Isn't this just a modified (slightly powered rotor) auto-gyro? If that's the case, drop all the "helicopter" talk and call a duck a duck. It's an entirely different class of aircraft that preceded helicopter development.
Autogyros seem to be less complex the helos or conventional aircraft with pretty good performance. If they can just find a market for "can't hover, can fly very slow, faster overall than helicopters, but slower than traditional planes" they might be on to something.
Excellent points. From a data manipulation and presentation perspective, SVG has lots of potential. However, the people most concerned about the data are rarely the ones most concerned with the looks.
Adobe/Macromedia wants $$ from the folks concerned about the looks, so we get Flash's high penetration. That will continue unless there is a stream of moderate penetration applications for SVG (unlikely since the tools for SVG still need some lovin') or you get one smash hit app for SVG from someplace like Google labs. Google Maps seemed like a good place, but they went for "pretty good and now" versus "elegant and later."
Overall, very useful post.
You're right, root = compromised. Tools like this aren't good or bad by themselves, it's the user.
I could see this tool being modified to scoop data on already compromised systems, kind of like a virtual "smash & grab." It will be interesting to see how this gets incorporated into other methods & kits, good or bad.
RTFA..."The code is being released into the public domain free of license restrictions in any form. The initial proof of concept code has been written to NetBSD, but der Mouse expects the code to be easily portable to systems that allow hooks to be inserted into disk driver code. The code can be accessed via anonymous FTP at ftp.rodents.montreal.qc.ca:/mouse/livebackup/." So once again, how long before this becomes a hack, since it isn't a problem for netBSD but it will be for Windows.
Assuming you can get around bandwidth monitoring, how long before this becomes incorporated into hacking tools.
Add this to a little spyware and a zombie network and things get very interesting for poorly secured networks & computers.
This is the problem with insider lingo, it confuses a sometimes well educated public. Not defending/., but the term RFID has been coopted by the ISO 14443 group. Inside the industry, that's how the term RFID is used. An engineer without prior involvement would say, call a duck a duck, it's all RFID.
As a parent I understand being upset reading the AP report that says my kid gets the same tech as my beef. The point everyone misses is this technology is already here and widely deployed in business and government. Ever wave your ID badge to get through the door?
As the price keeps coming down on RFID/contactless smart cards it will trickle into schools. That can actually be a good thing if we get off/. and actually help schools write good policies on how this stuff should be deployed.
If you consider what they're coming from, almost anything is an improvement. In theory this might let them alleviate the "Little Orphan Annie Decoder Ring" ID schemes that are in place today. That "maze of a flow diagram! http://csrc.nist.gov/piv-project/PIV_model.pdf" actually is pretty clean considering they are attempting to add strong authentication to what previously would have been at least three IDs (logical, physical and payment) adding the dual headaches of biometrics and PKI. It's a tough job and no matter what/. says they will go through with it. I hope they get it right.
Things like this have been kicking around the federal government for years and this particular initiative dates to August when the President issued HSPD12, http://csrc.nist.gov/policies/Presidential-Directi ve-Hspd-12.html, basically saying IDs ought to be issued in a standard way. So much for the Washington Post scoop.
Flamebait aside, this has a good chance at increasing security, if done right. NIST is the right agency to handle this. It's not intended to be a centralized national ID, but a standard way of defining what IDs look and act like. Basically, a guard doesn't have to remember all the different agency and vendor ID cards no matter what door he gets transferred to.
Since every dorm has a kid that "can make it look real" verifying that ID is the key. Here's where the folks at NIST and the rest of the Feds really need to earn their pay. If you can't verify who issued the ID and how, it doesn't have much security. The Smart Card Alliance sponsored a good white paper on the "Chain of Trust" concept, http://www.smartcardalliance.org/alliance_activiti es/secure_id_systems_report.cfm
These IDs can't be issued by one entity so unless the effort includes a easy, fast and secure method to verify both the identity and how it was issued, they are just setting up a beauty contest between the forgers.
