What do you mean "pieces of it hacked off"? While I've never designed a worm or really analyzed the source code, I'm sure that somebody has designed a modular component worm which can take the form of multiple attack vectors. Wern't there some cross-platform viruses a while back? In the previous/. article about honeypotting (look back a few days) there was talk about how phishers are utilizing more advanced systems to avoid detection. With encryption, archiving, polymorphism and a modular design with pluggable attacks from some system that is updated and always available, I'm sure that would be something that would be hard to crack at, since you could try detecting parts of it but due to the modularity it would be hard to delete. Sort of how a lot of low-laying spyware installs other spyware, so when you delete the mainstream spyware it comes back because the low-laying piece was there all along.
Over 5 million. 5 million persons that had their personal information compromised in some form in the year 2005 alone. The Privacy Rights Clearinghouse is going to have a field day with this on their website.
of all the people who are currently waiting in line to watch the movie. I will attempt to interview all 900,000 geeks who are currently destroying the edu link that was provided. Included commentary will have at least 20 "It's a trap" jokes, 12 "In Soviet Russia, line waits you", and 294,812 "all your bandwidth are belong to us" cracks.
to protect the records? How? Hell, outsourced specialization companies chosen by the government can rarely even keep things shut (ChoicePoint), how in the world can they expect to secure the system themselves? What ever happened to the ability to being anonymous? I just finished writing an analytical paper on the fight for Internet Privacy and this just boils me like none other. What worries me the most is that the article states "We take people's fingerprints because we think they might be guilty of something, not because they want to use the library". So now all library goers are guilty? I guess the modern American movement involves throwing out the jury, the judge, and the court itself, and just going straight to jail, do not pass go, do not collect $200.
RFID technology simply isn't robust, it hasn't been well developed enough. Certain clothes makers are noticing that throwing RFID tags through the wash just once will be enough to destroy a good percentage of them.
You need to be at a relatively close range to RFID to get a "solid" reading. Sadly a lot of people are under the assumption that you can basically just pull out a huge giganto RFID reading cannon and know what an entire house worths of data is. It isn't true, and RFID is frankly not really that robust of a technology yet. It would not surprise me in the least if a lot of these cards end up failing due to extremities that cause deformities in the RFID, rendering it completely useless. Me personally? I'm sticking to my card that I have to slide, not that it is necessarily any safer.
is this going to do us any good? Seriously, throw up any custom restricted webpage (.htaccess will do, though how can you crack around say 2048bit public/private key?) and the entire point is gone. What if the information is hidden within graphical text documents in such a form that you can't easily connect the pieces. This sounds too much like "A Beautiful Mind" and not like a real solution.
I don't see how you could make that argument, unless it was completely impossible to distribute among many computers (think: Computer prices go down, power goes up, thus with time the time to crack gets reduced more and more). I think a better term within the article would have been "really, really bloody hard to crack". I understand what he meant, but that doesn't mean Joe Schmo will.
but what the heck is Firefly? All these Slashvertisements lately and I don't even understand the product! Damn my cheap college funding! I can afford Cable TV or Cable Internet but not both!
Puh-leaze. While in a reasonable amount of time he is contextually correct, "uncrackable" indicates that there is no way of cracking the code, which isn't true. These things can all be brute forced, even though it might take a really, really long time to crack.
But that article seems to be sort of lacking. It seems rather short, has a few typos and errors, and doesn't really delve into anything technical about BitTorrent (admitted by the summary). Sure now the people who RTFA'd probably are a little more understanding of a certain syndrome, or are intrigued by the fact that somebody with the syndrome can achieve great things (the American Dream), but I really would have liked to see some deeper thought on the issues. Deeper sociological questions, perhaps more depth on the influence of the (lack of) college, or even his views on the future of any given tech sector or his other interests. I suppose that this all lies at the fault of the interviewer, and not the interviewee.
For just about every piece of technology I've always found that its always overhyped in some way (purely the fault of marketers). I wouldn't hold my breath over an announcement like this, while yes it may be very interesting and perhaps be a forward-moving technology for the industry, I have heard "this will make ___ cheaper, and is better" far too many times to start going "omg, now I must migrate everything over to it!".
Time always reveals the winners.
Somebody should come up with some standardized layout for/.'ers and other interested parties to submit a professional looking opinion quickly. Who is up to the challenge?
