575 posts • joined 3 Jul 2007
Re: Absence of evidence = evidence of deletion?
The article on Wired says that the investigators put malware on the site, which was "placed" on the visitor's machines. The machine's address, MAC address, various other identifiers, and Tor browsing history were gathered.
Plus when the agents executed their search warrant, DeFoggi was in the process of downloading a porn video, and the agents had to physically wrest the notebook computer from him.
So, yeah, they caught him in the act, and they had plenty of evidence.
Why binary compatibility?
"The chief problem for ARM is existing Intel apps won’t run on the chipset."
Once upon a time, not that long ago, this would never have been an issue. Really, the data center environment was heterogeneous, and many architectures were found. It was quite typical for a vendor to distribute many versions of the product. Yes, I personally did that, and the product was compiled for over 20 flavors.
Now we supposedly have Linux all over the place, but it's not really about Linux, is it? It's about Windows. If it were Linux, then it would be nothing to do but type "make" and then get on with it. But all of this actually has to do with Windows, and of course there's no end to that rat hole.
What's the point?
Everybody knows the Aussie agency is in a shed in the garden in the first place, and everybody knows everybody else as 'Bruce,' what's the point of all the security fallderal?
"Hello, who are you?"
"Oh, I'm Bruce!"
"Right, grab a beer from the fridge and let's chat."
"Hello, who are you?"
"Oh, I'm Ivan."
Re: Plans for dragon attack
Really, it's quite simple: arm the citizenry. You never hear of dragon attacks in the USA because citizens may legally own .50-cal hunting rifles. Really, do you think that these things are for deer?? No, the rifles are for dragons and whales. (No, we don't use them on the Ogre battle tank. We trap those when they're in season.)
Bad article, miserable rant, no information
"I cannot see how an OS could handle multiple processes without having a kernel mode. It follows that there must be at least some hardware support for security measures outlined above. Perhaps it’s all there?"
Mr. Watkinson, your display of ignorance, on The Register, no less, is utterly shameful. Multiple processes can be run without a kernel mode, and it has been done quite often. As for "Perhaps it's all there," yes, it is all there!!!
The Intel 80386 was released with four independent levels of protection, building on the features in the Intel 80286. The failure of a software vendor to implement those features in an operating system is not the failure of the hardware manufacturer.
The reason that Windows is targeted for malware is due to its popularity. Really, with a minimum 80% market share, who wouldn't target Windows? As for Window's lack of security, well, it was never conceived as a secure system, so what can be expected? One of the "features" of Windows is to start a thread on another process that isn't yours! All of the backwards compatibility of Windows means that there is a lot of significant baggage that must be brought forward, release after release.
You want software to be made secure? It's very simple. Software vendors must be penalized for bad code. If there is a fast and immediate monetary penalty applied, then effort will be made to write good code. It really is just that simple.
Really, good techniques have been known for decades. There is nothing new, there is just very little willpower to carry out the task.
He's right! PGP sucks to use!
Yeah, the prof is right, but it shouldn't take a PHD to get people to listen. It's actually been way past time for an update to the general implementation.
One of the reasons all of this really stinks is because SMTP was never designed with rigorous security in mind. It's really past time to move to a better mail protocol.
Security has poor memory...
What, they don't remember the grenade-up-your-ass ploy? "Please moon us for your safety."
Or how about the movie "Black Sunday" (1977) where a blimp is used to haul in the weapon of mass murder?
So all the fans are queued outside of the stadium, filing through the checkpoints, right where the terrorists will have such easy pickings.
I'm so glad that terrorists are so freaking stupid. Otherwise we'd be in so much hurt.
"it appears to have a shutter of some sort."
Actually, there's a bit of a trick to high speed shutters: they don't open and close! No, it's rotary. The Fastax high speed rotating-prism went to 10,000 framers per second, and the Rapatronic camera with its polarizing filters allows speeds down to 10 nanoseconds. But of course, that's back in the 1940's.
That said, it's actually using a laser to strobe the subject: "An ultrashort laser pulse is split by the temporal mapping device (TMD) into a series of discrete daughter pulses in different spectral bands, which are incident on the target as successive ‘flashes’ for stroboscopic image acquisition."
There you go, no shutter, just a laser to strobe the target.
