Didn't the FBI recently get in trouble for hijacking OnStar in vehicles they were spying on? So obviously it is doable. Besides the easier solution is to mandate that ODB-III have remote shutdown abilities as well as radioing the cops when you're exceeding the speed limit. Why do vehicle computers even allow speeds in exess of 75 mph (the max legal speed in the US)?
Perhaps the little known Constitutional Amendment called "freedom from cruel and unusual punishment"? Somehow I don't think attempting to murder a fleeing suspect is an appropriate law enforcement response.
Once again, DOT regs require the car be controllable in the event of an engine failure. It might require more steering effort (mostly at slow speed - even drive a nonpower steering car?), more braking effort and distance to stop.
The brakes are not drive-by-wire. Under current DOT regs, the brakes must be mechanical. In addition to the normal hydraulics, the Prius has regenerative braking which is essentially running a generator off the driveline to recover some energy when braking - it is by no means essentil to stopping the car.
Yeah, it's another software package to manage - which means there is some cost involved with keeping it up to date. One goal of IT is to reduce redundant applications because redundancy implies waste. Another nitpick, but there is no way to centrally push Firefox patches yet.
Firefox is trying too hard to add new features that most users don't want or need. The average user want webpages to look the same as they do under IE - not always true. They want all websites to work - IE specific ones, including lots of online banking and webmail still don't right (yeah I know about the activex issues). We don't need RSS feeds, non rfc compliant Ping features, etc. We want a secure, compatible and stable browser. In that order too I think.
Firefox still has a crapload of annoying problems. Want an some examples? Under Windows, open multiple firefox windows or tabs and click on a download link. All the other windows and tabs are hung until the download starts. Can we say piss-poor threading? Firefox's attempt to cache everything into all available memory still makes it a fscking memory hog. My browser shouldn't be claiming 150-meg with one stinking window open. And don't tell me I need to go into the settings to fix this. That's no better than the MS Office bar preloading everything and sucking up too much memory. Some Flash content still causes Firefox to crash. Autoproxy config still doesn't work right and a corrupt proxy.pac file crashes Firefox. Patching is still a bit of a joke.
Do I need to go on? If Internet Explorer wasn't such a nightmare from a security standpoint, Firefox would have zero appeal for the average Windows user. It's still an unstable Beta product as far as I'm concerned.
Which also implies that the IT staff is willing to maintain two browsers company-wide. Best bet is to settle on one and be vigilant on keeping it patched. Given that Firefox is still not 100% compatible with some IE-only sites (especially IIS and OWA), it's natural for them to only support Internet Explorer.
It's a sound policy to only allow only specific software. It's the only way to ensure you know which apps are installed and which recently announced software vulnerabilities you need to roll out patches for. You don't want to get whacked because Joe-blo installed an older version of Acrobat from his personal copy and got his machine owned by a malicios pdf file. It's also the only way to ensure you're not setting yourself up for licencing lawsuits when Joe-smoe installs his copy of PhotoCreaterMax from home.
If you were setting up SSH tunnels, I'd get pissed off too. That's called a backdoor into the network from an outside untrusted computer. If I found you knowingly violated an established computer-use policy, I'd read you the riot act then I'd ask you to define your needs and see what could be arranged.
From my experience, it's the guys who know enough to be dangerous, but not enough to do it safely, that cause most of the security incidents. If you're in a larger environment, the IT guys can't easily distinguish between the idiots trying to bypass the proxy server to surf porn and the savvy users trying to get to an external system for real work. They are forced to treat everyone the same. Now if someone came to me ahead of time with a legitimate request that didn't pose an unacceptable risk, I probably would let you tunnel into your home system. I would ask you to prove you have acceptable firewalling and security on your home systems of course.
SSH is typically blocked because it is very easy to tunnel ports, either intentionally (bypassing proxy server) or unintentionally (for example, user didn't disable x-windows forwarding).
If you opt to test the outlet with an O-Scope, first find out if the ground pin on the cord is tied to the ground on the o-scope inputs and chassis! Most analog, corded models are and you run the risk of putting 120-volts on the chassis or shorting the outlet through the o-scope. More than a few amateur electronics techs have missed this feature and blew up an o-scope or shocked the hell out of themselves. Electronic techs often use isolation transformers to protect the equipment and themselves for this reason.
