Nist started the SHA-3 competition when SHA-1 was proven weak, and no one was sure how long SHA-2 would last, no one liked the idea of relying solely on the wide pipe SHA-512 when the underlying building blocks have been proved week, (using SHA-512 is a bit like using triple-DES). However it is difficult to predict advances in cryptography, and though SHA-512 is not nearly as weak as we predicted it would be a few years ago, we don't know what new cryptanalysis will show up tomorrow, forcing us to leave SHA-2 family in a hurry. So it is very good we have 5 new well studied hash functions. Choosing one now would do little good, because it could prove weaker tomorrow just like SHA-2 could. If we don't pick a winner now and keep them all on ice, we could pick from them easily and quickly a replacement when we need it.
I actually worked on predicting when aircraft will malfunction (and crash) and we had a huge database with everything that happened to the planes to work for, and we didn't get much results. So upper management brought in a highly paid consultant, which crunched our data for 6 months. He finally gathered everyone in a conference room to announce his amazing results, he found an outstanding correlation: planes that fly a lot are more likely to malfunction or crash then planes that don't fly.
We have no reason to believe encrypted GPS signals can be decrypted easily, but that doesn't mean they can't be spoofed. You can record them and play them on a delay of your choosing (with higher local signal strength) Since GPS positioning is all about the relative delay if you control the delay you don't need to decrypt the signal of create your own. The comments also mentioned their is a pilot normally in control of the drone, but since the pilot is connecting remotely the control signal can theoretically be jammed, at which point the drone will normally try to assume a predefined course. Obviously there are technical difficulties, but one theory is that this is exactly what the Iranians did to the US drone a while back. There are countermeasures available but this is a very real threat.
Assuming the US government is behind these masterpieces anyone who was given a binary by the US government can request the full source code. If you happen to stumble upon the binary after passing through many middle-men the original author doesn't owe you anything.
Even though certain attacks are available against some hash algorithms, I am unaware of anyone ever successfully attacking an SSL protected server in the wild by attacking the encryption, head on, not the hash function or the public key encryption or the symmetrical key encryption. However the main issue is as you mentioned trust, which in this case is obtained with certificates. When I browse to an SSL enabled web site over https, I trust the web site operator, I trust the company who signed the certificate proving he is who he says he is, and I trust my browser to convey this information properly and give a good list of CA's. (I am ignoring non SSL related trust issues). Note it is common for most site's certificate to only sign the server address and not the company name, note that this doesn't really tell you much about who is running the site.
Even though some of us would easily believe MS office has 1800 security issues that need fixing.(and in my opinion every crash due to malformed input is a security issue) I find it hard to believe they found 1800 of these by generating random data, what is far more likely is that they recorded 1800(or more) crash events and after fixing two or three programming errors(problematic hidden assumptions about the input) 1800 of them were not reproduced. This hardly counts as solving 1800 bugs. The technique itself is very problematic since you need to generate random data that passes the tests your software has in place but still causes an unexpected error due to something you forgot to check. just feeding random files and trying to parse them won't get you very far as practically all of them will be rejected, so have to make your garbage generator slightly more sophisticated, but without feeding in the same misconceptions that caused you to write buggy code in the first place.
I agree the US and our allies don't have a moral leg to stand on when they claim Iran doesn't have a right to have nuclear weapons, since the US has nuclear weapons(and has used them). But I still believe all available measures should be taken to stop Iran from gaining nuclear weapons(up to and including the use of military force) simply because it is our best interest. Iran ha proven to be a hostile nation, it supports terrorism and is very clearly anti western, anti US and obviously anti Israel. For these reasons we wish Iran to be weak, we wish to able to threaten them with military force and we don't wish to level the playing field. we also have a genuine concern that Iranian nuclear weapons might actually be used if not directly by a misguided Iranian leader trying to start Armagedon then by a terrorist organization supported by Iran. Terrorism denies MAD its effectiveness, if Russia bombs the US the US wipes them out, everybody dies hence we get MAD. however if an unknown terrorist cell blow up Manhattan with a suitcase nuclear warhead, who do we destroy in response? MAD doesn't work against terrorists so it is doubly important to make sure we never get nuclear terrorism or at least delay it for as long as possible.
