* Posts by John H Woods

2126 posts • joined 14 Nov 2007

Password-less database 'open-sources' 191m US voter records on the web

John H Woods
Silver badge

Re: What's the concern?

I presume the concern is that the voters did not necessarily give permission for this information to be given to anyone, without restriction -- or audit.

Privacy is not one dimensional: I really don't mind the UK secret services knowing what I use my VPN for, but it doesn't mean I want the council's parking control officer to know; I don't mind the latter knowing my address, but I don't want him to know my date of birth; etc.

There is also the issue of aggregation. Sometimes secrets that aren't even in the data can be given away by the data (e.g. a geographic clustering of security cleared people in a rural town). Databases which contain gender and D.o.B. information can be used to identify the locations of thousands of young women, for instance.

However, the key flaw in your argument is to assume that everyone else should be comfortable with your own personal privacy levels. I post here using my full name, but I don't expect everyone else to, and I'd be highly unimpressed with someone "outing" a fellow commentard who had used a handle or posted AC.

23
0

China wants encryption cracked on demand because ... er, terrorism

John H Woods
Silver badge

Best laugh of Christmas:

According to Reuters:

"The draft law, which could require technology firms to install "back doors" in products or hand over sensitive information such as encryption keys to the government, has also been criticised by some Western business groups.

U.S. President Barack Obama has said that he had raised concern about the law directly with Chinese President Xi Jinping."

I hope Mr President will be calling David CamJongUn to express his concerns about draft legislation proposed by Treasonous May.

32
2

Assessing the UK’s Government Digital Service

John H Woods
Silver badge

Re: It's just a little trivial

What if I don't really want to have a laser focussed on me?

4
0

I have you now! Star Wars stocking fillers from another age

John H Woods
Silver badge

"The only exception being Rouge Squadron ..." --- Bladeforce

rose-tinted glasses?

1
0
John H Woods
Silver badge

Re: I can state with some confidence

"If I had a spare few grand" ... ah yes. But we can always use MAME :-)

1
0

Juniper's VPN security hole is proof that govt backdoors are bonkers

John H Woods
Silver badge

Re: Dzjeeez

"Why is nobody commenting on the significance of quantum computing as a real threat to encryption" -- Jerth

It isn't insignificant but it isn't the end-of-life for classical encryption. Firstly, quantum prime factorisation is faster than classical but the speed up is not so vast that it cannot be impeded by using much longer keys. Secondly, there are already quantum-resistant algorithms.

0
0

UK ISP Sky to make smut an opt-in service from 2016

John H Woods
Silver badge

SKY: "Can I ask what you mainly use the internet for?"

Me: "Porn"

*agent chokes on coffee*

After all, The Internet is for Porn

1
0

There's an epidemic of idiots who can't find power switches

John H Woods
Silver badge

" it's now some 35 years I keep seeing intelligent, educated professionals being totally confused by a box of, well wires and stuff, acting like they have been zapped by a 1950ies B-movie MoronRay or something"

Precisely --- they are operating so far out of their comfort zone that they regress intellectually. People who would never dream of phoning up their garage and saying "my car doesn't work" routinely tell me "my computer doesn't work" and I have to play 20 questions, getting only "yes", "no" and "i don't know" answers to each question.

Even when people are specific "I've got a ghost post on Facebook I can't delete" you have to play the game: question 1) "is it the app or in a browser?" (usually answered by "I don't know" or, worse "how should I know?")

So the problem isn't idiots, it's intelligent people behaving like it. However, even that is forgiveable --- the real issue begins when they start to treat *you* like an idiot when you're trying to help them.

7
0

Hillary Clinton says for crypto 'maybe the back door is the wrong door'

John H Woods
Silver badge

Re: Jury-based encryption

"This essay by Vinay Gupta explains the context..." -- Francis Irving

Your source appears to explain a specific and clever solution that can be used by people who want to cooperate (e.g. to share encrypted video to avoid liability for copyright infringement whilst still providing a decryption path for e.g. identifying the source of banned content). We wouldn't need a big project to work out how to do this as the article you quote already contains a solution!

