Looks like to exploit this, you need the MAC addrs. 1) One way is to be on the same LAN segment and watch a sniffer. This means you're already dead because you've lost physical security. 2) Another way is to telnet (FREAKING telnet in 2012?) into the device and the MAC is in the MOTD. This means you're already dead because you've lost all network security. What kind of madman allows telnet traffic thru a firewall in 2012? What kind of a madman allows unrestricted internet access to an embedded control device? 3) If you manage to somehow own a plain ole PC on a scada network, now you can own embedded control devices. But having an owned PC on your network means you're dead anyway.
I'm still struggling to figure out how a live, well run network could be in danger. What I mean is to implement this exploit takes a system that is already more screwed up than anything you could do with the exploit.
I based it on some wikipedia estimate of about 10% in India being in the middle class and about 30% in the US being in the middle class, and the middle class being the target market for a non-iphone smartphone.
30% of 300 million in the USA is 90 mil They're poor in India despite sending most of our middle class jobs there and also to China, so we'll give them only 1/3 of the market penetration 10% of 1.2 billion in India is 120 mil Looks like India is a better market than the US, or at least as more theoretical customers.
Aside from abstract contemplation of "progress" vs "backwards" it probably burns power and generates crazy heat.
I have a X86 netbook on my desk running Android ICS. An old Asus EEE model 900. (my wife has like a 700 also running ICS). It works great, really. The keyboard, although icky netbook size, is better than any smartphone I've ever seen, and the speakers, although icky netbook speakers, are better than any phone or tablet speakers I've ever experienced. The problem is that even running non-emulated (limited selection) apps without an emu layer, it pumps out so much heat even just idling that the cooling fan never turns off. Whirr 24x7. I would imagine an emulation layer would consume even more power.
I would theorize that much as laptops which burn laps are VERY old news, in the future, phones that burn ears and hands are going to be news.
Who will make the first smartphone with a cooling fan? Or a monster solid aluminum heatsink case like a handheld land mobile or ham radio HT?
My experiences show Android X86 would make a pretty good desktop OS for the average user. I'm looking into adding a desktop running android and putting it on the KVM with the other 4 machines on my desk at home (I guess making it my 5th machine)
2) What's your definition of a firewall then? This is a device that monitors the incoming and outgoing traffic of network(-able) hosts and can block/deny malicious traffic.
What is a wireless firewall? a sphere of tinfoil and a WRT54G with one antenna inside and one outside?
If he had believed his own "theory" he would have moved to the Arctic. He hasn't.
Most of this stuff is aimed as an excuse for increasing govt control, the usual statist stuff, with the early alarmists in charge of course, since they're the most experienced WRT the subject etc etc. "I'll be king of the carbon credits market!!" or "I'll be the bureaucrat at the EPA in charge of the CO2 as a poison department!!" and so on.
Evacuation to the arctic is pointless is the goal was control and power here. Unless we annex the arctic as a "northern manifest destiny" or something like that. Which could happen...
Its a bragging thing, you can always identify the losers by looking for the braggarts..mil folks who brag and tell combat stories to civilians, generally, have never been overseas, or at most were ultra REMFs and are lying about the whole thing. The guys who try not to talk about it, or won't even talk about it unless they're drunk or with their buddies who were there with them, they're the real heros.
The mensa situation is the same. Most people bragging about their membership are not even members. Its not like HQ GPG signs your certificate and you actually check the sigs. Go to the Mighty GOOG, enter "mensa membership" and click on "Images" in the black bar, and you get a pages of membership certs and cards ranging from ancient to recent. Anyone who is not a total noob/idiot can print their own cert in at most an hours work. Making a really good fake cert is probably a better overall intel test than passing the official test, anyway.
My experience with international testing shows that all foreign TAs had perfect TOEFL test scores, but we all know they mostly didn't speak/read/write English. I wouldn't read too much into "perfect" international SAT/GRE scores.
1) Can't abbreviate VLAN properly 2) A firewall for wireless devices 3) attracted attention in Washington = some politically connected consultant is making bank
Does anyone know what the (plausible) ROI for this is?
Most people are just going to babble nonsense in this article, but I'm going to try to actually give you numbers.
You can orbit a Kg for about "ten grand". However asteroids are already in orbit, and it takes a hell of a lot less fuel to deorbit than to orbit. So to a VERY crude first approximation the delivery expense is perhaps a buck per gram. Precious metals from the ground cost around one to two orders of magnitude more. So the delivery cost seems high in an absolute sense, but its not really a significant fraction of the cost of the metal.
