* Posts by John H Woods

2081 posts • joined 14 Nov 2007

No more Nookie for Blighty as Barnes & Noble pulls out

John H Woods
Silver badge

I had a nook ...

... it could read almost any format, I could play puzzle games on it and even browse some of the less frantic websites. In fact it was too useful and I carried it everywhere, eventually resulting in it being trodden on by a horse.

If you have one, and this is going to affect you, I suggest you root it like I did, you've got little to lose, and a very cheap e-ink Android device to gain.

5
0

Samsung is now shipping a 15TB whopper of an SSD. Farewell, spinning rust

John H Woods
Silver badge

Correct - raid5 at this scale is a TERRIBLE idea :-)

1
0

There's a courier here says he's got 50TB of cloud data for you

John H Woods
Silver badge

"If my sums are right, it's way less than 100MB/sec" -- Adam52

A Snowball weighs about 23kg and could easily be checked as hold baggage on a plane. It would take a few hours to extract its 50TB over its 10Gb/s port. So by speeding up the shipping a bit you can probably get it anywhere it could be useful within a day, giving you about 600MB/s equivalent making it well over 100x faster than a T3 line.

Executed expeditiously, moving physical storage is faster than networking: always has been, and I think always will be. The Snowball is heavy (ruggedness & self contained PSU, etc) and is only about 2TB/kg, whereas plain old SSDs are > 10x the data per mass. A 747 full of SSDs travelling LON->NYC is probably a Snowball per second.

1
0

Bruce Schneier: We're sleepwalking towards digital disaster and are too dumb to stop

John H Woods
Silver badge

Re: It's gonna be difficult...

AC says: "not their fault, not many of them have engineering backgrounds"

Sorry but I disagree entirely. Most engineers, if tasked with learning relevant parts of national law; company procedures; business modelling; or technology currently outwith our experience, would simply settle down to learn what they could about it. Where they still didn't understand, they would identify someone who could advise, and ask them.

Nobody is asking legislators to know about Yagi antennas, microwave propagation, packet level protocols, database schemas, etc. Not having an engineering background must not be considered a be-all-and-end-all excuse for refusing to come to grips with matters for which one is responsible. We expect legislators to be able to consider medicolegal affairs without having a medical (or legal) background; social affairs without psychological qualifications; transport and infrastructure without civil engineering knowledge.

It is perfectly reasonable to expect legislators to be able to learn, to be able to consult, to be able to listen. The apparent fact that many of them can't means that they are unfit for their roles; no excuses.

PS: and yes, I would say the same applies to managers.

19
0

$17 smartwatch sends something to random Chinese IP address

John H Woods
Silver badge

Re: Optional

"Well, I for one, don't. Why? Just cos." -- Electron Shepherd

LOLLO

2
0

GDS gets it in the neck from MPs over Rural Payments Agency farce

John H Woods
Silver badge

Re: Internal IT

Is GDS even good enough to act in an advisory role?

1
0
John H Woods
Silver badge

Re: What could possibly go wrong?

"If GDS could cultivate a little humility, and hone their ability to listen, they might improve their record of successful delivery" -- BurnT'offering

^^THIS. Consultancy, my first ever boss told me, is a listening business. Stop trying to interrupt your clients with the solutions you want to sell them. If you think you've already got something to sell them before you've finished listening to them, you're already on the path to deliver them something they don't want --- and if you're doing your job properly you can't possibly have anything useful to tell them in the first meeting, because you simply haven't had time to think about it.

5
0

'Boss, I've got a bug fix: Nuke the whole thing from orbit, rewrite it all'

John H Woods
Silver badge

Re: Well, this article'll cause some arguments, eh?

"Once you start to use gotos because of lack of an exception mechanism in C, use it clearly. The lack of proper comments is appalling too - if you attempt to do somthing "smart", explain it."

