* Posts by John H Woods

2307 posts • joined 14 Nov 2007

Obama calls out encryption in terror strategy speech

John H Woods
Silver badge

"He and the rest of the political elite never ask Toyota to come up with technological means to make it harder for terrorists to use the Hilux, do they?" --PassiveSmoking.

But they could prevent the vast majority of Hilux related deaths by limiting their speed to 20mph, though. I bet that would be super popular!

1
0
John H Woods
Silver badge

Re: The truth is not relevant to politics

"The technology exists to regulate encryption and prosecute those who choose to violate the new laws."

I agree that technology exists "to regulate encryption" but, as we know, shorn of headers, decent ciphertext is indistinguishable from random numbers; these are easy to smuggle in media files. Furthermore, there is no practical detection of, or defence against, idiot code.

I'm pretty sure we are in agreement here --- they can regulate and criminalize but it wont stop the people it is "really supposed to stop"

0
0

Entropy drought hits Raspberry Pi harvests, weakens SSH security

John H Woods
Silver badge

"It should be well-known that something as cryptographically sensitive as key generation *must* use /dev/random"

Cause of weirdest "bug" (actually a feature) I've ever seen. Using a Linux Citrix client, connection to server timed out. Unless I got impatient and wiggled the mouse like crazy --- then it worked. Took me a while to figure out what was happening ... :-)

8
0

How to solve a Rubik's Cube in five seconds

John H Woods
Silver badge

Simple Pole on a complex plane...

yeah, anyone care to apply the method of steepest descents?

1
0

Italians to spend €150m ... snooping on PS4 jabber

John H Woods
Silver badge

Ban pasta now!

Yes: prohibit impennetrable networks!

3
0
John H Woods
Silver badge

There's only one way to stop this madness:

We need a high-profile absolutely* spy-proof communication system: strong encryption and no** usable metadata. We know there are such things, but they don't have enough public exposure for the majority people to realize "Well, terrorists could always use System X" so what's the point of allowing governments to spy on everybody all the time?"

* for highish values of absolutely

** for smallish values of no

2
0

Russian nuke plant operator to build on-site data centre

John H Woods
Silver badge

"it's Fukushima that has left me with doubts about the sector." -- Six?

Why? It had a radioactivity death toll of zero despite a huge natural disaster that killed 20,000. It should be known as the Fukushima Nuclear Success.

0
0

Lights, power, action! Smartplugs with a twist

John H Woods
Silver badge

The key purpose of BS1363 ...

... is objects that magically appear, prongs up, in the path of anyone who isn't wearing shoes

10
0

Finding security bugs on the road to creating a verifiably secure TLS lib

John H Woods
Silver badge

Re: Mathematically correct code

"Is that even possible, considering Gödel's theorems?"

-- allthecoolshortnamesweretaken

It is and it isn't :-) You hit (for instance) the halting problem if you use a sufficiently expressive [1] language; then you cannot prove whether a program will halt or not. The key is to use a different type of language that is more amenable to mathematical proofs -- I'm inclined believe this is why they are starting fresh and not working on an existing library, but I'm no expert.

[1] Most modern programming languages meet the criteria: if you have a language where you can (a) test the return result of a function and (b) deliberately create an infinite loop, you'll hit the halting problem. Imagine a program (P) which takes a piece of code and calls a function (F) which returns whether that piece of code will complete or just hang (e.g. in an infinite loop). So P invokes F on some code and (bear with me) if the return result of F indicates that the said code will complete (i.e. will not halt), P then goes (deliberately) into an infinite loop. Now, what happens if you run P on itself? Suddenly you have a paradox: the only conclusion is that it is not possible to create the function F in any language in which, given F, you could create P.

3
0

Plusnet ignores GCHQ, spits out plaintext passwords to customers

John H Woods
Silver badge

Plusnet has stated that it "goes to great lengths to ensure we protect and secure our customer data"

This is simply a lie. You just cannot claim that you go to 'great lengths' to ensure xyz if you do not adhere to well known and widely accepted practices. Surely, in a case such as this when the organisation has actually been advised of the deficiencies of their approach (so even hard-to defend ignorance is no longer and excuse) and instead of saying "oops, we'll fix that ASAP, thanks for bringing it to our attention." they prefer to justify their original poor choices, making the statement "we go to great lengths" is actually fraudulently misrepresenting the services they sell?

8
0

Suck it, Elon – Jeff Bezos' New Shepard space rocket blasts off, lands in one piece

John H Woods
Silver badge

Re: Its the wrong way to get off this planet

"So, come on, how will we do it easily and cheaply?"

If I were a betting man, I'd guess on the materials science guys making a space elevator possible before the quantum science guys perfect either (a) the teleport or (b) the antigrav module.

4
1

Who's right on crypto: An American prosecutor or a Lebanese coder?