I've been personally seeing a lot of Gentoo boxes (specialized servers), but most people I know stick to Debian or Red Hat. I toyed a bit with Mandrake and wasn't very impressed with it, though it did look a bit purtier by default than the other distro's I tried. Interesting to see a good amount of XFCE showings though, I always thought very few people used that, and given that I don't see it default on any distro I am frankly very suprised.
It's nice to know that at least somebody there has some understanding of open source/Linux/alternatives. From most the FUD we keep seeing lately it makes me wonder if Microsoft would ever get a clue. Of course, this could just be some master plot by Bill to get us all thinking he is being understanding, before he ships us off to the Galapacos Islands and destroys us all with a ray gun.
If they were running heavily restricted SELinux on RedHat it wouldn't be surprising to witness a massive slowdown on certain applications, and will likely be infinitely more secure than a Windows box probably could ever be. Beyond that Apache can be very slow out of the box, on my hardened gentoo test system (please withhold funroll loops jokes) Apache2 with hardened PHP + MySQL I would be lucky to handle 2 requests a second happily, it was amazingly slow. I've yet to fully tune it but some even basic tuning was able to improve speeds dramatically. It wouldn't surprise me if similar techniques were used by this "benchmark".
It's all about power. Try buffer overflow in things like Python or Java. They don't exist in the same context (a VM can be vulnerable but these are few and far between, ie pyxmlrpc). Being able to directly access, manipulate, and hack at memory is a long standing pro to C/C++ and other low level languages. Without it, Kernels and other optimizations would be impossible. It's something that we "just have to live with", and should take into consideration when writing software.
Seriously, buffer overflows are not only simple attack vectors, there are multiple ways to deal with them (hardware and software). All the hardened distros I know of use something to prevent it (Active Bounds Checking, Stack Smashing). What people really need to be aware of are things like SQL injection attacks, Cross-Site Scripting attacks, social engineering, and people should also know how to configure their machine to limit data penetration once the user is inside (ACLs, Chroots, jails, etc). I suppose I can't be all that mad, since most people really don't understand attack vectors in the first place, let alone how any one vector works.
People who forgot their information? As it stands now you can still fly if you go through extra security measures, but what will happen in the future? Will they block you and wave goodbye? And what is to stop these cards from being faked anyways, even if there is a central database that will check all of these cards, injection attacks are still possible, and then of course there are malicious users. Furthermore, what about rejecting the bill, or preventing it from being attached? This article seems to be talking about "The end is neigh" as opposed to why it is near.
I don't particularly see what is so humorous. The government is consistently acting in its own best interest - it wants people to be secure enough to feel safe and not have issues that can be escalated to the government - but it also doesn't want people to be so secure that it can't break them if it is a matter of national security. Would you want Ossama Bin Laden calling you on the phone over the Internet going "Whaazzzup?" without the Government knowing? Corporate/Government Security and consumer privacy don't really tend to mix well either way. Personally I don't think any available communication mechanism is really secure - VoIP has too many vulnerabilities due to the fact that t can be packet-switched routed over the network - and current circuit-switched phone systems are vulnerable to severe social engineering attacks. I witnessed someone socially engineer his way through some phone service, use that to make a free phone call to some country in Latin America, use that contact to gain necessary information relevant to the continuation of social engineering, and then got stopped by the owner of the phone moments before the person confirmed the activation of every feature you can think of for free. Tapping into networks and enumerating other information is a very easy task, and the best way of dealing with these communication mechanisms is to not rely on them, nor to assume that they are or can be secure. Without that expectation you are less prone to be "surprised" by attacks.
I followed Bezos freshmen year for an research writing class since I was researching Tech Patent law. I can safely say that Bezos is just a pure PR whore when it comes to patents, his current patents have various issues and are very over-generalized. I've yet to fully read through this one but it appears no different. When he originally took heat he started a group to "revolutionize" the tech patent industry, where people who find prior art to bad patents would be rewarded. Of course he put up Amazons patents up for prize money, and when people started to come in with information as prior art, he claimed that they were "too different" and shut down completely. The contact information and phone number has been obsolete/cut off for years.
I don't see why any return vehicle should be specialized to be "stripped down", if anything goes up there it should be able to work independantly and be lived in if it was isolated. That sort of redundancy is really necessary up there, where if something goes wrong (think Apollo 13) the crew can manage to utilize another system to live and return safely.
