So your proposed solution is that every platform should just include QT networking? Fair enough. It would certainly be an improvement. It would be nice with a C API as well though.
In 2014, why do we need non-native libraries to handle DNS lookups, crash reporting, logging? Surely these are part of what a proper platform should offer, yet none of them do. It is pretty sad when at least one GUI toolkit (QT) feels the need to include a networking API.
Chernobyl has graphite-tipped control rods for one thing. This means that when you insert the control rods further, you get an INCREASE in power at first, until the rods are in far enough. If that increase in power is large enough to deform the control rods so that they cannot go all the way in...
I understand the need to simplify Chernobyl to simple causes. This need shows even in the official independent report, INSAG-1, which had to be revised as INSAG-7.
In some ways it is reassuring that it took so many problems to cause the Chernobyl disaster. On the other side it is scary that so many things were allowed to go wrong without anyone stopping them.
You do know that what happened at Chernobyl was because of individual decisions to conduct an "experiment" without proper control, regulation and training, right? Nothing about the accident was a result of government or public policy decisions. It was reckless individuals out for their own gain.
That is a vast simplification at best. Chernobyl suffered from everything from design to management problems. There is no evidence that any individuals were out for their own gain, as you put it.
The operators did wrong, but they were operating an unsafe reactor design with insufficient training while lacking proper management.
Would we have heard of the warnings if the launch had been successful? How many of the other launches had engineers warning? I bet they had to override warnings for pretty much every flight.
One of the many problems with the space shuttle program was that people got accustomed to it being routine. Before a commercial plane gets certified and allowed to fly routine flights, it goes through all sorts of testing on how it behaves outside its normal operating envelope. Probably more hours than the entire shuttle fleet ever spent flying in the atmosphere in total. If the space shuttle had been commercially certified, the O-ring problem would almost certainly have been discovered in the certification phase, but of course the certification would end up costing at least as much as all the shuttle launches ever done.
Infrared is quite a lot of spectrum though. Remotes use the part of the IR spectrum which can be easily detected and generated by silicon-based electronics. Unsurprisingly, silicon-based image sensors can also detect IR remotes.
However the key point is that the owner of the machines have consented to the penetration testing and other audits.
Exactly. Unfortunately, owners obviously do not consent to sufficiently
Consumers could get together and do the same.
It is possible, but unfortunately unlikely. Considering that consumers cannot even stop parabens, it does not seem like network security audits have much of a chance.
There are plenty of neutrons available in a typical nuclear reactor. The problem is getting enough of them with high enough energy to get fast fission. That challenge still does not change that the energy really is available in U-238, and can be exploited. (Not E=mc^2 where the m is the mass of the U-238, you only get the tiny mass difference between U-238 and the reaction products -- but that is the case in every reaction, and nuclear bombs are still reasonably powerful.)
And fusing silicon won't give you even near mc^2. You need anti-matter anihilation for that.
Of course not. When did I claim it would? You are the one who brought mc^2 up for concrete.
So I'm sorry. You're still off by several orders of magnitude. And being off by that much is what we call being wrong in the sciences. Qualitative arguments don't cut it when your quantities are that far off.
The whole discussion is pointless. The original proposal was to protect from the maximum energy available in the fuel, because that energy is finite. I showed that for commercial reactors, that is infeasible, but the original proposal was not about commercial reactors, it was about this particular test. This particular test CAN protect against the maximum energy available if they want to; if nothing else they can just do the test underground like a nuclear bomb test.
But you would know that, as I wrote the follow-up comment mere minutes after writing the first one, and your comment came much later.
The problem is that virtual and physical security work differently.
If a window does not close properly, that is not something to be all that much concerned about. The number of people who will find out is likely small, and any burglar will have to find out about the broken lock and be near the window to exploit it. Even if there is a break-in, the loss is probably going to be less than $10000, easily affordable for society as a whole. If everyone starts checking all the windows they pass by, society as a whole is likely to spend too much money and effort on window security without actually becoming much safer overall.