It seems uneconomic to spread malware by handing out CDs thankfully in the malware market a single infected computer is still worth less then the price of printing and handing out a CD.
It costs much more then 4X as much, I have developed "perfect" software, for airplane avionics, It is a long slow tedious process. However when you get on a aircraft you would probably feel safer knowing the coder is liable if the plane crashes.
I heard a story that in the soviet union after they built a bridge they would put the engineer in-charge of designing and overseeing construction underneath the bridge and have a bunch of tanks drive over it. It will seem harsh to most of us, but the main idea is that engineers are personally responsible for there work.
As for free software: I have a simple solution, limit the liability to 10 times what the customer paid. It would hurt Microsoft but probably not Redhat.
The real question is not how to make math intresting but how to make a career out of whatever intrests her. I have seen many people(my girlfreind for one) who studied Computer Science because it was what the smart kids did and has plenty of money in it. Only to discover that debugging for 9-10 hours a day is not her cup of tea, and now look for other lines of work(something with animals) even though they make excellent money in an engeneering job they do not enjoy. Figure out what you enjoy doing, then figure out how to make money doing it.
Large botnets would still be a problem, but small botnets(hundreds) still need IP spoofing to be harmful, because once I recognize I am under attack I can block several hundred IPs at the router/firewall and not overload my servers. large botnets will cause traffic congestion and there is little you can do about them except identify infected machines and notify owners. As for foreign ISPs I believe America should lead the way and lobby(/pressure/force) other countries to do the same.
actually there is a very simple measure ISPs can take to prevent many attacks. and that is to prevent their customers from spoofing the source IP in their IP packets. If governments (starting with the US) would pressure(force by law) ISPs to do this, it can be done with out much technological difficulties. This anti-spoofing measure can be implemented on many levels, so that even if a certain ISP does not co-operate other ISPs could prevent its customers from spoofing any IP which does not belong to the problematic ISP. This in itself helps protect against IP spoofing.
Without IP spoofing attackers are more easily identified and blocked.
In my organization I wrote up a risk analysis for Open source and closed source software, detailing the risks in each. How does malicious or dangerously buggy code get into each type of project. how do you assess the threat in both types of software: What is the review process? How big is the project? did you compile the software yourself? who did? how did you get the software/source code. etc. This document was picked up by other people who eventually turned it into company guidelines for OSS adoption.
I work for an organization which decided several years ago not to upgrade its windows 2000 PCs to XP. because the win 2000 worked and the IT staff new it well and the upgrade was expensive, show we thought we would just wait a bit for longhorn. Now in 2008 we are still with win 2000 on many thousnds of PCs and are basiclly forced to "upgrade" to Vista. Vista is a crummy system, but you never know what comes next?
not that its going to happen in my workplace, but I am all for moving to Linux desktop for at least most workers.
We have the same issue come up in my company(~500 developers). Obviously with such a large number of programmers working on so many different pieces of software complete standardization is very problematic. We are finally deciding to create a set of 2 or 3 software architectures to choose from. And have them prioritized, and a process of getting an architecture approved. The idea is when starting a new project you should use the preferred architecture with minor changes unless you have a good reason to pick architecture #2 or #3. however You will have to have very compelling arguments to run your project on a totally new architecture and explain yourself to top executives. An architecture will include both development and production environment for example we may have the M$ option: win2003+IIS+mssqlsever+C#+Link+Visual studio+TFS or our java option: Red hat+jboss+hibernate+java swing+java web start+eclipse+SVN
The problem is setting a process to update the architectures with time, we want to move forward with time but we don't want to be dragged in to new adventures every week. We can put a person/team in charge of a specific architecture but we still don't have a good process for phasing out an architecture and introducing a new one. How do we decide we are ditching C# and moving to Ruby on rails? This remains an open problem for us.
