Bear in mind that in terms of CO2 output per distance per weight giant cargo ships are very efficient. I think the article is talking about specific kinds of pollution.
That having been said I don't really think people generally have the self discipline or interest to purchase according to country of origin.
It's cheaper to get a single product from a Chinese to US port than to get it from that US port to the local Wal-mart (so the rumor goes),
Getting everything around by truck/train over land rather than sea would probably be worse for the pollution most damaging to us (in terms of amount, and the place it's released)
Also as I said about tariffs can be pretty sensitive, especially when they seem to bias against less developed countries (I'm not sure whether less developed countries produce these higher polluting ships, but even if they don't with margins often so thin imposing tariffs wouldn't go down well with anyone).
Like learning how much water vapor greenhouse gas a single shuttle launch puts out in terms of solar forcing (as compared to a city car), I think you need to look at the bigger picture and assess the damage before jumping to economic controls on a cornerstone of the global economy like cargo shipping.
I imagine they'd have to be some pretty steep tariffs to make cleaning up 50 million cars worth of pollution economical, and I'm skeptical that air pollution is really a big issue for cargo ships in the ocean (as another poster pointed out).
Also those tariffs will inevitably get passed onto the cost of imports/exports in general. When China and the US make such a big deal about tariffs on chicken feet and tires I imagine tariffs based on ship quality wouldn't go over very well.
I read in an MIT tech review article that it's largely about the risk involved (in terms of cost, of course, not safety): If you have a carbon tax nuclear looks pretty competitive, if that's deemed unlikely then it isn't.
The differences aren't really that large between the commonly proposed forms of energy, but when a single nuclear plant is so expensive that makes it a lot less likely than a tiny wind farm/solar plant, even when they're quite a bit more expensive in terms of cost per unit of power.
Plus the recent discovery of vast amounts more natural gas (via an extraction technique that only recently became viable) has provided an alternative to coal which emits less carbon, so it actually becomes the best choice for realistically cutting emissions according to an MIT study (in the US, at least).
Because it's an algorithm for deciding which, out of a set of processes, should get to go next; one of the simplest core features of an OS.
Because it's easy to optimize a complex, but general purpose, algorithm for a specific case.
Because few enough people will use it in a large variety of real-world applications that you can act like it is a big step forward, and not worry about standing up to scrutiny or whether it is far worse for a small percentage of applications.
Because there's no need to learn any new internal APIs / work to retain compatibility with applications / deal with low-level new hardware details / interact with other subsystems and people.
Because it's so much more glamorous than the practical stuff.
I have no problem with people spending their time doing whatever they enjoy, but I'm far more impessed with the guy who happens to own a Logitech MX1100 mouse but wanted to use all its extra buttons on Linux, and figured out how to make that happen: With the patience to navigate the bureaucracy to submit it; while observing best-practices, and working with other projects; and with the selflessness to also make it easy (both to use and extend to similar models).
That guy's unsung efforts will benefit other Linux users much more, and have a much greater chance of being full-time part of Linux, than trying to replace a stable kernel system (which has to satisfy countless varied environments), just so that your desktop task-switching / background-task performance can be negligibly improved.
That's my take anyway; I'd sure like to see more kudos given to the people who make more tangible contributions, but I realize there is an aesthetic quality / placebo effect that comes with these sorts of changes that lots of people appreciate.
As well as the questions you pose, I'd argue there are other pressing political questions too - through which route did Iran acquire Western equipment for Uranium enrichment when there is supposed to be an embargo on such things? Is someone or some firm covertly supplying in contravention of the embargo?
There's a fascinating BBC documentary on this and other nuclear tech leaks called "Nuclear Secrets". It was mainly a guy called Khan, who previously worked for a European centrifuge firm, stole their designs and sold them to North Korea, Iran, and tried to sell to Libya (as well as developing Pakistan's program).
Unfortunately these days the tech isn't really a secret, the and embargoes can only go so far (especially when there are legitimate uses for some of these technologies).
Of the targeted frequency converters more of them were manufactured by an Iranian company than by a Finnish company.