Smart and Gets Things Done
Anybody remember that little book by Joel Spolsky? Gee, what is someone supposed to do? Hire slowly and fire quickly?
Of course this is about discrimination, it's about discriminating against those who can't get the job done. A business is a business, not a social program. The reason that males are so dominant in the tech sector is for one reason: the male brain is hardwired for solving problems. That's just the way things are.
When a company forgets that it's a business and becomes a social program, then it goes down the tubes. Even Microsoft realizes this, and at some point it will get someone smart in charge, or it will be dead. When a company is small, it is really evident who does work and who doesn't. Some people won't work in small companies precisely because of this. Me, I prefer small companies precisely because of this.
There are also sectors where males aren't dominant, but nobody ever mentions that. It's always shame on the people who get the work done, dump on the worker. I welcome the robotic overlords. At least there's a hope with them that they'll run things with logic.
Profit wouldn't slip if they wrote better games
How many times has Halo been warmed over? Valve gave up on Half-Life. Fallout drags on and on. But how much have these really evolved from release to release? Not much. Basically the same game play, with different graphics and weapons. Whoopee.
Do we see artificial intelligence? No. Not even on the level of Eliza. It's pathetic, really. Why bother mashing the keys all over again when the game is just the same? I'd love to see something that was sketched out with the "Nonplayer" comic. But all we get is a slight variation on the same theme. Ooh, different clothes and weapons! Might as well be Sailor Moon wiping the floor with Barney the Dinosaur.
Everything has flaws
Everything has flaws, especially code that's just hacked together. The question is, how bad are these flaws? Is the flaw something that we can expect to be exploited by a script kiddie, or is it something that leaks data that requires mathematical analysis for it to be informative?
If the Tails distro has bugs in it like fleas on a junkyard dog, I want to know! Not only do public alerts tell us what's going on, but it gives those of us who code a chance to fix problems.
Boots on Mars and break a leg
Not only do we need a big rocket, we need some sort of artificial gravity on the way over! By the time the astronauts arrive, they'll have lost enough bone density to break their bones in the reduced Martian gravity.
Better to just send a pair of boots and a Playmonaut to Mars, and then call it a day.
Story behind Seattle layoffs
OK, the story behind the Seattle layoffs is that Microsoft is ditching its testers. This sounds like a joke, but it isn't. They figured that since 30% of the bugs are found by developers, 30% by testers, and 30% by customers, they'd just ditch the majority of the testers and have the developers do more testing.
Unfortunately, this means that the customers will now be finding 60% of the bugs.
The testers who do remain will be "focused" on testing "scenarios" of customer usage. Unfortunately, the management has no clue what these scenarios might be. A couple of years ago I was in a team that decided to go with "scenarios," and we were given no information about how a customer might use the product. I honestly regard scenario testing as entirely futile.
Microsoft just might as well go with the full cost-cutting finale of, "fire the smartest people because the cost too much."
Watch out for sneaky Argentinians...
And now Argentina makes a sneaky move for the rock in response to the Falklands...
As for RRS James Clark Ross, why shouldn't they be in the neighborhood? The antarctic is cold! Actually, I'm surprised they aren't in Tahiti or some such.
How the other (less than one-) half lives...
My, there's £19,999 I'll never spend! Nice that when you're viewing people (werewolves?) with yellow eyes you'll have great color. Maybe as you barricade the door and arm yourself with your custom hunting shotgun, you'll be able to take them on the rise after they smash down your door and leap for your throat...
Or maybe you'll have a better target for your Nerf Gatling gun.
According to other boffins, won't work
I saw the response to this from other scientists who actually study meteorology and climate. For some reason, the low mountains in the exact area these walls are proposed aren't doing anything to even slow down the formation of tornadoes.
However, if it were proposed to build a sculpture the same size, I bet it could get funding.
Oh, like the average muddlehead has a choice!
"Repelling cybercrime is not the responsibility of individuals." -- Amichai Shulman
Oh, really? Which part of, "DON'T CLICK ON THAT!" is somebody NOT supposed to miss?
A neighbor of mine, back in the late 1990s, bought himself a computer, and I helped him get set up with the Internet connection and all that. So he's browsing around the web, and there's a banner ad claiming that he has mail. So he clicks on that and lo and behold, the browser jumps to a site that he didn't actually want to visit. Well, duh!
