I found articles in The Register that refer to cases very similar to that theoretical one you're speaking of.
Someone was found with kiddie porn on his disk, but forensics analysis detected some trojan browser hijackers, so it could not be proven whether he downloaded it or not.
I don't thing mixing guns ant the Internet (where those guns will certainly get 0wn3d) is a good idea.
If you really want the thrill of "killing something online" (quick, somebody call the patent office), why not just get a good FPS (might even be a hunting FPS). Okay, you need a good bot, maybe a hybrid could be done (the real robot, real animals, but blanks instead of real ammo).
I think the original bootstrap for metal (used for work, not money) was copper found in nuggets. These days it's much harder to find natural nuggets of metal -- everyone who came before has already found them!
If you have to rebuild society because something really bad has happened, you could simply get metal from derelict machinery. After all, those nuggets had to go somewhere, it's not like they went to a big nuclear reactor and were converted into hydrogen.
If you're just building a blacksmith shop just for kicks, you'll have to make some concessions. There are lots of things you won't be able to do in a modern society that you would do in a real collapse (say gathering some men, that copper or bronze, building a phalanx or a legion and conquering territory).
You're right about that need for labor. Even with basic metals, you'll need A LOT.
There is one argument for that correlation. GWB won by a small margin. If the **AA (or anyone else) started to make a mess right before the elections, they might have generated anti-Bush sentiment ("With Dubya, Hollywood sues children. Horror!" or "That $#@$% wants to sue me, I'm not voting for him now"). Now that the election has passed, news like that are a lot less "disruptive" for the men in power.
It probably would have been the same with anyone else in power before the election, MPAA probably decided not to risk making a mess at that time, avoiding the anger of whomever they might affect.
VIA padlock (as they call it) can currently only do AES in hardware (and it can also generate true random numbers). The next VIA chip called C7 (C5J Esther) however should be able to also do SHA-1, SHA-256 and parts of RSA in hardware (I think it should be available first half of 2005). That's of course still a limited set of encryption algorithms, but it's certainly an improvement.
RSA, SHA-1 and SHA-256 are not something to choose instead of AES, they are more like a complement to them. AES is a simmetrical cipher, while RSA is a public key one, while SHA-1 and SHA-256 are hash functions.
That upgrade you are talking about would make the board better suited to do things like IPsec on hardware, but if you have a serious problem with AES (as stated in the grandparent post), you would have no alternative other than dumping the boards.
A real alternative would have been the inclusion of another simmetrical cipher (like 3DES or IDEA).
PS: I know there is another reply next to this one, but I can't see it right now because slashdot is acting kind of weird right now. If this was redundant, sorry.
I remember reading on a site about the origins of Baikonur, and there were other aspect in the choice of the Kazakh desert.
Since Baikonur was planned to be an ICBM firing range (for testing new rockets), the soviets needed a clear path where some radio beacons would be installed to guide the rockets during its 8000km flight. They could have chosen to build the complex west of the caspian, but that would have prevented them from installing the radio guidance system properly (which ironically became obsolete when they started to use inertial systems).
Another aspect was soil composition, the soviet military though they could dig the soil as a flame deflector
There's an article about the origins of Baikonur here.
And how would you verify a signed executable, if you do not have a way of checking it before execution?
Anyone could create an executable file with code that "verifies" it is okay, then installs a backdoor.
Unless the system verifies the executables itself, that "security measure" is useless.
In fact, it is probably a liability because a text file might contain false data, whereas an executable file might contain false data and malicious code (and it's the same with with word-macro contents).
Oh, and before anyone starts mentioning MS' latest crypto scheme, remember that lots of machines are running w9x.
AKMs just like the M16 are assault rifles. They are designed to be effective up to 300 metres and mostly for spraying.
They are not designed to shoot at long ranges, that's what battle rifles are for. If your numbers are right, then the AK is working "just as advertised".
CIM is a fine, object-oriented replacement for SNMP, is mature and has XML-based communications over HTTP.
So what?
I mean, what that moronic thing of replacing everything with this xml-over-http nonsense?
Everyone is crazy doing the same thing, except it is now all on tcp port 80. It is even impossible to apply any kind of policy without lots of application level analysis because every moron in the world is using HTTP to do everything.