Assuming you are working for a reasonably large company, I believe you should consider developing/hiring in-house talent. I have had some experience with out-sourcing UI design and I discover this usually works well on the small scale, When I have a specific screen which performs specific tasks and I want someone to select widgets for me, place them on the screen and put some nice colors and art around them an external UI-design company could do a good job. But there are many UI issues that require a much in depth understanding of the business logic, Who the user is, what tasks are more common/important and in my experience when outsourcing UI design, The contractor can not normally learn all these issues, You in fact need to split up the functionality into several screens and do a lot of design with UI implications before you send it out to the contractor. The solution is to realize UI is important and develop/hire a UI engineer for your company to be consulted on all UI issues. It is much easier to go back and forth with an in-house consultant then with an external contractor. Whoever is designing the software can have several face to face meetings with the UI expert and schedule more on a short notice. With your in house expert you can easily consult on top level issues such as should I put everything on one screen or separate it to many different ones. If The various pieces of software in your company have something in common your UI expert will gradually learn who your users are and/or what the business is and be able to provide unique insight on UI design.
in short, external contractor a good idea. In house talent even better.
We pay senators to do important work, we pay them to learn all about many important and unimportant issues. Some mentioned security concerns but this is not the point, practically all sensitive issues are resolved in the executive branch and not the legislative.
However, anyone voting for such a party is in fact committing himself to take care in the many votes to follow. Should he not take interest we are again letting small interest groups who happen to care about some minor piece of legislation pass silly self-serving laws, simply because nobody else noticed.
Most laws are not interesting, ant not in public debate, however I would still like someone to think about all these issues, thats why we pay the senators. The important issues and general policies are campaigned on, a candidate who doesn't stick to his campaign promises is less likely to get re-elected.
Thats indirect democracy, and it's the best system we found so far.
Some facts about Iran. Iran supports global terrorism. It openly supports Hizballah and other terroist organizations. Support is through money transfers, training personnal and supplying weapons. When we ask who attacked Israel, kidnapping soldiers and firing rockets at israeli towns(puerly civilian targets)? The simple answer is Hizballah, but the more accurate answer is The southern branch of the Iranian Army known as Hizballah. The time of the latest war was also not random, It was selected bt Iran, to remove the focus from the Iranian nuclear plans.
Though in the acedmic circles, serious flawa with GSM encryption have been found they are still not all that trivial to implement.
The main work on attacking GSM in a practicle scenario was done by Elad Barkan with the help of Eli Biham and Nathan Keller.
to briefly explain the security you must notice there are diffrent variants for GSM encryption the weak one being A5/2 anf A5/1 and A5/3 being considarbly stronger.
breaking A5/1 in a passive attack requires a significant amount of precomputation and storage that though one could buy of the self, I find it unlikely any private citizen will set up a cluster of two dozen computers to crack GSM for the fun of it, though obviously a large evil corparation or a small company would easily have the resources.
an active attack could convince a cell phone to use A5/2 even if it prefers A5/1 or a diffrent variant, this requires more specialized equipment and it easier to catch the attacker as he must be sending out radio signals, these may also interfere with normal cellphone traffice.
This is just to put the threat into proportion, your own govement can wiretap without breaking encryption, A serious enemy can probably muster up the resources to wiretap by breaking GSM encryption but your next door neighboor will probablby find it exremly difficult to listen in on encrypted GSM cell phone traffic.
When I bumped into a similar question I sat down to think what whould I do with the extra money? It is assumed that both jobs give you enough money to get make a respectable living, if not the choice is obvious. The extra money therefor goes either to long term savings(college fund,penssion plan, etc..) or into luxuries.