John H Woods
Silver badge

I'm very glad to see...

... we can so effectively legislate against strong encryption because the corollary is, once such cat re-bagging and bolted horse re-stabling statutes have been perfected, we'll be able to neutralize the threat of nuclear weapons by forbidding knowledge of fission; furthermore, banning all understanding of highly exothermic chemical reactions will put an end to the explosive ambitions of terrorists!

11
1

Paris, jihadis, tech giants ... What is David Cameron's speechwriter banging on about now?

John H Woods
Silver badge

"So only people with advanced tech knowledge are allowed to write about technology? Even though it's pretty important these days?" -- Clare Foges

Interesting that you interpret criticism as prohibition. Your focus on being "allowed" to do things is both revealing (it reveals you as an authoritarian by nature) -- and self-defeating, as your complaint appears to be that people are "allowed" to criticise you for being wrong.

And you aren't just whacky, creationist, homeopathically, moon-hoax wrong but actually mathematically, provably "pi is really rational, point nine recurring isn't equal to one," wrong.

14
0

Superfish 2.0 worsens: Dell's dodgy security certificate is an unkillable zombie

John H Woods
Silver badge

I am really desperate ...

... for some law student to demonstrate whether there is a potential for prosecution in cases like these. As far as I am concerned, a ready-trojanned machine is not 'fit for purpose' given the fairly well understood purposes of consumer computers.

As for "privacy is a top concern" it should be criminal offence to make this statement when it is clearly false, certainly when that is through incompetence in failure to protect (Talk Talk etc) but most definitely when it is due to a deliberate weakening of security for purposes that are of no benefit whatsoever to the user.

8
0

EE plans to block annoying ads on mobile network

John H Woods
Silver badge

Re: Eh?

"No, it's just worthless. Usually I see a ton of "targeted" ads for things I've already bought" --- User McUser

Top Tip -- browse for under, beach and nightwear --- even better, leave some items 'saved for later' in various shopping carts to cheer up your browsing experience for a few days.

4
0

Hillary Clinton: Stop helping terrorists, Silicon Valley – weaken your encryption

John H Woods
Silver badge

Re: @ Trevor_Pott re @ Big John

"I see you've had some kind of lessons in this "logic" subject. Very good!" -- Big John

You said: "That's a lot of killing by a smallish world minority. So let's not hear any more guff about "everyone does it." By and large, it's Muslims who do it to themselves and the rest of us."

You either (a) intended people to form a conclusion from this or (b) you didn't.

In the latter case (b) it is a correction of previous statements. I have nothing against pedantry --- I am probably one of its foremost proponents! Perhaps it is harsh to call such a correction pedantry, but that is a subjective assessment I made concerning the relative import of the statement to the current argument.

In the former case (a) there is a problem. Given that there are 1.5e9 Muslims in the world, the numbers of both victims and perpetrators of terrorism are proportionally so small that no conclusions can be made from this statement without affirming the consequent.

If you were encouraging the simple-minded to form a conclusion by affirming the consequent, despite your own knowledge of it being a logical fallacy, that would make you worse than simple minded -- it would make you a person using your superior intellect, or at least logical ability, to exploit those with less impressive capabilities.

So, I'm going to apologise for calling you a pedant and thank you for supplying the information, whilst considering the same to not advance us materially in the matter of dealing with terrorism.

3
0
John H Woods
Silver badge

Re: @ Trevor_Pott re @ Big John

"By and large, it's Muslims who do it to themselves and the rest of us." -- Big John

True but only valid as pedantry.

Those who didn't grow past the fallacy of "affirming the consequent" (e.g. All the terrorists in the world are fat, bald, middle-aged men from the West Midlands THEREFORE all fat, bald, middle-aged men from the West Midlands are terrorists) before adulthood should stick to the Daily Mail and Guardian forums where, as apparently in all popular politics, coherent phrasing is almost universally mistaken for coherent thinking.

2
3

GPS, you've gone too far this time

John H Woods
Silver badge

Re: How far off? @Gomez Adams

Thanks for that useful explanation. I can see that it is certainly true if the path has high walls either side, but what about a wiggly footpath across an open field? Isn't it possible that the drunk will actually take a shortcut in these circumstances?

But then, with the 10 metre box described in the article, I'm pretty sure that time intervals between samples would sometimes cause the corners to appear to have been cut, and the overestimate still appears.

My other concern is whether this applies where maps are used --- an earlier reg article 'tested' GPS units against each other and tried to compare their accuracy. I was surprised how close they were to each other, and wonder if that is caused by snapping the route to a path on the map?

3
1

BBC encourages rebellious Welsh town to move offshore

John H Woods
Silver badge

Re: Will it work?

"The reliable, high quality of the beans these people secure" -- Some Starbucks employee

Well, if only you guys would turn the damn roasters off a bit sooner, we might be able to tell if that's true.

