* Posts by Eugene Crosser

204 posts • joined 20 Oct 2007

Page:

Did speeding American manhole cover beat Sputnik into space? Top boffin speaks to El Reg

Eugene Crosser
Headmaster

Most probably, the first man-made object outside atmosphere was V2, the first man-made object on Earth orbit was Sputnik. This plug, if it did not disintegrate (and most likely it did) and kept escape velocity when it exited the atmosphere, could claim to be the first man-made object to go to space and stay there.

Otherwise, that would be Luna 1, launched in 1959.

1
0

Amazon just wrote a TLS crypto library in only 6,000 lines of C code

Eugene Crosser

Re: OpenSSL

> There should have been a division between crypto and protocols from the beginning.

And there was, in case anyone did not notice. SSLeay/OpenSSL came as two libraries, libcrypto and libssl from the very start. And in case anyone did not notice, s2n replaces the latter, but uses the former.

OpenSSL code is not as bad as it is often presented nowadays. Although it does suffer from the luggage of old coding practices, and lack of attention from infosec experts (for a long time, the latter problem is rectified now). Lack of strong leadership contributed to the problems, too, I think, since the original authors where kidnapped[*] by the NSA.

[*] Figuratively speaking. Don't go looking in the Snowden files. It happened in 1998 when Eric Young and Tim Hudson where hired by RSA and where not allowed to touch SSLeay code since then. That's the official story, anyway. There was only one post signed by Eric Young since then, and nothing from Tim Hudson.

5
0

Secure web? That'll cost you, thanks to Mozilla's HTTPS plan

Eugene Crosser

Bring up DANE

I've said it and I'll say it again: introduce DANE first, ban clear HTTP after that. Otherwise it's just helping CA folks to make a quick buck out of thin air.

13
0

Netflix looses FIDO hack attack dog as open source

Eugene Crosser
Facepalm

I wish they did not abuse the acronym so badly

It was bad enough when FIDO Alliance came into being and stole it from the good old FidoNet. And now this.

2
1

WIN a RockBLOCK Mk2 Iridium sat comms unit

Eugene Crosser

UDDER

Ultra Distant Discovery & Emergency Radio

0
0

Timeout, Time Lords: ICANN says there is only one kind of doctor

Eugene Crosser

It's paramaunt to keep spin doctors out

the rest are acceptable casualties.

0
0

The secret of Warren Buffett's success at Berkshire Hathaway

Eugene Crosser

What about other insurance companies?

Insurance market in not competitive, and as a result, those who own an insurance company have "free money" to invest. OK, I got it.

But Buffett's not the only insurance company in existence. Why aren't the owners of other insurance companies making the same crazy profit as Buffett?

0
0

IBM punts cryptotastic cloudy ID verification services

Eugene Crosser

Re: IBM and "The Man" do not need to be involved

The point of the tech in question here is that Alice can prove to Bob that The Man guarantees that she is above 18 yo, and that The Cashier received payment from her. So now Bob can send a p0rn flick to her but neither The Man nor The Cashier are wiser about her taste of movies.

Of course Bob has to trust The Man and The Cashier.

0
0
Eugene Crosser
Thumb Up

IBM and "The Man" do not need to be involved

The service is hosted on IBM cloud only for demo purposes. It can be run on one's personal hardware (notebook or smartphone) and then the person will be in full control. It's also open source and thus auditable.

1
0

Hola HoloLens: Reg man gets face time with Microsoft's holographic headset

Eugene Crosser
Joke

"You hold a fist in front of your face, raise a finger vertically, then roll it back down."

I am trying to image this.

Seems both obscene and hazardous.

6
0

EU copyright law: Is the Pirate Party's MEP in FAVOUR of it?

Eugene Crosser

Artificial scarcity is the key problem.

I believe that many, if not most, "pirates" are willing to pay fair price for the content they consume. I for one certainly am. The problem is, in many if not most cases, that the consumer is denied access altogether. Such as, in order to watch "Citizen Four" I would need to request visa to the US, buy a $1000 air ticket, and go to a movie theatre there for $10.

Copyright regulation that is fair to both creators and consumers should disallow creation of artificial barriers, such as geographic restrictions or lock-in on particular technological solution (implied by DRM). The only legal reason to deny the consumer access should be their refusal to pay the price.

I don't want "product of human creativity" to be "free as beer". But I do want it to be "free as speech".

(Yes, I know that it is hard.)