Now you need to compare how much fun you would have with and with out the extra money. If you really dislike programming in.NET, no amount of fun after work will compensate, but If the programming enviorment is reasonable and you find the job fun most of the time, then a newer car, an extra restraunt visit a week and off shore vacation once a year could easily compensate. (these are obviously random examples of fun things to do with extra money).
as for prospects, you are probably correct.NET has more of a future, but this cancels out with: a. You probably prefer a non-M$ future, and.NET will give you no points in your next prefered jobs. b. a good programmer should get along with any platform, especially if you keep up with technology on your spare time.
and have been for many years, I went to the Technion Israel institute of technology which for many years now maintains a video library of lecture recordings, containg all popular courses(mostly first&second year) and many advanced courses. not every course is recorded every year, but the material in most lectures doesn't change much(or at all) and watching a 3 years old tape is practicly as good as sitting in the lecture. With modern technology they digitized there collection and available over the intranet from any campus computer. They also set up video libraries where you can watch the recordings in comfort or lend a copy to take home(just like lending books).
lecture slides are almost always published on the Net. Lecture notes are compiled by the student association and sold for the cost of printing(with an add on the front and back sheets to make some money for the student association)
The service is so good, many students skip the lectures all together. I for one enjoyned being able to watch my physics lectures at double speed(much smaller chance of falling asleep).
Me.
How to make sure your data is not readable
on
Online Revenge
·
· Score: 5, Insightful
The Israeli Army uses the only fool proof method I know for erasing data off magentic hardrives and is made up of 2 steps: A. run the Harddrive through a Powerfull Degauser (a rapidly changing electro-Magnet) B. Shred the Hard drive into pieces less then one square milimeter in size.
However this system may be hard to come by for most of us, and tends to harm the hard drive.
Writing a set of zeros on a sensative file is much better than deleting it but not necessarly enough, because: a. your OS may decide to move your file to another location on the disk. b. Even after writing once or twice over the data, It still may be recoverable, especially
if you use constant zeros(or ones).
Writing random data several times is a better method, but is most be done over the entire hard drive and in sevral passes over the entire hard drive, since modern harddrives have a cache mecahnism(as well as one in the OS), so If some one writes over the first sector of a hard drive 20 times, chances are the hard drive actually got something physiclly written to it only once.
several tools for securly deleting data available on the net, I would not trust my good reputation on any tool which securly deletes specific files but only on those which wipe your disk clean, these too may not protect you 100% becasue modern hard drive have a feature to correct(re-Map) bad-sectors automaticly, With this feature if the hard drive fails to access a certain sector sevral times it will stop using it and send and use a diffrent secotr instead(reserved in advance for this purpose and not normally accessable). The damaged secotr may still contain private data after hard drive is wiped clean.
In short if you want to be truely safe use the Degause and shred Method.
Many schools have migrated to linux in part or in full, this is not expected to be much of a problem. You would probably want to keep 1 or 2 XP computers for the sake of those few tasks/programs which still work better on Windows. You may want to install those to as a dual-boot. Especially if the computers are sometimes all used simultaniously, you would like the ability to have all the kids use the same software.
In some schools I have seen there was fear from childrens astounding ability to cripple computers and therefor elected a strategy of either using dumb terminals or automaticly wiping out the hard drives from an image periodicly. With such a small set up you may deam these precations excessive, yet be sure to keep a fully installed image on stand by.(Assuming the hardware of the computers is reasonably identical).
The research has several problems: a. It measured number of results for a certain query, even if we assumed identical algorithms for checking if a page matches the a query, the two search engines are likely to use diffrent relevancy thresholds. b. the search pretty much limited itself to the english language. c. as they admit themselvs they measured only obscure queries, actually most of my queris are not obscure at all and it takes me more then 2 words(which fit together) in order to chop down the search results group. d. finally the entire research has very little to do with the really intresting question, which is which search engine is more likely to give me the results I need on the first page?
Slashdot Mirror
Nist started the SHA-3 competition when SHA-1 was proven weak, and no one was sure how long SHA-2 would last,
no one liked the idea of relying solely on the wide pipe SHA-512 when the underlying building blocks have been proved week, (using SHA-512 is a bit like using triple-DES).