2
0

The Edward Snowden guide to practical privacy

John H Woods
Silver badge

Re: TAILS

"If the NSA / GCHQ really want to waste their time keeping tabs on anything I've ever said or done then they must have money to burn" --- LucreLout.

They do. But it's ours.

7
0
John H Woods
Silver badge

Re: The only thing about which I agree with Scott McNeally

"You have zero privacy anyway. Get over it."

Provably false. Do you know everything about Scott McNeally? Can you even find out everything about him? No. Privacy is a matter of degree: nearly no-one has absolute privacy and nearly no-one has no privacy at all. Blanket statements like this are just attractive soundbites --- any more than superficial analysis shows them to be fundamentally unhelpful in any mature debate about how much privacy we can reasonably expect in various circumstances.

18
1

Apple's OS X App Store downloads knackered by expired security cert

John H Woods
Silver badge

Re: This is why the....

" This is why the whole certificate concept is flawed" -- AC

There are some problems with certificates, but expiry isn't really one of them. It's nothing like DRM orphans; certificate expiry is virtually a cryptographic necessity.

There's a lot of dates companies need to remember: tax returns, profit filings, public holidays, audit points, backup schedules, etc. etc. --- it's really not too onerous to track certificate expiry dates.

9
0

UK citizens will have to pay government to spy on them

John H Woods
Silver badge

Re: Why are the ISPs making such a fuss?

If all that was needed was Timestamp (you forgot that) and another 8 bytes to store two IP4 addresses, you might indeed get to no more than a dozen bytes per record. But there's a hell of a lot more going on than one connection per site, just have a look at your own connection log. (And remember all that DNS activity, as well as DHCP, as well as all the other various network activity your computer is doing even when you are not browsing.)

But the thing is, 2 IP4s and a Timestamp would be worthless for the purposes of the IPB. It's a lose-lose --- either the data collection is indeed this small or it includes quite a lot more information. In the former case, the legislation is of much less utility than claimed, and in the latter it is of much greater intrusiveness than claimed.

3
0
John H Woods
Silver badge

Save your country money ...

... do your duty as a UK citizen.

I intend to. If this bill gets passed, all internet connections from this household will be summarised by a single Internet Connection Record per year.

2016-01-01 00:00:00 connection to xyz.vpn.ch:443

... approx 200TB data transferred

2017-01-01 00:00:00 connection to xyz.vpn.ch:443

39
0

Shadow state? Scotland's IT independence creeps forth

John H Woods
Silver badge

What is driving this?

Is it nanny-statism? irrational fear of ultra-low-death-toll mainland terrorism? What is wrong with so many UK politicians (and citizens) that they cannot see that this is completely unacceptable?

17
1

Identifying terrorists: Let's find a value for needle in haystack

John H Woods
Silver badge

"Worse this puts a pressure on the criminals to improve what they are doing" -- AC

But it does relieve pressure on the poor terrorists; after all, the security services were already too busy to prevent people on their watch lists from committing terrorist acts, so once there are very many more leads the terrorists can shelter in a very much lower signal-to-noise environment.

A 99.99% effective terrorist spotting algorithm is going to give you at least 10,000 UK suspects. It's going to require about 90,000 field agents and at least 10,000 support staff to watch them 24x7; the salary costs alone would be around five billion pounds sterling per year.

1
0

Old tech, new battles: Inside F-Secure’s formidable Faraday cage

John H Woods
Silver badge

Re: Colour blind risk

"that particular colour blindness is male chromosome linked" -- AC

Doesn't mean it doesn't affect females, just that the proportion of affected females in the population is the (smaller) square of the proportion of the affected males: e.g. if 10% of males are X-linked R/G colourblind, 1% of females are (because 0.1 * 0.1 = 0.01).

2
0

DC judge rips into the NSA over mass surveillance

John H Woods
Silver badge

Re: @croc

@Graham I think his handle actually refers to his footwear...

0
0

GCHQ director blasts free market, says UK must be 'sovereign cryptographic nation'

John H Woods
Silver badge

"Except that councils will also have access, And other bodies too" -- Vimes

Yep: the Department for Work and Pensions; the Department for Transport;the Health and Safety Executive; NHS Trusts; the Department of Health; the Gambling Commission ... etc.

Now, if it's to stop terrorism, only a small list is required: secret services; home office; etc. If it's to stop crime, only the police forces need to be added. Why the hell are all these other bodies on the list? If they have a need for the information to resolve crimes, why can't they go through the police?

20
1

Cryptowall 4.0: Update makes world's worst ransomware worse still

John H Woods
Silver badge

Re: Straw poll...

I'm not sure I really know what I'm talking about here but how about "almost WORM" storage systems, where there is firm/hardware based version control and old versions can only be deleted when a hardware switch is engaged?

