* Posts by Eugene Crosser

218 posts • joined 20 Oct 2007

Page:

Idiot millennials are saving credit card PINs on their mobile phones

Eugene Crosser

Re: Encryption?

Indeed.

I keep all my passwords (couple hundred I think) and pins (a dozen) on the phone, encrypted under master password in OISafe. 55.

Millenials, you are saying...

1
0

Why Tim Cook is wrong: A privacy advocate's view

Eugene Crosser

Not exactly a "design flaw"

> What appears to be involved is a design flaw.

Not so much a design flaw, as a hardware deficiency of an older iPhone model, i.e. lack of "Secure enclave" in the model in question. This guy provides a very plausible analysis.

2
0

Router configurations suck (power out of mobile devices, that is)

Eugene Crosser

> Does this mean I would have to wait and average of 4.25 (worst case 8.5) minutes before my phone can connect to a new network?

No.

When a device connects to a network, it may, and usually do, send "router solicitation" multicast packet, to which the router(s) respond with "router advertisement" instantly. "Gratuitous" RAs are there to ensure that things are eventually corrected if the process did not work first time.

5
0

Canonical and Spain's BQ team to put Ubuntu on a tablet

Eugene Crosser

Right direction, wrong choices.

I am definitely the target audience for this sort of device. I currently carry an x200 series ThinkPad with me (and use an old-school deskside box at home). I want my next "luggable" computer to be a tablet running a full Linux distro, accompanied by a BT keyboard/mouse.

But it will definitely not be this one. It is specced as a cheap Android tablet. To be useful as a "portable workstation" it must have no less than 250 Gb of storage. To be useful as a tablet, it must have GPS. If Android-specced hardware was acceptable for me, why would I want a BQ when I can get a Nexus or a Z tablet and install Ubuntu there?

2
0

Learn you Func Prog on five minute quick!

Eugene Crosser
Boffin

currying and partial application are largely orthogonal

At least in Haskell parlance, currying and uncurrying is conversion between a function that takes an argument of a product type (typically a tuple) and a function that takes multiple arguments of the types of elements of that product type

uncurried_func :: (Hight, Weight) -> HoleSize

curried_func :: Hight -> Weight -> HoleSize

The only connection to partial application is that you need a function with multiple arguments, so if your original function was uncurried, you will need to curry it before you can use it for partial application.

1
0

Anyone using M-DISC to archive snaps?

Eugene Crosser

Never on the shelf, always live.

Take it from someone who's been there for a long time.

As others mentioned, it's not the durability of the media, it's the mere existence of the technology. By the time you need to read the archive, you find that there is no compatible hardware anywhere but in a museum.

On the other hand, when it's on a NAS plus in the "cloud", you are forced to keep up with progress. When the NAS gives ghost, you'll have to get a current piece of tech, and restore all your data there. When the cloud provider dies you'll have to move to a new one.

Just make sure that you keep three copies "normally", and no less than two during the migration.

2
0

'Wipe everything clean ... Join us ...' Creepy poem turns up in logs of 30 million-ish servers

Eugene Crosser

X-Clacks-Overhead anyone?

I wonder if they checked how many of the responses contained the "GNU Terry Pratchett" message. (They did get one from my server...)

24
3

Cyber-terror: How real is the threat? Squirrels are more of a danger

Eugene Crosser

A little more than a month passed, and ...

--Cyber Attacks Allegedly Targeted Power Stations in Ukraine

(January 1 & 4, 2016)

A cyber attack last month in Ukraine caused a significant portion of the

country's power grid to go offline. The SANS Industrial Control System

(ICS) team has obtained a sample of the malware allegedly used in the

attack.

http://motherboard.vice.com/read/malware-found-inside-downed-ukrainian-power-plant-points-to-cyberattack

-- SANS NewsBites Vol. 18 Num. 001

0
0

Google wants to add 'not encrypted' warnings to Gmail

Eugene Crosser
Facepalm

Yeah, right.

Rather than fussing about largely useless TLS SMTP, Google ought to make better effort to support PGP in its webmail client.

3
8

The internet's Middle East problem: Who is going to do something about Whois?

Eugene Crosser

Failure?!

I think ICANN chaps are doing their job marvellously. They are keeping layers and politicians (and journalists) debating with them, and getting angry at them, and demanding change, while the Internet chugs quietly behind, unscathed.

4
0

Perhaps the AIpocalypse ISN'T imminent – if Google Translate is anything to go by, that is

Eugene Crosser

They are on it

The robots, the algos, unrestrained aren't about to take all our jobs. Simply because they're not yet very good at doing things which we humans do without much effort, which is to distinguish between different potential meanings of words and put them into context on the fly.

This project strives to solve exactly this problem. Not yet there, but...