No doubt there was a lot of theft and whatnot involved, and I wouldn't be surprised if they take a while to get it everything running at full capacity (especially with drawbacks like these), but I think it's telling that sanctions are no longer specifically targeting enrichment equipment but bank accounts, Iranian airplane fueling agreements, students studying abroad, etc, since trying to keep them from getting enrichment equipment is a losing battle.
When EVERYTHING is controlled bu computers, the people who control the computers will control the world.
When everything is controlled by chestnuts the people who control the chestnuts will control the world.
But what if the chestnuts start controlling the people who are controlling the chestnuts? What then?
"economic wars by China over a prisoner taken by Japan from a disputed island, etc"
If you mean Senkaku, they are firmly in Japanese control China can dispute it all they want, but they don't own the islands in any sense.
I didn't say they owned the islands in any sense, I said they are disputed.
I do not think for one second that China is capable of something so robust and intricate.
That leaves pretty much the US or Russia. As Russia is the hacker capital of the world, I would put my money on them. Even the US government is too bumbling to ever get something like this right.
Yes the Chinese aren't robust or intricate, and the US is bumbling, but don't Russians drink vodka?
And the UK are too gentlemanly, and Africans don't have computers, so that's them out of the equation.
Damn, who in this world of stereotypes and ignorance could have done it?
You didn't answer my question/point. If the Iranians already know about it why would they care if the public know about it?
You seem to have answered why they would care that the Iranians know about it, but of course the Iranians are going to become aware of an attack on their systems eventually. So given that Iranians will know about it why would the attackers care if the general public also knows?
It contains code written in Visual Studio 2005 and 2008, compiled long times apart.
It required the theft of two digital certificates from offices of electronics manufacturers in Korea.
It would have needed a lot of expertise on a very particular type of industrial controller.
It is found most widely in Iran, and has countdown timer to reduce the spread of infected machines, so was probably launched there (and I can't imagine it's easy to hop over on a plane from Israel to drop off a bunch of infected thumbdrives in Iranian offices)
On the other hand the project name was apparently "myrtus", an east-Mediterranean flower, and a hard-coded value for the disable-flag was the date of an atrocity Iranians perpetrated against some Jews (I can't remember the details off-hand, but it's all in Symantec's fascinating report)
It's all totally speculative of course, and probably the least technically interesting thing about this worm is the question of the author. But even besides that the effort and diverse skillsets that must have gone into this thing I feel somehow diminishes the importance of asking "was it country A or B?"
If you think the only question left is was it Yanks or Jews here's a couple that I would raise:
Is there a lesson here about putting too much faith in signed drivers? How about asking what SCADA systems closer to home might be vulnerable? If this thing hadn't been so picky about which controllers it altered what could it have done?
Seriously though from a technical standpoint it is fascinating, but it is heart wrenching to come to slashdot and just see "hmm I think Botswana did it!! they use coal and see nuclear as a threat" "no no no it was yugoslavian seperatists!!"
Yeah; a bunch of software developers and reverse engineers working in an office on a worm for a few months, then they launch it (probably by scattering a few USB dongles around or something), it spreads to Iran and reduces their enrichment capacity before they start slowly clearing up the mess, allowing another year of tedious negotiations in the UN. It'll be huge.
I would not rule out Russia or China. Both have no interest in a strong Iran but every interest in an Iran that appears strong, since this ties and diverts US and Israeli attention and resources. It also sets a "benchmark" of aggression; as long as esp. China is less of a threat that Iran it can get away with quite a lot, barely noticed. A perceived Iranian nuclear threat can then also serve as justification for building missile defense systems and implementing other military measures that would previously have set off tensions with the Western nuclear powers.
A simple case of cui bono?.
Ugh.. This assumes that
Intelligence agencies will ignore other superpowers because they are distracted by Iran,
That continuing to enrich uranium is somehow more aggressive than ships sunk by North Korea, hostages taken by Somalian pirates, economic wars by China over a prisoner taken by Japan from a disputed island, etc, etc, etc
That Russia or China are smart enough to set this intricate double-trap just so that they can raise the "benchmark of aggression" but that other powers aren't smart enough to just continue to monitor other powers as always,
That China and Russia are secretly using Iran as a reason to build controversial missile defense systems when until recently that's exactly what the US was going do openly,
And that by launching this attack they are somehow keeping Iran weak while it still looks strong, when Iran's enrichment facilities are the subject of such intense scrutiny that when the attack occurred the "weakening" of Iran was apparent long before anyone in the public even knew of the attack
I am just at a loss.. It really is like each response after the next is competing to think of a more convoluted, absurd way that someone you don't suspect could be involved in it.