Slashdot Mirror
Isn't this just a modified (slightly powered rotor) auto-gyro? If that's the case, drop all the "helicopter" talk and call a duck a duck. It's an entirely different class of aircraft that preceded helicopter development. Autogyros seem to be less complex the helos or conventional aircraft with pretty good performance. If they can just find a market for "can't hover, can fly very slow, faster overall than helicopters, but slower than traditional planes" they might be on to something.
Brought to its knees already.
Excellent points. From a data manipulation and presentation perspective, SVG has lots of potential. However, the people most concerned about the data are rarely the ones most concerned with the looks. Adobe/Macromedia wants $$ from the folks concerned about the looks, so we get Flash's high penetration. That will continue unless there is a stream of moderate penetration applications for SVG (unlikely since the tools for SVG still need some lovin') or you get one smash hit app for SVG from someplace like Google labs. Google Maps seemed like a good place, but they went for "pretty good and now" versus "elegant and later." Overall, very useful post.
You're right, root = compromised. Tools like this aren't good or bad by themselves, it's the user. I could see this tool being modified to scoop data on already compromised systems, kind of like a virtual "smash & grab." It will be interesting to see how this gets incorporated into other methods & kits, good or bad.
RTFA..."The code is being released into the public domain free of license restrictions in any form. The initial proof of concept code has been written to NetBSD, but der Mouse expects the code to be easily portable to systems that allow hooks to be inserted into disk driver code. The code can be accessed via anonymous FTP at ftp.rodents.montreal.qc.ca:/mouse/livebackup/." So once again, how long before this becomes a hack, since it isn't a problem for netBSD but it will be for Windows.
Assuming you can get around bandwidth monitoring, how long before this becomes incorporated into hacking tools. Add this to a little spyware and a zombie network and things get very interesting for poorly secured networks & computers.
This is the problem with insider lingo, it confuses a sometimes well educated public. Not defending /., but the term RFID has been coopted by the ISO 14443 group. Inside the industry, that's how the term RFID is used. An engineer without prior involvement would say, call a duck a duck, it's all RFID.
As a parent I understand being upset reading the AP report that says my kid gets the same tech as my beef. The point everyone misses is this technology is already here and widely deployed in business and government. Ever wave your ID badge to get through the door? As the price keeps coming down on RFID/contactless smart cards it will trickle into schools. That can actually be a good thing if we get off /. and actually help schools write good policies on how this stuff should be deployed.
Sound's like you mean terminal services or something like Sun's Sunray Java thin client. Now an open source, web based OS would be a very cool thing.
If you consider what they're coming from, almost anything is an improvement. In theory this might let them alleviate the "Little Orphan Annie Decoder Ring" ID schemes that are in place today. That "maze of a flow diagram! http://csrc.nist.gov/piv-project/PIV_model.pdf" actually is pretty clean considering they are attempting to add strong authentication to what previously would have been at least three IDs (logical, physical and payment) adding the dual headaches of biometrics and PKI. It's a tough job and no matter what /. says they will go through with it. I hope they get it right.
Flamebait aside, this has a good chance at increasing security, if done right. NIST is the right agency to handle this. It's not intended to be a centralized national ID, but a standard way of defining what IDs look and act like. Basically, a guard doesn't have to remember all the different agency and vendor ID cards no matter what door he gets transferred to.
Since every dorm has a kid that "can make it look real" verifying that ID is the key. Here's where the folks at NIST and the rest of the Feds really need to earn their pay. If you can't verify who issued the ID and how, it doesn't have much security. The Smart Card Alliance sponsored a good white paper on the "Chain of Trust" concept, http://www.smartcardalliance.org/alliance_activiti es/secure_id_systems_report.cfm
These IDs can't be issued by one entity so unless the effort includes a easy, fast and secure method to verify both the identity and how it was issued, they are just setting up a beauty contest between the forgers.