0
0

Bruce Schneier: 'We're in early years of a cyber arms race'

Eugene Crosser

I think Schneier was mixing with generals and politicians a bit too much lately. All that talk about nation states, military and police... "Cyber-enemy" is border-less. And the defence ought to be border-less. And actually, it already is, in case not everyone noticed. Attempt to bring in national interests and national forces to the discussion is just a desperate attempt by the said generals and politicians to stay relevant.

2
0
Eugene Crosser

Re: @1980s_coder

> Until they turn the electricity off.

And leave "them" without the battlefield? They won't, where's the fun in that?

2
0

Lenovo CEO: We will axe 3,200 workers as our profits shrink to nowt

Eugene Crosser

I'd like them to axe the clowns who arranged inclusion of NovoSecEngine2 in the BIOS

But that does not seem likely...

4
0

Did speeding American manhole cover beat Sputnik into space? Top boffin speaks to El Reg

Eugene Crosser
Headmaster

Most probably, the first man-made object outside atmosphere was V2, the first man-made object on Earth orbit was Sputnik. This plug, if it did not disintegrate (and most likely it did) and kept escape velocity when it exited the atmosphere, could claim to be the first man-made object to go to space and stay there.

Otherwise, that would be Luna 1, launched in 1959.

1
0

Amazon just wrote a TLS crypto library in only 6,000 lines of C code

Eugene Crosser

Re: OpenSSL

> There should have been a division between crypto and protocols from the beginning.

And there was, in case anyone did not notice. SSLeay/OpenSSL came as two libraries, libcrypto and libssl from the very start. And in case anyone did not notice, s2n replaces the latter, but uses the former.

OpenSSL code is not as bad as it is often presented nowadays. Although it does suffer from the luggage of old coding practices, and lack of attention from infosec experts (for a long time, the latter problem is rectified now). Lack of strong leadership contributed to the problems, too, I think, since the original authors where kidnapped[*] by the NSA.

[*] Figuratively speaking. Don't go looking in the Snowden files. It happened in 1998 when Eric Young and Tim Hudson where hired by RSA and where not allowed to touch SSLeay code since then. That's the official story, anyway. There was only one post signed by Eric Young since then, and nothing from Tim Hudson.

5
0

Secure web? That'll cost you, thanks to Mozilla's HTTPS plan

Eugene Crosser

Bring up DANE

I've said it and I'll say it again: introduce DANE first, ban clear HTTP after that. Otherwise it's just helping CA folks to make a quick buck out of thin air.

13
0

Netflix looses FIDO hack attack dog as open source

Eugene Crosser
Facepalm

I wish they did not abuse the acronym so badly

It was bad enough when FIDO Alliance came into being and stole it from the good old FidoNet. And now this.

2
1

WIN a RockBLOCK Mk2 Iridium sat comms unit

Eugene Crosser

UDDER

Ultra Distant Discovery & Emergency Radio

0
0

Timeout, Time Lords: ICANN says there is only one kind of doctor

Eugene Crosser

It's paramaunt to keep spin doctors out

the rest are acceptable casualties.

0
0

The secret of Warren Buffett's success at Berkshire Hathaway

Eugene Crosser

What about other insurance companies?

Insurance market in not competitive, and as a result, those who own an insurance company have "free money" to invest. OK, I got it.

But Buffett's not the only insurance company in existence. Why aren't the owners of other insurance companies making the same crazy profit as Buffett?

0
0

IBM punts cryptotastic cloudy ID verification services

Eugene Crosser

Re: IBM and "The Man" do not need to be involved

The point of the tech in question here is that Alice can prove to Bob that The Man guarantees that she is above 18 yo, and that The Cashier received payment from her. So now Bob can send a p0rn flick to her but neither The Man nor The Cashier are wiser about her taste of movies.

Of course Bob has to trust The Man and The Cashier.

0
0
Eugene Crosser
Thumb Up

IBM and "The Man" do not need to be involved

The service is hosted on IBM cloud only for demo purposes. It can be run on one's personal hardware (notebook or smartphone) and then the person will be in full control. It's also open source and thus auditable.

1
0

Hola HoloLens: Reg man gets face time with Microsoft's holographic headset

Eugene Crosser
Joke

"You hold a fist in front of your face, raise a finger vertically, then roll it back down."

I am trying to image this.

Seems both obscene and hazardous.

6
0

EU copyright law: Is the Pirate Party's MEP in FAVOUR of it?

Eugene Crosser

Artificial scarcity is the key problem.

I believe that many, if not most, "pirates" are willing to pay fair price for the content they consume. I for one certainly am. The problem is, in many if not most cases, that the consumer is denied access altogether. Such as, in order to watch "Citizen Four" I would need to request visa to the US, buy a $1000 air ticket, and go to a movie theatre there for $10.