Slashdot Mirror
What do you mean "pieces of it hacked off"? While I've never designed a worm or really analyzed the source code, I'm sure that somebody has designed a modular component worm which can take the form of multiple attack vectors. Wern't there some cross-platform viruses a while back? In the previous /. article about honeypotting (look back a few days) there was talk about how phishers are utilizing more advanced systems to avoid detection. With encryption, archiving, polymorphism and a modular design with pluggable attacks from some system that is updated and always available, I'm sure that would be something that would be hard to crack at, since you could try detecting parts of it but due to the modularity it would be hard to delete. Sort of how a lot of low-laying spyware installs other spyware, so when you delete the mainstream spyware it comes back because the low-laying piece was there all along.
That the RTFA'ers are upset that they are not on the A-List, since the site appears to be down.
Over 5 million. 5 million persons that had their personal information compromised in some form in the year 2005 alone. The Privacy Rights Clearinghouse is going to have a field day with this on their website.
of all the people who are currently waiting in line to watch the movie. I will attempt to interview all 900,000 geeks who are currently destroying the edu link that was provided. Included commentary will have at least 20 "It's a trap" jokes, 12 "In Soviet Russia, line waits you", and 294,812 "all your bandwidth are belong to us" cracks.
to protect the records? How? Hell, outsourced specialization companies chosen by the government can rarely even keep things shut (ChoicePoint), how in the world can they expect to secure the system themselves? What ever happened to the ability to being anonymous? I just finished writing an analytical paper on the fight for Internet Privacy and this just boils me like none other. What worries me the most is that the article states "We take people's fingerprints because we think they might be guilty of something, not because they want to use the library". So now all library goers are guilty? I guess the modern American movement involves throwing out the jury, the judge, and the court itself, and just going straight to jail, do not pass go, do not collect $200.
RFID technology simply isn't robust, it hasn't been well developed enough. Certain clothes makers are noticing that throwing RFID tags through the wash just once will be enough to destroy a good percentage of them.
You need to be at a relatively close range to RFID to get a "solid" reading. Sadly a lot of people are under the assumption that you can basically just pull out a huge giganto RFID reading cannon and know what an entire house worths of data is. It isn't true, and RFID is frankly not really that robust of a technology yet. It would not surprise me in the least if a lot of these cards end up failing due to extremities that cause deformities in the RFID, rendering it completely useless. Me personally? I'm sticking to my card that I have to slide, not that it is necessarily any safer.
is this going to do us any good? Seriously, throw up any custom restricted webpage (.htaccess will do, though how can you crack around say 2048bit public/private key?) and the entire point is gone. What if the information is hidden within graphical text documents in such a form that you can't easily connect the pieces. This sounds too much like "A Beautiful Mind" and not like a real solution.
I don't see how you could make that argument, unless it was completely impossible to distribute among many computers (think: Computer prices go down, power goes up, thus with time the time to crack gets reduced more and more). I think a better term within the article would have been "really, really bloody hard to crack". I understand what he meant, but that doesn't mean Joe Schmo will.
but what the heck is Firefly? All these Slashvertisements lately and I don't even understand the product! Damn my cheap college funding! I can afford Cable TV or Cable Internet but not both!
Puh-leaze. While in a reasonable amount of time he is contextually correct, "uncrackable" indicates that there is no way of cracking the code, which isn't true. These things can all be brute forced, even though it might take a really, really long time to crack.
But that article seems to be sort of lacking. It seems rather short, has a few typos and errors, and doesn't really delve into anything technical about BitTorrent (admitted by the summary). Sure now the people who RTFA'd probably are a little more understanding of a certain syndrome, or are intrigued by the fact that somebody with the syndrome can achieve great things (the American Dream), but I really would have liked to see some deeper thought on the issues. Deeper sociological questions, perhaps more depth on the influence of the (lack of) college, or even his views on the future of any given tech sector or his other interests. I suppose that this all lies at the fault of the interviewer, and not the interviewee.
For just about every piece of technology I've always found that its always overhyped in some way (purely the fault of marketers). I wouldn't hold my breath over an announcement like this, while yes it may be very interesting and perhaps be a forward-moving technology for the industry, I have heard "this will make ___ cheaper, and is better" far too many times to start going "omg, now I must migrate everything over to it!". Time always reveals the winners.
Somebody should come up with some standardized layout for /.'ers and other interested parties to submit a professional looking opinion quickly. Who is up to the challenge?