In contrast, if a computer is vulnerable on the Internet, that IS a real concern. Any bad guy is likely to find the problem sooner or later with an automated scan, and exploitation can be done from any corner of the world. It is likely that the attack will be done at practically no cost to the attacker. If everyone starts checking all the servers they use, society as a whole is likely to get quite a bit safer over all, at a relatively small cost (because known vulnerabilities are typically reasonably easy to fix, particularly SQL injection).
No. You only have option 1. It is unlikely that you are able to hide your traces well enough that no one can find you. If you discovered an SQL vulnerability, you can be reasonably certain that the request was logged. If no one else exploits it around the same time, that log entry will likely never be found -- if they were diligent, they would not have an SQL injection problem in the first place.
If the vulnerability gets widely known, there will be people looking for the first instance it was exploited. There is a good chance that no one smart enough to find you will be assigned to the case, but you are taking a risk with zero gain.
So keep quiet and let the corporation or government ruin the privacy of everyone. It is the only responsible path.
Which window manager handles such a large display best? Modern desktop environments, whether we talk about Gnome or Windows or Mac OS X, tend to work best when you let one window take over the entire screen. Mac OS X and modern Gnome with the top-of-the-screen menu bar in particular is fairly unhelpful with a sufficiently large screen.
Can you just split it into four subscreens and do a reverse Xinerama? It makes me a bit sad that this is the state of the art after 30 years or so of GUI development.
"I completely agree, but then we are no longer protecting against the maximum energy that could get released."
You might as well say that since E=mc^2 and the buildings contain a lot of concrete the possible energy is off the charts.
Your reductio ad absurdum is incorrect. The uranium 238 really does have all that energy available, breeder reactors already use that energy. Getting useful energy out of fission of calcium or fusion of silicon on the other hand...
Ah sorry, I misread the comment. For this particular test, they can of course create such a protected environment. If nothing else, do it like a nuclear bomb test deep underground.
Once in a while I wish it was possible to delete posts...
Good luck with that. IDB Reference Characteristics of LWR Nuclear Fuel Assemblies from the 1996 Integrated Database Report (copied from Nuclear Tourist) mentions a fuel rod assembly containing 185 kg uranium. In contrast, Little Boy which destroyed Hiroshima contained 64 kg uranium, and that was certainly not a 100% efficient fission reaction.
It is not realistic to design nuclear power plants to withstand the maximum energy you could get out of the reaction. That would kill off the nuclear industry.
Feel free to start discussing whether it is realistic to get all the energy out of the 185 kg uranium. You can argue that it is less highly enriched than bombs, and that it is entirely unlikely that uranium which is mostly U-238 is going to suddenly decide to fission. I completely agree, but then we are no longer protecting against the maximum energy that could get released.
Practically no one except criminals hold significant amounts of currency to purchase things. Instead the currency is invested, at least in a bank account.
BitCoin is different in that it is entirely practical to keep extremely large amounts of it entirely outside the economy. You just cannot do that with cash, except if you are Scrooge McDuck.
It has probably been picked because all the tools are there already. Cases and connectors are easy to get, and Intel likely has lots of machines already capable of mounting things in that form factor.
PC Card used to be a moderately popular form factor for weird small computers for the same reason.
The current generation of "smart" TV's with every brand having their own interface is getting a bit tedious. Give me Android, give me Firefox OS, even give me iOS if you have to.
I am not from the UK but I live there. I signed up to GiffGaff, only to realize that the "optional" filter could only be disabled by giving GiffGaff my UK passport information. However, not being a citizen of the UK, I obviously do not have a UK passport and therefore cannot opt out. So much for the freedom of movement for workers.
Sites which have been blocked included childline.org.uk and British Library. Obviously they correct those mistakes when they make it to the newspapers, but what about all the sites that are too small to get the media riled up? Although most of the UK media are very much FOR the filter. Maybe they hope that people will turn to the old media when the blog sites are blocked.
The UK seems to be eager to combine the bad parts of the US with the bad parts of the EU.
The "since the NSA is still working so hard to defeat it" part is wrong, sadly.
