Comment Sounds like a Fountain Code to me (Score 1) 129
This sounds exactly like a Fountain Code to me, which isn't exactly news.
Comment Re:Real Time Text to Speech to NSA (Score 1) 169
I find it interesting that an insightful mention of some spooks gets down voted at the same time some spammer shows up and spoils the story.
Comment Re:Surprised Assange has no idea what censorship i (Score 5, Insightful) 241
When you listen to them talking politics, and then bomb the wedding down the street instead... that's US Intelligence.
Comment Re:This, I am unsurprised about (Score 1) 241
Wouldn't surprise me at all
Comment Progress IS being made (Score 1) 187
I sit here in the Cassandra suite, watching the tech community finally waking up to the reality of the world. You are starting to panic because you know none of the operating system choices you have are viable for truly secure systems. Soon you will learn about Multi-Level Secure systems, Capabilities, and other features of the secure computing..
About 10 years from now, you'll get the hints the universe has dropped on you, and start implementing these systems.
About 10 years after that, some real old timers (or young punks who've read history) will point out that this stuff was actually figured out in the late 1960s, and early 1970s.
Comment Re:Multi-Level Security? (Score 3, Interesting) 22
Multi-Level Security was worked out in the late 1960s in order to allow computing both Secret and "Top Secret" information in the same computer at the same time. The use of the Bell-LaPadula model ensures that a lesser privileged user can never cause grief for a more privileged user. If we had Mutli-Level secure systems, we could safely run any program we want in a sandbox, and it could never, ever crawl back out of it.
The closest you're likely to approach is if you enable the MAC option in FreeBSD, which is experimental.
The Genode project aims to provide a capability based security system which can run Linux Apps... it is the best chance I see going forward for a truly secure system that isn't military grade. In such systems, you specify at run time exactly which files can be accessed by an application. This has the benefit of explicitly limiting the side effects of said application, and thus making for a far more secure system. You might be tempted to think this would make it unusable (as App-Armour tends to be)... but it doesn't have to be that way. In fact, it's possible to make apps behave almost identically, as far as the user is concerned, without compromising anything.
I think we're still 10 years out before people wake up and realize that our collective assumptions about computer security are wrong, and this needs a more rigorous, carefully engineered solution, instead of the layers of patch we currently employ. I'm hoping that my frequent postings on this subject are informative, and help shorten that timespan significantly.
Comment Multi-Level Security? (Score 2) 22
Are any of these systems Multi-Level Secure? This stuff was figured out in the 1970s, we're still 10 years away from collectively realizing we needed it yesterday.
Comment Re:It never ceases to amaze me... (Score 1) 345
Amen!
I just "upgraded" some Windows 7 machines to IE8 (from IE10) because that is the standard the automobile industry has settled on.
Linux is not any more secure than Windows in the long run... its not a multi-level secure system, nor is any other choice you've ever heard of. Until we adopt something like the Bell-LaPadula security model, we're going to be chasing our collective tails, and this is going to be happening for years!
'Accidental' Siberian Mummies Part of Mysterious Ancient Arctic Civilization 34
concertina226 (2447056) writes "Russian archaeologists are trying to discover the origins of a group of 800-year-old bodies found just 29 km from the Arctic Circle, which were accidentally mummified by copper when they were buried. The mummies were discovered at Zeleniy Yar in Siberia, in 34 shallow graves, and 11 of the bodies found in the medieval burial place had either smashed skeletons or missing and shattered skulls. They may have been damaged by their peers deliberately to prevent spells emanating from them. There is only one female, a child, who is buried with her face masked by copper plates, and three male infant mummies, who wear copper masks and were bound in four or five copper hoops that each measure several centimetres wide."
NASA Proposes "Water World" Theory For Origin of Life 115
William Robinson (875390) writes "A new study from researchers at Nasa's Jet Propulsion Laboratory has proposed the "water world" theory as the answer to our evolution, which describes how electrical energy naturally produced at the sea floor might have given rise to life. While the scientists had already proposed this hypothesis called 'submarine alkaline hydrothermal emergence of life' the new report assembles decades of field, laboratory and theoretical research into a grand, unified picture."
An Engineer's Eureka Moment With a GM Flaw 357
theodp (442580) writes "Hired by the family of Brooke Melton in their wrongful-death lawsuit against GM, engineer Mark Hood was at a loss to explain why the engine in Melton's 2005 Chevy Cobalt had suddenly shut off, causing her fatal accident in 2010. Hood had photographed, X-rayed and disassembled the two-inch ignition switch, focusing on the tiny plastic and metal switch that controlled the ignition, but it wasn't until he bought a replacement for $30 from a local GM dealership that the mystery quickly unraveled. Eyeing the old and new parts, Hood quickly figured out a problem now linked to 13 deaths that GM had known about for a decade. Even though the new switch had the same identification number — 10392423 — Hood found big differences — a tiny metal plunger in the switch was longer in the replacement part, the switch's spring was more compressed, and most importantly, the force needed to turn the ignition on and off was greater. 'It's satisfying to me because I'm working on behalf of the Meltons,' Hood said. 'It won't bring their daughter back, but if it goes toward a better understanding of the problem, it might save someone else.' Next week, GM CEO Mary Barra will testify before Congress about events leading up to the wide-ranging recall of 2.6 million vehicles."
Comment Re:Jobs (Score 1) 506
The InterNet was created because the guy in charge of things didn't want a teletype in his office for each and every machine he could access. A network to access all of them, and a single terminal made more sense.
It had NOTHING to do with nuclear war, or reliability, at first.
Comment Superb Owl? (Score 1) 126
No mention of the Superb Owl watching over all this?
Comment Re:Self weaponizing infrastructure. (Score 1) 94
Access control lists are not adequate security, no matter how careful you are. You need the Bell-LaPadula or something like it that implements mandatory access controls to actually secure a system.
SELinux is an attempt to push a little bit towards a secure system, but it's not the real deal.
Comment Self weaponizing infrastructure. (Score 3, Interesting) 94
If we started building bunkers out of blocks of TNT, someone would rapidly figure out it was a bad idea.... but not so when it's abstracted several layers deep.
In conventional munitions, it's necessary to deliver an explosive to a target. Thanks to the Unix security model, with its lack of any notion of multi-level security, we've created an entire infrastructure that's ready to self-destruct at a moment's notice. The military went on to actually procure and use multi-level security in a number of cases, while the idea is perceived as impossible, or unnecessary in the civilian space.
All of our Linux, Mac OS, and Windows machines share the same brain dead security model. When you run code, you have to trust it not to be a virtual grenade, each and every time.
The existence of billions of computers which blindly run code without actual security protecting the operating system (as a multi-level secure system does) is astoundingly stupid, and yet 99.9% of the "tech" community is just fine with this state of affairs.
The infrastructure IS the weapon, its your job to change that over the next 20 years.... get crackin'