The people that the powers-that-be are constantly pointing to as the threat which justifies mass surveillance are both able to use non-compliant cryptography and to hide the fact that they are doing so with steganography and other counter measures. It doesn't matter if you invent a new system that keeps all the good guys happy --- because the bad guys will ignore it.

3
0
John H Woods
Silver badge

Re: Deliberately vague

"but the first good quantum computers *will* pwn all classical algorithms" -- DavCrav

I thought that (a) there already exist quantum-computing resistant algorithms and (b) that the speed-up offered by, e.g. Shor's Algorithm is not so vast that it cannot be realistically kept at bay for a while by using (maybe much) bigger key sizes with classical encryption.

0
0
John H Woods
Silver badge

Crucial difference

The Manhattan Project (like the Apollo Project) was about engineering a way to realise the theoretically possible. Only idiots think a sufficiently big project can manage the not theoretically possible (let alone the theoretically not possible) and only liars would suggest it could if they suspected otherwise.

The political elite seem to be, almost to a person, fools or frauds.

32
0

Kids' TV show Rainbow in homosexual agenda shocker

John H Woods
Silver badge

We should promote homosexuality

It's a win-win: (1) it forms a scientific trial; if after a few years of promoting it, the incidence of homosexuality stays roughly constant (within statistical bounds) we will at least confirm that all these people are talking rubbish but (2) if it causes a massive increase in homosexuality, we can reap the consequent benefits of population reduction.

7
0

NZ unfurls proposed new flag

John H Woods
Silver badge

No Welsh in the Union Jack / Flag

If we superimposed that Welsh dragon on the flag would at least stop idiots hanging / flying it upside down.

0
0

Electrician cuts wrong wire and downs 25,000 square foot data centre

John H Woods
Silver badge

Re: Do you get paid the same money as a professional?

"So, when the IT guy says 'there's only a 99% chance of success', what he's saying is 'this is ten million times more risky than our uptime SLA allows for, do not do this under any circumstances'" --- Naselus

That's what he is saying to a fellow techie. What the same sentence says to management is "yeah, it's definitely going to work" Remember, many of these people not only think that ninety nine point nine recurring is not exactly equal to a hundred (a little bit stupid) but are prepared to argue it with someone who does know (a little bit more stupid) and to not even change their mind when it's proved to them (unbelievably stupid).

My answer would have been "It's not a risk I would be happy to take: I think the chances of anything going wrong are small but the consequences, especially if we don't plan a mitigation strategy, would be fairly disastrous"

23
0

Rupert Murdoch wants Google and chums to be g-men's backdoor men

John H Woods
Silver badge

Tetchy teens toll trumps trained terrorists

Between 2001 and 2013, about 3,400 USA citizens died from terror attacks (10% of which were outside the USA). In the same period there were over 400,000 deaths by gun violence inside the USA. [CDC figures, CNN report]. Measures which reduced USA gun crime by even 0.1% would save more lives than a 100% effective counter-terrorism system.

Before we can engaging in a discussion about "balancing" safety and privacy, the people asking us to discuss it need to explain what they feel is so uniquely awful about terror-related deaths and injuries that it requires such disproportionate resource expenditure and rights restrictions. In my experience, despite their insistence on being rational people who understand money, the 'stop-terror-at-any-cost' proponents are rarely in favour of any other 'big state' activities which would have a higher expected health payoff: increased health and safety provisions; supporting mental health; improving road safety; promoting changes in diet and lifestyle; increased research and treatment of major diseases.

16
0

National Crime Agency: Your kid could be a nasty interwebs hacker

John H Woods
Silver badge

Enraged Brits demand Donald Trump UK ban

John H Woods
Silver badge

Donald Trump: "[parts of London are] so radicalised the police are afraid for their lives"

Boris Johnson: "As a city where more than 300 languages are spoken, London has a proud history of tolerance and diversity and to suggest there are areas where police officers cannot go because of radicalisation is simply ridiculous ... Crime has been falling steadily both in London and in New York - the only reason I wouldn't go to some parts of New York is the real risk of meeting Donald Trump"

14
1

Brits leave 138,000 gadgets in the pub

John H Woods
Silver badge

Bluetooth belt buckle / broach?

