Except we have governments actively trying to thwart the notion of privacy with calls like "think of the children" and the "war on terror". We've had data retention laws, illict wiretapping, internet traffic monitoring, etc. Do you honestly think that if someone comes up with a magic solution that the govt won't label it a security threat and somehow ban its use? Or automatically assume it's use involves illegal activities? We already see that with bittorrent.
Microsoft isn't too concerned about China, considering that the vast majority of Windows installations in China are pirated. China is also developing Red Linux and steering people away from Microsoft products, partly in the belief that the US Govt and/or MS have backdoors into the software. The Chinese would rather have control of the backdoors.
China has some of the best hackers - just ask our on Military how good they are. Given China's political dislike of Tibet, they'll just divert some of their guys to focus on whatever boutique OS Tibet decides to convert to. In the meantime Tibet will struggle with the usual pains of changing and learning a operating system.
My vote is to simply educate their users and make sure they understand safe practices and keep their OSs up to date. Poor practices and unpatches systems matter far more than what OS you use.
Or they could just approach MS. MS would gladly provide support for the bragging rights that the DA is using their OS.
To bad MS has figured out how to implement it consistently. ASLR in Linux is a novelty and usually not the default. Just like selinux is a joke. It's high maintenance and just having it installed doesn't protect anything unless you carefully and manually tweak it. Ever look and see what it actually protects when you enable it on RHEL? Damn near nothing. A carefully setup system with a proper selinux config might be good for a secure, single purpose internet facing server but it usually ends up getting disabled on a desktop computer.
I'd be very surprised to find a college or ISP that didn't monitor their network in this fashion. Looks like maybe they are keeping DHCP, transparent proxy, and network statistics. Plus they are doing intrusion detection and looking for malicious activity. The good news is that they are not keeping these records long term, but only for a reasonable amount of time. If they are having a problem or suspicious activity then they probably keep it longer. Face it, your internet activities are NOT anonymous no matter how much you'd like it pretend that it is.
I can see the argument that you could in theory back out the web surfing history of a particular mac address.
These are things any self-respecting network should be doing. The issue here is students not realizing that some monitoring and logging is done. I'm willing to bet that consent to monitoring is referenced in an agreement that the students signed, but that the details of the monitoring are not spelled out.
At my work, users sign agreements on acceptable use and consent to monitoring. I only dig into the logs if there is a problem, the IDS flagged something, or an accusation is made. Sometimes the logs prove innocence, btw.
No classified, but knowledge of who has clearance is still FOUO (or sometimes called Sensitive But Unclassified, or now called Controlled Unclassified Information). Release of such information to the public is still prohibited. So while technically you are not supposed to advertise having a current clearance, you can put on your resume that your are able to hold a clearance.
But as a lance, it's pretty ineffective. He's just got an oxy-bacon torch instead of an oxyacetylene torch. He's just eventually melting through the metal, or gets it hot enough for the excess oxygen to burn the metal. A true lance is throwing much hotter flame on the order of 7000-8000 degrees.
Actually you can cut steel with pure oxygen - its called a cutting torch. With a cutting torch the flame is only there to get the metal up to the ignition point, after which the metal itself burns in the stream of oxygen. Once you get a cutting torch going and a cut started, you can actually turn off the actylene and continue with just the oxygen jet going.
In the first video when you see the sparks flying, thats the metal buring in the oxygen rich flow.
No. Your first impulse should not be to scrub the obviously infected systems. Take them offline yes, but you need to thoroughly examine them to determine how they were compromised and asses what else might be in your network that you don't know about.
The article dorks up the notion of holography by associating it with 3-d holograms. The concept is that you don't need to know whats in the middle if you can draw a border around it and measure the surface of that border with sufficient resolution.
In "near field measurements" you are too close to the source to treat it as a simple point source, or a point source with directionality to its output. Normally you would have to be in the far field (at least several wavelengths of the frequency you're measuring or several times the physical size of the source) to be able to measure it using point receivers. Being in the near field you can't simply scale your measurement to farther distances using the normal spreading formula involving r^2 or r^3.