SNMP is fine, and if the only thing that those people are trying to do is map SNMP OIDs using fancy representations over tcp/80, they are hardly doing any service to most network administrators out there (myself included).
It's like everyone is crazy. I hope they do not repeat that SOAP thing (which for every practical reason I've seen is just a fancy way of doing RPC)
What I don't understand is why those people don't notice they are hitting the accelerator. It happened a couple of times to me, but I know instantly when it happens just listening to the engine (especially if I'm pressing the clutch too, because in that case rpms go way up).
I mean, don't they hear the engine revving up, suspect something wrong and stop doing whatever caused that?
(You don't need to be too smart to think "I press the brakes and the engine accelerates, I must be doing something wrong", and get their foot off whatever they are stepping on)
Something interesting would be making them tell that human error story in court.
If they say "we meesed up, but we have 99.99% accuracy", enough people could testify saying that they received these takedown notices.
If that happens, using the estimate sent by the MPAA, and considering the number of witnesses, you could estimate how many notices have to be checked. (and that method is UNDERESTIMATING then, since some receivers would not show up).
If someone could prove that it is impossible to check that many notices in a reasonable period of time (say, dividing by all the manpower available in the MPAA, and getting a very large number), wouldn't it be proven that they lied to the court? (or at least are somehow evading taxes, because they have employees without paying their corresponding labor tax, or whatever they have to pay in their jurisdiction).
By the way, that number could be cranked up by adding some decoys, it doesn't matter whether they find decoys or the real thing, if they successfully send an unbelievable number of notices at some time, it should be enough.
I mean, you push the trash somehow (say, a cannon) backwards. The trash decelerates and deorbits, while the station gains speed, so you can keep it orbiting a little longer without having to push it with a rocket.
I'm probably missing something (such as the station being too massive for that to be effective), but maybe it would be worth analysing.
(Could work with things to be recovered, provided they use some sort recovery capsule with a heat shield)
I have a pilot IIIxe that uses AAA batteries and that is fine. Right now I'm carrying two sets of NiMH batteries, one in the palm and another in its pouch. Whenever the main ones are depleted, I put in the new pair and recharge the empty ones. That's great because you do not need to plug it in its base to recharge, and have no downtime because it's recharging. Provided that you have a good and organized swap-recharge cycle, I think using standard batteries is better. I could easily put some alkalines in there if for some reason have only depleted cells. After all, you can't get more standard that a couple of AAAs.
An internal rechargeable battery might be a good idea, if you can use it as an auxiliary (with the main batteries being replaceable), though.
What I'd like is a reader device. Something with a decent screen, lightweight, rugged, with a little memory good for storing a few books (like 8MB), a few buttons (pg-up/pg-down and similar), and barely enough processing power to display them.
I've been using my pilot IIIxe for that purpose, but it has such a small screen that it's evident it was not designed for that.
As far as a general purpose device, I'm just fine with my IIIxe. It cannot play mp3 or ogg, but I can get other devices to do that. Same thing with number crunching, it's a "satellite" system after all.
BTW, I'm 100% with the idea of modularization, why have 1 device that does everything plus the laundry, when you can have multiple little devices and wires/bluetooth/whatever?
I guess they had some extra rockets that they wanted to use. Check this project. It's been there for a couple of years. They must have seen a way of getting rid of them and getting some cash in the process.
Look like they've got something else to do with those SS-N-18.
At that time they(not Russians, Soviets) had unlimited resources to do whatever they wanted. They still didn't have good technologies.
What do you mean with "didn't have good technologies"? Is Soyuz a bad product? Was their space program lousy? You're talking about the same people that orbited the first satellite (granted, sputnik was crap compared to explorer), first human in orbit (and vostok was really good), and had more experience than anyone else. I think their program was quite successful.
>MIR itself was the best until ISS was orbited. And they sure had a lot of influence designing ISS.
Common, if it was the only space station you can't compare it with anything that did not exist.
However I could easily compare it with Salyut, Almaz or skylab stations. And compared to them, it was a leap forward. Modular design, to be build in stages. Don't you think these ideas had an impact on ISS?