I fully expect to scroll down and see some justification for why it's internal industrial sabotage of one Siemens subdivision versus another, or Iran launching it against themselves to get international sympathy.
[Hypothetical Russian Contractor]:"Well, this styrofoam someone threw in the reactor 3 months before launch is nasty stuff, and will cost a lot of your precious Iranian dollars to fix. (Thank goodness we thought of that before we wrote the most complex worm ever written. With the Iranian maintenance and repair fees Russia can finally conquer the world!)"
Uranium enriched to levels needed for use in power-plants is really cheap (much cheaper than coal per unit of energy it contains, it's just the nuclear plant that's very expensive).
And it's not like Stuxnet was ever going to make Iran give up on enriching uranium and decide to buy from Russia anyway.
1) You can't write a virus that will spread only along the specific route that leads to a target, and even if you could that doesn't guarantee it wouldn't get noticed.
2) You can't write a virus that targets so many industrial systems that the one you're really targeting gets lost among the others, for economical, ethical and practical reasons.
3) Why would they care about the public finding out? They were very careful to make sure it wasn't found for as long as possible, but once the Iranians know about it why would they care who else knows about it?
get-help [cmdlet] is the equivalent. get-help [cmdlet] -detailed for more info, and get-help [cmdlet] -examples for examples. It also works with wildcards e.g. get-help *find*
If you're interested in what is getting piped out, rather than this or that command (because what gets returned usually isn't text), then you pipe it to get-member, and it'll give you the properties, methods etc of whatever is in the stream.
If you think it's hidden and want access to it you can use regedit, or better yet use powershell, and you can navigate the registry like a filesystem:
> ls -Recurse HKLM:\SOFTWARE\Microsoft | where { $_ -match 'Explorer' }
WTF is this? It seems to spit out an endless tirade of incomprehensible and meaningless shit. For instance:
It's a registry entry called "FontSmoothing", with 0 sub-entries and 10 keys (Type, Text, SPIActionGet, etc).
If you want more info about what PowerShell is returning you pipe the output to get-member, and it'll tell you what properties and methods are available. For example you could add and alter the set of keys returned, or add another where clause to limit your selection to a set of keys you're interested in.
Because it's structured and has a limited number of types you don't need to worry about the various locations or the structure of config files, and can alter and manipulate the returned output.
How is this in any way navigating "the registry like a filesystem?"
Because you navigate the filesystem in a similar way when using powershell, using ls on a registry entry like you would use it on a directory. It really shouldn't be too hard to see the similarity.
I can ls -R/etc | xargs cat and get a completely different pile of incomprehensible shit out of a Linux box, but at least it resembles English.
But neither seem to have any particular use.
If you can't think of a use for it okay, but that doesn't mean it isn't useful.
(By the way that PowerShell is more equivalent to find/etc/Microsoft | ( where read f; do grep -q "Explorer" $f && echo $f; done ))
Feh. If you were making a point, I've missed it. Sorry.
You said the registry was hidden on the hard drive and not accessible to normal users. My point was that it isn't hidden and is accessible. HTH
I do? The security model makes sense, you have coarse-grained user oriented controls (like UNIX has) and also fine-grained NTLM permissions. Kind of like a file system for keeping small pieces of data.
As does anyone trying to fully uninstall an uncooperative program. Things can stay hidden there essentially forever.
How is that exclusive to the registry? You can at least search through it all pretty easily. If a program doesn't want to be uninstalled there are better ways to stick around than using the registry.
Besides, it's a bunch of settings that is completely unorganized, does not exist as a single file anywhere on the hard drive, and is essentially hidden from normal users. It should be hated on principle.
It's in C:\Windows\System32\config\.. Yes it is hidden from normal users, because it should be. If it's unorganized that's down to the applications which use it (like the filesystem itself). For the most part applications use interfaces which automatically write only to their designated areas, and it's well organized. Either way the important thing is that it can still exist while being unorganized.