However it is difficult to predict advances in cryptography, and though SHA-512 is not nearly as weak as we predicted it would be a few years ago, we don't know what new cryptanalysis will show up tomorrow, forcing us to leave SHA-2 family in a hurry.
So it is very good we have 5 new well studied hash functions. Choosing one now would do little good, because it could prove weaker tomorrow just like SHA-2 could.
If we don't pick a winner now and keep them all on ice, we could pick from them easily and quickly a replacement when we need it.
Can't seem to find any code/documentaion or anything downloadable,
And they alrgedly have something working.
I actually worked on predicting when aircraft will malfunction (and crash) and we had a huge database with
everything that happened to the planes to work for, and we didn't get much results.
So upper management brought in a highly paid consultant, which crunched our data for 6 months.
He finally gathered everyone in a conference room to announce his amazing results,
he found an outstanding correlation: planes that fly a lot are more likely to malfunction or crash then planes that don't fly.
We have no reason to believe encrypted GPS signals can be decrypted easily, but that doesn't mean they can't be spoofed.
You can record them and play them on a delay of your choosing (with higher local signal strength)
Since GPS positioning is all about the relative delay if you control the delay you don't need to decrypt the signal of create your own.
The comments also mentioned their is a pilot normally in control of the drone,
but since the pilot is connecting remotely the control signal can theoretically be jammed, at which point the drone will normally
try to assume a predefined course.
Obviously there are technical difficulties, but one theory is that this is exactly what the Iranians did to the US drone a while back.
There are countermeasures available but this is a very real threat.
Assuming the US government is behind these masterpieces anyone who was given a binary by the US government can request the full source code.
If you happen to stumble upon the binary after passing through many middle-men the original author doesn't owe you anything.
Even though certain attacks are available against some hash algorithms, I am unaware of anyone ever successfully attacking an SSL protected server in the wild by attacking the encryption, head on, not the hash function or the public key encryption or the symmetrical key encryption.
However the main issue is as you mentioned trust, which in this case is obtained with certificates.
When I browse to an SSL enabled web site over https, I trust the web site operator, I trust the company who signed the certificate proving he is who he says he is,
and I trust my browser to convey this information properly and give a good list of CA's. (I am ignoring non SSL related trust issues).
Note it is common for most site's certificate to only sign the server address and not the company name, note that this doesn't really tell you much about who is running the site.
Even though some of us would easily believe MS office has 1800 security issues that need fixing.(and in my opinion every crash due to malformed input is a security issue)
I find it hard to believe they found 1800 of these by generating random data, what is far more likely is that they recorded 1800(or more) crash events
and after fixing two or three programming errors(problematic hidden assumptions about the input) 1800 of them were not reproduced.
This hardly counts as solving 1800 bugs.
The technique itself is very problematic since you need to generate random data that passes the tests your software has in place but still causes an unexpected error
due to something you forgot to check. just feeding random files and trying to parse them won't get you very far as practically all of them will be rejected, so have to make your garbage generator slightly more sophisticated, but without feeding in the same misconceptions that caused you to write buggy code in the first place.
Me
I agree the US and our allies don't have a moral leg to stand on when they claim Iran doesn't have a right to have nuclear weapons,
since the US has nuclear weapons(and has used them).
But I still believe all available measures should be taken to stop Iran from gaining nuclear weapons(up to and including the use of military force)
simply because it is our best interest. Iran ha proven to be a hostile nation, it supports terrorism and is very clearly anti western, anti US and obviously anti Israel.
For these reasons we wish Iran to be weak, we wish to able to threaten them with military force and we don't wish to level the playing field.
we also have a genuine concern that Iranian nuclear weapons might actually be used if not directly by a misguided Iranian leader trying to start Armagedon
then by a terrorist organization supported by Iran.
Terrorism denies MAD its effectiveness, if Russia bombs the US the US wipes them out, everybody dies hence we get MAD.
however if an unknown terrorist cell blow up Manhattan with a suitcase nuclear warhead, who do we destroy in response? MAD doesn't work against terrorists so it is doubly important to make sure we never get nuclear terrorism or at least delay it for as long as possible.