Copyright regulation that is fair to both creators and consumers should disallow creation of artificial barriers, such as geographic restrictions or lock-in on particular technological solution (implied by DRM). The only legal reason to deny the consumer access should be their refusal to pay the price.

I don't want "product of human creativity" to be "free as beer". But I do want it to be "free as speech".

(Yes, I know that it is hard.)

0
0

Boffins open 'space travel bureau': Come relax on exoplanet Kepler-16b, says NASA

Eugene Crosser

Pet peeve

I hate these pictures with two big celestial bodies in the sky. It's impossible. You can have two suns, but either one or both will look like very bright star, not a disk. Otherwise the system will be unstable. Same for two big moons.

1
0

So: Will we get net neutrality? El Reg decodes FCC boss Tom Wheeler

Eugene Crosser

I don't understand

you have to provide the service across the country

How this is going to work now for the ISPs, and, even more interesting, how could it work in the olden days of railways, steamers and coaches?

0
0

Armouring up online: Duncan Campbell's chief techie talks crypto with El Reg

Eugene Crosser

Re: Truecrypt is a threat

@Ben

I am not familiar with truecrypt, but I assume that it does not let an observer see "a blob of random data" precisely because it would be pretty convincing evidence of "hidden volume". If my assumption is true, then the mere fact that truecrypt can have hidden volume is no better proof than the fact that a bikini picture can have hidden information.

0
0
Eugene Crosser

Re: Truecrypt is a threat

I am not sure how this kind of possibility is realized in real life (and IANAL), but surely, even if you don't have TrueCrypt in plain view, a prosecutor can argue that you have data steganographically hidden in your holiday photos (or free sectors on the disk) and demand that you decrypt it. There is no difference in the possibility of a hidden truecrypt volume and the possibility of secrets hidden in plain view without truecrypt.

1
0

Beware of merging, telcos. CHEAPER SPECTRUM follows

Eugene Crosser

Re: Questionable logic

@Teresa

That's right, but auction on spectrum does not help it a little bit, does it?

(I specifically underlined "when there is competition". That's the key, obviously.)

0
0
Eugene Crosser

Questionable logic

Whatever their cost base, they're going to charge us consumers the maximum they can get away with. So increasing the spectrum price doesn't change what we pay.

Err... I am not so sure about the logical relation between these statements.

When there is competition, every player wants to cover costs plus get as much profit as they can without losing their customers to competition. When the cost base is the same for all competitors, they all end up adding some "average" profit margin on top, and this results in the "average market price" that the consumers pay.

When cost rises for all the competitors, they all do the only possible thing, and raise prices simultaneously, preserving the margin. If any of them don't, it starts losing money and go out of business. If any of them rises prices too high, it loses customers and go out of business.

In a sense, auction on "natural resource" is anticompetitive, because it raises the barrier of entry, while doing nothing to impose "fairness".

2
1

Next gen ransomware: Elliptic cryptic, talks on Tor, demands Bitcoin

Eugene Crosser

Re: Specific to VMs...

What does exist in the way of hardware monitoring

Most virtualized environments these days are hardware-assisted (on mainframe, for a long time; on x86 - for a few years now). Even so it is tricky to hide the fact that a program is running in a VM from that program. It is possible, but in most real-life scenarios it is better to let it know, so the fact is rarely being hidden well enough to fool sufficiently sophisticated malware.

0
0
Eugene Crosser

Re: Specific to VMs...

Running the program in a VM allows the researcher to observe "from the outside" (i.e. from the hypervisor) what the program is doing, down to one instruction at a time when necessary. On bare metal, the malware will just do its deed without giving the researcher any insight about how it works.

5
0

The Pirate Bay SUNK: It vanishes after Swedish data center raid

Eugene Crosser

Beware of the new domain

thepiratebay.cr is reported to be a proxy, devoid of real content, albeit showing the home page.

0
0

The Nokia ENIGMA THING and its SECRET, TERRIBLE purpose

Eugene Crosser

It's a tyre repair kit

just saying

6
0

Obama HURLS FCC under train, GUTPUNCHES ISPs in net neut battle

Eugene Crosser

Re: Time to speak up

"Unfortunately you get no benefit from the traffic and its costing you money"

Consumer ISPs have paying customers. The more service (i.e. data transferred to customers), the more revenue (at least, that is how it should be - service must be paid for). For the customers to want the service, there must be people whose data the customers want to get. I.e. Netflixes etc.

ISPs should praise those data producers, buy them flowers, and maybe even share some of their revenue with them. Not demand money from them.

This is how it is when there is no monopoly.

18
3

MasterCard adds fingerprint scanner to credit cards for spending sans the PIN

Eugene Crosser

relative difficulty

the correct fingerprint is stored on the card and it is likely a canny thief could reprogram the card, or take a copy of the data stored on it.