As an example, sticking a mic 4 inches away from a loudspeaker can't tell you what the sound level will be 100 feet away. Amusingly, the typical 1-meter you normally on stated SPL levels is too close for larger woofers.
Holographic measuring is the concept of putting an array of sensors in the near field surrounding the object and being able to extrapolate far field measurements. There are criteria for the number of required measurement points and spacing based on the distance and frequency you're trying to measure. From those measurements you can determine the far field measurements and make some calculations about whats inside the boundary. One technique is to take all those new measurements, amplitude and phase, and substitute those as individual point sources in calculating the far field sound levels.
Yeah, I mentioned that I forgot to account for efficiencies after that post. Most of the folks here still keep ignoring the simple fact that the power requirements are still very substantial. I wish more folks would do some of the basic math instead of hand waiving with "oh they'll just make super capacitors!"
Everyone keeps talking about these "super capacitors" like its a given. Super caps do exist, but they are hideously expensive for the amount of energy storage and the energy density is less than 1/10 of a decent battery. If they were a viable option for a power station, they'd be putting them in cars. So you're looking at possible standard batteries to serve as an intermediate storage, which also entails another 10% energy loss in the charging and discharging cycle of those batteries.
I just noticed I forgot to account for the maybe 30% efficiency of gas versus 85% electric engines. That makes the current numbers much lower but still borderline unreasonable.
There's no reason the existing liquid fuel distribution infrastructure can't transport biodiesel or butanol which is a drop in replacement for gas. Wholesale conversion to electric vehicles doesn't make sense if you have to pour a billions of dollars into the electrical energy infrastructure to support it. You end up using more oil in the longer run in that scenario.
I believe our primary goal should be energy independence, with the next goal as cleaner fuels and energy production methods. Just switching to a different energy carrier like batteries or hydrogen isn't making much progress towards either goal. Presently, plug-in vehicles just mean the burning coal or oil elsewhere. Hydrogen still has a huge number of problems like energy density, and the fact that we're making it by cracking nat gas and throwing away 20% of the energy - just burn the nat gas instead!
Not totally independent of torque, but close. The problem is that efficiency is highly dependent on torque. Low rpm, high torque is very inefficient, approaching zero at zero rpms. Hence the reason that most electric vehicles do in fact still have a tranny or cv.
Electric outlets might be in a lot of places, but wiring for high power is not as ubiquitous as you'd like to think. The US power grid is already stretched pretty thin and widespread adoption of plugin vehicles would necessitate major infrastructure upgrades. The average home or even parking lot is certainly not going to be wired to refill a vehicle in 30-minutes.
Lets throw in a little basic energy math to show exactly how bad the situation is, eh? A gallon of gas is about 125 MJ or about 35 kilowatts*hours of power. Charging at a rate of "1-gallon-gas/hour" equates to 35 kilowatts (about 30 hairdryers all running at once for the blonds out there). Thus to put in "2-gallons" worth of electricity in 30 minutes requires delivering 140 kilowatts, or 583 amps on a 240 volt circuit. For comparison, pumping 4 gallons/minute at the gas station is just over 8-megawatts.
Plug-in at home vehicles are pointless if there isn't enough power available at the homes and/or enough hours in the day to get a significant charge into the vehicle.
They're not as isolated as you would think or DOD would hope. They are still vulnerable to indirect denial of service attacks, and a few other *ahem* attacks involving user stupidity as you mentioned. Looking at other recent instances of damage to isolated networks gives you some examples. Viruses carried by thumb drives into an isolated nuclear powerplant network brought the system down. Circuits carrying your wan connections are vulnerable once they leave you facility regardless of encryption, and you've no real guarantee that Verizon won't be attacked and your Business wan circuits impacted.