0
0

Boffins open 'space travel bureau': Come relax on exoplanet Kepler-16b, says NASA

Eugene Crosser

Pet peeve

I hate these pictures with two big celestial bodies in the sky. It's impossible. You can have two suns, but either one or both will look like very bright star, not a disk. Otherwise the system will be unstable. Same for two big moons.

1
0

So: Will we get net neutrality? El Reg decodes FCC boss Tom Wheeler

Eugene Crosser

I don't understand

you have to provide the service across the country

How this is going to work now for the ISPs, and, even more interesting, how could it work in the olden days of railways, steamers and coaches?

0
0

Armouring up online: Duncan Campbell's chief techie talks crypto with El Reg

Eugene Crosser

Re: Truecrypt is a threat

@Ben

I am not familiar with truecrypt, but I assume that it does not let an observer see "a blob of random data" precisely because it would be pretty convincing evidence of "hidden volume". If my assumption is true, then the mere fact that truecrypt can have hidden volume is no better proof than the fact that a bikini picture can have hidden information.

0
0
Eugene Crosser

Re: Truecrypt is a threat

I am not sure how this kind of possibility is realized in real life (and IANAL), but surely, even if you don't have TrueCrypt in plain view, a prosecutor can argue that you have data steganographically hidden in your holiday photos (or free sectors on the disk) and demand that you decrypt it. There is no difference in the possibility of a hidden truecrypt volume and the possibility of secrets hidden in plain view without truecrypt.

1
0

Beware of merging, telcos. CHEAPER SPECTRUM follows

Eugene Crosser

Re: Questionable logic

@Teresa

That's right, but auction on spectrum does not help it a little bit, does it?

(I specifically underlined "when there is competition". That's the key, obviously.)

0
0
Eugene Crosser

Questionable logic

Whatever their cost base, they're going to charge us consumers the maximum they can get away with. So increasing the spectrum price doesn't change what we pay.

Err... I am not so sure about the logical relation between these statements.

When there is competition, every player wants to cover costs plus get as much profit as they can without losing their customers to competition. When the cost base is the same for all competitors, they all end up adding some "average" profit margin on top, and this results in the "average market price" that the consumers pay.

When cost rises for all the competitors, they all do the only possible thing, and raise prices simultaneously, preserving the margin. If any of them don't, it starts losing money and go out of business. If any of them rises prices too high, it loses customers and go out of business.

In a sense, auction on "natural resource" is anticompetitive, because it raises the barrier of entry, while doing nothing to impose "fairness".

2
1

Next gen ransomware: Elliptic cryptic, talks on Tor, demands Bitcoin

Eugene Crosser

Re: Specific to VMs...

What does exist in the way of hardware monitoring

Most virtualized environments these days are hardware-assisted (on mainframe, for a long time; on x86 - for a few years now). Even so it is tricky to hide the fact that a program is running in a VM from that program. It is possible, but in most real-life scenarios it is better to let it know, so the fact is rarely being hidden well enough to fool sufficiently sophisticated malware.

0
0
Eugene Crosser

Re: Specific to VMs...

Running the program in a VM allows the researcher to observe "from the outside" (i.e. from the hypervisor) what the program is doing, down to one instruction at a time when necessary. On bare metal, the malware will just do its deed without giving the researcher any insight about how it works.

5
0

The Pirate Bay SUNK: It vanishes after Swedish data center raid

Eugene Crosser

Beware of the new domain

thepiratebay.cr is reported to be a proxy, devoid of real content, albeit showing the home page.

0
0

The Nokia ENIGMA THING and its SECRET, TERRIBLE purpose

Eugene Crosser

It's a tyre repair kit

just saying

6
0

Obama HURLS FCC under train, GUTPUNCHES ISPs in net neut battle

Eugene Crosser

Re: Time to speak up

"Unfortunately you get no benefit from the traffic and its costing you money"

Consumer ISPs have paying customers. The more service (i.e. data transferred to customers), the more revenue (at least, that is how it should be - service must be paid for). For the customers to want the service, there must be people whose data the customers want to get. I.e. Netflixes etc.

ISPs should praise those data producers, buy them flowers, and maybe even share some of their revenue with them. Not demand money from them.

This is how it is when there is no monopoly.

18
3

MasterCard adds fingerprint scanner to credit cards for spending sans the PIN

Eugene Crosser

relative difficulty

the correct fingerprint is stored on the card and it is likely a canny thief could reprogram the card, or take a copy of the data stored on it.

