Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

US Unable To Win a Cyber War

Sven Tuerpe Re:Goes without saying... (327 comments)

The installation of a firewall just doesn't make one go "oooh and ahhh" like the vaporized city and mushroom cloud from a 10 mega-ton ICBM.

Unlike a "cyber attack" the ICBM does real damage to the enemy. Which is the whole point of war: overpowering the enemy. The point of war is not to force the enemy to reroute network traffic or to restore a computer system from backup copies. If the troubles are serious, forget all that cyber stuff and go for the ICBM. It is the only thing that makes sense.

more than 4 years ago
top

US Unable To Win a Cyber War

Sven Tuerpe Re:Stupidity of leadership... (327 comments)

If you watched the broadcast of this exercise on CNN, you heard many people arguing for things that the government just can't do such as ordering telcos to disable all smartphones, ...

Uhm, does something that you can fend off by disabling smartphones qualify as an attack these days? Please tell me this is not true. 25 years ago our fears were about worldwide thermonuclear war and today we are talking about having to disable smartphones? It seems to me that this whole cyberwar thing is just nonsense.

Our means of destroying mankind are still around, by the way.

more than 4 years ago
top

Gnome Switches Nautilus Back To Browser Mode

Sven Tuerpe Re:Now for List Mode... (311 comments)

Nautilus and most other file browsers also default to Icon view, which is fine if you have only about 5 files on your computer, which was probably true for Windows for Workgroups 3.1, but these days List view should be the default.

If you have so many nits to pick, why don't you just pay someone to do it right for you? OSS projects aren't in a position to give you a usable system, they can only provide you with raw code. Someone has to take this code and turn it into something useful and usable. This can be you or somebody working for you.

more than 4 years ago
top

Climatic Research Unit Hacked, Files Leaked

Sven Tuerpe Re:Oh, yes, this is the conspiracy of all time (882 comments)

You sound like you're arguing from information given to you by Al Gore. I'm not sure he's a trustworth source.

Of course Al Gore isn't a trustworthy source. The United States presidential election of 2000 provided clear and unequivocal empirical evidence that George W. Bush was more trustworthy than Al Gore. Which was a pretty low threshold to miss.

more than 4 years ago
top

Climatic Research Unit Hacked, Files Leaked

Sven Tuerpe Re:RealClimate has a big reply on this (882 comments)

Vikings build villages in Greenland 1,000 years ago. Those same villages got covered in ice and snow 900 years ago and the viking left cause it was cold as heck, nothing would grow and their animals starved.

Actually their animals did all but starve until they had eaten the last Viking. So in an odd way, the Vikings may have saved the polar bear.

more than 4 years ago
top

EPA Quashed Report Skeptical of Global Warming

Sven Tuerpe Re:Yeah... (1057 comments)

Also, you never answered my question: In principle, what evidence would convince you that global warming is real, anthropogenic, and dangerous?

What evidence, by the way, could convice you that the world will be better off in 2100 or at any later time if we do not take any precautions today?

more than 5 years ago
top

EPA Quashed Report Skeptical of Global Warming

Sven Tuerpe Re:The Republic of Science (1057 comments)

A strong scientific consensus is derived from...
1. Overwhelming evidence via multiple independent lines of enquiry.
2. A high degree of predictive and/or explanatory power.
3. A lack of conta-evidence and a lack of equally valid alternative explainations.
(...) The strong scientific consensus on GW is that mankinds emmisions are causing the bulk of the observed warming and it will servely retard our civilisation unless we act to reduce those emmissions by ~70-80% over the next four or five decades.

So the consensus you are talking about is in part a consensus about the state of our civilization a few decades into the future.Would you mind telling us ...

1. What exactly is the evidence that we have about the state of our civilization a few decades into the future?
2. Have there been any empirical experiments aiming to determine the predictive power of people who claim to be able to predict the future? If so, what were the results?
3. What would you consider valid contra-evidence that could convince you that a consensus about the state of our civilization a few decades from now might be wrong?

more than 5 years ago
top

The Formula That Killed Wall Street

Sven Tuerpe Re:Citation, please (561 comments)

We can't all waste electricity.

We can't all have an Internet. It was a pleasure to meet you. Goodbye.

more than 5 years ago
top

The Formula That Killed Wall Street

Sven Tuerpe Re:Slashdot mods broken--again (561 comments)

We literally owe more money in debt than actually exists.

How about ... recycling?

more than 5 years ago
top

Why Sustainable Power Is Unsustainable

Sven Tuerpe Re: Wrong Premise (1108 comments)

Maybe so, but here's a hypothetical situation to consider. A comet is crashing towards the area you live in. Scientists have a raging debate as to whether or not it will completely disintegrate before hitting your house. Do you stay in your house till they reach a "consensus" or get the hell out of there?

I have one more hypothetical situation to consider:

An evil empire of infidels is threatening the country you live in. Religious leaders have a raging debate as to whether or not going martyr will help to defeat them. There is a consensus among them, however, that you will end up in paradise if you do so and that ending up in paradise would involve a few classrooms full of virgins to your disposal. Do you shrug it off or do you blow up yourself and others in a crowded place?

Whether global warming is true or not really doesn't matter much. We still need to take precautions to prevent pollution and switch to cleaner energy sources. It will benefit our own health and safety as well as be a matter of prudence.

It ain't that simple. You are making an assumption: that every precaution we might be tempted to take would be without negative side effects, or that the positive effects would outweigh the negative ones. But this remains to be verified for every proposed solution. Considering your hypothetical situation, how would your assessment change if, after everything was over, you learned that the comet did indeed disintegrate and 315 people died from accidents while panicking and fleeing?