Absolutely agreed. In fact if I had to pick the very worst thing about this code I'd say that the label err: is incorrectly named, everything that happens here seems to me (not a C programmer) about freeing resources. There seem to me to be three exit conditions: (a) success (b) packet length error (c) certificate length error. It looks to me like the first test looks for (b) error, the second for (c) then there is a block between the two snippets that is executed if those tests don't detect their errors.

Now I understand, from your comment and a quick Google, that there is no true exception handling in C, so we sometimes use the goto. So can't it work like this? (go easy on me, I'm not a coder)...

/* trap wrong packet length */

if (CBS_len(&cert_list) < 3) {

SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_BAD_PACKET_LENGTH);

ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);

goto finalise;

}

/* trap cert length mismatch */

if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {

SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERT_LENGTH_MISMATCH);

ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);

goto finalise;

}

/* code that gets executed if the exceptions above aren't encountered */

/* free resources */

finalise:

EVP_PKEY_free(pkey);

X509_free(x);

sk_X509_pop_free(sk, X509_free);

return (ret);

I'm not normally a fan of the goto and I might have preferred a nested conditional or maybe setting a variable to contain the current error type (or null if no error) and then branching on that lower down, depending on the prevailing style of the other code. But I understand they might have a place where there is no native exception handling.

3
0

Security real talk time: So what exactly do we mean by 'backdoor'?

John H Woods
Silver badge

Re: In a way it is an existing backdoor the FBI is looking to exploit

"Remember a backdoor, is exactly that, it is an entrance that gives full access to a house in exactly the same way as the front door." -- Roland6

Does the same key open both doors? Or is, as I believe as intended in the metaphor, the security of the backdoor weaker (or even non existent)?

0
0
John H Woods
Silver badge

Re: At the risk of being labelled a something-or-other...

"Every time. No shorthand. No lingo" -- AC

Whilst I get the import and largely agree with what you are saying, this is just not practical. Firstly, there's the issue of convenience. You've still got to talk about RAM, SSDs, CPUs etc. without having to spell it out. Secondly, there's the issue of being unable to prescribe, or proscrobe, language. Lay people are going to (continue to) use the term 'backdoor', whether we think they should or not. The best we can do is make sure that they know what it is.

My definition: "An always intentional and typically secret means of bypassing or weakening normal access control mechanisms"

2
0

We survived a five-hour butt-numbing Congress hearing on FBI-Apple ... so you don't have to

John H Woods
Silver badge

Re: Yes, you CAN remove the "non-volatile memory".

"So, just to clarify (this is not my field of expertise) and to wrap my mind around this: it would be possible to remove the memory chips from the phone and make a 1:1 copy of the data stored on the chips - but that would not bring you any closer to decrypting1) the data, so in this case it's pointless?" --allthecoolshortnamesweretaken

My usual explanation of brute forcing AES256:

Keyspace 2^256, average time to find key 2^255=6e+76. Allow a nanosecond per attempt (that's almost unfeasibly fast) and you need 6e+67 seconds. Allow ten million of those machines and you are at 6e+60 seconds. Find an as yet unknown algorithmic weakness in AES256 and award yourself a trillion trillion trillion fold speed up, and you get to 6e+24 seconds --- which is about 15 million times the current age of the universe (4.3e+17 seconds or thereabouts).

AES256 may not be invulnerable (and it probably isn't) but standard (i.e. non-quantum etc) brute forcing of the keyspace is simply never going to be possible.

5
0
John H Woods
Silver badge

Re: Trey

"It's an extreme analogy from Trey, but it is valid. "-- bazza

I disagree. I think the analogy is seriously flawed but if we must stick with it, it is more like this:

We have always been allowed to remove bullets from corpses for forensic purposes. These new fangled bullets wont come out without disintegrating, so they'll be forensically worthless. The bullet manufacturer does not have a tool to extract the bullets intact. Maybe they could create one? The trouble is that it would allow other people to remove other bullets from corpses, allowing the possessors of such a tool to commit crimes (more exactly destroy the evidence of the crimes they have committed).

Analogies have their uses, but the frantic - and largely [1] fruitless - search for a good analogy to describe the current situation makes me concerned that many of the people engaging in the discussion are simply not equipped to do so.

