficult to break it legally, you mean... All you need do is release a new virus/worm that only does the first hash step, then if by some miracle a match is found the victim gets a popup "You won, to collect your winnings please contact contest@nsa.gov" or whatever.
As sort of a running joke / meme I can imagine black hats doing this purely for fun. The IRC channel for the bot net gets spammed with the PATH and PROGRAMFILES once it finds a match.
Might also make a hilarious "antivirus update" as part of perfectly legit anti-virus suites. Run this test to see if you're vulnerable to the "whatever its called" targeted worm.
Never overlook the obvious. Want to piss off a small security team? Put a small sample of /dev/urandom into a binary blob and release it. They'll spend all their time trying to decrypt that white noise source and never notice the Really Interesting thing nearby it.
Researchers at Kaspersky Lab ... publishing encrypted sections and hashes
Ha ha they fell for it. The interesting stuff is going to be around or nearby the distractor, not the distractor itself.
This part makes no sense:
They're publishing encrypted sections and hashes in the hope that cryptographers will be able to help them out.
If that happens it'll be a first in the serious crypto field. How do they expect that to happen? This being from a worm or whatever doesn't make it special.
Look I'll give you a baby example.
"13cbffe03010f846f46f123675bfc3c3"
I'll even make it more baby by telling you its a md5 hash and the plaintext is 11 chars of letters and spaces. The ultimate in baby examples and its still utterly hopeless.
P.S. its not a rickroll URL although that would be funnier than hell. The only thing funnier than the worm designers using /dev/random would be embedding a rickroll or a goatse instead of real worm payload.
Another advantage of my decades old model M is the keys don't stick. I have a POS dell mushboard at work and my biggest annoyance is you need to hit the keys, especially the larger keys, precisely up and down or they stick half way or slip-stick-slip-stick before they hit. So unconsciously the poor quality makes repetitive stress injuries more likely.