Its kind of like complaining that you can't mine gold in South Africa because a 747 cargo plane costs $50M and $50M is a lot to spend for a little gold. Well, yes $50M is a lot of dough but you'd find that the cargo capacity of a 747 in gold is worth a whole hell of a lot more than $50M, so suddenly the airplane cost doesn't matter much.
The ROI killer is going to be the mysterious and unclear latency from when the $ are spent until the capsules of solid gold hit the earth. I would postulate that you're trading the risks of international and national politics (nationalization of mines, strikes, government delaying regulation, etc) for technology risks.
I think the ROI/risk is about as bad as opening a gold mine in South Africa. Much riskier than a diamond mine in Canada. Not as risky as a rare earth mine anywhere on the African continent. Its a plausible realistic investment.
If at no point he said or insinuated that he is an expert, there shouldn't be any problem, right ?
That is the problem, you should not require a license or permission to provide dietary advice. They are selectively enforcing it only on him as an individual. Almost all "health oriented" marketing advertisements of all kinds are in violation unless the person who wrote the ad copy purchased a license from NC to be permitted to exercise free speech in NC. Also most restaurant reviewers, cooking TV shows, are illegal in NC. The only reason he is being selectively punished is merely because he's one dude who publicly humiliated some moron in power, who now wants to get even with him. What a disgusting government NC has.
Hammer - Obviously perl. Technically, you can do absolutely anything with it, but sometimes the results will look like hell. Swiss-Army Chainsaw makes a good second tool choice for perl.
Phillips screwdriver - Obviously Ruby. The mythology is both came from Japan, although phillips doesn't sound very Japanese, in ye olden days stuff made in America had slot screws and stuff made in Japan had philips screws, so obviously phillips came from Japan. Also more ruby is probably being written outside Japan than within, now a days, but I still hear people claim Ruby is japanese.
Just fill out a physical plant request form in triplicate and get your boss/mom to sign and your bosses boss to notarize - Obviously the hyperverbose business languages like cobol and java where hello world takes 3 pages and an hour of explanation.
Plumbers helper / plunger - Obvious GDB reference
Table saw - Obvious assembly language reference. Works great and fast, until you cut your hand off and it makes a mess of the project.
Having trouble finding analogies for the rototiller and the roofing nailgun. Please advise...
Kind of like how I am intimately familiar with Perl and Ruby and they're similar, sorta, in how Perl can usually be trivially dumped into Ruby and then search and replaced and hacked up to run.
However, I'm not really a Perl programmer, I'm a CPAN programmer. My "perl" scripts are merely some glue and bug/issue fixes between weird CPAN routines. That is the problem with going from Perl to Ruby.
z=x+y; doesn't require much work either in the Perl-Ruby transition or the C-C++ transition. Outside/addon libraries are a hairpulling nightmare.
Its not just the syntax changes either to use a different library name and maybe some different limitations and parameters... its the crazy code I put in Perl to work around some bug/issue that needs to be removed and then new crazy code in Ruby to work around some ruby gem limitation.
I would expect that a lot of companies are probably working on importing their legacy systems to work for the new 64 bit systems.
a good amount of legacy systems are written in C, and most of those C written programs are fairly optimized for their platform they were designed to run, and we are starting to switch to 64 bit and multi-core architecture.
You're more or less paraphrasing an email I recall from Linus back in '94 when the 64 bit Digital Alpha port was just beginning. Of course that's 18 years ago not anything new. I think we still have many more years of the "64 bits is new" meme left. With more GOOG effort I could probably find that email. Or it might have been an old Linux Journal article about the alpha port rather than an email. Hmm.
I was pretty late to the conversion to 64 bits compared to most people in the biz. I don't think the debian amd64 port was released until 2007 ish, I think as part of Debian 4.0/etch, although I was using the amd64 port as "testing" (before it became "etch") for at least a year or two earlier.
Some of our amd64 hardware at work is considered legacy now, just because its so old.
I remember in the early years of the 32/64 bit conversion, like half a decade ago, running legacy non-free software like the 32 bit flash player on a 64 bit OS was a pretty interesting problem, but it was all solved a long time ago, so its not interesting anymore. I would imagine someday in the future the windows folks will have similar interesting experiences when they catch up to linux, as they always eventually do.
