SoylentNews is people
SoylentNews
Amongst other news outlets, CIO reports on a hacker attack on the German parliament (Bundestag) that occured four weeks ago and is still ongoing:
Trojans introduced to the Bundestag network are still working and are still sending data from the internal network to an unknown destination, several anonymous parliament sources told German publication Der Spiegel.[German]
All software and hardware in the German parliamentary network might need to be replaced[1]. More than four weeks after a cyberattack, the government hasn't managed to erase spyware from the system, according to a news report.
Some MPs have concerns to call experts from the foreign intelligence service, the Bundesnachrichtendienst, for help, because the agency would gain access to the legislative process, a possible violation of the principles of Separation of Powers.
[1] Apparently about 20.000 machines are affected
(Score: 5, Informative) by MichaelDavidCrawford on Saturday June 13 2015, @09:40AM
A carpenter once explained to me that you cannot make concrete out of beach sand; rather you have to grind up rocks in a ball mill. That makes for sand particles with lots of nooks and crannies that enable the solidified Portland cement to bind far more effectively than is the case with beach sand, which are worn round and smooth.
However during the great depression, it was common to use beach sand. This had the eventual result that a bunch of houses slipped off their foundations in Santa Cruz County during the 1989 Loma Prieta Earthquake. That same carpenter earned quite a lot of coin by jacking the houses up, pouring new foundations then putting them back down.
The Internet is much like that; while we can all work hard to use strncpy() rather than strcpy() as well as to sanitize our inputs [xkcd.com], that's not going to do a whole lot about the fact that the Internet, in a very real way, is broken by conscious design.
Concerns of security were not so much ignored by those who created the Internet, rather consciously avoided. Among the reasons was the US restrictions on encryption export. It's not just that everyone used telnet and ftp rather than ssh and scp, rather that the development of protocols that required encryption simply was not done. Given that the Internet was created by the Defense Advanced Research Projects Agency, it's not like they didn't know from secret codes, rather the decision was made not to even look into it.
Less well-known is that, at least at one time, it was also unlawful to export implementations of self-healing networks. There are some other technologies that one may not export but I do not recall them.
I once dropped a dime to the Bureau of Exports Administration to ask what I could export in the way of crypto. The gent I spoke to quite emphatically encouraged me to export crypto for use in authentication. However the confused notion that all crypto was forbidden lead to cryptographic authentication not being done much at all - even to this day.
At one time, to send so much as one single unsolicited commercial email could get you disconnected from the Internet entirely. It was like if you didn't pay the power company; they'd drop by your house then flick a switch on your meter to cut you off.
That led to the failure to develop any technological anti-spam measures. There are all manner of ways spam could have been, if not completely prevented, at least greatly discouraged, for example through the use of "hash cash", in which one must compute an expensive hash function before an SMTP server will accept an incoming mail.
The World Wide Web was invented in 1989 by Tim Berners-Lee in hopes of enabling Elementary Particle Physics collaborations to more-easily communicate with each other. It is quite common for thousands of physicists to work together on a single experiment. Consider the problem of everyone agreeing on the final draft of a paper.
Mosaic was written by Marc Andreessen while working at the National Center for Supercomputing Applications. Before Mosaic there were only keyboard-driven text-mode browsers. The one I tried to use at CERN was quite crude so Mosaic was quite a big deal. While NCSA serves many researchers, most supercomputing is done by physicists so I expect Mosaic was written with the intention of helping out the Physics community, so it would not have to use ascii terminal emulators to browse the web.
Mosaic was quite nice but there were many problems so Andreessen - I expect with some VC - founded "Mosaic Inc." then wrote Netscape Navigator. NSCA was concerned about trademark infringement so the company changed its name to "Netscape".
Right around then, Netscape and the World Wide Web started making the press all over the place. Everyone wanted to use it.
Despite that the Internet was by no means ready for public consumption there was so much demand, as well as so much opportunity to create so many things of genuine benefit to humanity that the decision was made to open it to the public. Before that, only government, the military, educational institutions as well as particularly large companies could get online.
I personally feel we would all have been a lot better off with USENET and UUCP. But that horse has already left the barn.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by kaszz on Sunday June 14 2015, @12:00AM
The reason encryption by design were left out was lack of need on a purely research network that only allowed educational, government, military and big (relevant) business to even send or receive any IP packet. Abuse got you *plonk* in the physical way. Encryption software did also lack consistency, good documentation (no searchengines of any kind!) and would tax the computing capacity hard. Consider the capacity of Sun-2 machine that used a 10 MHz Motorola 68010 microprocessor with a proprietary MMU, and an operating system based on 4.1BSD. Ain't gonna crunch anything hard there. Focus were also on doing good, gentlemen honor. People that did bad were located and *plonked* mercilessly.
strncpy() vs strcpy(). Well sloppy thinkers will always be that in most cases. The problem comes when the negative feedback loop doesn't reach them.
If commercial ISP had forced users to read net etiquette and required them to read and sign. And also disconnected anyone breaking those rules. The internet had proberbly been better off. But one can suspect that profits came first.
(Score: 2) by gnuman on Sunday June 14 2015, @12:34AM
A carpenter once explained to me that you cannot make concrete out of beach sand; rather you have to grind up rocks in a ball mill. That makes for sand particles with lots of nooks and crannies that enable the solidified Portland cement to bind far more effectively than is the case with beach sand, which are worn round and smooth.
He told you some bullshit, maybe he believed it too! You don't want to make concrete with SANDSTONE. You want to make concrete with LIMESTONE. It has absolutely nothing to do with "beach sand".
https://en.wikipedia.org/wiki/Concrete#Composition_of_concrete [wikipedia.org]
You don't want anything in concrete that will absorb lots of water in climates that freeze. Guess what happens then?
However during the great depression, it was common to use beach sand. This had the eventual result that a bunch of houses slipped off their foundations in Santa Cruz County during the 1989 Loma Prieta Earthquake.
They slipped off the foundations because they were not fixed to the foundation. Or foundation had not rebars, which is very similar. Or maybe concrete was too weak - not enough cement. But it has nothing to do with sand, especially in California.
You do not want to use sand because it COSTS you more. Sand has more surface area than crushed granite or limestone. And cement amount depends on that to maintain strength. The only place where you use sand is brick laying because you need a thin layer of glue. Anyway ...
As to you comments about crypto, no one cares about crypto. And most that do, don't know what it is or how to use it. Crypto is not a "sexy" thing to work on. Look at current state of IPSec or DNSSEC for some hints.
(Score: 2) by gnuman on Sunday June 14 2015, @12:42AM
You don't want to make concrete with SANDSTONE. You want to make concrete with LIMESTONE
Just to correct my mistake, BOTH sandstone and limestone are shit. Both absorb water. Limestone is just used to make cement.
The most common fillers used include *smooth* river rocks (granite) or other granite gravel.