How about a small, rechargeable Bluetooth device that serves no purpose other than to keep your smartphone, tablet or laptop unlocked when said device is within range? You could even use it in 'pub' mode where when the device goes out of range you get an audible warning. Maybe the device could have its own buzzer to alert you when the connected devices drop out of range?

0
0
John H Woods
Silver badge

Re: I still have to both

"PANTS for short" --- AndyS

Handy umbrella term. I have been using the term e-pocrisy to refer to the practice of using social media to diss social media (all those FB posts saying one, or one's kids, should put down their smartphones and experience real life). I think we could probably apply a similar classification for comments on a news site telling everybody what you think of Facebook, when it is not the central point of the article.

3
0

Obama calls out encryption in terror strategy speech

John H Woods
Silver badge

"He and the rest of the political elite never ask Toyota to come up with technological means to make it harder for terrorists to use the Hilux, do they?" --PassiveSmoking.

But they could prevent the vast majority of Hilux related deaths by limiting their speed to 20mph, though. I bet that would be super popular!

1
0
John H Woods
Silver badge

Re: The truth is not relevant to politics

"The technology exists to regulate encryption and prosecute those who choose to violate the new laws."

I agree that technology exists "to regulate encryption" but, as we know, shorn of headers, decent ciphertext is indistinguishable from random numbers; these are easy to smuggle in media files. Furthermore, there is no practical detection of, or defence against, idiot code.

I'm pretty sure we are in agreement here --- they can regulate and criminalize but it wont stop the people it is "really supposed to stop"

0
0

Entropy drought hits Raspberry Pi harvests, weakens SSH security

John H Woods
Silver badge

"It should be well-known that something as cryptographically sensitive as key generation *must* use /dev/random"

Cause of weirdest "bug" (actually a feature) I've ever seen. Using a Linux Citrix client, connection to server timed out. Unless I got impatient and wiggled the mouse like crazy --- then it worked. Took me a while to figure out what was happening ... :-)

8
0

How to solve a Rubik's Cube in five seconds

John H Woods
Silver badge

Simple Pole on a complex plane...

yeah, anyone care to apply the method of steepest descents?

1
0

Italians to spend €150m ... snooping on PS4 jabber

John H Woods
Silver badge

Ban pasta now!

Yes: prohibit impennetrable networks!

3
0
John H Woods
Silver badge

There's only one way to stop this madness:

We need a high-profile absolutely* spy-proof communication system: strong encryption and no** usable metadata. We know there are such things, but they don't have enough public exposure for the majority people to realize "Well, terrorists could always use System X" so what's the point of allowing governments to spy on everybody all the time?"

* for highish values of absolutely

** for smallish values of no

2
0

Russian nuke plant operator to build on-site data centre

John H Woods
Silver badge

"it's Fukushima that has left me with doubts about the sector." -- Six?

Why? It had a radioactivity death toll of zero despite a huge natural disaster that killed 20,000. It should be known as the Fukushima Nuclear Success.

0
0

Lights, power, action! Smartplugs with a twist

John H Woods
Silver badge

The key purpose of BS1363 ...

... is objects that magically appear, prongs up, in the path of anyone who isn't wearing shoes

10
0

Finding security bugs on the road to creating a verifiably secure TLS lib

John H Woods
Silver badge

Re: Mathematically correct code

"Is that even possible, considering Gödel's theorems?"

-- allthecoolshortnamesweretaken

It is and it isn't :-) You hit (for instance) the halting problem if you use a sufficiently expressive [1] language; then you cannot prove whether a program will halt or not. The key is to use a different type of language that is more amenable to mathematical proofs -- I'm inclined believe this is why they are starting fresh and not working on an existing library, but I'm no expert.

[1] Most modern programming languages meet the criteria: if you have a language where you can (a) test the return result of a function and (b) deliberately create an infinite loop, you'll hit the halting problem. Imagine a program (P) which takes a piece of code and calls a function (F) which returns whether that piece of code will complete or just hang (e.g. in an infinite loop). So P invokes F on some code and (bear with me) if the return result of F indicates that the said code will complete (i.e. will not halt), P then goes (deliberately) into an infinite loop. Now, what happens if you run P on itself? Suddenly you have a paradox: the only conclusion is that it is not possible to create the function F in any language in which, given F, you could create P.