This doesn't imply that we shouldn't do anything. But we must remain rational in our risk analysis. And we have one element which is highly dangerous here on the political part of the debate. I'm sort of uneasy about the idea of justifying action today with a predicted result far into the future. This isn't wrong per se but it must not be used to override agreements that underlie our societies and political systems. Otherwise we will end up in a 72 virgins kind of a situation where people could be manipulated into anything by pointing to the great future success they are obliged to contribute to. There would be no easy way of disagreeing. If you don't like the paradise and virgins example, feel free to consider Marxism instead, which is built on the idea that human societies would develop according to principles that science has discovered (which may even be true) and that this science would predict that we are all going to end up in communist paradise (which has been profoundly discredited by history).

more than 5 years ago
top

Web of Trust For Scientific Publications

Sven Tuerpe Re:Weird objection (125 comments)

I'm sometimes bothered by the stress on studies being "verified" by something like a peer-review process.

This is a misunderstanding. The role of peer review is not to verify anything. To the contrary, there are many situations where a reviewer will not be able to verify results with resonable effort. Think LHC experiments, Mars probes, etc.

Peer review is really just a spam filter. Reviewers can check whether a publication has novel aspects to it, whether it is relevant to the journal or conference, whether it is presented in a comprehensible manner, whether releated work is properly cited, and so on. A paper that has passed the peer review process is not verified, it is only deemed useful.

There are people who claim otherwise and unfortunately some of them are scientists. Overstating the capabilities of peer review makes sense if one attempts to use science in politics (which isn't wrong per se) and attempts to close political debates on the sole ground of scientific considerations (which is usually wrong).

Recommended reading:

in Michael Nielsen's blog.

more than 5 years ago
top

Solution Against Cold Boot Attack In the Making

Sven Tuerpe Re:Time for a new sig? (260 comments)

My prime plan is that I think it should be possible to cut or short one or more lines on the TPM chip to effectively deactivate it or at least isolate it, boot into custom control software, flip the switch, and just feed the chip the same sequence of values it would load during the authentic Trusted boot sequence.

This attack is known as the TPM reset attack.

more than 5 years ago
top

Solution Against Cold Boot Attack In the Making

Sven Tuerpe Re:Adds another layer to hardware solutions? (260 comments)

The TPM is specifically designed to secure the computer against the owner.

That's funny. They (the Trusted Computing community) keep telling me that the TPM and the technologies surrounding it were never designed to protect against physical attacks. It should be obvious that this is a bad choice when trying to secure a computer against the owner. Can you point me to a specific reference in the specification or other official matter regarding this design objective?

more than 5 years ago
top

Solution Against Cold Boot Attack In the Making

Sven Tuerpe Re:Freeze the CPU (260 comments)

Except that real "trusted computing" using a TPM chip doesn't store the key in the CPU or in RAM, it is stored in the TPM.

This is a dangerous belief. It is true that some keys remain inside the TPM, at least as long as the chip is being accessed only through its wire interface. However, the TPM ist not suitable for bulk encryption. Applications therefore typically use the TPM only to store keys, which are extracted to memory when needed.

more than 5 years ago
top

Solution Against Cold Boot Attack In the Making

Sven Tuerpe Re:Adds another layer to hardware solutions? (260 comments)

The attack essentially depends on being able to shutdown the computer but keep the memory cold enough that the randomization time is slowed down tremendously, giving enough time to perform a dump of the contents onto another system for further analysis.

The attack is really extracting the encryption key from memory after gaining physical access to the machine. Cold boot, cool as it may be, is just one particular implementation of it. To effectively protect your system you should defend against the attack, not particular implementations.

more than 5 years ago
top

Solution Against Cold Boot Attack In the Making

Sven Tuerpe Re:Adds another layer to hardware solutions? (260 comments)

I thought Slashdot was against the TPM chip? Last I read, it was supposed to be used for anti-piracy.

Further down (or up?) the thread, Slashdot still is. But a TPM is not going to help you much here. The TPM is not supposed to do bulk encryption so it is typically used to restrict the release of a key to certain conditions. Which means that even with a TPM one will end up having the actual key somewhere in the RAM.

more than 5 years ago
top

Solution Against Cold Boot Attack In the Making

Sven Tuerpe Re:how often are these actaully done? (260 comments)

so how often are these cold boot attacks actually performed in a hostile situation (as opposed to under controled conditions for demonstration, or to legitimately recover lost passwords or whatever)

This is a good and legitimate question. This question should not be used to thwart research, however. Threats may evolve and exploiting a vulnerability could become widespread over time. Perhaps deployment can wait until this really happens but research should not.

more than 5 years ago
top

Solution Against Cold Boot Attack In the Making

Sven Tuerpe Re:zero on power up? (260 comments)

Isn't it possible to design "secure" memory chips that zero their contents when power is first applied?

Maybe, but this would solve only one portion of the problem. Cold boot attacks imply that the attacker has physical access to the computer and sufficient time to dig down to the wires without getting caught. The canonical implementation is stealing a running laptop. The attacker's objective is to get access to a key, which today usually resides in RAM. Cold boot attacks are one way of doing this but there is a wide range of other things that an attacker could do in this situation. The attacker might use interfaces like Firewire for instance, which has been mentioned elsewhere in this discussion. Or manipulate the running system in such a way that power suppply of the RAM chips is maintained while other components are being reset. "Secure" memory chips as you propose would therefore solve only part of the real problem.

more than 5 years ago

Submissions

Sven Tuerpe hasn't submitted any stories.

Journals

Sven Tuerpe has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?