[1] the only reasonable analogy, IMHO, is the one presented by Richard12 above: the safe manufacturer can only open this one safe by creating a tool that would open very many of the safes they have already sold. But for the analogy to work, this tool has to be one that, once created, is easily stolen or copied.

11
0

Photographer hassled by Port of Tyne for filming a sign on a wall

John H Woods
Silver badge
Joke

Re: Not all security is like that, I'm not

"What I would instead do is quietly turn up a long way away on my bicycle (no ANPR records for a bike) and quietly photograph the place using a camera with a long lens peeping out through a hole in a bag. Even if I couldn't do this, a camera in a shoulder bag with a remote shutter release is not going to arouse the notice of security guards if all the photographer does is walk past without obviously taking photos (whilst snapping away with the concealed camera)." Dr Dan Holdsworth

Wait a minute there, fella ... This is information of use to a terrorist!

1
0
John H Woods
Silver badge

Re: Birds Eye?

"Or is it the peas? I never trusted peas." --- Huw D

they have a habit of winding up on the floor: escapeas

10
0
John H Woods
Silver badge

Re: Unfortunately...

"So go on, enlighten me. What offense has been committed... " -- AC

"Is there any comeback for what this actually is - namely illegal seizure..." -- Martin Milan

(Note: IANALBIPOOTI)

Pretty sure the law you're looking for is Trespass to Goods It's a tort, so the police cannot be involved, but I think the victim has a pretty clear case for a compensation claim. Wonder if any of the no-win no-fee guys fancy having a go?

7
0

Poor recruitment processes are causing the great security talent drought

John H Woods
Silver badge

Re: HR Dept

HR should simply not be involved in recruiting in anything but procedural details -- checking driving licences, security clearances, credit check etc. The idea that any of them should participate in, let alone conduct, any interview in which the technical (suit)ability of a candidate is addressed is ... well, it's beyond stupid.

29
0

Institute of Directors: Make broadband speeds 1000x faster than today's puny 2020 target

John H Woods
Silver badge

^^^^ strong contender ...

... for COTW and it's only Monday.

4
0

Phorm suspends its shares from trading amid funding scrabble

John H Woods
Silver badge

Guys ...

... 40 comments and no "Kill it, kill it with fire" or "Take off and nuke it from orbit" --- what's happened?

2
0

Dead Steve Jobs owed $174 by San Francisco parking ticket wardens

John H Woods
Silver badge

yes ...

... ironically if you use the phrase petito principii the people who misuse "begging the question" ask why you feel you have to use Latin

1
0

Raspberry Pi 3 to sport Wi-Fi, Bluetooth LE – first photos emerge

John H Woods
Silver badge

... and it would be even better if they did a 2 port model

10
1

Cook moves iPhone debate to FBI's weak ground: The media

John H Woods
Silver badge

Re: First Amendment.

"The term grasping at straws doesn't even begin to cover it ... Tim Cook better start packing his bag now, cos he's heading to the clink"

These two don't fit together; the first part suggests you think you have a stronger grasp of the legal issues than Apple's lawyers, but the second part suggests you don't even realise that Apple is, by challenging the ruling, behaving in a perfectly legal manner. I have to conclude that the latter suggests you are not quite the legal eagle implicitly asserted in the former.

3
0
John H Woods
Silver badge

Re: @DainB - FBI vs Apple

"The thing you did not understand is that I did not present any dilemma." -- DainB

We'll, about 12 hours ago (Reg, can't we have proper time stamps back?) someone used your account to do so, scroll back and you'll see.

5
0
John H Woods
Silver badge

Re: But who owns the device?