I set my landlord's new notebook computer up for him. He calls me up, says he can't get to the Internet. I come over and take a look, and it's fine. Turns out that he thinks the Internet is Yahoo!, and if that isn't the start page, then there's no Internet.
We have crap OSes, browsers, etc., and nobody has a choice but use the things. The average person out there really does need to learn to lock the door and bar the windows, because that's what the environment is! The police are only part of the answer, but there's precious few among them who have the skills to do a serious net dive and parse apart a botnet or other network.
If it's the job of the police to secure the net, then it's the responsibility of Microsoft, et alia, to write good and secure software. And Microsoft and the rest should be fined, and hard, for not doing it! Using best practices means actually using best practices! Not publishing a book about it, and then writing the biggest bunch of crap code I've seen.
But the muddlehead is going to keep clicking on crap, because they are muddleheads, and all they've got to use is a crappy OS.
Intel catches up with 2006
DRC Computer Corp. and XtremeData Inc. were doing this back in 2006 with the Opteron. Not on the chip, of course, but as a coprocessor in another Opteron socket. It's pretty easy to find this with a web search.
Big = evil?
Although Google's informal motto is, "Don't be evil," it seems that as companies grow large, they grow corrupt. The latest has been Amazon's attempt to squash publishing houses, and Google is squashing independent music labels.
What this really means is that publishers need to ditch Amazon, and all artists need to ditch YouTube. When whatever alternates they land on get too big and become evil, then those get ditched and the artists move someplace else.
She reads El Reg!
Come on now, folks, she reads The Register! Now, isn't that just significant? In just a little bit she'll be able to correct her website by reading all of these erudite articles and comments.
So let's see the business plan here: collect gnomes, ... something else ..., and no profit at all.
OK, so I guess the whole idea needs work yet. Don't worry, the comments section is on the job! Don't worry, Lily, we'll definitely tell you how to do it right!
Just wait until next year!
Since there's nothing that anybody can actually do about the weather, just wait until next year to see who's right. None of the nations will stop their CO2 emissions until there's nothing to fuel the factories and power plants. After that, the lights will go out, and it'll be the dark ages (literally!) for all of us.
Doesn't the NSA have something?
With all of the data hoarding the NSA has been doing, don't they have something they can let the Secret Service use? "Look, we've got some great regular expressions posted on the wall here." "Does that work in Internut Exploder 8?"
Maybe the Secret Service should just outsource the problem to Amazon's Mechanical Turk. Oh, but you'd need people who speak English and can recognize sarcasm...
Bruce Schneier *doesn't* reveal what he'll use
An article from years back, Bruce Schneier says what he'll use. But as for what he's using now, he doesn't say. In fact, he writes in his blog, "I have no idea what's going on with TrueCrypt. ... I suppose we'll have to wait and see what develops." No word about his current disk encryption, if any.
Recently he posted that he bought a new notebook, bought with cash from a local store. I suppose if he's using Windows 8 Pro, then he could be using BitLocker. I do know from his blog that he doesn't use Linux, primarily because he's never bothered to learn it.
Certainly, everything is open for speculation. Ending a project for a "dead" OS is a decent reason as any, I suppose. I jumped from Win XP to Linux on my old notebooks, and I suddenly I got full performance again.
Re: Tape is dead!!!
Is it OK if the tape takes the tube instead?
Beware hokey religions and ancient mantras
“Why do you say we should not innovate?”
You'll never win when you try to challenge someone's hokey religion and their mantra of "innovate." They aren't solving problems, and they know it. They know that they are trying to suck down government money. They are going to give their stupid presentations until they run out of cash, and then find something else to wave around as their new banner.
Celebratory ice cream?
Will Ben & Jerry's be releasing Gravity Wavy? Or Big Bang Butterscotch?
Might as well file, the computers are in the closet!
I still have a couple of the systems gathering dust in the closet. So why not file? I can actually show the memory. They don't ask for any proof, though, like sales receipts. If I were them, I'd be asking for some proof of purchase. That would cut the claims down!
No real banks are messing with BitCoins
Anybody notice that no real banks are messing with BitCoins? And all of the sites that are screwing around with them can't write basic financial transaction software?
