In 2009 a consortium led by General Fusion was awarded C$13.9 million by Sustainable Development Technology Canada (SDTC) to conduct a four-year research project on "Acoustically Driven Magnetized Target Fusion"; SDTC is a foundation established by the Canadian government. The other members of the consortium are Los Alamos National Laboratory and Powertech Labs Inc.
I would hope LANL believes in the project. They're partners in it.
Actually I was responding to his specific question: "How can a vulnerability that Microsoft had patched a very long time ago (MS08-067) be called a zero-day?"
In response to your question, no, I don't define "zero-day" to mean "unpatched bug". I define it to mean "exploit found using unpatched bug in the wild on the day it is first reported to a security researcher (preferred), or else vendor (not ideal, as they have less incentive to disclose all important details)"
That said, if this is the work of well-funded terrorists, they are probably well funded enough to have access to the Windows source code. Yes, yes, Microsoft doesn't disclose the entire code base for their OS. The parts that were exploited (like the print spooler) are probably considered "not high enough risk" and so are disclosed to governments far and near.
In fact, the only guys playing catch-up seem to be the anti-virus writers.
I had the same experience. As the data collection evolved, I used the revision number (from the source tree) compiled into the code and embedded in each data file.
The boss wanted everything in XML, since that was extensible, but then went halfway because raw images don't encode well in XML. So we maintained the dataset in XML and binary.
But as a result, I was able to keep around all versions of the binary-to-xml converter in the current code base. With some unit tests, and some comments, it really helped explain ancient data.
Like you said: Microsoft took five weeks to prepare the Ormandy patch. During that time, they made no comment - there was no transparency into whether or not it would be fixed.
A local privilege escalation bug (so, what's the big deal? And it's been fixed for a while!) -- took two months to fix. Yawn.
We can review the public record to see that no less than Linus Torvalds worked on it. Not that that should matter, but there.
Oracle should not be let near any open source projects.
I'm just speculating, but Oracle's approach to open source is better than Microsoft's. Lesser of two evils?
As long as BTRFS is perceived as desirable, and as long as the crowds cheer its progress, Oracle won't kill the golden goose. I won't give away any ideas (I agree: Oracle is bad news) but I'm sure they will come up with ways of generating recurring revenue. Good luck! ()
I applaud Assange for taking a stand. I also like the reasonable tone you're taking.
The information Assange passed on hurts people who tried to help the U.S. Why should Assange be held responsible for U.S. Operational Security?
The U.S. received assistance from Afghanis. Did the U.S. fully explain to them what the risks were? Does the U.S. feel obligated to protect these Afghanis who stood up and offered information?
The U.S. lost control of sensitive information. But Bradley Manning has already been arrested. Does the U.S. think they can punish Assange, shut down Wikileaks, and somehow "own" information?
How could Assange be guilty if Afghanis get hurt? And when U.S. troops get hurt in military and/or covert operations, that is a way of taking a stand for the U.S. If their commanders can't adapt to rapidly changing intelligence situations (such as this leak), the commanders need to be replaced with men who understand the world we live in.
The operatives and troops in the field are doing their job, and above and beyond the call of duty. Why are their bosses panicking?
Sweet! I'll write an op-ed for the Washington Post in which I publish thousands of documents handed to me by an anonymous source...
If it's in the WaPo, they'd better be ready to handle the backlash. I just cancelled my subscription. (I know, like that's going to matter to them... But I voted.)
Can anyone point me to a good cost/watt chart over time? I would love to be able to see how prices have dropped over the past two decades. I keep hearing that solar has to drop in price... but have no baseline to judge our progress.
It depends on what you want: space solar panels are the most expensive multi-junction technology, but achieve the highest efficiency.
If you're a huge company, you can get really great deals because you purchase whole manufacturing runs. This is also why it's hard for an individual to buy direct from any manufacturer: all their production capacity is probably already bought up by large companies, so you get the "seconds," the panels that those resellers decide they would like to sell to you (at a price mark up, of course).
Here are some panel price charts, though they're not perfect:
But I should point out the bias on these sites: they're in the industry, not independent review sites. So they will be competing to drive your dollars to their products.
What I want to know is what mechanisms are causing their Gallium-Nitride junction to conduct more reverse current above 227 C.
They are currently projecting operating at 200 C for max efficiency but if it's as I suspect -- increased current flow with higher temperature -- then they can modify the doping mixture to get even higher temps and therefore higher efficiencies.
This would also boost the Carnot Cycle efficiency limit for the secondary heat exchanger that operates after the GaN primary power generation.
@Anonymous, Tom: I believe this may be a WebKit issue and not just Safari. While it is difficult to confirm now, I suspect this technique did in fact affect Chrome. Had some discussions with Google a while back surrounding this topic and recall them finding/fixing something, but I don't really get all the details straight. Will have to find an older Chrome version somewhere to confirm...
@Harryf: good find, that is vaguely similar and potentially offers a way to make this more efficient.