Actually, some of it probably is classified. If a compromise or vulnerability involves a classified network, then any of the info would be classified. Even if its an unclassified internet connected system current vulnerabilities would be classified. Investigations of ongoing compromises could be classified simply because you don't want to tip your hand to the adversary that you even know he's there - you're just watching to figure out how they got there, their techniques, and what they're after.
A large portion of the lessons learned, recommended configurations, etc are freely available. Check the DISA or NSA sites, or google for DOD all-hands messages and directives.
5 U.S.C. 552(b)(1) says
"(b) This section does not apply to matters that are -
(1)(A) specifically authorized under criteria established by an
Executive order to be kept secret in the interest of national
defense or foreign policy and (B) are in fact properly classified
pursuant to such Executive order"
Guess what? It's pretty standard to have an executive order that prohibits releasing treaty negotiation documents. The denial does not mean that it was "classified" in the sense of it being confidential, secret, or top secret". FOI requests are routinely denied because the information is proprietary, personnelle, or sensitive.
I can see the rationale for this measure, although I tend to agree that it is ripe for abuse.
The reality is that the next major war will either be preceded by or consist entirely of cyber warfare. The average American is fairly ignorant of the constant stream of attacks and probes from foreign adversaries. So far the attacks mainly invading and stealing information. Those countries find it cheaper to steal technology rather than develop it themselves.
Most US companies and Government agencies don't even know how deeply the adversaries are entrenched in their systems. It's scary to know that MS released source code to China, who has probably used it to build quite an arsenal of zero-day exploits.
This has the potential to be very ugly. Imagine someone being able to take down the Wall Street trading computers or banking systems, thus creating a financial panic. How about knocking a few major power plants off line, triggering widespread power grid outages. How about bringing down miltary networks?
The range of damage that can be done to a country if you have access to the right computers systems is tremendous. With that in mind, the government wants to have the ability to step in and declared a "Cyber Martial Law" to stop an ongoing attack. The NSA also has a task to gather information on critical vulnerabilities in the private sector and help secure them.
It is debatable whether the the government already has these powers under FEMA and martial law regulations. I'd much rather see a specific bill on the topic that clearly delineates what authority the government has, the criteria required for invoking that power, and transparency of when that power is exercised.
I agree, 50 customers might translate to a single server. If the FBI really did take "millions of dollars" of equipment and the warrant allowed it, the collaterally affected folks should sue the JUDGE for issuing such a broad baseless warrant.
{Chapter 117, 18 U.S.C. 2422(b)} forbids the use of the United States Postal Service or other interstate or foreign means of communication, such as telephone calls or use of the internet, to persuade or entice a minor (defined as under 18 throughout chapter) to be involved in a criminal sexual act. The act has to be illegal under state or federal law to be charged with a crime under 2422(b), and can even be applied to situations where both parties reside within the same state but use an instant messenger program whose servers are located in another state.[5]
We can get an official day for something as pointless and nerdy as this, but I still can't get a day dedicated to straight white guys? We have National Black History Month, Latino something, womens something, but god forbid you want to recognize that the vast majority of significant accomplishments in this country were done by plain ole generic white guys. How about the national black prisoners day, celebrating violent crimes (oh wait, that's a minority group but they represent the majority of violent offenders in prison).
Would our elected representatives please stop masturbating on useless crap like this and get some real work done?
Great Point Energy has been unsuccessfully trying to drum up investors since 2005. Andrew Perlman is not a scientist, but is better described as an adventure capitalist. In venture capital, you don't actually have to have a technically sound idea. You just need to convince investors that you have some magic formula for creating a profitable business and they give you money. They still do not have a working prototype that shows a positive return on energy. They are only drawing up a proposal for a $100m plant for China. China has not committed to any funding.
Yeah, they have realized it was pointless to try to restrict encryption methods by calling them arms. Too difficult to control and nothing stopped people from developing equivalent stuff outside of the US.