"The money spend on these things is nothing compared to the money spend on the Iraq war, or on defense in general"
According to NASA, the total cost of the original failed Genesis was $264 million. This one they claim was cheaper at $212 million. Even though it's only slightly less than $1.65 for every person in the US, it's still not an insignificant sum. The money would have been better spent on stem cell research. Oh wait we can't do that because the ignorant Religious Nazis think stem cell research is evil because it requires killing babies (ignore that entire stem cell lines can be created from naturally aborted babies).
You mean like being able to hit "escape" at the Windows98 logon screen instead of entering a username/password? No network access, but you have full access to the local machine and W98 used a trivially reversable methodto store users passwords (XOR'd with the number 7 as I recall).
Point taken. Still the ability to even set extended file system permissions is definitely a point in Microsofts favor. It's also one reason I hate running Samba - the users can't easily manage file permission. To make permission or share changes, you have to restart Samba!
With respect to malware, Linux has a diversity advantage. Windows implies a well know OS setup, layout, etc. Not so with scores of flavors of linux, bsd, etc. Aside from dealing with better security, malware authors would have to figure out how to deal with the variety of possible linux flavors and environments.
This also works in reverse as a disadvantage. Not having a consistent environment is an impediment to major software makers as it forces them to deal with the inconsistent implementations of linux.
BTW, I removed adware from a users computer last week that installed toolbars into Mozilla and Firefox.
I think you missed the point. If a user is dumb enough to run a script or downloaded executable, then that user can still fsck himself. Perhaps the user runs an innocent looking script that claims to clean up dupes in his mailfile and in reality it emails out his private ssh key? Or yeah, it could delete anything he has perms to.
A more robust filesystem permission structure ?!?!?!
One of the biggest downsides of *nix is the lack of granularity in file permissions. Unless you're want to deal with the nightmare of selinux, you're pretty much limited to user/group/world permissions. Windows on the other hand has very good granularity that lets you define exact permissions on a user basis. I know some filesystems are started to support extended permissions, but there is no consistency meaning software can't rely on having anything but user/group/world. Also note that windows uses unique SID strings between machines instead of non-unique numbers uid numbers (anyone say NFS hell?)
Yes, this is one of the rare times I will actually say Windows has a better security feature. Of course, users running as admin and not having those permissions locked down is another question entirely
Because most plants use induction heating (ie electromagnetic coils inducing eddy currents in the aluminum which causes heating). Far more reliable than burning fuels and you don't have to worry about combustion products, maintenance of burners etc. Cost/btu is higher, but the lower equipment and safety costs offset the cost.
Incidentally, a few years back when the electric costs spiked our local Al processing plant increased their profits by shutting down. They had a multi-year contract to buy a fixed quantity of power at a fixed price over 5 years with the electric company. When the price spiked, they sold the energy back to the electric company at a substantiate profit. They made more profit selling the eletricity back then they could have made by running the plant. Of course it didn't help that the union workers were threatening to strike at the time (they were complaining that their unskilled laborers made less than $20/hour).
Congratulations, you've discovered the major security hole in NFS - if the client name/ip is allowed to connect then NFS blindly trusts the UID presented by the client. This is still a major problem in *nix as people forget to disallow the root uid, which means anyone who controls a trusted box also now controls your box.
Microsoft has been willing to provide access to source code to foreign countries, why not the states? Personally I find it scary that MS gave China access to Windows 2000 source code a few years ago to prove that there were no backdoors. Gee, ya think the Chinese have found a few undiscovered ones by now?
Re:Sensationalist Journalism?
on
A Flu Pandemic?
·
· Score: 1
Re:Sensationalist Journalism?
on
A Flu Pandemic?
·
· Score: 1
Wrong. The CDC uses bogus statistics to make that claim (proabaly doesn't help that flu vaccine makers have trong political influence). The death certificate info collected and quoted by the CDC groups flu with all other respiratory problems, in particular pneumonia. Pneumonia is a common cause of death in flu victims, but pneumonia-only deaths account for 95% of the deaths in this category. The real number for flu-related deaths is estimated to be under 500 people/year, most are very young or elderly with weak immune systems.