Imagine if you were in charge of NSA. Your agents have broken every encryption protocol and algorithm, they can tap into data anywhere in the world at any time, nothing is safe from them. Now, completely victorious, would you fund research into quantum computing? Of course you would. Why not? It is obviously within scope of the NSA mission, and you can never be sure that the "happy" state of complete unfettered access will continue forever. Besides, the NSA has a reputation to maintain.
The NSA is but a misunderstood genius, boldly sending their agent Edward Snowden into the arms of the enemy. Their aim is to protect the Western world from the defeat that will come as a result of ignored security vulnerabilities, lousy cryptography, people who are willing to work with corrupt government entities and so on.
See, no one would have listened if they had simply held lectures on proper security. Some might even do the opposite out of suspicion that the NSA is betraying them. The only way to fulfill their duty of keeping America safe was to send out a "whistleblower" to say all the things that they themselves could not get through with. Only then would the mass media react and the story gather enough momentum to cause every software developer to improve their work, every customer to demand better and more open security, every person to think twice when being asked to do things that are not right.
Absolutely agreed. You could pretty much replace "helicopter" with "nuclear ice breaker capable of sailing in practically any ice" and there would have been nothing for me to gripe about. Although the existing nuclear ice breakers are all in the Arctic and allegedly cannot cross the tropics under their own steam due to insufficient cooling.
The only reason they went on a ship and not on a helicopter in the first place was because it would have been wastefully expensive to do so.
No currently existing helicopter has the range needed for a mission like that. Their position is not within reach by helicopters stationed on land, the helicopter that rescued them is stationed on an ice breaker.
You obviously have superior knowledge of this topic. Storing the PMK sounds like an excellent solution. Of course the PMK is still almost as sensitive, but at least it will keep people quiet.
However, what if there are multiple APs with the same SSID and PSK? In smart modern networks they all pretend to be just a single AP so roaming can be done without rekeying, but what about the less clever networks? Having to retype the key until every AP has been visited could be tedious.
Slashdot Mirror
So your proposed solution is that every platform should just include QT networking? Fair enough. It would certainly be an improvement. It would be nice with a C API as well though.
In 2014, why do we need non-native libraries to handle DNS lookups, crash reporting, logging? Surely these are part of what a proper platform should offer, yet none of them do. It is pretty sad when at least one GUI toolkit (QT) feels the need to include a networking API.
Chernobyl has graphite-tipped control rods for one thing. This means that when you insert the control rods further, you get an INCREASE in power at first, until the rods are in far enough. If that increase in power is large enough to deform the control rods so that they cannot go all the way in...
I understand the need to simplify Chernobyl to simple causes. This need shows even in the official independent report, INSAG-1, which had to be revised as INSAG-7.
In some ways it is reassuring that it took so many problems to cause the Chernobyl disaster. On the other side it is scary that so many things were allowed to go wrong without anyone stopping them.
You do know that what happened at Chernobyl was because of individual decisions to conduct an "experiment" without proper control, regulation and training, right? Nothing about the accident was a result of government or public policy decisions. It was reckless individuals out for their own gain.
That is a vast simplification at best. Chernobyl suffered from everything from design to management problems. There is no evidence that any individuals were out for their own gain, as you put it.
The operators did wrong, but they were operating an unsafe reactor design with insufficient training while lacking proper management.
Would we have heard of the warnings if the launch had been successful? How many of the other launches had engineers warning? I bet they had to override warnings for pretty much every flight.
One of the many problems with the space shuttle program was that people got accustomed to it being routine. Before a commercial plane gets certified and allowed to fly routine flights, it goes through all sorts of testing on how it behaves outside its normal operating envelope. Probably more hours than the entire shuttle fleet ever spent flying in the atmosphere in total. If the space shuttle had been commercially certified, the O-ring problem would almost certainly have been discovered in the certification phase, but of course the certification would end up costing at least as much as all the shuttle launches ever done.
You don't see the environmentalists clambering about the virtues of clotheslines.
Of course you do. As well as the benefits of using modern condensing dryers, when clotheslines are impractical.
