Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Slightly misleading. (Score 1) 226

Because unlike in Canada where Canada Post control their own rates, postal rates in the USA are controlled by Congress, several members of which have interest in sabotaging the USPS.

It seems this is not correct. The Board of Governors of the United States Postal Service and the Postal Regulatory Commission set and oversee postal rates respectively [1]. Ultimately Congress can pass a law changing the structure, but that is no different than Parliament overruling Canada Post, so it appears that the distinction you highlighted between the two postal systems does not exist.

[1] http://en.wikipedia.org/w/index.php?title=United_States_Postal_Service&oldid=585515286#Governance_and_organization

Comment Re:Nowhere near as safe. (Score 2) 306

Or a short pulse is generated by a shorting circuit making a 0 0 0 0 0 0 0 ... which gets to a count of 8 of them. BOOM!

This is actually far from hypothetical. Quoting Lee Earnest (http://www.stanford.edu/~learnest/gump.htm):

In 1960, I somehow was assigned the responsibility of leading a study group to get approval for putting nuclear warheads on the second-generation BOMARC ground-to-air missiles. This involved proving to a government nuclear safety board in Albuquerque, New Mexico, that the probability of accidentally launching a missile on any given day as a result of system malfunctions was less than a certain very small number and that one person couldn't do it by himself. [...]

The SAGE system used land lines to transmit launch commands to the missile sites and, since these lines were duplexed, a black box at each missile site was set up to detect when the primary line went bad so that it could switch to the backup. However on examination we noticed that if both lines went bad concurrently the system would remain connected to the backup line and the amplifiers would then pick up and amplify whatever noise was there and interpret it as a stream of random bits.

[...] [a team member] did a Markov analysis to determine the expected time that it would take for a random bit stream to generate a Fire command for one of the missiles. He found that it was a little over two minutes and, when such a command was received, the missile would erect and prepare to launch. However, unless the missile also received a full set of guidance commands during the launch window of about five minutes, it would automatically abort.

So there it is. Nothing but random noise was all that is needed to erect and ready a nuclear-tipped missile. Although it wouldn't launch, that is probably small comfort to those near these things when they do pop up.

Comment Re:Pearson (Score 1) 663

Is this the same Pearson that designs and administers tests for IT and other professional certifications? If so, it would explain a lot. The ones I've taken seem to be designed not to test your skills in the subject matter, so much as to test your capacity to parse bad English and to solve trick questions.

The subject matter is important, agreed. However, parsing bad English and dealing with trick questions are necessary professional skills in this age.

Although I doubt it was Pearson's intention to test those dimensions.

Comment Re:I'm skeptical (Score 1) 436

I'm skeptical as well. From http://en.wikipedia.org/w/index.php?title=San_Onofre_Nuclear_Generating_Station&oldid=560938909#NRC_response

In May 2012, two retired natural gas electrical generators were brought back online to help replace the lost power generation capacity: the Huntington Beach Power Station, which produces 440MW of power,[47][48] and the Encina Power Station which provides 965MW; coupled with new conservation measures, this has helped keep power available to San Diego and Riverside counties.[49]

So the "forward-looking planning" seems to rely on two mothballed power stations. Was this *actually* part of some government and/or utility plan, and these two plants were held in reserve as a contingency? Or is it more that they planned to look forward to saying "oh crap" and quickly scrambling to find a stopgap solution?

Comment Re:Risk vs. Reward? (Score 5, Interesting) 249

Because if they raise the limit to 75, people will drive 85. Americans have been conditioned to believe that the "real" speed limit is at least 10 mph over the posted limit.

That is an interesting point so I did some research. I found FHWA Report No. FHWA-RD-92-084 (one source of which is at http://www.ibiblio.org/rdu/sl-irrel.html but other copies agree) that says "The results of the study indicated that lowering posted speed limits by as much as 20 mi/h (32 km/h), or raising speed limits by as much as 15 mi/h (24 km/h) had little effect on motorist' speed."

I'm curious if you had any citations to confirm your statement.

Comment Re:Comprehensive reform (Score 2) 856

While I agree with the Senator, I believe we must act with comprehensive reform. Laser printers are being used to print counterfeit money. Those too should be regulated and tracked just as strictly as 3d printers. All printer owners should be tracked, registered, and of course, pay a government tax to cover all this tracking.