This particular attack is very unlikely. EMV cards are quite good at preventing the leak of data stored in the chip (otherwise it would be easy to clone, and we don't hear much about that).

Making a gelatine "fake finger" from a fingerprint is relatively easy, and will defeat best mass market readers. It is easier than chopping off fingers. But still more difficult than simply eavesdropping on the pin entry.

2
0

Crims zapped mobes, slabs we collared for evidence, wail cops

Eugene Crosser
Boffin

Faraday cage will not help

Assuming the "remote kill" functionality is set up, the phone needs to be (1) FDE encrypted, (2) not rooted, and (3) have a system app that simply turns power down if it cannot connect to the "remote kill" server for a long enough period of time.

2
4

Bash bug flung against NAS boxes

Eugene Crosser

Miscreants will be hard pressed to find bash on embedded systems

- they usually run busybox(/ash) or some other "lesser" shell.

"Real" servers, and especially hosted VMs that boot from pre-built system images are probably more lucrative.

0
1

Kenyan court case could sound death knell for mobile money

Eugene Crosser

Does it promotes or prevents competition?

Let me get it straight.

  • Vodafone has introduced "mobile money", with great success.
  • Some local bank(s) decided to introduce their own mobile money, to compete with Vodafone.
  • Vodafone tried to prevent banks from doing that, on the pretext that the technology proposed by banks weakens the security of the SIM.
  • Court gave the bank(s) green light, so both parties can now compete for the customer.
  • There is no sign (so far) of the banks trying to outlaw Vodafone's service.
What I am missing, when I think that this is good news?

8
1

Unchanging Unicorn: Don't be disappointed with Ubuntu 14.10, be happy

Eugene Crosser

Cinnamon

on utopic, is apparently available in the 'universe', i.e. it is again a part of official Ubuntu.

(mate vs. cinnamon is a matter of personal preference, mate being a "resurrected gnome 2", and cinnamon - "reversed gnome 3".)

5
0

Plucky Playmonaut parties as LOHAN hits Kickstarter goal

Eugene Crosser
Pint

Masterly done!

Meeting the goal with just two days margin is very... precise! Cheers!

0
0

Murdoch to Europe: Inflict MORE PAIN on Google, please

Eugene Crosser

Re: Dear Google, please!

Right! I mean, do we have to wait FIVE YEARS for this bore to be killed at last?

5
0

Bonking with Apple has POUNDED mobe operators' wallets

Eugene Crosser

Re: I don't like it.

I'm not convinced about NFC payments though (via card or mobile) how is this safer than Chip and PIN?

NFC payments are not safer than EMV (known in Britain as "chip and pin"). Cards use basically the same messaging protocol over the wires and over radio. NFC is equally safe, but more convenient.

0
0
Eugene Crosser

boost or death

"The mobile payments world has hailed Apple Pay as the start of the mobile payments revolution, something which happens about as often as Voyager 1 “leaves the solar system”, but it could be the death of the technology. Apple Pay is (surprise!) an Apple-only system and doesn’t offer any way in for the operators.

On the NFC side, Apple Pay is standard EMV over NFC, like the bank-issued contactless cards. And like Google Wallet. If proliferation of Apple Pay makes the merchants rise their collective back-side from the chair and upgrade POS terminals, that will be a boost for all other NFC payment systems.

3
0

Leak of '5 MEELLLION Gmail passwords' creates security flap

Eugene Crosser

And here is why they did it:

  • Dump purported leaked passwords (but really just junk), publicise the move.
  • People hear about it, and rush to update their passwords.
  • Run DNS poisoning attack against mail relays
  • Intercept password reset links, and use them to hijack accounts
  • Profit!

5
0

Why has the web gone to hell? Market chaos and HUMAN NATURE

Eugene Crosser

Re: On what planet does The Guardian recruit?

I will concede that revenge porn is new

The idea is not: http://en.wikipedia.org/wiki/Nunc_Dimittis_%28short_story%29

... Not that I disagree with the rest

0
0

Super Cali signs a kill-switch, campaigners say it's atrocious

Eugene Crosser

Re: Hold on a second... IMEI Blocking?

Well, it is much easier to protect IMEI against reflashing than the OS image.

0
0
Eugene Crosser

Re: Hold on a second... IMEI Blocking?

Exactly. Why force vendors to install software feature that is difficult to use and easy to abuse when you can force operators to keep track of IMEI last used by a customer, and if the customer reports theft to police, add it to public blacklist?

Both the argument and counterargument in this debate are just stupid.