Infrared is quite a lot of spectrum though. Remotes use the part of the IR spectrum which can be easily detected and generated by silicon-based electronics. Unsurprisingly, silicon-based image sensors can also detect IR remotes.
However the key point is that the owner of the machines have consented to the penetration testing and other audits.
Exactly. Unfortunately, owners obviously do not consent to sufficiently
Consumers could get together and do the same.
It is possible, but unfortunately unlikely. Considering that consumers cannot even stop parabens, it does not seem like network security audits have much of a chance.
Not using the same neutrons they don't.
There are plenty of neutrons available in a typical nuclear reactor. The problem is getting enough of them with high enough energy to get fast fission. That challenge still does not change that the energy really is available in U-238, and can be exploited. (Not E=mc^2 where the m is the mass of the U-238, you only get the tiny mass difference between U-238 and the reaction products -- but that is the case in every reaction, and nuclear bombs are still reasonably powerful.)
And fusing silicon won't give you even near mc^2. You need anti-matter anihilation for that.
Of course not. When did I claim it would? You are the one who brought mc^2 up for concrete.
So I'm sorry. You're still off by several orders of magnitude. And being off by that much is what we call being wrong in the sciences. Qualitative arguments don't cut it when your quantities are that far off.
The whole discussion is pointless. The original proposal was to protect from the maximum energy available in the fuel, because that energy is finite. I showed that for commercial reactors, that is infeasible, but the original proposal was not about commercial reactors, it was about this particular test. This particular test CAN protect against the maximum energy available if they want to; if nothing else they can just do the test underground like a nuclear bomb test.
But you would know that, as I wrote the follow-up comment mere minutes after writing the first one, and your comment came much later.
The problem is that virtual and physical security work differently.
If a window does not close properly, that is not something to be all that much concerned about. The number of people who will find out is likely small, and any burglar will have to find out about the broken lock and be near the window to exploit it. Even if there is a break-in, the loss is probably going to be less than $10000, easily affordable for society as a whole. If everyone starts checking all the windows they pass by, society as a whole is likely to spend too much money and effort on window security without actually becoming much safer overall.
In contrast, if a computer is vulnerable on the Internet, that IS a real concern. Any bad guy is likely to find the problem sooner or later with an automated scan, and exploitation can be done from any corner of the world. It is likely that the attack will be done at practically no cost to the attacker. If everyone starts checking all the servers they use, society as a whole is likely to get quite a bit safer over all, at a relatively small cost (because known vulnerabilities are typically reasonably easy to fix, particularly SQL injection).
No. You only have option 1. It is unlikely that you are able to hide your traces well enough that no one can find you. If you discovered an SQL vulnerability, you can be reasonably certain that the request was logged. If no one else exploits it around the same time, that log entry will likely never be found -- if they were diligent, they would not have an SQL injection problem in the first place.
If the vulnerability gets widely known, there will be people looking for the first instance it was exploited. There is a good chance that no one smart enough to find you will be assigned to the case, but you are taking a risk with zero gain.
So keep quiet and let the corporation or government ruin the privacy of everyone. It is the only responsible path.
Which window manager handles such a large display best? Modern desktop environments, whether we talk about Gnome or Windows or Mac OS X, tend to work best when you let one window take over the entire screen. Mac OS X and modern Gnome with the top-of-the-screen menu bar in particular is fairly unhelpful with a sufficiently large screen.
Can you just split it into four subscreens and do a reverse Xinerama? It makes me a bit sad that this is the state of the art after 30 years or so of GUI development.
I answered your post preemptively:
"I completely agree, but then we are no longer protecting against the maximum energy that could get released."
You might as well say that since E=mc^2 and the buildings contain a lot of concrete the possible energy is off the charts.
Your reductio ad absurdum is incorrect. The uranium 238 really does have all that energy available, breeder reactors already use that energy. Getting useful energy out of fission of calcium or fusion of silicon on the other hand...
Ah sorry, I misread the comment. For this particular test, they can of course create such a protected environment. If nothing else, do it like a nuclear bomb test deep underground.
Once in a while I wish it was possible to delete posts...