Anyway is/etc,/usr/local/etc, ~/.appname, ~/.gconf/,/var/db, etc really more organized/logical?
If you think it's hidden and want access to it you can use regedit, or better yet use powershell, and you can navigate the registry like a filesystem: > ls -Recurse HKLM:\SOFTWARE\Microsoft | where { $_ -match 'Explorer' }
Mainly though it's just a remake of a non-distributed, integrated LDAP. If Linux used OpenLDAP for configuration instead of config files it would look pretty similar.
As is often the case it's the people who misuse the platform that deserve most of the criticism that the platform gets..
I think having to mess around with cylinders and whatnot is a bit silly these days, when we have "disks" which don't have anything resembling cylinders internally starting to become mainstream. It's a bit dated to say the least
You can say "the targeted users have no problem with it", and that's fine, but that pool of targeted users is bound to shrink over time (again that's fine, but many would see that as a bad thing, worth some compromises to avoid)
So software in development never has to be finished or bug free, OS X isn't currently being developed, and Windows until recently wasn't being developed.. Fascinating..
Slashdot Mirror
That having been said I don't really think people generally have the self discipline or interest to purchase according to country of origin.
Like learning how much water vapor greenhouse gas a single shuttle launch puts out in terms of solar forcing (as compared to a city car), I think you need to look at the bigger picture and assess the damage before jumping to economic controls on a cornerstone of the global economy like cargo shipping.
I imagine they'd have to be some pretty steep tariffs to make cleaning up 50 million cars worth of pollution economical, and I'm skeptical that air pollution is really a big issue for cargo ships in the ocean (as another poster pointed out).
Also those tariffs will inevitably get passed onto the cost of imports/exports in general. When China and the US make such a big deal about tariffs on chicken feet and tires I imagine tariffs based on ship quality wouldn't go over very well.
I read in an MIT tech review article that it's largely about the risk involved (in terms of cost, of course, not safety): If you have a carbon tax nuclear looks pretty competitive, if that's deemed unlikely then it isn't.
The differences aren't really that large between the commonly proposed forms of energy, but when a single nuclear plant is so expensive that makes it a lot less likely than a tiny wind farm/solar plant, even when they're quite a bit more expensive in terms of cost per unit of power.
Plus the recent discovery of vast amounts more natural gas (via an extraction technique that only recently became viable) has provided an alternative to coal which emits less carbon, so it actually becomes the best choice for realistically cutting emissions according to an MIT study (in the US, at least).
The people who work there?
I have no problem with people spending their time doing whatever they enjoy, but I'm far more impessed with the guy who happens to own a Logitech MX1100 mouse but wanted to use all its extra buttons on Linux, and figured out how to make that happen: With the patience to navigate the bureaucracy to submit it; while observing best-practices, and working with other projects; and with the selflessness to also make it easy (both to use and extend to similar models).
That guy's unsung efforts will benefit other Linux users much more, and have a much greater chance of being full-time part of Linux, than trying to replace a stable kernel system (which has to satisfy countless varied environments), just so that your desktop task-switching / background-task performance can be negligibly improved.
That's my take anyway; I'd sure like to see more kudos given to the people who make more tangible contributions, but I realize there is an aesthetic quality / placebo effect that comes with these sorts of changes that lots of people appreciate.
(Psst. Stuxnet targeted a system that wasn't connected to an external network)
As well as the questions you pose, I'd argue there are other pressing political questions too - through which route did Iran acquire Western equipment for Uranium enrichment when there is supposed to be an embargo on such things? Is someone or some firm covertly supplying in contravention of the embargo?
There's a fascinating BBC documentary on this and other nuclear tech leaks called "Nuclear Secrets". It was mainly a guy called Khan, who previously worked for a European centrifuge firm, stole their designs and sold them to North Korea, Iran, and tried to sell to Libya (as well as developing Pakistan's program).
Unfortunately these days the tech isn't really a secret, the and embargoes can only go so far (especially when there are legitimate uses for some of these technologies).
Of the targeted frequency converters more of them were manufactured by an Iranian company than by a Finnish company.