It seems uneconomic to spread malware by handing out CDs
thankfully in the malware market a single infected computer is still worth less then
the price of printing and handing out a CD.
It costs much more then 4X as much,
I have developed "perfect" software, for airplane avionics, It is a long slow tedious process.
However when you get on a aircraft you would probably feel safer knowing the coder is liable if the plane crashes.
I heard a story that in the soviet union after they built a bridge they would put the engineer in-charge of designing and overseeing construction underneath the bridge and have a bunch of tanks drive over it. It will seem harsh to most of us, but the main idea is that engineers are personally responsible for there work.
As for free software: I have a simple solution, limit the liability to 10 times what the customer paid. It would hurt Microsoft but probably not Redhat.
The real question is not how to make math intresting but how
to make a career out of whatever intrests her.
I have seen many people(my girlfreind for one) who studied
Computer Science because it was what the smart kids did
and has plenty of money in it. Only to discover that debugging
for 9-10 hours a day is not her cup of tea, and now look for other
lines of work(something with animals) even though they make excellent money
in an engeneering job they do not enjoy.
Figure out what you enjoy doing, then figure out how to make money doing it.
Large botnets would still be a problem,
but small botnets(hundreds) still need IP spoofing to be harmful, because once I recognize I am under attack I can block several hundred IPs at the router/firewall and not overload my servers.
large botnets will cause traffic congestion and there is little you can do about them except identify infected machines and notify owners.
As for foreign ISPs I believe America should lead the way and lobby(/pressure/force) other countries to do the same.
actually there is a very simple measure ISPs can take to prevent many attacks.
and that is to prevent their customers from spoofing the source IP in their IP packets.
If governments (starting with the US) would pressure(force by law) ISPs to do this, it can be done with out much technological difficulties.
This anti-spoofing measure can be implemented on many levels, so that even if a certain ISP does not co-operate other ISPs could prevent its customers from spoofing any IP which does not belong to the problematic ISP. This in itself helps protect against IP spoofing.
Without IP spoofing attackers are more easily identified and blocked.
In my organization I wrote up a risk analysis for Open source and closed source software,
detailing the risks in each.
How does malicious or dangerously buggy code get into each type of project. how do you assess the threat in both types of software:
What is the review process?
How big is the project?
did you compile the software yourself? who did?
how did you get the software/source code. etc.
This document was picked up by other people who eventually turned it into company guidelines for OSS adoption.
Me.
I work for an organization which decided several years ago not to upgrade its windows 2000 PCs
to XP. because the win 2000 worked and the IT staff new it well and the upgrade was expensive, show we thought we would just wait a bit for longhorn.
Now in 2008 we are still with win 2000 on many thousnds of PCs and are basiclly forced to "upgrade" to Vista.
Vista is a crummy system, but you never know what comes next?
not that its going to happen in my workplace, but I am all for moving to Linux desktop for at least most workers.
Me.
We have the same issue come up in my company(~500 developers).
Obviously with such a large number of programmers working on so many different pieces of software complete standardization is very problematic.
We are finally deciding to create a set of 2 or 3 software architectures to choose from.
And have them prioritized, and a process of getting an architecture approved. The idea is when starting a new project you should use the preferred architecture with minor changes unless you have a good reason to pick architecture #2 or #3. however You will have to have very compelling arguments to run your project on a totally new architecture and explain yourself to top executives.
An architecture will include both development and production environment for example we may have the M$ option: win2003+IIS+mssqlsever+C#+Link+Visual studio+TFS
or our java option:
Red hat+jboss+hibernate+java swing+java web start+eclipse+SVN
The problem is setting a process to update the architectures with time, we want to move forward with time but we don't want to be dragged in to new adventures every week.
We can put a person/team in charge of a specific architecture but we still don't have a good process for phasing out an architecture and introducing a new one.
