Just before 2000-01-01, well maybe around 1999-06, my wife got a new credit card that expired after 2000-01-01. She rebooted a few gas pumps with that card:-)
I worked with an electrician who tested 440 with his hand. I test my high-voltage electric fence (to keep the dogs from digging up our new $100/tree privacy hedge) with my hand. The key is that the current is only across the hand. That is, ground your pinky or your thumb and flick the other end of your hand across the suspected hot terminal. Sure you get a jolt, but it's typically not dangerous, since the least resistance to ground isn't through an organ or something useful. Oh, if you're right handed, use your left.:-)
I've got one windows box, it's my company's work laptop (I work remote out of my home). I thought I was safe since I've got a NetBSD firewall and block pretty much everything coming in. but I also run a VPN to get into our work's Intranet. That's how I caught it...
If you type your password into some unknown workstation to log into your 'protected' machine with SSH then you instantly have zero security! A small dongle on the box will record all your keystrokes, or software hidden in the kernel or whatever. I trust my laptop plugged into someone else's network port, but I won't trust their computer. I guess if you server uses one-time-passwords (like secure-ID), you'd be OK.
No problem. That stuff is confusing as hell. I've been a NeXT/Mac guy forever, and got a Cobalt Qube2 awhile back. Put NetBSD on it and had to learn all about FDISK, the limit of 4 'real' partitions, extended partitions, the difference between fdisk's idea of partitions and the disklabel's idea of partitions. Lots of fun.
DOS partition, not DOS (FAT16/FAT32) _filesystem_. I _assume_ that the Secure ID system is just doing block ciphers on the disk blocks. So, it would just encrypt the blocks on disk making up the FDISK partition containing your (possibly multiple) ext2fs filesystems.
The best paranoid tech I've seen like this is where the additional encrypted filesystems are stored in the freespace of other partitions, and if you don't unlock all the partitions, then 'higher' level partitions are at risk when 'lower levels' write to their freespace. See, it's not good enough to have encyrption when they take you to court, you need to have deniabilty. You need to be able to deny even having the encrypted data. Perhaps if the Secure IDE controller were to wipe the encrypted partitions (with constant random rewrites until powered off) if it were ever powered on without the key, this would be safe. "Honest Judge, I'd love to give up the data, but that tool over there powered on my computer without the key and the data was all auto-shredded." I suppose you could have the bios fake a keyboard (or other, temporary) failure once or twice on power-up before wiping the data so that you didn't screwed if you forgot to put your key in once.
if you're using FDISK in DOS to setup the partitions, there's no reason you can't install Linux on top of the DOS partition. That's how they all are. Even on my Cobalt MIPS box, it's got a freaking DOS partition layout.
The real question is, if the Key is USB, does the OS need to mediate between the SecureIDE subsystem and the USB key, or does the BIOS do it below the OS?
There are a few problems with it though. The key is almost certainly copied off the USB key into local storage, rather than passing all data through the USB port for encryption (though with a dedicated USB2.0 port, that might be allright), and if you're getting sued and the court requires you to make the data accessible, saying you 'lost' the key is going to put you in jail.
This could be especially wrong if he's running things like a news server, and as more disk space is available, he up's the retention time. Archival storage of email (in a 1 file/message system, like Maildirs) would have the same problem.
-1, didn't read the article. The PDF is talking about a large solar install that uses mirrors to heat molten salt from 230C (!) to 650C (!!), store it in tanks, then as needed use the heat from the molten salt to flash water to steam to power a 'normal' generator. It's not something you could mount to your roof with any ease:-)
The idea was that they would get the cost efficiency down to $1/watt with 200 watt systems. Ie, if you wanted to be able to run your PC with a 200 watt P/S off solar, you'd need one of their 6'x9' units, and it would only cost you $200. The trouble I see with the units described in the Discover article were space efficiency (need a big roof, just to power my computers) and heat danger (oops, just ignited that pigeon that tried to land on my solar power unit, now I've got a flaming pigeon on my shake roof).
Well, if you meant 'boots of a CD' when you say 'diskless', I'd agree. If you mean 'boots off the network from a server' when you say diskless, then I'm less inclined:-)
Why not? If you can create a compiler which recognizes that it's compiling login and puts a backdoor in it, what's to keep you from putting an exploit into the bios? Certainly more difficult, but not impossible given the size of BIOS flash-ram these days.
Why in gods name would you want to boot off the CD for these applications. NetBoot is your friend here. Upgrades are simple to roll out (update dhcpd.conf), speed is faster with a decent 100MB switched network, fewer moving parts to fail, generate heat, and make noise.
But if the media conglomerates control the current Internet, what are the odds they'll allow your 'layered internet' to be carried on it? The only way to protect the traffic would be to disguise it as 'normal' requests for the media conglomerates slop for the masses...
Back from the honeymoon less than a month ago and you're already complaining about not getting laid? Wow, time to start thinking about getting anulled instead!
Something like this would be great for tracking stolen bicycles, for example. A WozNet tag in the down tube makes it impossible to fuck with, short of cutting apart the frame, thereby ruining it.
Yeah, except for the whole 'gps signals don't go through steel the thickness of a bicycle down tube thing'. Not to mention that the frame is probably the least of the reasons why your bike got stolen.