We are already halfway there: http://en.wikipedia.org/w/index.php?title=Printer_steganography&oldid=554087510

Comment What Information? (Score 4, Insightful) 256

From the article it isn't clear exactly what information was deemed sensitive. Does this information include very specific details (like, "here is the password to that plant's SCADA system?" Or does it cover broader details that the public had free access to prior to the September 11 attacks, such information now being withheld as "critical infrastructure information?"

Comment Re:Do Canadian credit cards for sub $10? (Score 1) 248

Ideally this would be a government function paid for by taxes the same way that minting coins was. Then this could replace the credit card system as it currently stands.

As near as I can tell, minting coins and printing currency is at least self-supporting: http://en.wikipedia.org/w/index.php?title=Seigniorage&oldid=539786565#Seigniorage_today

In some cases, national mints report the amount of seigniorage provided to their respective governments; for example, the Royal Canadian Mint reported that in 2006 it generated $C93 million in seigniorage for the Government of Canada.[6] The U.S. government, the largest beneficiary of seignorage, earned approximately $25 billion annually as of 2000.[7] For coinage only, seigniorage accruing to the U.S. Treasury per dollar issued for the fiscal year 2011 was 45 cents.[8]

Comment Re:Orbital pickup truck (Score 1) 204

Some woman had joint pains. Someone told her that WD-40 would help to ease the joint pains. Instead of asking "how much", or doing any research, the woman supposedly BATHED in a tub of WD-40.

I really don't know how true the story is. My wife told it to me, she swears it's true, yada yada yada . . .

Considering that WD-40 comes in a spray can, I can pretty much guarantee that never happened. At least not in the "filled up a bath tub and jumped in". Sprayed herself all over instead of taking a shower maybe.

Not to confirm the grandparent post's legend, but WD-40 is also available in handy gallon jugs: http://wd40.com/products/one-gallon/

Supposedly they offer 55 gallon drums of it too.

Comment Re:Orbital pickup truck (Score 4, Informative) 204

If only we had a plan for recurring orbital missions... A "space pickup" that would launch on a regular basis to make pit stops for things like extra helium.

To think how many multi-decade projects like this will "rot on the vine".

The Herschel Space Observatory is 1,500,000 km away at a Lagrangian point. Servicing missions of any kind are out of the question.

Comment Re:I'm not quite sure how you're supposed to do it (Score 1) 179

Two other different things...

1) ISPs could drop out-going tcp and udp packets on port 53 from all their IP address except their own DNS servers. That would stop their customers from using public DNS server outside their networks. But it would also stop this kind of attack.

It would also have a high collateral cost: diagnosing many DNS issues becomes impossible when you can only work with one recursive resolver (which may be what is causing the DNS issues!) It is necessary to access legitimate open resolvers and authoritative servers on any kind of Internet connection, even residential broadband (don't think of grandma but think of the tech helping grandma).

In short, we *need* TCP and UDP port 53 traffic unfiltered.

2) Drop all outgoing traffic that has a spoofed source IP address. This is a very simple bit mask operation. Yes, it requires more compute power than not doing it, but not very much. The ISPs know what IP addresses they own, they can very easily prevent spoofed traffic from leaving their networks, effectively stopping this kind of attack, as well as other types of hacking. At the same time, it would still allow legitimate use of public DNS servers.

This is what we need more of. Provided, of course, that it isn't applied in situations where it breaks things, but in those cases the customer is hopefully smart enough to implement their own filtering.

Comment Re:By Design (Score 3, Interesting) 179

DNS resolvers were originally intended to be open. There was no reason for them not to be. But furthermore, the recursive functionality of DNS made open resolvers a near requirement. This has changed a little and slowly over the years, but it's still largely the case.

[...] It's not in the spec, so why should they?

The changing environment now calls for doing things that weren't done years ago. We have already crossed this bridge with open email relays; this isn't necessarily the case here (the real problem is the lack of IP spoofing protection), but it would be nice for administrators to realize that they may have an open resolver. Many of them will decide that there is no point in offering free DNS resolution services to the whole world and take steps to restrict access. Some will decide that they want to continue offering it; more power to them.

Far from being a requirement, a DNS resolver works just fine if it isn't wide open.

This attack suggests that the spec needs refinement, but don;t go blaming people for doing what has been accepted best practice for the past 20 years or more.

I wouldn't go as far as to accuse them of malfeasance or negligence, particularly since the real problem is lack of BCP38 compliance. So lets not do that. Instead lets educate administrators and permit them to make their own decisions; in this case the decision will likely be to restrict.

Slashdot Top Deals

Pohl's law: Nothing is so good that somebody, somewhere, will not hate it.