Good luck with that. IDB Reference Characteristics of LWR Nuclear Fuel Assemblies from the 1996 Integrated Database Report (copied from Nuclear Tourist) mentions a fuel rod assembly containing 185 kg uranium. In contrast, Little Boy which destroyed Hiroshima contained 64 kg uranium, and that was certainly not a 100% efficient fission reaction.
It is not realistic to design nuclear power plants to withstand the maximum energy you could get out of the reaction. That would kill off the nuclear industry.
Feel free to start discussing whether it is realistic to get all the energy out of the 185 kg uranium. You can argue that it is less highly enriched than bombs, and that it is entirely unlikely that uranium which is mostly U-238 is going to suddenly decide to fission. I completely agree, but then we are no longer protecting against the maximum energy that could get released.
Practically no one except criminals hold significant amounts of currency to purchase things. Instead the currency is invested, at least in a bank account.
BitCoin is different in that it is entirely practical to keep extremely large amounts of it entirely outside the economy. You just cannot do that with cash, except if you are Scrooge McDuck.
It has probably been picked because all the tools are there already. Cases and connectors are easy to get, and Intel likely has lots of machines already capable of mounting things in that form factor.
PC Card used to be a moderately popular form factor for weird small computers for the same reason.
The current generation of "smart" TV's with every brand having their own interface is getting a bit tedious. Give me Android, give me Firefox OS, even give me iOS if you have to.
I am not from the UK but I live there. I signed up to GiffGaff, only to realize that the "optional" filter could only be disabled by giving GiffGaff my UK passport information. However, not being a citizen of the UK, I obviously do not have a UK passport and therefore cannot opt out. So much for the freedom of movement for workers.
Sites which have been blocked included childline.org.uk and British Library. Obviously they correct those mistakes when they make it to the newspapers, but what about all the sites that are too small to get the media riled up? Although most of the UK media are very much FOR the filter. Maybe they hope that people will turn to the old media when the blog sites are blocked.
The UK seems to be eager to combine the bad parts of the US with the bad parts of the EU.
The "since the NSA is still working so hard to defeat it" part is wrong, sadly.
Imagine if you were in charge of NSA. Your agents have broken every encryption protocol and algorithm, they can tap into data anywhere in the world at any time, nothing is safe from them. Now, completely victorious, would you fund research into quantum computing? Of course you would. Why not? It is obviously within scope of the NSA mission, and you can never be sure that the "happy" state of complete unfettered access will continue forever. Besides, the NSA has a reputation to maintain.
The NSA is but a misunderstood genius, boldly sending their agent Edward Snowden into the arms of the enemy. Their aim is to protect the Western world from the defeat that will come as a result of ignored security vulnerabilities, lousy cryptography, people who are willing to work with corrupt government entities and so on.
See, no one would have listened if they had simply held lectures on proper security. Some might even do the opposite out of suspicion that the NSA is betraying them. The only way to fulfill their duty of keeping America safe was to send out a "whistleblower" to say all the things that they themselves could not get through with. Only then would the mass media react and the story gather enough momentum to cause every software developer to improve their work, every customer to demand better and more open security, every person to think twice when being asked to do things that are not right.
I wish.
Err? I feel a whoosh coming on here.
Absolutely agreed. You could pretty much replace "helicopter" with "nuclear ice breaker capable of sailing in practically any ice" and there would have been nothing for me to gripe about. Although the existing nuclear ice breakers are all in the Arctic and allegedly cannot cross the tropics under their own steam due to insufficient cooling.
The only reason they went on a ship and not on a helicopter in the first place was because it would have been wastefully expensive to do so.
No currently existing helicopter has the range needed for a mission like that. Their position is not within reach by helicopters stationed on land, the helicopter that rescued them is stationed on an ice breaker.
You obviously have superior knowledge of this topic. Storing the PMK sounds like an excellent solution. Of course the PMK is still almost as sensitive, but at least it will keep people quiet.
However, what if there are multiple APs with the same SSID and PSK? In smart modern networks they all pretend to be just a single AP so roaming can be done without rekeying, but what about the less clever networks? Having to retype the key until every AP has been visited could be tedious.