"I’m (obviously) not a lawyer, but I wonder whether the real owner has the legal and moral right ask for help picking the lock. Apple would then have the face-saving option of agreeing on the grounds that they are assisting the owner and not some evil third party, and that this could not possibly set a precedent for government to gain access to everybody else’s phone." -- Mark Simon

I'm afraid the ownership doesn't make any difference. When either the owner or the state has the phone they can legitimately examine the contents. However, the contents are gibberish without the key. The key is ALSO in the phone. But it cannot be extracted by Apple unless that company creates a tool that jeopardises the safety of other customers. Apple, if they are telling the truth, and it looks as if they are, have provided every assistance right up to creating that tool, and now they're asking the courts to dismiss an earlier judgment ordering them to do so.

"this could not possibly set a precedent..."

There is literally no way that this would be possible. For instance, owner asks Apple for help, Apple provides it. FBI asks Apple for help ... Apple say no on the grounds they only help owners? There is nothing any of the parties can do within a court case that will determine (or perhaps even influence) whether or not it later forms a precedent. Remember, precedent does not have to be binding, it can be merely influential.

0
0
John H Woods
Silver badge

Re: Apple is trying to convince us

"This is simply a marketing exercise to limit the damage to Apple caused by the Snowden revelations" --AC

So what? Person X says Y because of reason Z. I disagree with Z. I don't like person X; actually it's worse than that, person X did bad thing W.

What the hell does any of that have to do with the truth or otherwise of Y?

How can actual adults, moreover people who can spell, have passable grammar, can use a computer etc. make such absolutely trivial logical errors? I dream of a "logic auto-correct" that would just put wiggly red lines under all such braindead content, and when you hover your computer s̶q̶u̶i̶r̶t̶s̶ ̶w̶a̶t̶e̶r̶ ̶a̶t̶ ̶y̶o̶u̶ takes you to some web pages on elementary logic and makes you read them until you have wised up.

2
0
John H Woods
Silver badge

Re: Anyone heard of a "subpoena"?

"If Alice is a witness to Bob murdering Charlie, the prosecution most definitely can compel Alice to appear and testify (i.e. speak) in the case against Bob." ... "Don't post about the law unless you know how it actually works, " --- AC

I'm not sure the analogy is useful - in fact I think the way this sub-argument has progressed proves that. I think the AC you are attacking was making the point that there are already exceptions (refusing to self-incriminate by "taking the fifth") to what the court can compel you to do. Your point that they can compel you to do other things (testify against others) doesn't really counter his point. In this case, reluctantly continuing the analogy, the attempted compulsion is more like trying to get an expert witness to publish a book containing all their expertise rather than compelling them to help on a particular issue.

1
0
John H Woods
Silver badge

Re: It's not often I agree with Apple but...

"At this juncture I do not understand the difference between the opening of a physical safe to extract analogue information or the opening of a digital safe (read Phone) to extract digital information." -- Peter R. 1

Nothing wrong with asking Chubb to help you open that one safe, or with them doing so. But if, having assisted you in every way they can, the only way Chubb could assist further is by creating a safecracking tool which would open this safe, but also work on millions of the safes they have already sold, then I think it would be reasonable for them to contest being compelled to do so.

7
0
John H Woods
Silver badge

Re: @DainB - FBI vs Apple

DainB your logic is comical: you presented something as a dilemma, it was (correctly) pointed out to you that it was a false dilemma, and you respond it isn't because the second part is true? You do realise that whether two lemmas form a true dilemma or a false one is ENTIRELY independent of the truth of one of the given lemmas?

7
0
John H Woods
Silver badge

Re: FBI vs Apple

"You can of course continue fooling yourself that there is some kind of moral principles Apple is fighting for but in reality all they're fighting for is their profits. " -DainB

and your point is ... ? The motive and degree of hypocrisy of the proponent makes no difference to the validity or otherwise of the argument. Come on, we all learned that in big school, didn't we?

People arguing that Apple are merely chasing profits make an even more egregious mistake than not realising this is an irrelevance of hypocrisy: it is almost a counter-argument. If Apple make more profit by keeping their customers safe than they do by cooperating with the government, that is what their customers want --- it is very nearly democracy through the proxy of capitalism:

11
1

Building a fanless PC is now realistic. But it still ain't cheap

John H Woods
Silver badge

Cheating ...