>Those guys run progress unmanned craft to ISS, as they have been doing for years.
I don't see it as a big deal. They push Progress into orbit in vicinity of a space station and manoeuvre it to dock...
These are automated ships. No crew on them. Even assuming it is not a big deal, they run scheduled supply ships to ISS. That alone get a lot of know-how (oops, that docking foobar thing is having such or such problem, lesson to be learned, oops a progress ship crashed against MIR, BIG problem, then BIG lesson learned). Those little bits of know how add up fast.
Actually Shuttle-to-Mir docking station. Somebody had to design it and it was cheapier to do it in Russia. No problem.
No problem at all, but the system was already designed. And yes, they bought it because it was cheaper than designing a new one from scratch. However, do you think NASA would buy a cheap-and-crappy docking mechanism? They bought it because it was cheap and GOOD.
Now Russians do not have those resources and those facilities that Soviet Union had. They had thousands of scientists and engineers in those days. They still have some people around but it's 13 years since Soviet Union dissolved. And almost no money. They cut corners. They pride themselves on robust but cheap technologies.
And it's just fine. Cheap AND good, what else do you want?
I still think they have some aces under the sleeve, such as a project for using SLBM (yes, submarine ballistic missiles) for probing hurricanes or something like that. Sometimes I check rosaviakosmos.ru and get a suprise.
Why? The simple answer is because there is no earthly reason to capitalize any of these words. Actually, there never was.
Now, in Andrew Tanembaum's "Computer Networks, Third Edition" is an interesting part in chapter one that says:
(...) A collection of interconnected networks is called an internetwork or just internet.
(Here goes a paragraph explainin what a WAN is, snipped for brevity)
To avoid confusion, please note that the word "internet" will always be used in this book in a generic sense. In contrastm the Internet (note uppercase I) means a specific worldwide internet that is widely used to connect universities, government offices (....)
So there IS a reason to capitalize "Internet". Namely to indicate it is the internet we all know, instead of a minor internet somewhere else.
These two terms are also defined in RFC-1983 (Internet users' glossary), as defined in Tanembaum's book, with that distinction especially indicated. Sure, RFC-1983 is marked as "Informational", but it's still a RFC, and it shows a valid reason for the capitalization.
Clearly someone at Wired did not do the necesary research.
I think that the Russians generally use lower tech equipment because they lack the money, know-how, and facilities to build state of the art equipment, rather than a simpler is better philosophy.
Lack of money: I'm 100% with you.
Lack of facilities: Maybe. After all they have a big money problem. They used to have some damn good facilities, they just have little money for maintenance.
Lack of know how: Are you smoking crack? It's the RUSSIANS we're talking about. They've had space stations in orbit since the seventies. MIR itself was the best until ISS was orbited. And they sure had a lot of influence designing ISS.
Those guys run progress unmanned craft to ISS, as they have been doing for years. Have most endurance records and even the shuttle docking system was designed by russians(NASA bought it in the ninetees).
It may have been an anonymous coward, but he is 100% right. Soyuz is in fact a 1960's design that has been improved in small steps. It is in fact relatively low tech compared to a shuttle, yet it works. Hell, a perfectly good example is how the capsule orientates for reentry: It is just heavier on the bottom side. Check it out yourselves: http://en.wikipedia.org/wiki/Soyuz_5. You don't get much low tech that that, and it's definitely makes the capsule safer.
That's not multicasting. That's broadcasting to 255.255.255.255. In theory it would be addressed to every device in the net, however it is really used as a "local broadcast", because routers don't forward these kinds of requests.
If you wanted to do your DDOS attack, you would somehow need to get everyone on a multicast group, not an easy task (and certainly detectable).
TCP cannot multicast. It's impossible due to its connection oriented, two way properties.
IP can multicast, but it needs support from the network to do that. The problem with that is that the internet is not under one authority that can say "from today onwards, we do multicast in such and such way". There have been experiments with multicasting (mbone), but there are some things that cannot be solved easily (eg. how do you register as a multicast client, and (important part here) how do you make every router from source to destination know about it, and act accordingly (remember, those routers are NOT under the same authority). So, even when you could multicast with UDP/IP, some logistics problems make it very difficult to do it.