2
0

Let's get to the bottom of in-app purchases that go titsup

John H Woods
Silver badge

Re: Set Top Box - new acronym

And the space in the TV stand where it slots in is obviously the BUTT hole.

3
0

Top FBI lawyer: You win, we've given up on encryption backdoors

John H Woods
Silver badge

Re: Condescending git

"In most countries we live with typically a 10 to 100 times greater risk of being killed on the roads than by a murder" -- Paul Crawford

Well in the UK, road deaths have run at a rough average of 3k/yr since 2000 (although have dropped to just over half that in the last few years). In the same period terrorism has run at 5 per year (including the London 7/7 bombings). So you're talking more like 3-500 times greater risk for a road fatality. For heart disease and cancer we're talking about 150k each (forming about 60% of the annual death toll) --- these are 50,000 times more likely to get you than UK terrorism, which is right down there with the death toll from stinging insects.

20
0
John H Woods
Silver badge

UK cyber-spy law takes Snowden's revelations of mass surveillance – and sets them in stone

John H Woods
Silver badge

Re: I have said it once, I will say it AGAIN

@LucreLout the article is much longer than any instructions to sleeper agents would need to be. The problem with one time pad is, as with idiot code, the issue of key distribution. The thing about idiot code though, is that it doesn't even look like cipher text: a message saying that your friend is expecting triplets, but is still hoping for a home birth instead of going to a major hospital such as Reading and that the due date is April 23 may mean that you should attend a given meeting site / drop box at 16:23 on Tuesday and pick up some explosives.

4
0

'I posted winning race ticket in Facebook selfie ... and someone stole it!'

John H Woods
Silver badge

I've had to blur barcodes

in pictures posted by friends for concert tickets and the like ... of course they thought I was paranoid!

5
0

Licence to snoop: Ipso facto, crypto embargo? Draft Investigatory Powers bill lands

John H Woods
Silver badge

It was a

b̶r̶i̶g̶h̶t̶ ̶c̶o̶l̶d̶ ̶d̶a̶y̶ ̶i̶n̶ ̶A̶p̶r̶i̶l̶ grey wet day in November and the clocks were striking thirteen.

5
0

Music lovers move to block Phil Collins' rebirth

John H Woods
Silver badge

Re: Gated reverb is luvverly (especially with a bit of reverse)

"A decade best forgotten" -- Rich 11

I concur. Worst of all the 'eighties revival' has lasted longer than the bloody decade did originally!

6
9

Man hires 'court hacker' on Craigslist ... who turned out to be a cop

John H Woods
Silver badge

Why?

" Landis pleaded guilty to felony counts of computer trespass, tampering with public records, and unlawful use of a computer.

Why?"

I'd hazard a guess at Plea Bargaining" -- they probably threatened to charge him with Terrorism and lock him up for 8,000 years unless he pleaded guilty to offences he didn't commit. I suspect the motivation for the prosecution would be that 'intent' is harder to prove.

1
0

Hi, um, hello, US tech giants. Mind, um, mind adding backdoors to that crypto? – UK govt

John H Woods
Silver badge

Own Goal

Isn't this attempt at obtaining 'skeleton' crypto keys the best confirmation since Snowden that they cannot crack decent encryption?

2
0

E-mail crypto is as usable as it ever was, say boffins

John H Woods
Silver badge

Easiest method for occasional secure messages...

Text file (or whatever) mailed as an AES256 encrypted .zip; telephone friendly password (e.g. "all lower case, no spaces or punctuation, the electrifying sycophantic walks in clockwise circles") sent by voice or text.

0
0

Linus Torvalds fires off angry 'compiler-masturbation' rant

John H Woods
Silver badge

Wrong Jar?

Given the reception usually afforded to Linu{x|s} articles here, I was wondering if you'd chosen the wrong jar for the hero graphic (although I wish you'd drop these) -- maybe you meant this. I think it'd make a good icon ...

0
0

The only GOOD DRONE is a DEAD DRONE. Y'hear me, scumbags?!

John H Woods
Silver badge

Re: 40mm Glock

"That's about twice the diameter of a 10 bore shotgun" -- Tim99

Yeah, I think he's escalated to the clip-on grenade launcher!

6
0

Rosetta probe delivers jaw-to-the-floor find: Molecular oxygen

John H Woods
Silver badge

Re: Euphemism award

@Bleu, sorry for blowing a fuse, having some issues at the moment and suffering a severe sense of humour failure which I hope would be considered out of character. Apologies anyway.

0
0
John H Woods
Silver badge

Re: Euphemism award

Dear Supercillious Bleu

It is an understatement for "This is an extremely interesting result for everybody."

It is a euphemism for "FUCKING HELL, LOOK AT THIS!"

Sorry you were not able to grasp that, did you need the joke alert?

PS: I am not Little Mouse

0
1

Forums