@klkl: it does, sorta, but getting it to work is more difficult than it should be. At least for me.:)
Would that have been before or after Eric Schmidt resigned Apple's board and they became sworn enemies? He didn't get mad because Steve started stalking him, did he?
Uh, let me just say that one more time... pulling the disk
Ok? It's not that he decided in a fit of insanity to yank out his existing machine, but move all the drives to a new controller. Yeah, the GGGP talked about replacing the controller.
But the GP was saying: if you haven't labelled the disk, you'll pull the wrong one while trying to hunt down the failed one.
Don't be too surprised. Microsoft is doing "change for change's sake" because they can't innovate.
Also, the marketing department insists that each new release has a huge list of "new features," but customers just want the same features. So the boss decides: I'll get both done by changing every feature just a little bit.
That "little bit" is the problem - it doesn't stay a little change.
Business does require a certain amount of trust, but it's amazing how money talks. For example, the conversation might go like this:
"Uh, I don't trust you but I want to search your botnet. Strictly for research purposes." "I'm trustworthy. I control such-and-such handle over at such-and-such forum. I'm going to post '(some message)' in 5 minutes -- that proves it. But my botnet is expensive. Can you pay?"
"Yeah, here's a paypal gift to prove I have funds." "Ok, I'm listening. What do you want?"
(And the negotiation goes on from there.)
This is an Apple-like vertical integration of services (but for botnets). The same guy who has "owned" the hardware offers "other services" on his "platform." I couldn't keep a straight face as I typed that.
Are you kidding? A determined user, willing to spend enough resources to learn how to defend themselves, can protect their Ubuntu laptop--regardless of the attacker.
Slashdot Mirror
I would hope LANL believes in the project. They're partners in it.
Actually I was responding to his specific question: "How can a vulnerability that Microsoft had patched a very long time ago (MS08-067) be called a zero-day?"
In response to your question, no, I don't define "zero-day" to mean "unpatched bug". I define it to mean "exploit found using unpatched bug in the wild on the day it is first reported to a security researcher (preferred), or else vendor (not ideal, as they have less incentive to disclose all important details)"
The exploits used unpatched bugs.
That said, if this is the work of well-funded terrorists, they are probably well funded enough to have access to the Windows source code. Yes, yes, Microsoft doesn't disclose the entire code base for their OS. The parts that were exploited (like the print spooler) are probably considered "not high enough risk" and so are disclosed to governments far and near.
In fact, the only guys playing catch-up seem to be the anti-virus writers.
I had the same experience. As the data collection evolved, I used the revision number (from the source tree) compiled into the code and embedded in each data file.
The boss wanted everything in XML, since that was extensible, but then went halfway because raw images don't encode well in XML. So we maintained the dataset in XML and binary.
But as a result, I was able to keep around all versions of the binary-to-xml converter in the current code base. With some unit tests, and some comments, it really helped explain ancient data.
I enjoyed reading your comment. Thanks.
That's a great idea.
The required ATmega device is so cheap, I'd just buy one of those if I ever needed it.
How long until psnews.com and github.com receive DMCA takedowns?
I didn't claim not to be biased. It's my opinion: "reality has a well known pro-linux bias." Deal with it.
I feel fine calling someone else out on their biases. It's especially fun when they rant about bias to support their bias.
tl;dr: I have an anti-bias-hater bias.
Whatever. He's calling Slashdot biased. Pot, meet kettle.
Like you said: Microsoft took five weeks to prepare the Ormandy patch. During that time, they made no comment - there was no transparency into whether or not it would be fixed.
A local privilege escalation bug (so, what's the big deal? And it's been fixed for a while!) -- took two months to fix. Yawn.
We can review the public record to see that no less than Linus Torvalds worked on it. Not that that should matter, but there.
But, judging by your comment history you (Arainach) are a Microsoft shill and probably an employee.
Your Comments in the Past Year:
Anti-GPL w/o mentioning Microsoft: 2
Pro-Microsoft arguments: 9
Pro-Microsoft information: 1
One rant about WA-520: 1
Admit it. You are biased, but not classy.
Oracle should not be let near any open source projects.
I'm just speculating, but Oracle's approach to open source is better than Microsoft's. Lesser of two evils?
As long as BTRFS is perceived as desirable, and as long as the crowds cheer its progress, Oracle won't kill the golden goose. I won't give away any ideas (I agree: Oracle is bad news) but I'm sure they will come up with ways of generating recurring revenue. Good luck! ()
dozens of Afghan informants, potential defectors and others who were cooperating with American and NATO troops.
Umm, it sounds exactly like what the GP said: "None of those US newspapers, none, mentions any numbers."
And no, "DOZENS!!!1!!!" is not mentioning a number.
I applaud Assange for taking a stand. I also like the reasonable tone you're taking.
The information Assange passed on hurts people who tried to help the U.S. Why should Assange be held responsible for U.S. Operational Security?