However, within an autonomous system (which IS under a single authority) you could multicast, provided there is support provided by the net, in fact, both standard routing protocols (OSPF and RIP) as well as NTP can, and have multicast groups assigned to them.
It's too bad, but that's how the real world is....
Slashdot Mirror
I found articles in The Register that refer to cases very similar to that theoretical one you're speaking of.
Someone was found with kiddie porn on his disk, but forensics analysis detected some trojan browser hijackers, so it could not be proven whether he downloaded it or not.
Article here
Same thing with a DoS attempt here
I don't thing mixing guns ant the Internet (where those guns will certainly get 0wn3d) is a good idea.
If you really want the thrill of "killing something online" (quick, somebody call the patent office), why not just get a good FPS (might even be a hunting FPS). Okay, you need a good bot, maybe a hybrid could be done (the real robot, real animals, but blanks instead of real ammo).
I followed the "Abu Ghraib" link and got lots of images. Whatever is happening it's local to the submitter.
Maybe it's the great firewall of the USA?
I'm writing from Argentina BTW.
If you have to rebuild society because something really bad has happened, you could simply get metal from derelict machinery. After all, those nuggets had to go somewhere, it's not like they went to a big nuclear reactor and were converted into hydrogen.
If you're just building a blacksmith shop just for kicks, you'll have to make some concessions. There are lots of things you won't be able to do in a modern society that you would do in a real collapse (say gathering some men, that copper or bronze, building a phalanx or a legion and conquering territory).
You're right about that need for labor. Even with basic metals, you'll need A LOT.
There is one argument for that correlation.
GWB won by a small margin. If the **AA (or anyone else) started to make a mess right before the elections, they might have generated anti-Bush sentiment ("With Dubya, Hollywood sues children. Horror!" or "That $#@$% wants to sue me, I'm not voting for him now"). Now that the election has passed, news like that are a lot less "disruptive" for the men in power.
It probably would have been the same with anyone else in power before the election, MPAA probably decided not to risk making a mess at that time, avoiding the anger of whomever they might affect.
RSA, SHA-1 and SHA-256 are not something to choose instead of AES, they are more like a complement to them. AES is a simmetrical cipher, while RSA is a public key one, while SHA-1 and SHA-256 are hash functions.
That upgrade you are talking about would make the board better suited to do things like IPsec on hardware, but if you have a serious problem with AES (as stated in the grandparent post), you would have no alternative other than dumping the boards.
A real alternative would have been the inclusion of another simmetrical cipher (like 3DES or IDEA).
PS: I know there is another reply next to this one, but I can't see it right now because slashdot is acting kind of weird right now. If this was redundant, sorry.
I remember reading on a site about the origins of Baikonur, and there were other aspect in the choice of the Kazakh desert.
Since Baikonur was planned to be an ICBM firing range (for testing new rockets), the soviets needed a clear path where some radio beacons would be installed to guide the rockets during its 8000km flight. They could have chosen to build the complex west of the caspian, but that would have prevented them from installing the radio guidance system properly (which ironically became obsolete when they started to use inertial systems).
Another aspect was soil composition, the soviet military though they could dig the soil as a flame deflector
There's an article about the origins of Baikonur here.
And how would you verify a signed executable, if you do not have a way of checking it before execution?
Anyone could create an executable file with code that "verifies" it is okay, then installs a backdoor.
Unless the system verifies the executables itself, that "security measure" is useless.
In fact, it is probably a liability because a text file might contain false data, whereas an executable file might contain false data and malicious code (and it's the same with with word-macro contents).
Oh, and before anyone starts mentioning MS' latest crypto scheme, remember that lots of machines are running w9x.
AKMs just like the M16 are assault rifles.
They are designed to be effective up to 300 metres and mostly for spraying.
They are not designed to shoot at long ranges, that's what battle rifles are for. If your numbers are right, then the AK is working "just as advertised".
Check this link for more details.
That's how an early version of netscape's ssl was broken.
Please mod the AC up a little bit.
So what?
I mean, what that moronic thing of replacing everything with this xml-over-http nonsense?