Protocol review? Hello?
How many times will it be before these "banks" review their transaction protocols? And how long before BitCoin users will read the terms of service, and not use a "bank" that declares they aren't responsible for what you store with them?
Rootkit playing tunes?
This sounds really bizarre. Why would a piece of malware literally toot its own horn? The whole purpose of a rootkit is to hide and be stealthy.
The second question is, what was it doing? The thing is, remote administration is not the way to go here. Admittedly, I'm one of those fellows who does know how to use a kernel debugger and a network sniffer, and I have a 16 port managed switch just for what's at my desk.
The first thing I would have done is, as Nigel 11 noted, run from a live CD and scan the drive. When a rootkit gets into the system, it then normally removes itself from the various process lists, or renames itself to something innocuous. The next thing I would have done is to look at the network traffic, using a different machine. OK, so I'm using switches that allow port mirroring, or else you'd have to keep a real hub handy. So I'd look at the network traffic. Today's malware usually wants to communicate on the network. So what's the traffic look like? Sending spam? Scanning? DDOS?
Something is fishy about just playing random tunes.
Re: Dedicated mining ASIC chips etc won't crack passwords without modification
To actually turn an ASIC chip in to something to brute force a password would require changing the ASIC chips in a big way, I'd guess. Not to say someone (read: NSA) wouldn't do that.
An ASIC can be altered by the person implementing it. There are many different types of ASICs, from ones that must be fabbed, to ones that must be programmed by a device programmer, to ones that can have their logic changed in the field. When the Opteron first came out, there was a compatible FPGA chip that could be dropped into a second socket, and could be reprogrammed for specialized tasks rather quickly.
As for breaking passwords, there was an article a while back on Ars Technica about using video cards for that task. So between rainbow tables, known passwords, dictionaries, and brute force, it's a bad time for conventional passwords. Especially 123456!
All your passwords are belong to us!
The guys who will really go for the used video cards are the ones who can profit the most from them. Got a database full of "encrypted" passwords? Not for long! Then they will be plain text passwords.
Of course, all of these video cards could be scarfed up by science! Yes, you have a research budget, but no supercomputer. What to do? Lay your hands on that cheap post-coin goodness!
Also, the user needs to click yes on the notice, "Do you trust this computer?" Most will probably say yes, but as mentioned, debugging needs to be turned on, and that is now "hidden."
Re: Haven't you seen Fringe ?
If the USB spy cam was like this one, then there really isn't a lot of volume there.
I'm not an explosives expert, but I think that C4 requires a detonator stick of some sort, i.e., a blasting cap to set it off properly. Doesn't it just burn otherwise?
So you'd have to have a tiny blasting cap, that might actually not do the job, and some HE, all in a very tiny space. Now, just taping it to the wall in the loo would only make it a noisy firecracker. Sure, it would cause the plane to land, but I doubt it would cause any injury. Perhaps it would cure constipation, though.
More training needed?
What's nuts for this is that people think that something very, very small can blow up an airliner. Anybody remember the anthrax mailings? People were freaking out about dust on the shelves.
Sense of adventure, sense of reality
"Men wanted for hazardous journey. Small wages. Bitter cold. Long months of complete darkness. Constant danger. Safe return doubtful. Honour and recognition in case of success. —Ernest Shackleton."
Shackleton was honest and had a sense of reality. For this program, neither the organizers nor the hopeful participants have any sense of reality.
"People wanted for fatal journey. No wages. Bitter cold. Long months of complete boredom. Constant danger. No safe return. Honour and recognition as a footnote in television history in case of non-fatal landing."
I'm guessing that we should wait to launch humans to Mars after we've built a decent space elevator.
Re: The law is not the answer
"The same way the law favours you when the Daily Mail steals your photo."
You mean like the fellow who finally won out against the Daily Mail, but it took years? (There's too many search hits for the Daily Mail stealing photos.) Sure, the law favors your, but it will take a lot of effort, and it definitely isn't as easy as clicking through a few forms and getting a payout.
Re: It's not the code that matters
Code well, and debug well! I've had to debug another fellow's code that did intermittent overwrites due to network buffers being allocated on the local stack. Of course after the function ended, the IP data still went to those locations! Eww!!!! One fellow I worked with constantly sabotaged my code. He thought he was "improving" it.