Slashdot Mirror
Except we have governments actively trying to thwart the notion of privacy with calls like "think of the children" and the "war on terror". We've had data retention laws, illict wiretapping, internet traffic monitoring, etc. Do you honestly think that if someone comes up with a magic solution that the govt won't label it a security threat and somehow ban its use? Or automatically assume it's use involves illegal activities? We already see that with bittorrent.
Microsoft isn't too concerned about China, considering that the vast majority of Windows installations in China are pirated. China is also developing Red Linux and steering people away from Microsoft products, partly in the belief that the US Govt and/or MS have backdoors into the software. The Chinese would rather have control of the backdoors.
China has some of the best hackers - just ask our on Military how good they are. Given China's political dislike of Tibet, they'll just divert some of their guys to focus on whatever boutique OS Tibet decides to convert to. In the meantime Tibet will struggle with the usual pains of changing and learning a operating system.
My vote is to simply educate their users and make sure they understand safe practices and keep their OSs up to date. Poor practices and unpatches systems matter far more than what OS you use.
Or they could just approach MS. MS would gladly provide support for the bragging rights that the DA is using their OS.
To bad MS has figured out how to implement it consistently. ASLR in Linux is a novelty and usually not the default. Just like selinux is a joke. It's high maintenance and just having it installed doesn't protect anything unless you carefully and manually tweak it. Ever look and see what it actually protects when you enable it on RHEL? Damn near nothing. A carefully setup system with a proper selinux config might be good for a secure, single purpose internet facing server but it usually ends up getting disabled on a desktop computer.
I'd be very surprised to find a college or ISP that didn't monitor their network in this fashion. Looks like maybe they are keeping DHCP, transparent proxy, and network statistics. Plus they are doing intrusion detection and looking for malicious activity. The good news is that they are not keeping these records long term, but only for a reasonable amount of time. If they are having a problem or suspicious activity then they probably keep it longer. Face it, your internet activities are NOT anonymous no matter how much you'd like it pretend that it is.
I can see the argument that you could in theory back out the web surfing history of a particular mac address.
These are things any self-respecting network should be doing. The issue here is students not realizing that some monitoring and logging is done. I'm willing to bet that consent to monitoring is referenced in an agreement that the students signed, but that the details of the monitoring are not spelled out.
At my work, users sign agreements on acceptable use and consent to monitoring. I only dig into the logs if there is a problem, the IDS flagged something, or an accusation is made. Sometimes the logs prove innocence, btw.
Scary how we are quickly moving towards the society depicted in GATTACA.
No classified, but knowledge of who has clearance is still FOUO (or sometimes called Sensitive But Unclassified, or now called Controlled Unclassified Information). Release of such information to the public is still prohibited. So while technically you are not supposed to advertise having a current clearance, you can put on your resume that your are able to hold a clearance.
But as a lance, it's pretty ineffective. He's just got an oxy-bacon torch instead of an oxyacetylene torch. He's just eventually melting through the metal, or gets it hot enough for the excess oxygen to burn the metal. A true lance is throwing much hotter flame on the order of 7000-8000 degrees.
Actually you can cut steel with pure oxygen - its called a cutting torch. With a cutting torch the flame is only there to get the metal up to the ignition point, after which the metal itself burns in the stream of oxygen. Once you get a cutting torch going and a cut started, you can actually turn off the actylene and continue with just the oxygen jet going.
In the first video when you see the sparks flying, thats the metal buring in the oxygen rich flow.
No. Your first impulse should not be to scrub the obviously infected systems. Take them offline yes, but you need to thoroughly examine them to determine how they were compromised and asses what else might be in your network that you don't know about.
The article dorks up the notion of holography by associating it with 3-d holograms. The concept is that you don't need to know whats in the middle if you can draw a border around it and measure the surface of that border with sufficient resolution.
In "near field measurements" you are too close to the source to treat it as a simple point source, or a point source with directionality to its output. Normally you would have to be in the far field (at least several wavelengths of the frequency you're measuring or several times the physical size of the source) to be able to measure it using point receivers. Being in the near field you can't simply scale your measurement to farther distances using the normal spreading formula involving r^2 or r^3.