... a friend reused an old chimney: all the noisy hot bits went in the chimney and all the sockets were extended to the living room: one custom wall plate with and video out (VGA it was that long ago) several USB sockets supporting mouse, keyboard, media readers. He did want to have a small "status panel" lcd but SWIMBO demurred. Looked bloody good though, and you could not hear the gubbins on the other side of the wall at all.

I've often wondered if one could create a single big fat cable (bundle) to carry, say 2 x USB3, 4 x USB2, 2 x 1Gb/s Ethernet, 2 x HDMI and just run it down from, say, the attic in a single piece of trunking. Is it even physically possible?

4
0

Apple fires legal salvo at FBI for using All Writs law in iPhone brouhaha

John H Woods
Silver badge

Re: One thing I don't understand

Brute forcing an AES256 bit key is out of the question: it would take on average 2^255 tries; allowing a minimum of a nanosecond per try; ten million of those amazingly fast computers with an algorithm that exploited an as yet unknown weakness yielding a trillion trillion trillion fold speed-up and it would take you more than ten million times the current age of the universe.

The only form of "imaging" I can see helping here is electron microscopy; imaging the data is a non-starter.

2
0

Apple fans take iPhone unlock protest to FBI HQ

John H Woods
Silver badge

Re: I want to be safe. Roll on the flames

"The need to keep me, my loved ones, my country and the world safe outweighs my "right" to keep my information secret. I consider this to be a "cost" of living in a society that is generally safe" -- AC

The need to keep me, my loved ones, my country and the world free outweighs state organisations' "right" to my secret information. I consider the tiny risk of terrorism to be a "cost" of living in a society that is generally free.

4
0
John H Woods
Silver badge

"Why not protest about that instead of some stupid public debate that won't change anything?"

Why make a fuss about a seat on a bus when there were a lot more significant issues? Debate has to start somewhere, and here is as good a place as any, and perhaps a better place than most.

3
0
John H Woods
Silver badge

Re: This is why Apple is a successful business

"They don't have customers, they have devotees!" --- AC

I don't think I've much positive to say about Apple (apart from I like the hardware) for a decade until now.

6
0

Lonely bloke in chem suit fuels Mars orbiter

John H Woods
Silver badge

maybe the fuelling should be performed by

this guy

0
0

Between you, EE and the lamppost ... this UK cell network is knackered

John H Woods
Silver badge

Re: First world problems eh?

When my teenage son pays for goods and/or services and they don't get delivered as per contract, I fully support him getting mad about it. I encourage him to deal with it calmly and professionally, because that is part of growing up; but I don't say "ooh, back in my day, people never had to abide by legally valid contractual terms, ooh, first world problems" because if I did he'd think, correctly, that I was an idiot.

19
1

FBI v Apple spat latest: Bill Gates is really upset that you all thought he was on the Feds' side

John H Woods
Silver badge

Re: We are the government

Comey, as a lawyer, should know that whether a precedent is set or not is not under the control of any of the parties to a case, and there is no way any of them can tailor their submissions to change this. Also I am troubled by the fact he claims he is only interested in unlocking this single iPhone 5c, because if that is really true he is not doing his job properly [1]. And if it's not really true, he's not really telling the truth.

---

[1] Don't get me wrong, I'd like the FBI etc. to have boundaries on what they can do, but in a sensible society these boundaries should be set by legislation and the courts, not by some voluntary backing off by the organisations when they think they have sufficient powers.

10
0

Bill Gates denies iPhone crack demand would set precedent

John H Woods
Silver badge

“We don’t want to break anyone’s encryption or set a master key loose on the land. I hope thoughtful people will take the time to understand that. Maybe the phone holds the clue to finding more terrorists." -- Coney

Some thoughtful people already believe that the likelihood that the phone holds such a clue is (possibly vastly) smaller than the likelihood that your current actions will set a master key loose on the land. That is why you are meeting with some resistance.