Everyone is crazy doing the same thing, except it is now all on tcp port 80. It is even impossible to apply any kind of policy without lots of application level analysis because every moron in the world is using HTTP to do everything.
SNMP is fine, and if the only thing that those people are trying to do is map SNMP OIDs using fancy representations over tcp/80, they are hardly doing any service to most network administrators out there (myself included).
It's like everyone is crazy. I hope they do not repeat that SOAP thing (which for every practical reason I've seen is just a fancy way of doing RPC)
What I don't understand is why those people don't notice they are hitting the accelerator.
It happened a couple of times to me, but I know instantly when it happens just listening to the engine (especially if I'm pressing the clutch too, because in that case rpms go way up).
I mean, don't they hear the engine revving up, suspect something wrong and stop doing whatever caused that?
(You don't need to be too smart to think "I press the brakes and the engine accelerates, I must be doing something wrong", and get their foot off whatever they are stepping on)
Something interesting would be making them tell that human error story in court.
If they say "we meesed up, but we have 99.99% accuracy", enough people could testify saying that they received these takedown notices.
If that happens, using the estimate sent by the MPAA, and considering the number of witnesses, you could estimate how many notices have to be checked. (and that method is UNDERESTIMATING then, since some receivers would not show up).
If someone could prove that it is impossible to check that many notices in a reasonable period of time (say, dividing by all the manpower available in the MPAA, and getting a very large number), wouldn't it be proven that they lied to the court?
(or at least are somehow evading taxes, because they have employees without paying their corresponding labor tax, or whatever they have to pay in their jurisdiction).
By the way, that number could be cranked up by adding some decoys, it doesn't matter whether they find decoys or the real thing, if they successfully send an unbelievable number of notices at some time, it should be enough.
Hey, that's not a bad idea.....
What about using the trash as reaction mass?
I mean, you push the trash somehow (say, a cannon) backwards. The trash decelerates and deorbits, while the station gains speed, so you can keep it orbiting a little longer without having to push it with a rocket.
I'm probably missing something (such as the station being too massive for that to be effective), but maybe it would be worth analysing.
(Could work with things to be recovered, provided they use some sort recovery capsule with a heat shield)
I have a pilot IIIxe that uses AAA batteries and that is fine. Right now I'm carrying two sets of NiMH batteries, one in the palm and another in its pouch. Whenever the main ones are depleted, I put in the new pair and recharge the empty ones. That's great because you do not need to plug it in its base to recharge, and have no downtime because it's recharging.
Provided that you have a good and organized swap-recharge cycle, I think using standard batteries is better. I could easily put some alkalines in there if for some reason have only depleted cells. After all, you can't get more standard that a couple of AAAs.
An internal rechargeable battery might be a good idea, if you can use it as an auxiliary (with the main batteries being replaceable), though.
What I'd like is a reader device. Something with a decent screen, lightweight, rugged, with a little memory good for storing a few books (like 8MB), a few buttons (pg-up/pg-down and similar), and barely enough processing power to display them.
I've been using my pilot IIIxe for that purpose, but it has such a small screen that it's evident it was not designed for that.
As far as a general purpose device, I'm just fine with my IIIxe. It cannot play mp3 or ogg, but I can get other devices to do that. Same thing with number crunching, it's a "satellite" system after all.
BTW, I'm 100% with the idea of modularization, why have 1 device that does everything plus the laundry, when you can have multiple little devices and wires/bluetooth/whatever?
I guess they had some extra rockets that they wanted to use. Check this project. It's been there for a couple of years. They must have seen a way of getting rid of them and getting some cash in the process.
Look like they've got something else to do with those SS-N-18.
What do you mean with "didn't have good technologies"? Is Soyuz a bad product? Was their space program lousy? You're talking about the same people that orbited the first satellite (granted, sputnik was crap compared to explorer), first human in orbit (and vostok was really good), and had more experience than anyone else. I think their program was quite successful.
However I could easily compare it with Salyut, Almaz or skylab stations. And compared to them, it was a leap forward. Modular design, to be build in stages. Don't you think these ideas had an impact on ISS?