As an example, sticking a mic 4 inches away from a loudspeaker can't tell you what the sound level will be 100 feet away. Amusingly, the typical 1-meter you normally on stated SPL levels is too close for larger woofers.
Holographic measuring is the concept of putting an array of sensors in the near field surrounding the object and being able to extrapolate far field measurements. There are criteria for the number of required measurement points and spacing based on the distance and frequency you're trying to measure. From those measurements you can determine the far field measurements and make some calculations about whats inside the boundary. One technique is to take all those new measurements, amplitude and phase, and substitute those as individual point sources in calculating the far field sound levels.
Yeah, I mentioned that I forgot to account for efficiencies after that post. Most of the folks here still keep ignoring the simple fact that the power requirements are still very substantial. I wish more folks would do some of the basic math instead of hand waiving with "oh they'll just make super capacitors!"
Everyone keeps talking about these "super capacitors" like its a given. Super caps do exist, but they are hideously expensive for the amount of energy storage and the energy density is less than 1/10 of a decent battery. If they were a viable option for a power station, they'd be putting them in cars. So you're looking at possible standard batteries to serve as an intermediate storage, which also entails another 10% energy loss in the charging and discharging cycle of those batteries.
I just noticed I forgot to account for the maybe 30% efficiency of gas versus 85% electric engines. That makes the current numbers much lower but still borderline unreasonable.
There's no reason the existing liquid fuel distribution infrastructure can't transport biodiesel or butanol which is a drop in replacement for gas. Wholesale conversion to electric vehicles doesn't make sense if you have to pour a billions of dollars into the electrical energy infrastructure to support it. You end up using more oil in the longer run in that scenario.
I believe our primary goal should be energy independence, with the next goal as cleaner fuels and energy production methods. Just switching to a different energy carrier like batteries or hydrogen isn't making much progress towards either goal. Presently, plug-in vehicles just mean the burning coal or oil elsewhere. Hydrogen still has a huge number of problems like energy density, and the fact that we're making it by cracking nat gas and throwing away 20% of the energy - just burn the nat gas instead!
In fact, go look at the pictures at http://www.teslamotors.com/design/cockpit/gallery-cockpit.php and you'll see a stick shift with what looks like reverse, 1 and 2.
Not totally independent of torque, but close. The problem is that efficiency is highly dependent on torque. Low rpm, high torque is very inefficient, approaching zero at zero rpms. Hence the reason that most electric vehicles do in fact still have a tranny or cv.
Electric outlets might be in a lot of places, but wiring for high power is not as ubiquitous as you'd like to think. The US power grid is already stretched pretty thin and widespread adoption of plugin vehicles would necessitate major infrastructure upgrades. The average home or even parking lot is certainly not going to be wired to refill a vehicle in 30-minutes.
Lets throw in a little basic energy math to show exactly how bad the situation is, eh? A gallon of gas is about 125 MJ or about 35 kilowatts*hours of power. Charging at a rate of "1-gallon-gas/hour" equates to 35 kilowatts (about 30 hairdryers all running at once for the blonds out there). Thus to put in "2-gallons" worth of electricity in 30 minutes requires delivering 140 kilowatts, or 583 amps on a 240 volt circuit. For comparison, pumping 4 gallons/minute at the gas station is just over 8-megawatts.
Plug-in at home vehicles are pointless if there isn't enough power available at the homes and/or enough hours in the day to get a significant charge into the vehicle.
They're not as isolated as you would think or DOD would hope. They are still vulnerable to indirect denial of service attacks, and a few other *ahem* attacks involving user stupidity as you mentioned. Looking at other recent instances of damage to isolated networks gives you some examples. Viruses carried by thumb drives into an isolated nuclear powerplant network brought the system down. Circuits carrying your wan connections are vulnerable once they leave you facility regardless of encryption, and you've no real guarantee that Verizon won't be attacked and your Business wan circuits impacted.