You'd be surprised how easy it is to tap a fiber without interrupting service. You still need to strip the jacket and buffer, but once the core is exposed simply bending it will cause enough leakage to detect the data flow with an optical pickup placed against the core. There are commercial clip-on taps. You will introduce some attenuation, but most fiber equipment won't notice any attenutation unless the receive power gets too low. It would take a OTDR to find such a tap. http://www.blackhat.com/presentations/bh-federal-0 3/bh-fed-03-gross-up.pdf
Still much harder than copper, but not impossible.
> Audio is poor quality: only 8KHz 1 channel 8 bit sampling.
That's the same sampling size/rate as a standard telephone, which avoids any resampling issues if you need to hit the PTSN. Quality is far more affected by the codec used for compression. G711 has no compression and is essentially a regular analog phone call, G723 is lots of compression and poor quality (think crappy cell phone call).
The reality is that the Geneva Convention is outdated and geared towards a particular form of war that went away in WWII. Strict interpretations of the Convention outlaw some non-lethal means of aggression. For example, see the recent article on lasers to "dazzle" (lets just call it "temporarily blind" an assailant. Tasers are technically considered torture under the Convention. Temporary blinding or a good shock still sounds better than getting killed.
Besides, it's not like any of our current enemies honor (or even signed?) the Geneva Convention. It's a law handed down so we can try countries that don't play by our rules. Don't forget, the underhanded dishonorable terrorist tactics the US used against the Brits during the civil war.
Of course the US government thinks it's outdated because it legally prevents us from torturing prisoners, which ironically was one of the primary reasons the convention was authored and agreed upon. by "civilized" nations.
Slashdot Mirror
Didn't the FBI recently get in trouble for hijacking OnStar in vehicles they were spying on? So obviously it is doable. Besides the easier solution is to mandate that ODB-III have remote shutdown abilities as well as radioing the cops when you're exceeding the speed limit. Why do vehicle computers even allow speeds in exess of 75 mph (the max legal speed in the US)?
Perhaps the little known Constitutional Amendment called "freedom from cruel and unusual punishment"? Somehow I don't think attempting to murder a fleeing suspect is an appropriate law enforcement response.
Once again, DOT regs require the car be controllable in the event of an engine failure. It might require more steering effort (mostly at slow speed - even drive a nonpower steering car?), more braking effort and distance to stop.
The brakes are not drive-by-wire. Under current DOT regs, the brakes must be mechanical. In addition to the normal hydraulics, the Prius has regenerative braking which is essentially running a generator off the driveline to recover some energy when braking - it is by no means essentil to stopping the car.
But naturally the format on the CAC cards doesn't comply with the new standard, so you'll see the DOD reissuing all the CAC cards...
Yeah, it's another software package to manage - which means there is some cost involved with keeping it up to date. One goal of IT is to reduce redundant applications because redundancy implies waste. Another nitpick, but there is no way to centrally push Firefox patches yet.
Firefox is trying too hard to add new features that most users don't want or need. The average user want webpages to look the same as they do under IE - not always true. They want all websites to work - IE specific ones, including lots of online banking and webmail still don't right (yeah I know about the activex issues). We don't need RSS feeds, non rfc compliant Ping features, etc. We want a secure, compatible and stable browser. In that order too I think.
Firefox still has a crapload of annoying problems. Want an some examples? Under Windows, open multiple firefox windows or tabs and click on a download link. All the other windows and tabs are hung until the download starts. Can we say piss-poor threading? Firefox's attempt to cache everything into all available memory still makes it a fscking memory hog. My browser shouldn't be claiming 150-meg with one stinking window open. And don't tell me I need to go into the settings to fix this. That's no better than the MS Office bar preloading everything and sucking up too much memory. Some Flash content still causes Firefox to crash. Autoproxy config still doesn't work right and a corrupt proxy.pac file crashes Firefox. Patching is still a bit of a joke.