They should need a warrant to look at tax records, property records
Why? I don't need a warrant to look at them, why should they?
tax records
Partially public where I live. Federal/state income tax, private as far as I know. I believe that several of the psuedo-tax psuedo-license hybrids like hunting licenses are freely available. Property tax, public as can be. Even available online. My local town hall no longer issues paper receipts for tax payments, just "wait a couple days and print out the paid in full receipt from the website, if you need a receipt for your mortgage company or whatever".
property records
Completely public where I live. Including historical. Only current info available to the public for free online from the govt, historical has a minimal fee from the govt and there are private resellers. When I was a little kid, my mom had a part time job during school hours doing historical title searches for real estate lawyers, insurance companies, and just plain ole private citizens. Like many "pre-computing" jobs she was pretty much a human "grep" command, although there was considerable analysis required the more non standard the request (figure out everyone in the city living on land formerly owned and contaminated by some corporation, etc). The service she was providing was not gaining access to the free public records, but searching and analyzing them cheaper and faster than the general public could. Also she had purchased a bond WRT to not falsifying reports or whatever its called exactly.
You don't get to say "Well, they barked a name and badge number at me and said it was urgent, so I had to tell them."
Having been tangentially involved in these situations, you DO get to say, I'll call back at your contact number.
As you can imagine we have written procedures for this, one of many steps is calling back the telephone book number of their office/station to get verification.
This actually works ridiculously well, because unlike on TV shows, most real world requests take at least a couple minutes work on the internet/telco side (if not much longer), so while tech #1 calls back doing the security check, tech #2 is doing the actual tech work to at least begin the process. Also it works well because we grill them for every detail we can get before hanging up... if the station says badge number 1337 doesn't exist and there is no such activity going on, then we simply file a report of all the details they were looking for (presumed stalking victim, etc).
I am told by cops this is pretty much the same way it works with the water/gas/electric/cellphone companies (example, in a barricade/hostage situation you shut off the gas so they can't blow the place up, etc). Same protocol at every telco/internet provider I've worked for. Its the multi industry standard comm protocol for cops-utilities cooperation. Its only unusual, or unknown, on TV or maybe in extremely rural service areas.
I've never worked for a telco or ISP or other service provider with only one phone line and only one employee in the network control center, so there probably are occasions where the officer doesn't get hung up on, but rest assured "someone" is calling the station to verify even if the officer on the line doesn't know he's being checked up on.
Usually everyone gets into the act and one guy calls the sup on duty assuming he's not on site and shoulder surfing, another guy does verification, another guy does the tech work, another guy talks to the actual officer, and another guy starts channel surfing for live TV if its a hostage situation or a chase simply because its cool. Its much more exciting than the daily fiber cut, or the weekly thunderstorm, or the monthly maintenance-gone-wrong disaster.
My guess is if the hardliners wanted to kill a school full of girls, they'd actually kill some.
This is insightful. Popular cultural sport over there is setting off IEDs and suicide bombings and sniping. Poisoning is way out of character, not their thing at all. When is the last time an american soldier was killed over there by a roadside water poisoning? Or anyone?
It might turn out that its a very tenuous connection, like if the bad guys would stop blowing up our supply convoys, we could replace our water filter elements on a regular basis, but we can't, so the water is unsafe, therefore the extremists poisoned the girls, using extremely stretched logic.
That kind of bulb dies mostly because of heat. Its (degrees above room temp) * (years of operation) thats constant, not (years of operation), in my experience.
In my chilly basement workshop, zero LED fails. outside unvented fixture, they fail, and only fail during summer.
Thats the problem with your 18 year suggestion for all bulbs, the bulbs over your kitchen stove etc are not going to last 1/10th as long as the LED bulb in your fridge.
Slashdot Mirror
Looks like to exploit this, you need the MAC addrs.
1) One way is to be on the same LAN segment and watch a sniffer. This means you're already dead because you've lost physical security.
2) Another way is to telnet (FREAKING telnet in 2012?) into the device and the MAC is in the MOTD. This means you're already dead because you've lost all network security. What kind of madman allows telnet traffic thru a firewall in 2012? What kind of a madman allows unrestricted internet access to an embedded control device?
3) If you manage to somehow own a plain ole PC on a scada network, now you can own embedded control devices. But having an owned PC on your network means you're dead anyway.