Not quite the first thing to take out...
A highly visible laser truck is going to be the first thing any enemy will want to take out.
Actually, it's the Signal Corp that is the first target. Shut down the enemy's communication, then lay into them.
Schneier blog already went into all of that
Theodore Ts'o, the original developer of /dev/random, also chimed in on the thread.
Too bad US traffic laws don't include the fact that people are responsible for their actions. When I was in Germany, I was told that if a child runs out in the street and gets hit by a car, it's the parent's fault for not training the child to stay out of the street. But one story sticks with me: protestors had "blocked" the road to a facility (nuke? I can't remember.) by lying down in the road. Then somebody, upon seeing this, jumped in their car, and drove down the road, full bore. Only seven or so protestors got their legs run over, and the rest had the sense to get out of the way. I was told that no charges were applied to the driver.
In Washington state, for a while it was fashionable to have protests on the freeway, until the legislature finally passed a law effectively banning the practice. Perhaps SF needs to do something similar.
Re: Nice idea
The Aladdin brand kerosene mantle lamp puts out something like 60W of light. I bought one, and when the power went out, oh is it great! My home looked like the power was on, but it was just a kerosene lamp. A standard wick lamp is quite a bit dimmer, though. Since I now live next door to the power company, the electricity rarely goes out.
The best alternative to the lamp is the Uco candle lantern, and I've lit my living room with one of those hanging from the ceiling light and using the top reflector. However, it's slightly more expensive than the gravity-powered light.
I can see this as a reasonable thing. Think of the alternatives: running a light off of a bicycle generator. The good generators are rather spendy, and that's for a first-world budget!
Re: All I can say is this...
And watch that long password fall to a dictionary attack. Ars Technica: “thereisnofatebutwhatwemake”—Turbo-charged cracking comes to long passwords, and How the Bible and YouTube are fueling the next frontier of password cracking. 1000 guesses per second is stupidly slow. Try 30 billion per second!
Shoot the drone when it's in range!
The drone isn't shot on the wing, it's shot on the rise. Let it deliver the package to the neighbor's house, then shoot it.
As for landing accuracy, I'm sure that a delivery drone would have a camera to observe for a landing target. The GPS just needs to get it within 15ft.
And as for drones out of 12-guage range, that's what the USB-activated Raspberry PI-controlled SAM is for.
Re: No video?
It's over in just six frames. Not enough for a video.
I love the hunting strategy: sneak sneak sneak NAB
Re: Keeping secrets...
Hmmm, tweets from the twitterati that nobody can read.
Is there a down side to this?
Why buy when you can rent?
Amazon throws together 26,496 cores, and gets ranked as #64 in the Top 500. Cycle Computing rented 156,314 cores for $33,000 and got a petaflop for 18 hours. Now, isn't that more effective than mandating the government has to fund everything?
Face up to it, web searches and cat videos will drive advances in computing, not the weather.
I'm shocked, shocked to find that ...
"I was quite shocked," he said on Friday. "They went and copied the iPhone."
Like Apple copied Xerox? Hello??
Re: The next giant leap
"And does anyone actually teach efficient software development anymore?"
You have a very valid point. When I went to college, we were taught multiple software design methodologies, such as JSP (Jackson Structured Programming) and Warnier-Orr. However, I've never met anyone at Microsoft who had ever heard of such a thing. Not JSP, but simply the concept of structured software design. Every single person I met there with a BS or above had no clue about doing anything except stupid tricks that didn't work on a real project.
JSP is like a hot chainsaw through soft butter when it comes to slicing and dicing stream data. I'd get asked, "how do you do that?" And I'd show them. And I'd get blank looks from people with glassy eyes.
The next "frontier" is software, and it's a frontier that has never kept up with hardware. What's the latest development? Everything runs as a scripting language so it's all "open." Stupid. But at some point we'll see a real OS for high performance computing, and the kernel, etc., will be really small.
- JLaw, Kate Upton exposed in celeb nude pics hack
- Google flushes out users of old browsers by serving up CLUNKY, AGED version of search
- China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
- GCHQ protesters stick it to British spooks ... by drinking urine
- Twitter declines to deny JLaw tweet scrubdown after alleged iCloud NAKED PHOTOS hack