The U.S. received assistance from Afghanis. Did the U.S. fully explain to them what the risks were? Does the U.S. feel obligated to protect these Afghanis who stood up and offered information?
The U.S. lost control of sensitive information. But Bradley Manning has already been arrested. Does the U.S. think they can punish Assange, shut down Wikileaks, and somehow "own" information?
How could Assange be guilty if Afghanis get hurt? And when U.S. troops get hurt in military and/or covert operations, that is a way of taking a stand for the U.S. If their commanders can't adapt to rapidly changing intelligence situations (such as this leak), the commanders need to be replaced with men who understand the world we live in.
The operatives and troops in the field are doing their job, and above and beyond the call of duty. Why are their bosses panicking?
Sweet! I'll write an op-ed for the Washington Post in which I publish thousands of documents handed to me by an anonymous source...
If it's in the WaPo, they'd better be ready to handle the backlash. I just cancelled my subscription. (I know, like that's going to matter to them... But I voted.)
You consider "not quite as safe" == "safe" ?
Hey, reply to my post above. They're targetting 200 C for now. That's definitely doable on a rooftop, though not quite as safe as 100 C.
Can anyone point me to a good cost/watt chart over time? I would love to be able to see how prices have dropped over the past two decades. I keep hearing that solar has to drop in price... but have no baseline to judge our progress.
It depends on what you want: space solar panels are the most expensive multi-junction technology, but achieve the highest efficiency.
If you're a huge company, you can get really great deals because you purchase whole manufacturing runs. This is also why it's hard for an individual to buy direct from any manufacturer: all their production capacity is probably already bought up by large companies, so you get the "seconds," the panels that those resellers decide they would like to sell to you (at a price mark up, of course).
Here are some panel price charts, though they're not perfect:
http://www.solarbuzz.com/Moduleprices.htm
http://futurist.typepad.com/my_weblog/2007/08/solar-energy-co.html
But I should point out the bias on these sites: they're in the industry, not independent review sites. So they will be competing to drive your dollars to their products.
What I want to know is what mechanisms are causing their Gallium-Nitride junction to conduct more reverse current above 227 C.
They are currently projecting operating at 200 C for max efficiency but if it's as I suspect -- increased current flow with higher temperature -- then they can modify the doping mixture to get even higher temps and therefore higher efficiencies.
This would also boost the Carnot Cycle efficiency limit for the secondary heat exchanger that operates after the GaN primary power generation.
I'm reading from the slides.
Would that have been before or after Eric Schmidt resigned Apple's board and they became sworn enemies? He didn't get mad because Steve started stalking him, did he?
Oh well, I'll hit submit in Safari now...
If all you want to do is build it, you'll want this:
http://reflextor.com/trac/a51
It took me a minute of googling to find that. Hope it saves you some time. Note that their server is getting slashdotted right now.
Extra bonus points for linking through the Coral CDN (nyud.net). +1
Pulling the disk
Uh, let me just say that one more time... pulling the disk
Ok? It's not that he decided in a fit of insanity to yank out his existing machine, but move all the drives to a new controller. Yeah, the GGGP talked about replacing the controller.
But the GP was saying: if you haven't labelled the disk, you'll pull the wrong one while trying to hunt down the failed one.
At which point all kinds of bad happen.
Don't be too surprised. Microsoft is doing "change for change's sake" because they can't innovate.
Also, the marketing department insists that each new release has a huge list of "new features," but customers just want the same features. So the boss decides: I'll get both done by changing every feature just a little bit.
That "little bit" is the problem - it doesn't stay a little change.
The original article about Dell moving is from the Hindustan Times
It appears they are moving their computer assembly operations, but will still use the same suppliers (i.e. suppliers in China).
Business does require a certain amount of trust, but it's amazing how money talks. For example, the conversation might go like this:
"Uh, I don't trust you but I want to search your botnet. Strictly for research purposes."
"I'm trustworthy. I control such-and-such handle over at such-and-such forum. I'm going to post '(some message)' in 5 minutes -- that proves it. But my botnet is expensive. Can you pay?"
"Yeah, here's a paypal gift to prove I have funds."
"Ok, I'm listening. What do you want?"
(And the negotiation goes on from there.)
This is an Apple-like vertical integration of services (but for botnets). The same guy who has "owned" the hardware offers "other services" on his "platform." I couldn't keep a straight face as I typed that.
I don't really think this is a "stock exchange."
Who you calling kid-o? Give up the ad-hominem, I won't bite.
Got any sources to cite?
I didn't say "Linux is a solution to all security concerns," I pointed to a specific case study about specific security concerns. There are others.
ftfy
Are you kidding? A determined user, willing to spend enough resources to learn how to defend themselves, can protect their Ubuntu laptop--regardless of the attacker.
Source: http://dvlabs.tippingpoint.com/blog/2008/03/28/pwn-to-own-final-day-and-wrap-up