I'm still struggling to figure out how a live, well run network could be in danger. What I mean is to implement this exploit takes a system that is already more screwed up than anything you could do with the exploit.
I based it on some wikipedia estimate of about 10% in India being in the middle class and about 30% in the US being in the middle class, and the middle class being the target market for a non-iphone smartphone.
30% of 300 million in the USA is 90 mil
They're poor in India despite sending most of our middle class jobs there and also to China, so we'll give them only 1/3 of the market penetration
10% of 1.2 billion in India is 120 mil
Looks like India is a better market than the US, or at least as more theoretical customers.
Aside from abstract contemplation of "progress" vs "backwards" it probably burns power and generates crazy heat.
I have a X86 netbook on my desk running Android ICS. An old Asus EEE model 900. (my wife has like a 700 also running ICS). It works great, really. The keyboard, although icky netbook size, is better than any smartphone I've ever seen, and the speakers, although icky netbook speakers, are better than any phone or tablet speakers I've ever experienced. The problem is that even running non-emulated (limited selection) apps without an emu layer, it pumps out so much heat even just idling that the cooling fan never turns off. Whirr 24x7. I would imagine an emulation layer would consume even more power.
I would theorize that much as laptops which burn laps are VERY old news, in the future, phones that burn ears and hands are going to be news.
Who will make the first smartphone with a cooling fan? Or a monster solid aluminum heatsink case like a handheld land mobile or ham radio HT?
My experiences show Android X86 would make a pretty good desktop OS for the average user. I'm looking into adding a desktop running android and putting it on the KVM with the other 4 machines on my desk at home (I guess making it my 5th machine)
2) What's your definition of a firewall then? This is a device that monitors the incoming and outgoing traffic of network(-able) hosts and can block/deny malicious traffic.
What is a wireless firewall? a sphere of tinfoil and a WRT54G with one antenna inside and one outside?
If he had believed his own "theory" he would have moved to the Arctic. He hasn't.
Most of this stuff is aimed as an excuse for increasing govt control, the usual statist stuff, with the early alarmists in charge of course, since they're the most experienced WRT the subject etc etc. "I'll be king of the carbon credits market!!" or "I'll be the bureaucrat at the EPA in charge of the CO2 as a poison department!!" and so on.
Evacuation to the arctic is pointless is the goal was control and power here. Unless we annex the arctic as a "northern manifest destiny" or something like that. Which could happen...
Its a bragging thing, you can always identify the losers by looking for the braggarts. .mil folks who brag and tell combat stories to civilians, generally, have never been overseas, or at most were ultra REMFs and are lying about the whole thing. The guys who try not to talk about it, or won't even talk about it unless they're drunk or with their buddies who were there with them, they're the real heros.
The mensa situation is the same. Most people bragging about their membership are not even members. Its not like HQ GPG signs your certificate and you actually check the sigs. Go to the Mighty GOOG, enter "mensa membership" and click on "Images" in the black bar, and you get a pages of membership certs and cards ranging from ancient to recent. Anyone who is not a total noob/idiot can print their own cert in at most an hours work. Making a really good fake cert is probably a better overall intel test than passing the official test, anyway.
My experience with international testing shows that all foreign TAs had perfect TOEFL test scores, but we all know they mostly didn't speak/read/write English.
I wouldn't read too much into "perfect" international SAT/GRE scores.
1) Can't abbreviate VLAN properly
2) A firewall for wireless devices
3) attracted attention in Washington = some politically connected consultant is making bank
How much methane can you get by rotting stuff once it warms up enough to rot? Or is that the simple words version of "stored in ... permafrost"
Well the android app is "formerly known as google docs" so I already have it installed.
Does anyone know what the (plausible) ROI for this is?
Most people are just going to babble nonsense in this article, but I'm going to try to actually give you numbers.
You can orbit a Kg for about "ten grand". However asteroids are already in orbit, and it takes a hell of a lot less fuel to deorbit than to orbit. So to a VERY crude first approximation the delivery expense is perhaps a buck per gram. Precious metals from the ground cost around one to two orders of magnitude more. So the delivery cost seems high in an absolute sense, but its not really a significant fraction of the cost of the metal.
Its kind of like complaining that you can't mine gold in South Africa because a 747 cargo plane costs $50M and $50M is a lot to spend for a little gold. Well, yes $50M is a lot of dough but you'd find that the cargo capacity of a 747 in gold is worth a whole hell of a lot more than $50M, so suddenly the airplane cost doesn't matter much.