How do we decide we are ditching C# and moving to Ruby on rails? This remains an open problem for us.
Me.
Assuming you are working for a reasonably large company, I believe
you should consider developing/hiring in-house talent.
I have had some experience with out-sourcing UI design and I discover
this usually works well on the small scale, When I have a specific screen which
performs specific tasks and I want someone to select widgets for me, place them on the
screen and put some nice colors and art around them an external UI-design company could do a good job. But there are many UI issues that require a much in depth understanding of the business logic, Who the user is, what tasks are more common/important and in my experience when outsourcing UI design, The contractor can not normally learn all these issues, You in fact need to split up the functionality into several screens and do a lot of design with UI implications before you send it out to the contractor.
The solution is to realize UI is important and develop/hire a UI engineer for your company to be consulted on all UI issues. It is much easier to go back and forth with an in-house consultant then with an external contractor. Whoever is designing the software can have several face to face meetings with the UI expert and schedule more on a short notice. With your in house expert you can easily consult on top level issues such as should I put everything on one screen or separate it to many different ones. If The various pieces of software in your company have something in common your UI expert will gradually learn who your users are and/or what the business is and be able to provide unique insight on UI design.
in short, external contractor a good idea. In house talent even better.
Me.
We pay senators to do important work, we pay them to learn all about
many important and unimportant issues.
Some mentioned security concerns but this is not the point, practically all
sensitive issues are resolved in the executive branch and not the legislative.
However, anyone voting for such a party is in fact committing himself to take care
in the many votes to follow. Should he not take interest we are again letting small interest
groups who happen to care about some minor piece of legislation pass silly self-serving laws,
simply because nobody else noticed.
Most laws are not interesting, ant not in public debate, however I would still like someone
to think about all these issues, thats why we pay the senators.
The important issues and general policies are campaigned on, a candidate who doesn't stick to
his campaign promises is less likely to get re-elected.
Thats indirect democracy, and it's the best system we found so far.
Me
Some facts about Iran.
Iran supports global terrorism. It openly supports Hizballah and other terroist organizations.
Support is through money transfers, training personnal and supplying weapons.
When we ask who attacked Israel, kidnapping soldiers and firing rockets at israeli towns(puerly civilian targets)? The simple answer is Hizballah, but the more accurate answer is The southern branch of the Iranian Army known as Hizballah.
The time of the latest war was also not random, It was selected bt Iran, to remove the focus from the Iranian nuclear plans.
Me.
Though in the acedmic circles, serious flawa with GSM encryption
have been found they are still not all that trivial to implement.
The main work on attacking GSM in a practicle scenario was done by
Elad Barkan with the help of Eli Biham and Nathan Keller.
to briefly explain the security you must notice there are diffrent variants for
GSM encryption the weak one being A5/2 anf A5/1 and A5/3 being considarbly stronger.
breaking A5/1 in a passive attack requires a significant amount of precomputation and storage
that though one could buy of the self, I find it unlikely any private citizen will set up
a cluster of two dozen computers to crack GSM for the fun of it, though obviously a large
evil corparation or a small company would easily have the resources.
an active attack could convince a cell phone to use A5/2 even if it prefers A5/1 or a diffrent variant,
this requires more specialized equipment and it easier to catch the attacker as he must be sending out
radio signals, these may also interfere with normal cellphone traffice.
This is just to put the threat into proportion,
your own govement can wiretap without breaking encryption,
A serious enemy can probably muster up the resources to wiretap by breaking GSM encryption
but your next door neighboor will probablby find it exremly difficult to listen in on encrypted GSM cell
phone traffic.
Me.
When I bumped into a similar question I sat down to think what whould
.NET, no amount of fun after work will compensate,
.NET has more of a future, but this cancels out .NET will give you no points in your next prefered jobs.
I do with the extra money?
It is assumed that both jobs give you enough money to get make a respectable living,
if not the choice is obvious.