This particular attack is very unlikely. EMV cards are quite good at preventing the leak of data stored in the chip (otherwise it would be easy to clone, and we don't hear much about that).

Making a gelatine "fake finger" from a fingerprint is relatively easy, and will defeat best mass market readers. It is easier than chopping off fingers. But still more difficult than simply eavesdropping on the pin entry.

2
0

Crims zapped mobes, slabs we collared for evidence, wail cops

Eugene Crosser
Boffin

Faraday cage will not help

Assuming the "remote kill" functionality is set up, the phone needs to be (1) FDE encrypted, (2) not rooted, and (3) have a system app that simply turns power down if it cannot connect to the "remote kill" server for a long enough period of time.

2
4

Bash bug flung against NAS boxes

Eugene Crosser

Miscreants will be hard pressed to find bash on embedded systems

- they usually run busybox(/ash) or some other "lesser" shell.

"Real" servers, and especially hosted VMs that boot from pre-built system images are probably more lucrative.

0
1

Kenyan court case could sound death knell for mobile money

Eugene Crosser

Does it promotes or prevents competition?

Let me get it straight.

  • Vodafone has introduced "mobile money", with great success.
  • Some local bank(s) decided to introduce their own mobile money, to compete with Vodafone.
  • Vodafone tried to prevent banks from doing that, on the pretext that the technology proposed by banks weakens the security of the SIM.
  • Court gave the bank(s) green light, so both parties can now compete for the customer.
  • There is no sign (so far) of the banks trying to outlaw Vodafone's service.
What I am missing, when I think that this is good news?

8
1

Unchanging Unicorn: Don't be disappointed with Ubuntu 14.10, be happy

Eugene Crosser

Cinnamon

on utopic, is apparently available in the 'universe', i.e. it is again a part of official Ubuntu.

(mate vs. cinnamon is a matter of personal preference, mate being a "resurrected gnome 2", and cinnamon - "reversed gnome 3".)

5
0

Plucky Playmonaut parties as LOHAN hits Kickstarter goal

Eugene Crosser
Pint

Masterly done!

Meeting the goal with just two days margin is very... precise! Cheers!

0
0

Murdoch to Europe: Inflict MORE PAIN on Google, please

Eugene Crosser

Re: Dear Google, please!

Right! I mean, do we have to wait FIVE YEARS for this bore to be killed at last?

5
0

Bonking with Apple has POUNDED mobe operators' wallets

Eugene Crosser

Re: I don't like it.

I'm not convinced about NFC payments though (via card or mobile) how is this safer than Chip and PIN?

NFC payments are not safer than EMV (known in Britain as "chip and pin"). Cards use basically the same messaging protocol over the wires and over radio. NFC is equally safe, but more convenient.

0
0
Eugene Crosser

boost or death

"The mobile payments world has hailed Apple Pay as the start of the mobile payments revolution, something which happens about as often as Voyager 1 “leaves the solar system”, but it could be the death of the technology. Apple Pay is (surprise!) an Apple-only system and doesn’t offer any way in for the operators.

On the NFC side, Apple Pay is standard EMV over NFC, like the bank-issued contactless cards. And like Google Wallet. If proliferation of Apple Pay makes the merchants rise their collective back-side from the chair and upgrade POS terminals, that will be a boost for all other NFC payment systems.

3
0

Leak of '5 MEELLLION Gmail passwords' creates security flap

Eugene Crosser

And here is why they did it:

  • Dump purported leaked passwords (but really just junk), publicise the move.
  • People hear about it, and rush to update their passwords.
  • Run DNS poisoning attack against mail relays
  • Intercept password reset links, and use them to hijack accounts
  • Profit!

5
0

Why has the web gone to hell? Market chaos and HUMAN NATURE

Eugene Crosser

Re: On what planet does The Guardian recruit?

I will concede that revenge porn is new

The idea is not: http://en.wikipedia.org/wiki/Nunc_Dimittis_%28short_story%29

... Not that I disagree with the rest

0
0

Super Cali signs a kill-switch, campaigners say it's atrocious

Eugene Crosser

Re: Hold on a second... IMEI Blocking?

Well, it is much easier to protect IMEI against reflashing than the OS image.

0
0
Eugene Crosser

Re: Hold on a second... IMEI Blocking?

Exactly. Why force vendors to install software feature that is difficult to use and easy to abuse when you can force operators to keep track of IMEI last used by a customer, and if the customer reports theft to police, add it to public blacklist?

Both the argument and counterargument in this debate are just stupid.

2
0

LOHAN Kickstarter bid IS GO: Back our Vulture 2 spaceplane launch

Eugene Crosser

typo

Just a nitpick: it says "Ad Adstra Tabernamque" near the bottom of the kickstarter page.

0
0

Page:

Forums