18
0
John H Woods
Silver badge

“I think we expect governments to find out everything they can about terrorism." said Bill Gates, as he handed in his own devices for analysis, provided a software "skeleton key" for access to all Windows Servers, and campaigned for a ten-fold increase in general taxation to fund more investigation into terrorism..

22
4

Latest in Apple v FBI public squabble over iPhone crack demand

John H Woods
Silver badge

Re: FUD and nonsense

"the mention of surveillance, eavesdropping, and tracking are somewhere between wild exaggeration and lies, and appear crafted to induce fear of both the government and criminals that is beyond what can be justified rationally" -- tom dial

You may be on thin ice here, as it could be argued that the treatment of the terrorist threat does exactly the same.

0
0
John H Woods
Silver badge

Re: Let there be one ruler, one king

"The consequence is a legal challenge to the validity of the court order." -- nijam

Exactly: it's extraordinary how many people who use as their main argument some version of "it's the law, stupid" understand (or want to portray) Apple using the appeals process as outright defiance of the court. The court gave them leave to appeal when it made the order; Apple don't agree with the decision, so they are appealing it. There is (as yet) no failure to "comply with a lawful order."

4
0
John H Woods
Silver badge

Re: Will it apply to other technology too?

"It cost Apple more to write Tom Crook's letter than it would do to for them to disable the pin retry counter."

Depends what you mean by cost: in one sense, it didn't cost Gerald Ratner anything to say that his products were "total crap" -- in another you could easily argue it cost £0.5 billion.

7
0
John H Woods
Silver badge

Re: "... the data in the memory chips is not encrypted."

"I believe it's very likely possible to 'crack' their way past the phone's security, but I don't think it's "very easy"." -- JeffyPoooh

This is the key issue: whilst brute forcing the cryptography is probably infeasible (and if it were possible those capable of it would would be very reluctant for that to become known), that does not mean the device itself cannot be hacked open.

If the phone were suspected of containing the date, time and location of a credible NBC attack, government would have deployed a good deal more effort: even the lack of forensic care during custody is evidence against any such effort having been considered. That leaves us with, at best, the possibility the FBI is trying to do this "on the cheap" without regard for significant ramifications; and at worst that it is a deliberate attempt at setting a precedent.

5
0
John H Woods
Silver badge

Re: Overreach

"I read that the couple had other mobile phones which they destroyed before their rampage - surely those would have been the most likely to have produced some evidence" -- Mitoo Bobsworth

Perhaps the Farooks forgot that this was a (possibly MDMd) work phone and were careless. And perhaps they just forgot to destroy this phone. And perhaps the iPhone has contact details for the Mr Big behind it all. And perhaps they never called Mr Big so there are no phone records. So perhaps this is necessary for the FBI to get his number ...

But Mr Big probably reads the news. So he's probably destroyed his burner phone anyway.

0
0
John H Woods
Silver badge

Re: FBI's Comey

". . . we have awesome new technology that creates a serious tension between two values we all treasure – privacy and safety," -- Coney

I wonder if one of the obstacles to useful debate is the presentation of this as a simple tension between the privacy and safety. My view is that anything that causes the innocent to have less privacy tends to decrease their safety, even if you were to accept (and I don't necessarily agree) that governments to pose no threat to such safety.

4
0
John H Woods
Silver badge

Re: Will it apply to other technology too?

"So, based on the FBI's reasoning, ASSA ABLOY, SentrySafe, etc. might be required to break into every safe or strongbox they manufacturer that might be used by criminals... and at their own cost? Muppets." -- Lobotoman

In a small way, it's better than that -- it won't be at their own cost (although it seems unlikely they will be able to charge their reputational damage as cost). But in a bigger way, it's worse: not so much that they might be required to break into their own products but they might be required to create tools to allow others to do so.

6
0

Plane food sees pilot grounded by explosive undercarriage

John H Woods
Silver badge

"Isn't there some rule in place that states that if the pilots partake of a meal while flying they must pick different meals? I remember reading that somewhere." -- PassiveSmoking

In the bottom two lines of the article?

13
0

Forums