Slashdot Mirror
Just before 2000-01-01, well maybe around 1999-06, my wife got a new credit card that expired after 2000-01-01. She rebooted a few gas pumps with that card :-)
I worked with an electrician who tested 440 with his hand. I test my high-voltage electric fence (to keep the dogs from digging up our new $100/tree privacy hedge) with my hand. The key is that the current is only across the hand. That is, ground your pinky or your thumb and flick the other end of your hand across the suspected hot terminal. Sure you get a jolt, but it's typically not dangerous, since the least resistance to ground isn't through an organ or something useful. Oh, if you're right handed, use your left. :-)
I've got one windows box, it's my company's work laptop (I work remote out of my home). I thought I was safe since I've got a NetBSD firewall and block pretty much everything coming in. but I also run a VPN to get into our work's Intranet. That's how I caught it...
If you type your password into some unknown workstation to log into your 'protected' machine with SSH then you instantly have zero security! A small dongle on the box will record all your keystrokes, or software hidden in the kernel or whatever. I trust my laptop plugged into someone else's network port, but I won't trust their computer.
I guess if you server uses one-time-passwords (like secure-ID), you'd be OK.
If I plug my laptop into your network, and every packet I send out is encrypted on my laptop, how can your control of the network hurt me?
You need the wire to be shielded with a grounded shield sleeve. That will keep the 'broadcast' from reaching outside the wire.
At least they were unauthorized transmissions, not unauthorized emissions!
No problem. That stuff is confusing as hell. I've been a NeXT/Mac guy forever, and got a Cobalt Qube2 awhile back. Put NetBSD on it and had to learn all about FDISK, the limit of 4 'real' partitions, extended partitions, the difference between fdisk's idea of partitions and the disklabel's idea of partitions. Lots of fun.
DOS partition, not DOS (FAT16/FAT32) _filesystem_. I _assume_ that the Secure ID system is just doing block ciphers on the disk blocks. So, it would just encrypt the blocks on disk making up the FDISK partition containing your (possibly multiple) ext2fs filesystems.
Robert
The best paranoid tech I've seen like this is where the additional encrypted filesystems are stored in the freespace of other partitions, and if you don't unlock all the partitions, then 'higher' level partitions are at risk when 'lower levels' write to their freespace.
See, it's not good enough to have encyrption when they take you to court, you need to have deniabilty. You need to be able to deny even having the encrypted data.
Perhaps if the Secure IDE controller were to wipe the encrypted partitions (with constant random rewrites until powered off) if it were ever powered on without the key, this would be safe.
"Honest Judge, I'd love to give up the data, but that tool over there powered on my computer without the key and the data was all auto-shredded." I suppose you could have the bios fake a keyboard (or other, temporary) failure once or twice on power-up before wiping the data so that you didn't screwed if you forgot to put your key in once.
if you're using FDISK in DOS to setup the partitions, there's no reason you can't install Linux on top of the DOS partition. That's how they all are. Even on my Cobalt MIPS box, it's got a freaking DOS partition layout.
The real question is, if the Key is USB, does the OS need to mediate between the SecureIDE subsystem and the USB key, or does the BIOS do it below the OS?
There are a few problems with it though. The key is almost certainly copied off the USB key into local storage, rather than passing all data through the USB port for encryption (though with a dedicated USB2.0 port, that might be allright), and if you're getting sued and the court requires you to make the data accessible, saying you 'lost' the key is going to put you in jail.
This could be especially wrong if he's running things like a news server, and as more disk space is available, he up's the retention time. Archival storage of email (in a 1 file/message system, like Maildirs) would have the same problem.
-1, didn't read the article. The PDF is talking about a large solar install that uses mirrors to heat molten salt from 230C (!) to 650C (!!), store it in tanks, then as needed use the heat from the molten salt to flash water to steam to power a 'normal' generator. It's not something you could mount to your roof with any ease :-)
The idea was that they would get the cost efficiency down to $1/watt with 200 watt systems. Ie, if you wanted to be able to run your PC with a 200 watt P/S off solar, you'd need one of their 6'x9' units, and it would only cost you $200.
The trouble I see with the units described in the Discover article were space efficiency (need a big roof, just to power my computers) and heat danger (oops, just ignited that pigeon that tried to land on my solar power unit, now I've got a flaming pigeon on my shake roof).
Well, if you meant 'boots of a CD' when you say 'diskless', I'd agree. If you mean 'boots off the network from a server' when you say diskless, then I'm less inclined :-)
Why not? If you can create a compiler which recognizes that it's compiling login and puts a backdoor in it, what's to keep you from putting an exploit into the bios? Certainly more difficult, but not impossible given the size of BIOS flash-ram these days.
Why in gods name would you want to boot off the CD for these applications. NetBoot is your friend here. Upgrades are simple to roll out (update dhcpd.conf), speed is faster with a decent 100MB switched network, fewer moving parts to fail, generate heat, and make noise.
Um, steal it from the Vatican?
You're going to want to talk with Jim Gray of this article:
http://slashdot.org/article.pl?sid=03/0
Well, since Sony bought InterTrust, I doubt that Microsoft will have as much luck killing it off as IBM will with SCO...
But if the media conglomerates control the current Internet, what are the odds they'll allow your 'layered internet' to be carried on it? The only way to protect the traffic would be to disguise it as 'normal' requests for the media conglomerates slop for the masses...
Back from the honeymoon less than a month ago and you're already complaining about not getting laid? Wow, time to start thinking about getting anulled instead!
Learn to pee with the door open...
Something like this would be great for tracking stolen bicycles, for example. A WozNet tag in the down tube makes it impossible to fuck with, short of cutting apart the frame, thereby ruining it.
Yeah, except for the whole 'gps signals don't go through steel the thickness of a bicycle down tube thing'. Not to mention that the frame is probably the least of the reasons why your bike got stolen.
I think I'll leave mine at work!
:-)
(oh wait, I work from home now