Do I need to go on? If Internet Explorer wasn't such a nightmare from a security standpoint, Firefox would have zero appeal for the average Windows user. It's still an unstable Beta product as far as I'm concerned.
Which also implies that the IT staff is willing to maintain two browsers company-wide. Best bet is to settle on one and be vigilant on keeping it patched. Given that Firefox is still not 100% compatible with some IE-only sites (especially IIS and OWA), it's natural for them to only support Internet Explorer.
It's a sound policy to only allow only specific software. It's the only way to ensure you know which apps are installed and which recently announced software vulnerabilities you need to roll out patches for. You don't want to get whacked because Joe-blo installed an older version of Acrobat from his personal copy and got his machine owned by a malicios pdf file. It's also the only way to ensure you're not setting yourself up for licencing lawsuits when Joe-smoe installs his copy of PhotoCreaterMax from home.
If you were setting up SSH tunnels, I'd get pissed off too. That's called a backdoor into the network from an outside untrusted computer. If I found you knowingly violated an established computer-use policy, I'd read you the riot act then I'd ask you to define your needs and see what could be arranged.
From my experience, it's the guys who know enough to be dangerous, but not enough to do it safely, that cause most of the security incidents. If you're in a larger environment, the IT guys can't easily distinguish between the idiots trying to bypass the proxy server to surf porn and the savvy users trying to get to an external system for real work. They are forced to treat everyone the same. Now if someone came to me ahead of time with a legitimate request that didn't pose an unacceptable risk, I probably would let you tunnel into your home system. I would ask you to prove you have acceptable firewalling and security on your home systems of course.
SSH is typically blocked because it is very easy to tunnel ports, either intentionally (bypassing proxy server) or unintentionally (for example, user didn't disable x-windows forwarding).
If you opt to test the outlet with an O-Scope, first find out if the ground pin on the cord is tied to the ground on the o-scope inputs and chassis! Most analog, corded models are and you run the risk of putting 120-volts on the chassis or shorting the outlet through the o-scope. More than a few amateur electronics techs have missed this feature and blew up an o-scope or shocked the hell out of themselves. Electronic techs often use isolation transformers to protect the equipment and themselves for this reason.
"The money spend on these things is nothing compared to the money spend on the Iraq war, or on defense in general"
According to NASA, the total cost of the original failed Genesis was $264 million. This one they claim was cheaper at $212 million. Even though it's only slightly less than $1.65 for every person in the US, it's still not an insignificant sum. The money would have been better spent on stem cell research. Oh wait we can't do that because the ignorant Religious Nazis think stem cell research is evil because it requires killing babies (ignore that entire stem cell lines can be created from naturally aborted babies).
You mean like being able to hit "escape" at the Windows98 logon screen instead of entering a username/password? No network access, but you have full access to the local machine and W98 used a trivially reversable methodto store users passwords (XOR'd with the number 7 as I recall).
Point taken. Still the ability to even set extended file system permissions is definitely a point in Microsofts favor. It's also one reason I hate running Samba - the users can't easily manage file permission. To make permission or share changes, you have to restart Samba!
With respect to malware, Linux has a diversity advantage. Windows implies a well know OS setup, layout, etc. Not so with scores of flavors of linux, bsd, etc. Aside from dealing with better security, malware authors would have to figure out how to deal with the variety of possible linux flavors and environments.
This also works in reverse as a disadvantage. Not having a consistent environment is an impediment to major software makers as it forces them to deal with the inconsistent implementations of linux.
BTW, I removed adware from a users computer last week that installed toolbars into Mozilla and Firefox.
I think you missed the point. If a user is dumb enough to run a script or downloaded executable, then that user can still fsck himself. Perhaps the user runs an innocent looking script that claims to clean up dupes in his mailfile and in reality it emails out his private ssh key? Or yeah, it could delete anything he has perms to.
A more robust filesystem permission structure ?!?!?!
One of the biggest downsides of *nix is the lack of granularity in file permissions. Unless you're want to deal with the nightmare of selinux, you're pretty much limited to user/group/world permissions. Windows on the other hand has very good granularity that lets you define exact permissions on a user basis. I know some filesystems are started to support extended permissions, but there is no consistency meaning software can't rely on having anything but user/group/world. Also note that windows uses unique SID strings between machines instead of non-unique numbers uid numbers (anyone say NFS hell?)