No doubt there was a lot of theft and whatnot involved, and I wouldn't be surprised if they take a while to get it everything running at full capacity (especially with drawbacks like these), but I think it's telling that sanctions are no longer specifically targeting enrichment equipment but bank accounts, Iranian airplane fueling agreements, students studying abroad, etc, since trying to keep them from getting enrichment equipment is a losing battle.
Almost makes you think twice about praying for Symantec's end.
You code these controllers using s7 files, which were infected by Stuxnet.
When EVERYTHING is controlled bu computers, the people who control the computers will control the world.
When everything is controlled by chestnuts the people who control the chestnuts will control the world.
But what if the chestnuts start controlling the people who are controlling the chestnuts? What then?
Troubled times.. troubled times..
"economic wars by China over a prisoner taken by Japan from a disputed island, etc"
If you mean Senkaku, they are firmly in Japanese control China can dispute it all they want, but they don't own the islands in any sense.
I didn't say they owned the islands in any sense, I said they are disputed.
I do not think for one second that China is capable of something so robust and intricate.
That leaves pretty much the US or Russia. As Russia is the hacker capital of the world, I would put my money on them. Even the US government is too bumbling to ever get something like this right.
Yes the Chinese aren't robust or intricate, and the US is bumbling, but don't Russians drink vodka?
And the UK are too gentlemanly, and Africans don't have computers, so that's them out of the equation.
Damn, who in this world of stereotypes and ignorance could have done it?
You didn't answer my question/point. If the Iranians already know about it why would they care if the public know about it?
You seem to have answered why they would care that the Iranians know about it, but of course the Iranians are going to become aware of an attack on their systems eventually. So given that Iranians will know about it why would the attackers care if the general public also knows?
On the other hand the project name was apparently "myrtus", an east-Mediterranean flower, and a hard-coded value for the disable-flag was the date of an atrocity Iranians perpetrated against some Jews (I can't remember the details off-hand, but it's all in Symantec's fascinating report)
It's all totally speculative of course, and probably the least technically interesting thing about this worm is the question of the author. But even besides that the effort and diverse skillsets that must have gone into this thing I feel somehow diminishes the importance of asking "was it country A or B?"
If you think the only question left is was it Yanks or Jews here's a couple that I would raise:
Is there a lesson here about putting too much faith in signed drivers? How about asking what SCADA systems closer to home might be vulnerable? If this thing hadn't been so picky about which controllers it altered what could it have done?
Seriously though from a technical standpoint it is fascinating, but it is heart wrenching to come to slashdot and just see "hmm I think Botswana did it!! they use coal and see nuclear as a threat" "no no no it was yugoslavian seperatists!!"
Yeah; a bunch of software developers and reverse engineers working in an office on a worm for a few months, then they launch it (probably by scattering a few USB dongles around or something), it spreads to Iran and reduces their enrichment capacity before they start slowly clearing up the mess, allowing another year of tedious negotiations in the UN. It'll be huge.
I would not rule out Russia or China. Both have no interest in a strong Iran but every interest in an Iran that appears strong, since this ties and diverts US and Israeli attention and resources. It also sets a "benchmark" of aggression; as long as esp. China is less of a threat that Iran it can get away with quite a lot, barely noticed. A perceived Iranian nuclear threat can then also serve as justification for building missile defense systems and implementing other military measures that would previously have set off tensions with the Western nuclear powers.
A simple case of cui bono?.
Ugh.. This assumes that
I am just at a loss.. It really is like each response after the next is competing to think of a more convoluted, absurd way that someone you don't suspect could be involved in it.
I fully expect to scroll down and see some justification for why it's internal industrial sabotage of one Siemens subdivision versus another, or Iran launching it against themselves to get international sympathy.
[Hypothetical Russian Contractor]:"Well, this styrofoam someone threw in the reactor 3 months before launch is nasty stuff, and will cost a lot of your precious Iranian dollars to fix. (Thank goodness we thought of that before we wrote the most complex worm ever written. With the Iranian maintenance and repair fees Russia can finally conquer the world!)"
Uranium enriched to levels needed for use in power-plants is really cheap (much cheaper than coal per unit of energy it contains, it's just the nuclear plant that's very expensive).
And it's not like Stuxnet was ever going to make Iran give up on enriching uranium and decide to buy from Russia anyway.