The extra money therefor goes either to long term savings(college fund,penssion plan, etc..)
or into luxuries.
Now you need to compare how much fun you would have with and with out the extra money.
If you really dislike programming in
but If the programming enviorment is reasonable and you find the job fun most of the time,
then a newer car, an extra restraunt visit a week and off shore vacation once a year
could easily compensate. (these are obviously random examples of fun things to do with extra money).
as for prospects, you are probably correct
with:
a. You probably prefer a non-M$ future, and
b. a good programmer should get along with any platform, especially if you keep up with technology on your spare time.
Me.
and have been for many years,
I went to the Technion Israel institute of technology which for many years
now maintains a video library of lecture recordings, containg all popular
courses(mostly first&second year) and many advanced courses.
not every course is recorded every year, but the material in most lectures doesn't
change much(or at all) and watching a 3 years old tape is practicly as good as
sitting in the lecture.
With modern technology they digitized there collection and available over the intranet
from any campus computer.
They also set up video libraries where you can watch the recordings in comfort
or lend a copy to take home(just like lending books).
lecture slides are almost always published on the Net.
Lecture notes are compiled by the student association and sold for the cost of printing(with
an add on the front and back sheets to make some money for the student association)
The service is so good, many students skip the lectures all together.
I for one enjoyned being able to watch my physics lectures at double speed(much smaller
chance of falling asleep).
Me.
The Israeli Army uses the only fool proof method I know for erasing data off magentic hardrives and is made up of 2 steps:
A. run the Harddrive through a Powerfull Degauser (a rapidly changing electro-Magnet)
B. Shred the Hard drive into pieces less then one square milimeter in size.
However this system may be hard to come by for most of us, and tends to harm the hard drive.
Writing a set of zeros on a sensative file is much better than deleting it but not necessarly
enough, because:
a. your OS may decide to move your file to another location on the disk.
b. Even after writing once or twice over the data, It still may be recoverable, especially
if you use constant zeros(or ones).
Writing random data several times is a better method, but is most be done over the entire
hard drive and in sevral passes over the entire hard drive,
since modern harddrives have a cache mecahnism(as well as one in the OS), so If
some one writes over the first sector of a hard drive 20 times, chances are the hard drive
actually got something physiclly written to it only once.
several tools for securly deleting data available on the net, I would not trust
my good reputation on any tool which securly deletes specific files but only on
those which wipe your disk clean,
these too may not protect you 100% becasue modern hard drive have a feature to correct(re-Map) bad-sectors automaticly, With this feature if the hard drive fails
to access a certain sector sevral times it will stop using it and send and use
a diffrent secotr instead(reserved in advance for this purpose and not normally accessable).
The damaged secotr may still contain private data after hard drive is wiped clean.
In short if you want to be truely safe use the Degause and shred Method.
Don't be paranoid
Me.
Many schools have migrated to linux in part or in full,
this is not expected to be much of a problem.
You would probably want to keep 1 or 2 XP computers
for the sake of those few tasks/programs which still work
better on Windows.
You may want to install those to as a dual-boot.
Especially if the computers are sometimes all used simultaniously,
you would like the ability to have all the kids use the same software.
In some schools I have seen there was fear from childrens astounding ability
to cripple computers and therefor elected a strategy of either
using dumb terminals or automaticly wiping out the hard drives from an image periodicly.
With such a small set up you may deam these precations excessive, yet be sure to keep
a fully installed image on stand by.(Assuming the hardware of the computers is reasonably
identical).
Me.
The research has several problems:
a. It measured number of results for a certain
query, even if we assumed identical algorithms for checking if a page matches the a query, the two search engines are likely to use diffrent relevancy thresholds.
b. the search pretty much limited itself to the
english language.
c. as they admit themselvs they measured only obscure queries, actually most of my queris
are not obscure at all and it takes me more then 2 words(which fit together) in order to chop down
the search results group.
d. finally the entire research has very little to do with the really intresting question, which is which search engine is more likely to give me the results I need on the first page?
Me.