The ROI killer is going to be the mysterious and unclear latency from when the $ are spent until the capsules of solid gold hit the earth. I would postulate that you're trading the risks of international and national politics (nationalization of mines, strikes, government delaying regulation, etc) for technology risks.
I think the ROI/risk is about as bad as opening a gold mine in South Africa. Much riskier than a diamond mine in Canada. Not as risky as a rare earth mine anywhere on the African continent. Its a plausible realistic investment.
Its called a business license, and you're almost certainly in violation unless you have one.
Also depending on where you made the phone call, you might or might not be in violation of property zoning laws.
I've seen that video (coincidentally its in the same vein more or less as the OP's website), and he could be charged in NC.
giving actual medical advice
The problem is he's merely providing diet advice, which is not medical advice.
Here is an example of a violation of the NC law (thank god I don't live there):
"I advise you not to eat at McDonalds because a homemade salad is more nutritious than a cheeseburger".
thats all it takes to be a criminal in NC.
Its basically a blasphemy law, but applied to diet instead of gods.
If at no point he said or insinuated that he is an expert, there shouldn't be any problem, right ?
That is the problem, you should not require a license or permission to provide dietary advice. They are selectively enforcing it only on him as an individual. Almost all "health oriented" marketing advertisements of all kinds are in violation unless the person who wrote the ad copy purchased a license from NC to be permitted to exercise free speech in NC. Also most restaurant reviewers, cooking TV shows, are illegal in NC. The only reason he is being selectively punished is merely because he's one dude who publicly humiliated some moron in power, who now wants to get even with him. What a disgusting government NC has.
Hammer - Obviously perl. Technically, you can do absolutely anything with it, but sometimes the results will look like hell. Swiss-Army Chainsaw makes a good second tool choice for perl.
Phillips screwdriver - Obviously Ruby. The mythology is both came from Japan, although phillips doesn't sound very Japanese, in ye olden days stuff made in America had slot screws and stuff made in Japan had philips screws, so obviously phillips came from Japan. Also more ruby is probably being written outside Japan than within, now a days, but I still hear people claim Ruby is japanese.
Just fill out a physical plant request form in triplicate and get your boss/mom to sign and your bosses boss to notarize - Obviously the hyperverbose business languages like cobol and java where hello world takes 3 pages and an hour of explanation.
Plumbers helper / plunger - Obvious GDB reference
Table saw - Obvious assembly language reference. Works great and fast, until you cut your hand off and it makes a mess of the project.
Having trouble finding analogies for the rototiller and the roofing nailgun. Please advise...
Its all in the libraries.
Kind of like how I am intimately familiar with Perl and Ruby and they're similar, sorta, in how Perl can usually be trivially dumped into Ruby and then search and replaced and hacked up to run.
However, I'm not really a Perl programmer, I'm a CPAN programmer. My "perl" scripts are merely some glue and bug/issue fixes between weird CPAN routines. That is the problem with going from Perl to Ruby.
z=x+y; doesn't require much work either in the Perl-Ruby transition or the C-C++ transition. Outside/addon libraries are a hairpulling nightmare.
Its not just the syntax changes either to use a different library name and maybe some different limitations and parameters... its the crazy code I put in Perl to work around some bug/issue that needs to be removed and then new crazy code in Ruby to work around some ruby gem limitation.
Oh and then testing.
I would expect that a lot of companies are probably working on importing their legacy systems to work for the new 64 bit systems.
a good amount of legacy systems are written in C, and most of those C written programs are fairly optimized for their platform they were designed to run, and we are starting to switch to 64 bit and multi-core architecture.
You're more or less paraphrasing an email I recall from Linus back in '94 when the 64 bit Digital Alpha port was just beginning. Of course that's 18 years ago not anything new. I think we still have many more years of the "64 bits is new" meme left. With more GOOG effort I could probably find that email. Or it might have been an old Linux Journal article about the alpha port rather than an email. Hmm.
I was pretty late to the conversion to 64 bits compared to most people in the biz. I don't think the debian amd64 port was released until 2007 ish, I think as part of Debian 4.0/etch, although I was using the amd64 port as "testing" (before it became "etch") for at least a year or two earlier.
Some of our amd64 hardware at work is considered legacy now, just because its so old.