Yes, this is one of the rare times I will actually say Windows has a better security feature. Of course, users running as admin and not having those permissions locked down is another question entirely
Because most plants use induction heating (ie electromagnetic coils inducing eddy currents in the aluminum which causes heating). Far more reliable than burning fuels and you don't have to worry about combustion products, maintenance of burners etc. Cost/btu is higher, but the lower equipment and safety costs offset the cost.
Incidentally, a few years back when the electric costs spiked our local Al processing plant increased their profits by shutting down. They had a multi-year contract to buy a fixed quantity of power at a fixed price over 5 years with the electric company. When the price spiked, they sold the energy back to the electric company at a substantiate profit. They made more profit selling the eletricity back then they could have made by running the plant. Of course it didn't help that the union workers were threatening to strike at the time (they were complaining that their unskilled laborers made less than $20/hour).
Congratulations, you've discovered the major security hole in NFS - if the client name/ip is allowed to connect then NFS blindly trusts the UID presented by the client. This is still a major problem in *nix as people forget to disallow the root uid, which means anyone who controls a trusted box also now controls your box.
Microsoft has been willing to provide access to source code to foreign countries, why not the states? Personally I find it scary that MS gave China access to Windows 2000 source code a few years ago to prove that there were no backdoors. Gee, ya think the Chinese have found a few undiscovered ones by now?
Here's are the seriously inflated CDC statistics. They're claim 36,000/year
http://www.cdc.gov/flu/keyfacts.htm
Here are the actual numbers as reported by the American Lung Association (see page 9)0 4-8ADE-7F5D5E762256%7D/PI1.PDF
A few other articles, questioning those numbers:http://www.lungusa.org/atf/cf/%7B7A8D42C2-FCCA-46
http://www.newmediaexplorer.org/sepp/2005/04/29/i
http://www.mercola.com/2004/oct/30/flu_deaths.htm
Wrong. The CDC uses bogus statistics to make that claim (proabaly doesn't help that flu vaccine makers have trong political influence). The death certificate info collected and quoted by the CDC groups flu with all other respiratory problems, in particular pneumonia. Pneumonia is a common cause of death in flu victims, but pneumonia-only deaths account for 95% of the deaths in this category. The real number for flu-related deaths is estimated to be under 500 people/year, most are very young or elderly with weak immune systems.
You'd be surprised how easy it is to tap a fiber without interrupting service. You still need to strip the jacket and buffer, but once the core is exposed simply bending it will cause enough leakage to detect the data flow with an optical pickup placed against the core. There are commercial clip-on taps. You will introduce some attenuation, but most fiber equipment won't notice any attenutation unless the receive power gets too low. It would take a OTDR to find such a tap. http://www.blackhat.com/presentations/bh-federal-0 3/bh-fed-03-gross-up.pdf
Still much harder than copper, but not impossible.
> Audio is poor quality: only 8KHz 1 channel 8 bit sampling.
That's the same sampling size/rate as a standard telephone, which avoids any resampling issues if you need to hit the PTSN. Quality is far more affected by the codec used for compression. G711 has no compression and is essentially a regular analog phone call, G723 is lots of compression and poor quality (think crappy cell phone call).
The reality is that the Geneva Convention is outdated and geared towards a particular form of war that went away in WWII. Strict interpretations of the Convention outlaw some non-lethal means of aggression. For example, see the recent article on lasers to "dazzle" (lets just call it "temporarily blind" an assailant. Tasers are technically considered torture under the Convention. Temporary blinding or a good shock still sounds better than getting killed.
Besides, it's not like any of our current enemies honor (or even signed?) the Geneva Convention. It's a law handed down so we can try countries that don't play by our rules. Don't forget, the underhanded dishonorable terrorist tactics the US used against the Brits during the civil war.
Of course the US government thinks it's outdated because it legally prevents us from torturing prisoners, which ironically was one of the primary reasons the convention was authored and agreed upon. by "civilized" nations.