Become a fan of Slashdot on Facebook


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Obviously this can't work (Score 4, Informative) 507

by secPM_MS (#27791443) Attached to: Microsoft Releases Super-Secure XP to US Air Force
I am a security program manager at Microsoft. The article gets much of it wrong. The Air Force wanted the machines preconfigured to a secure configuration so that they did not have to do this configuration. Such configurations are not distributed to the general public because of the impact on generalized consumer useability. Microsoft always publishes a security guide which provides guidance on configuring systems for different threat environments. For example in the Windows Vista Security Guide, Chapter 5 is titled "Specialized Security - Limited Functionality". Such security guides exist for NT on.

Users are free to configure their systems for higher security. Note that doing so may limit functionality you are used to. For example, you can configure your system so that all users run as normal users (no administrative functionality). Running users as normal users is part of all security guidance. Not all XP software will run if you do this. You can set IE to high security mode by default and disable Flash, etc. Doing so breaks much of the web but is more secure. You can get security, but it will impact your user experience.

It is easier to secure Vista and 2K8 server systems.

Comment: off-shore power (Score 3, Interesting) 679

by secPM_MS (#27450005) Attached to: Offshore Windpower To Potentially Exceed US Demand
While the near-shore environment is reasonably suited to cables, the cost of long distance power transmission in the deep ocean environment may be problematic. This suggests that the power be stored into some transmissible fuel that can be picked up intermittently. One possibility would be Ammonia, NH3, which could be made by electrolysis of water to get the Hydrogen and nitrogen from the atmosphere. The heat of formation of NH3 is ~ 10% of the available energy in the Hydrogen (liquefying Hydrogen requires ~ 30%). Anhydrous ammonia is easily handled at moderate pressures in steel vessels, has a higher volumetric density than liquid Hydrogen, could be easily handled by tankers, and the Hydrogen can be easily released at moderate temperatures by catalytic reforming. Spills of NH3 are limited by its high solubility in water and lack of persistence - plants metabolize it rapidly.

Comment: Re:cosmic rays (Score 1) 672

by secPM_MS (#26578867) Attached to: Black Holes From the LHC Could Last For Minutes
The theory is quite strong in this case. As for the virtual electron and positron meeting and anhilating each other, that is what they do all the time all over the universe - look up a good introduction to quantum field theory, which is very well supported by experimental tests.

We have no evidence for black holes of less than multiples of the sun's mass and to the best of my knowledge, no evidence of black holes of masses on the order of many billions of solar masses. The rest is speculation, but not unreasonable.

There was a very interesting paper at the LANL archives last year on the energy release from small black holes on planetary bodies due to eddington-limited accretion. The impact would be correspondingly greater and more observable in white dwarfs and neutron stars.

Comment: Re:cosmic rays (Score 5, Interesting) 672

by secPM_MS (#26575655) Attached to: Black Holes From the LHC Could Last For Minutes
Small black holes are far less dangerous than made out to be. I wouldn't like to be very near one due to its Hawking radiation (virtual photon creation near the event horizon where one of the virtual photons is absorbed and the other turns real as it escapes), but the fear mongers of black holes forget the limiting factor. Matter falling into a black hole is compressed and gets hot. The hot matter radiates light / gamma rays. While in some cases this radiation might be captured as well, it is far more likely that the radiation pressure will limit the rate of matter absorption by the black hole. The radiation pressure effect is known as the Eddinton effect and is a major factor in stellar stability. In the case of a small black hole, the size of the black hole is far smaller than the absorption length of gamma rays, preventing advection of the gammas. Since a non-rotating black hole is likely to convert on the order of 1% of the absorbed mass into gamma radiation, such a source would be more than capable of creating a near vacuum of hot matter about itself.

If such stable black holes were creatable / existed, we should see rather remarkable things with old white dwarfs and neutron stars, which would be greatly affected by such energy sources.

Comment: Re:Brute-force password guessing not a problem (Score 1) 189

by secPM_MS (#26469895) Attached to: GPUs Used To Crack WiFi Passwords Faster

Strong passwords / keys for WPA is not much of a burden. You only have to enter the damm things once. I use a random 32 character hex string as my key. I wrote it down and stored it in a known location. I also have it stored in an old USB drive in a text file. I have to enter it far more than most people, as I dogfood WIndows releases, flattening my notebook each time. Thus I have to reinitialize it for my home WPA network each time I rebuild it. I am not worrying about brute force attacks against 128 bit key values.

Comment: Re:Pretty serious (Score 2, Informative) 348

by secPM_MS (#25485061) Attached to: Microsoft to Issue Emergency Patch For File-Sharing Hole

Actually, it is rather more like the Zotob vuln than the Blaster vuln. It is a crit on earlier systems, but requires authenticated privledges on Vista and 2K8 server due to the implementation of the integrity level defenses in Vista and 2K8. That said, the potential for damage with this vulnerability is high and there were reports of attacks in the wild. Thus, Microsoft released out of the standard release cycle.

Promising costs nothing, it's the delivering that kills you.