I remember in the early years of the 32/64 bit conversion, like half a decade ago, running legacy non-free software like the 32 bit flash player on a 64 bit OS was a pretty interesting problem, but it was all solved a long time ago, so its not interesting anymore. I would imagine someday in the future the windows folks will have similar interesting experiences when they catch up to linux, as they always eventually do.
They should need a warrant to look at tax records, property records
Why? I don't need a warrant to look at them, why should they?
tax records
Partially public where I live. Federal/state income tax, private as far as I know. I believe that several of the psuedo-tax psuedo-license hybrids like hunting licenses are freely available. Property tax, public as can be. Even available online. My local town hall no longer issues paper receipts for tax payments, just "wait a couple days and print out the paid in full receipt from the website, if you need a receipt for your mortgage company or whatever".
property records
Completely public where I live. Including historical. Only current info available to the public for free online from the govt, historical has a minimal fee from the govt and there are private resellers. When I was a little kid, my mom had a part time job during school hours doing historical title searches for real estate lawyers, insurance companies, and just plain ole private citizens. Like many "pre-computing" jobs she was pretty much a human "grep" command, although there was considerable analysis required the more non standard the request (figure out everyone in the city living on land formerly owned and contaminated by some corporation, etc). The service she was providing was not gaining access to the free public records, but searching and analyzing them cheaper and faster than the general public could. Also she had purchased a bond WRT to not falsifying reports or whatever its called exactly.
You don't get to say "Well, they barked a name and badge number at me and said it was urgent, so I had to tell them."
Having been tangentially involved in these situations, you DO get to say, I'll call back at your contact number.
As you can imagine we have written procedures for this, one of many steps is calling back the telephone book number of their office/station to get verification.
This actually works ridiculously well, because unlike on TV shows, most real world requests take at least a couple minutes work on the internet/telco side (if not much longer), so while tech #1 calls back doing the security check, tech #2 is doing the actual tech work to at least begin the process. Also it works well because we grill them for every detail we can get before hanging up... if the station says badge number 1337 doesn't exist and there is no such activity going on, then we simply file a report of all the details they were looking for (presumed stalking victim, etc).
I am told by cops this is pretty much the same way it works with the water/gas/electric/cellphone companies (example, in a barricade/hostage situation you shut off the gas so they can't blow the place up, etc). Same protocol at every telco/internet provider I've worked for. Its the multi industry standard comm protocol for cops-utilities cooperation. Its only unusual, or unknown, on TV or maybe in extremely rural service areas.
I've never worked for a telco or ISP or other service provider with only one phone line and only one employee in the network control center, so there probably are occasions where the officer doesn't get hung up on, but rest assured "someone" is calling the station to verify even if the officer on the line doesn't know he's being checked up on.
Usually everyone gets into the act and one guy calls the sup on duty assuming he's not on site and shoulder surfing, another guy does verification, another guy does the tech work, another guy talks to the actual officer, and another guy starts channel surfing for live TV if its a hostage situation or a chase simply because its cool. Its much more exciting than the daily fiber cut, or the weekly thunderstorm, or the monthly maintenance-gone-wrong disaster.
My guess is if the hardliners wanted to kill a school full of girls, they'd actually kill some.
This is insightful. Popular cultural sport over there is setting off IEDs and suicide bombings and sniping. Poisoning is way out of character, not their thing at all. When is the last time an american soldier was killed over there by a roadside water poisoning? Or anyone?
It might turn out that its a very tenuous connection, like if the bad guys would stop blowing up our supply convoys, we could replace our water filter elements on a regular basis, but we can't, so the water is unsafe, therefore the extremists poisoned the girls, using extremely stretched logic.
starvation will kill you every bit as readily as contagion will
If you live in a agricultural monoculture. Think of the Irish potato blight. Something that hits rice hard, would be rough on Asia.
20 years is nothing. The livermore light bulb is 110 years old and still working. How come we can't beat the technology from our great grand fathers?
Because in watts per lumen you'd probably be better off using an infrared heater element as a light source.
That kind of bulb dies mostly because of heat. Its (degrees above room temp) * (years of operation) thats constant, not (years of operation), in my experience.
In my chilly basement workshop, zero LED fails. outside unvented fixture, they fail, and only fail during summer.
Thats the problem with your 18 year suggestion for all bulbs, the bulbs over your kitchen stove etc are not going to last 1/10th as long as the LED bulb in your fridge.