Actually, some of it probably is classified. If a compromise or vulnerability involves a classified network, then any of the info would be classified. Even if its an unclassified internet connected system current vulnerabilities would be classified. Investigations of ongoing compromises could be classified simply because you don't want to tip your hand to the adversary that you even know he's there - you're just watching to figure out how they got there, their techniques, and what they're after.
A large portion of the lessons learned, recommended configurations, etc are freely available. Check the DISA or NSA sites, or google for DOD all-hands messages and directives.
5 U.S.C. 552(b)(1) says
"(b) This section does not apply to matters that are -
(1)(A) specifically authorized under criteria established by an
Executive order to be kept secret in the interest of national
defense or foreign policy and (B) are in fact properly classified
pursuant to such Executive order"
Guess what? It's pretty standard to have an executive order that prohibits releasing treaty negotiation documents. The denial does not mean that it was "classified" in the sense of it being confidential, secret, or top secret". FOI requests are routinely denied because the information is proprietary, personnelle, or sensitive.
I can see the rationale for this measure, although I tend to agree that it is ripe for abuse.
The reality is that the next major war will either be preceded by or consist entirely of cyber warfare. The average American is fairly ignorant of the constant stream of attacks and probes from foreign adversaries. So far the attacks mainly invading and stealing information. Those countries find it cheaper to steal technology rather than develop it themselves.
Most US companies and Government agencies don't even know how deeply the adversaries are entrenched in their systems. It's scary to know that MS released source code to China, who has probably used it to build quite an arsenal of zero-day exploits.
This has the potential to be very ugly. Imagine someone being able to take down the Wall Street trading computers or banking systems, thus creating a financial panic. How about knocking a few major power plants off line, triggering widespread power grid outages. How about bringing down miltary networks?
The range of damage that can be done to a country if you have access to the right computers systems is tremendous. With that in mind, the government wants to have the ability to step in and declared a "Cyber Martial Law" to stop an ongoing attack. The NSA also has a task to gather information on critical vulnerabilities in the private sector and help secure them.
It is debatable whether the the government already has these powers under FEMA and martial law regulations. I'd much rather see a specific bill on the topic that clearly delineates what authority the government has, the criteria required for invoking that power, and transparency of when that power is exercised.
I agree, 50 customers might translate to a single server. If the FBI really did take "millions of dollars" of equipment and the warrant allowed it, the collaterally affected folks should sue the JUDGE for issuing such a broad baseless warrant.
Doesn't matter if its illegal under federal law.
{Chapter 117, 18 U.S.C. 2422(b)} forbids the use of the United States Postal Service or other interstate or foreign means of communication, such as telephone calls or use of the internet, to persuade or entice a minor (defined as under 18 throughout chapter) to be involved in a criminal sexual act. The act has to be illegal under state or federal law to be charged with a crime under 2422(b), and can even be applied to situations where both parties reside within the same state but use an instant messenger program whose servers are located in another state.[5]
We can get an official day for something as pointless and nerdy as this, but I still can't get a day dedicated to straight white guys? We have National Black History Month, Latino something, womens something, but god forbid you want to recognize that the vast majority of significant accomplishments in this country were done by plain ole generic white guys. How about the national black prisoners day, celebrating violent crimes (oh wait, that's a minority group but they represent the majority of violent offenders in prison).
Would our elected representatives please stop masturbating on useless crap like this and get some real work done?
Great Point Energy has been unsuccessfully trying to drum up investors since 2005. Andrew Perlman is not a scientist, but is better described as an adventure capitalist. In venture capital, you don't actually have to have a technically sound idea. You just need to convince investors that you have some magic formula for creating a profitable business and they give you money. They still do not have a working prototype that shows a positive return on energy. They are only drawing up a proposal for a $100m plant for China. China has not committed to any funding.
Yeah, they have realized it was pointless to try to restrict encryption methods by calling them arms. Too difficult to control and nothing stopped people from developing equivalent stuff outside of the US.