These are automated ships. No crew on them. Even assuming it is not a big deal, they run scheduled supply ships to ISS. That alone get a lot of know-how (oops, that docking foobar thing is having such or such problem, lesson to be learned, oops a progress ship crashed against MIR, BIG problem, then BIG lesson learned). Those little bits of know how add up fast.
No problem at all, but the system was already designed. And yes, they bought it because it was cheaper than designing a new one from scratch. However, do you think NASA would buy a cheap-and-crappy docking mechanism? They bought it because it was cheap and GOOD.
And it's just fine. Cheap AND good, what else do you want?
Oh, sorry. I got it all wrong then.
I still think they have some aces under the sleeve, such as a project for using SLBM (yes, submarine ballistic missiles) for probing hurricanes or something like that. Sometimes I check rosaviakosmos.ru and get a suprise.
Now, in Andrew Tanembaum's "Computer Networks, Third Edition" is an interesting part in chapter one that says:
(...) A collection of interconnected networks is called an internetwork or just internet.
(Here goes a paragraph explainin what a WAN is, snipped for brevity)
To avoid confusion, please note that the word "internet" will always be used in this book in a generic sense. In contrastm the Internet (note uppercase I) means a specific worldwide internet that is widely used to connect universities, government offices (....)
So there IS a reason to capitalize "Internet". Namely to indicate it is the internet we all know, instead of a minor internet somewhere else.
These two terms are also defined in RFC-1983 (Internet users' glossary), as defined in Tanembaum's book, with that distinction especially indicated. Sure, RFC-1983 is marked as "Informational", but it's still a RFC, and it shows a valid reason for the capitalization.
Clearly someone at Wired did not do the necesary research.
Lack of money:
I'm 100% with you.
Lack of facilities:
Maybe. After all they have a big money problem. They used to have some damn good facilities, they just have little money for maintenance.
Lack of know how:
Are you smoking crack?
It's the RUSSIANS we're talking about. They've had space stations in orbit since the seventies.
MIR itself was the best until ISS was orbited. And they sure had a lot of influence designing ISS.
Those guys run progress unmanned craft to ISS, as they have been doing for years. Have most endurance records and even the shuttle docking system was designed by russians(NASA bought it in the ninetees).
I
Don't mod parent post down!
It may have been an anonymous coward, but he is 100% right. Soyuz is in fact a 1960's design that has been improved in small steps. It is in fact relatively low tech compared to a shuttle, yet it works. Hell, a perfectly good example is how the capsule orientates for reentry: It is just heavier on the bottom side. Check it out yourselves: http://en.wikipedia.org/wiki/Soyuz_5. You don't get much low tech that that, and it's definitely makes the capsule safer.
BZZZT WRONG!!!
You just haven't RTFA.
Check the "original" vulnerability in the secunia report.
http://bugzilla.mozilla.org/show_bug.cgi?id=24496
In the first message post there is a PoC that "steals" your master password with a similar trick, and it works ok in mozilla classic 1.2.1.
It is definitely NOT firefox specific.
The PoC:
http://bugzilla.mozilla.org/attachment.cgi?id=149
WARNING: It fscks up the keyboard controllability of mozilla.
That's not multicasting. That's broadcasting to 255.255.255.255. In theory it would be addressed to every device in the net, however it is really used as a "local broadcast", because routers don't forward these kinds of requests.
If you wanted to do your DDOS attack, you would somehow need to get everyone on a multicast group, not an easy task (and certainly detectable).
TCP cannot multicast. It's impossible due to its connection oriented, two way properties.
IP can multicast, but it needs support from the network to do that. The problem with that is that the internet is not under one authority that can say "from today onwards, we do multicast in such and such way". There have been experiments with multicasting (mbone), but there are some things that cannot be solved easily (eg. how do you register as a multicast client, and (important part here) how do you make every router from source to destination know about it, and act accordingly (remember, those routers are NOT under the same authority). So, even when you could multicast with UDP/IP, some logistics problems make it very difficult to do it.
However, within an autonomous system (which IS under a single authority) you could multicast, provided there is support provided by the net, in fact, both standard routing protocols (OSPF and RIP) as well as NTP can, and have multicast groups assigned to them.
It's too bad, but that's how the real world is....