1) You can't write a virus that will spread only along the specific route that leads to a target, and even if you could that doesn't guarantee it wouldn't get noticed.
2) You can't write a virus that targets so many industrial systems that the one you're really targeting gets lost among the others, for economical, ethical and practical reasons.
3) Why would they care about the public finding out? They were very careful to make sure it wasn't found for as long as possible, but once the Iranians know about it why would they care who else knows about it?
get-help [cmdlet] is the equivalent. get-help [cmdlet] -detailed for more info, and get-help [cmdlet] -examples for examples. It also works with wildcards e.g. get-help *find*
If you're interested in what is getting piped out, rather than this or that command (because what gets returned usually isn't text), then you pipe it to get-member, and it'll give you the properties, methods etc of whatever is in the stream.
WTF is this? It seems to spit out an endless tirade of incomprehensible and meaningless shit. For instance:
0 10 FontSmoothing {Type, Text, SPIActionGet, SPIActionSet...}
It's a registry entry called "FontSmoothing", with 0 sub-entries and 10 keys (Type, Text, SPIActionGet, etc).
If you want more info about what PowerShell is returning you pipe the output to get-member, and it'll tell you what properties and methods are available. For example you could add and alter the set of keys returned, or add another where clause to limit your selection to a set of keys you're interested in.
Because it's structured and has a limited number of types you don't need to worry about the various locations or the structure of config files, and can alter and manipulate the returned output.
How is this in any way navigating "the registry like a filesystem?"
Because you navigate the filesystem in a similar way when using powershell, using ls on a registry entry like you would use it on a directory. It really shouldn't be too hard to see the similarity.
I can ls -R /etc | xargs cat and get a completely different pile of incomprehensible shit out of a Linux box, but at least it resembles English.
But neither seem to have any particular use.
If you can't think of a use for it okay, but that doesn't mean it isn't useful. /etc/Microsoft | ( where read f; do grep -q "Explorer" $f && echo $f; done ))
(By the way that PowerShell is more equivalent to find
Feh. If you were making a point, I've missed it. Sorry.
You said the registry was hidden on the hard drive and not accessible to normal users. My point was that it isn't hidden and is accessible. HTH
People who care about security hate it too.
I do? The security model makes sense, you have coarse-grained user oriented controls (like UNIX has) and also fine-grained NTLM permissions. Kind of like a file system for keeping small pieces of data.
As does anyone trying to fully uninstall an uncooperative program. Things can stay hidden there essentially forever.
How is that exclusive to the registry? You can at least search through it all pretty easily. If a program doesn't want to be uninstalled there are better ways to stick around than using the registry.
Besides, it's a bunch of settings that is completely unorganized, does not exist as a single file anywhere on the hard drive, and is essentially hidden from normal users. It should be hated on principle.
It's in C:\Windows\System32\config\ .. Yes it is hidden from normal users, because it should be. If it's unorganized that's down to the applications which use it (like the filesystem itself). For the most part applications use interfaces which automatically write only to their designated areas, and it's well organized. Either way the important thing is that it can still exist while being unorganized. /etc, /usr/local/etc, ~/.appname, ~/.gconf/, /var/db, etc really more organized/logical?
Anyway is
If you think it's hidden and want access to it you can use regedit, or better yet use powershell, and you can navigate the registry like a filesystem:
> ls -Recurse HKLM:\SOFTWARE\Microsoft | where { $_ -match 'Explorer' }
Mainly though it's just a remake of a non-distributed, integrated LDAP. If Linux used OpenLDAP for configuration instead of config files it would look pretty similar.
As is often the case it's the people who misuse the platform that deserve most of the criticism that the platform gets..
You're saying the OpenBSD team shouldn't alter fdisk because dealing in hard disk cylinders is "learning something new"?
I think having to mess around with cylinders and whatnot is a bit silly these days, when we have "disks" which don't have anything resembling cylinders internally starting to become mainstream. It's a bit dated to say the least
You can say "the targeted users have no problem with it", and that's fine, but that pool of targeted users is bound to shrink over time (again that's fine, but many would see that as a bad thing, worth some compromises to avoid)
So software in development never has to be finished or bug free, OS X isn't currently being developed, and Windows until recently wasn't being developed.. Fascinating..