2
0

LOHAN Kickstarter bid IS GO: Back our Vulture 2 spaceplane launch

Eugene Crosser

typo

Just a nitpick: it says "Ad Adstra Tabernamque" near the bottom of the kickstarter page.

0
0

LOHAN packs bags for SPACEPORT AMERICA!

Eugene Crosser

Re: Post-Lohan...

Even if you where able to get to 160 km altitude by balloon you'd only save 20% in delta-v. 7.8×10³ m/s is quite a lot to gain...

But, hell, that would be something!

0
0

New twist as rogue antivirus enters death throes

Eugene Crosser

Re: Spelling

I guess it was (semi?)deliberate. But I wish they hadn't done it. It's pain enough to see in reddit comments.

0
0

Linux kernel devs made to finger their dongles before contributing code

Eugene Crosser
Thumb Up

Good for them, and for Yubico

Yubikey is much more convenient to use than traditional TOTP tokens (or google authenticator on the phone) where you have to type in the the code from the token's display. Good publicity for Yubico, too.

2
0

BitTorrent launches decentralised crypto-fied chat app

Eugene Crosser
Headmaster

Targeted vs. opportunistic

The stance "if you are a target then this technology won't help you" is red herring.

Of course it will not. If you are targeted then (presumably) you know what you are doing, and know how to protect yourself.

The point of technology similar to this is to thwart NSA-style opportunistic eavesdropping rather than CIA-style targeted operations. As long as it works - job done.

2
0

OpenWRT gets native IPv6 slurping in major refresh

Eugene Crosser
Thumb Down

Come on!

OpenWRT has native ipv6 support, as well as support for a number of tunnel brokers, for I don't remember since when. I have ipv6 on my home system with Kamikaze up and running for several years.

0
0

Judge says there's no such thing as a 'Patent Troll'

Eugene Crosser

Surely a typo?

“without unduly prejudicing GPNE or confusing the jury.”

Otherwise, I agree with those who pointed out that "patent troll"/"nonpracticing entity" is a distraction. "Real" company using patents to prevent competition is no lesser evil than a troll collecting patent rent.

0
0

We're ALL Winston Smith now - and our common enemy is the Big Brother State

Eugene Crosser

Bravo, but..

Thanks Mr. Worstall for spelling the word of reason! Data gathering in the interest of commerce has indeed quite different implications from data gathering in the interest of the state.

But, monopolization of commercial data gathering greatly simplifies state data gathering, and for this reason is dangerous. I share the view that we'd be better off if more of our Net life happened in distributed systems (similar to email) and less - in centralized (similar to Facebook).

1
1

CERN and MIT chaps' secure webmail stalled by stampede of users

Eugene Crosser

Cameras for hacks: Idiot-proof suggestions invited

Eugene Crosser

Canon

is to my experience the best in the class that you describe. I've been using IXUS 80is for several years, recently replaced by Powershot SX280hs. The picture quality is quite good for the size/price, looks very decent on a 30x40 cm print. And especially ixus is quite sturdy.

0
0

Crap flap-app flap chap yaps: Yes, FLAPPY BIRD is comin' back

Eugene Crosser

Anybody remembers SFCave

or its knockoffs? They've been here, like, forever. I remember playing on Palm Tungsten. Admittedly, the ribbon that you had to direct through the tunnel did not flap its wings, though. Sunflat is still alive, though I am not sure that there weren't any earlier versions.

(I want an icon of a man with long grey beard)

0
0

Roll up, roll up for the Commentards' Ball

Eugene Crosser
Pint

I will tele-toast from 2500 km away

cheers!

0
0

Netflix coughs up to cruise on Comcast

Eugene Crosser

Re: It's all about balance of payments

That's right, paying per Gb (or having capped tiers, like I have from my provider) is the way. The consumer should pay fair price for the service. That is capitalism.

By the way, the top tier, 100Mbit symmetric without caps costs under $30/mo where I live. Admittedly, we have multi-story buildings, so providing the last mile is cheaper per user than in the US.

0
2
Eugene Crosser
Flame

Do they call it free market?

Suppose I am a customer of Comcast's rival, let's call it "YMission". And I pay subscription to Netflix. It means that part of my money goes to help the rival of my provider, who does nothing for me. Why is it legal?

That is not to say, the content providers create the market for the ISPs, making the customers want to have Internet access. If anything, its the ISPs who owe to the Netflixes.

This does not look like capitalism at all.

4
1

Page:

Forums