I've been personally seeing a lot of Gentoo boxes (specialized servers), but most people I know stick to Debian or Red Hat. I toyed a bit with Mandrake and wasn't very impressed with it, though it did look a bit purtier by default than the other distro's I tried. Interesting to see a good amount of XFCE showings though, I always thought very few people used that, and given that I don't see it default on any distro I am frankly very suprised.
It's a reference to Futurama, the episode where all robots are to be destroyed for 'polluting the planet'. And I thought /.ers were nerdy!
It's nice to know that at least somebody there has some understanding of open source/Linux/alternatives. From most the FUD we keep seeing lately it makes me wonder if Microsoft would ever get a clue. Of course, this could just be some master plot by Bill to get us all thinking he is being understanding, before he ships us off to the Galapacos Islands and destroys us all with a ray gun.
If they were running heavily restricted SELinux on RedHat it wouldn't be surprising to witness a massive slowdown on certain applications, and will likely be infinitely more secure than a Windows box probably could ever be. Beyond that Apache can be very slow out of the box, on my hardened gentoo test system (please withhold funroll loops jokes) Apache2 with hardened PHP + MySQL I would be lucky to handle 2 requests a second happily, it was amazingly slow. I've yet to fully tune it but some even basic tuning was able to improve speeds dramatically. It wouldn't surprise me if similar techniques were used by this "benchmark".
It's all about power. Try buffer overflow in things like Python or Java. They don't exist in the same context (a VM can be vulnerable but these are few and far between, ie pyxmlrpc). Being able to directly access, manipulate, and hack at memory is a long standing pro to C/C++ and other low level languages. Without it, Kernels and other optimizations would be impossible. It's something that we "just have to live with", and should take into consideration when writing software.
Seriously, buffer overflows are not only simple attack vectors, there are multiple ways to deal with them (hardware and software). All the hardened distros I know of use something to prevent it (Active Bounds Checking, Stack Smashing). What people really need to be aware of are things like SQL injection attacks, Cross-Site Scripting attacks, social engineering, and people should also know how to configure their machine to limit data penetration once the user is inside (ACLs, Chroots, jails, etc). I suppose I can't be all that mad, since most people really don't understand attack vectors in the first place, let alone how any one vector works.
People who forgot their information? As it stands now you can still fly if you go through extra security measures, but what will happen in the future? Will they block you and wave goodbye? And what is to stop these cards from being faked anyways, even if there is a central database that will check all of these cards, injection attacks are still possible, and then of course there are malicious users. Furthermore, what about rejecting the bill, or preventing it from being attached? This article seems to be talking about "The end is neigh" as opposed to why it is near.
I don't particularly see what is so humorous. The government is consistently acting in its own best interest - it wants people to be secure enough to feel safe and not have issues that can be escalated to the government - but it also doesn't want people to be so secure that it can't break them if it is a matter of national security. Would you want Ossama Bin Laden calling you on the phone over the Internet going "Whaazzzup?" without the Government knowing? Corporate/Government Security and consumer privacy don't really tend to mix well either way. Personally I don't think any available communication mechanism is really secure - VoIP has too many vulnerabilities due to the fact that t can be packet-switched routed over the network - and current circuit-switched phone systems are vulnerable to severe social engineering attacks. I witnessed someone socially engineer his way through some phone service, use that to make a free phone call to some country in Latin America, use that contact to gain necessary information relevant to the continuation of social engineering, and then got stopped by the owner of the phone moments before the person confirmed the activation of every feature you can think of for free. Tapping into networks and enumerating other information is a very easy task, and the best way of dealing with these communication mechanisms is to not rely on them, nor to assume that they are or can be secure. Without that expectation you are less prone to be "surprised" by attacks.
I followed Bezos freshmen year for an research writing class since I was researching Tech Patent law. I can safely say that Bezos is just a pure PR whore when it comes to patents, his current patents have various issues and are very over-generalized. I've yet to fully read through this one but it appears no different. When he originally took heat he started a group to "revolutionize" the tech patent industry, where people who find prior art to bad patents would be rewarded. Of course he put up Amazons patents up for prize money, and when people started to come in with information as prior art, he claimed that they were "too different" and shut down completely. The contact information and phone number has been obsolete/cut off for years.
I don't see why any return vehicle should be specialized to be "stripped down", if anything goes up there it should be able to work independantly and be lived in if it was isolated. That sort of redundancy is really necessary up there, where if something goes wrong (think Apollo 13) the crew can manage to utilize another system to live and return safely.
Will it run Longhorn?