3
0

Plusnet ignores GCHQ, spits out plaintext passwords to customers

John H Woods
Silver badge

Plusnet has stated that it "goes to great lengths to ensure we protect and secure our customer data"

This is simply a lie. You just cannot claim that you go to 'great lengths' to ensure xyz if you do not adhere to well known and widely accepted practices. Surely, in a case such as this when the organisation has actually been advised of the deficiencies of their approach (so even hard-to defend ignorance is no longer and excuse) and instead of saying "oops, we'll fix that ASAP, thanks for bringing it to our attention." they prefer to justify their original poor choices, making the statement "we go to great lengths" is actually fraudulently misrepresenting the services they sell?

8
0

Suck it, Elon – Jeff Bezos' New Shepard space rocket blasts off, lands in one piece

John H Woods
Silver badge

Re: Its the wrong way to get off this planet

"So, come on, how will we do it easily and cheaply?"

If I were a betting man, I'd guess on the materials science guys making a space elevator possible before the quantum science guys perfect either (a) the teleport or (b) the antigrav module.

4
1

Who's right on crypto: An American prosecutor or a Lebanese coder?

John H Woods
Silver badge

I'm very glad to see...

... we can so effectively legislate against strong encryption because the corollary is, once such cat re-bagging and bolted horse re-stabling statutes have been perfected, we'll be able to neutralize the threat of nuclear weapons by forbidding knowledge of fission; furthermore, banning all understanding of highly exothermic chemical reactions will put an end to the explosive ambitions of terrorists!

11
1

Paris, jihadis, tech giants ... What is David Cameron's speechwriter banging on about now?

John H Woods
Silver badge

"So only people with advanced tech knowledge are allowed to write about technology? Even though it's pretty important these days?" -- Clare Foges

Interesting that you interpret criticism as prohibition. Your focus on being "allowed" to do things is both revealing (it reveals you as an authoritarian by nature) -- and self-defeating, as your complaint appears to be that people are "allowed" to criticise you for being wrong.

And you aren't just whacky, creationist, homeopathically, moon-hoax wrong but actually mathematically, provably "pi is really rational, point nine recurring isn't equal to one," wrong.

14
0

Superfish 2.0 worsens: Dell's dodgy security certificate is an unkillable zombie

John H Woods
Silver badge

I am really desperate ...

... for some law student to demonstrate whether there is a potential for prosecution in cases like these. As far as I am concerned, a ready-trojanned machine is not 'fit for purpose' given the fairly well understood purposes of consumer computers.

As for "privacy is a top concern" it should be criminal offence to make this statement when it is clearly false, certainly when that is through incompetence in failure to protect (Talk Talk etc) but most definitely when it is due to a deliberate weakening of security for purposes that are of no benefit whatsoever to the user.

8
0

EE plans to block annoying ads on mobile network

John H Woods
Silver badge

Re: Eh?

"No, it's just worthless. Usually I see a ton of "targeted" ads for things I've already bought" --- User McUser

Top Tip -- browse for under, beach and nightwear --- even better, leave some items 'saved for later' in various shopping carts to cheer up your browsing experience for a few days.

4
0

Hillary Clinton: Stop helping terrorists, Silicon Valley – weaken your encryption

John H Woods
Silver badge

Re: @ Trevor_Pott re @ Big John

"I see you've had some kind of lessons in this "logic" subject. Very good!" -- Big John

You said: "That's a lot of killing by a smallish world minority. So let's not hear any more guff about "everyone does it." By and large, it's Muslims who do it to themselves and the rest of us."

You either (a) intended people to form a conclusion from this or (b) you didn't.

In the latter case (b) it is a correction of previous statements. I have nothing against pedantry --- I am probably one of its foremost proponents! Perhaps it is harsh to call such a correction pedantry, but that is a subjective assessment I made concerning the relative import of the statement to the current argument.

In the former case (a) there is a problem. Given that there are 1.5e9 Muslims in the world, the numbers of both victims and perpetrators of terrorism are proportionally so small that no conclusions can be made from this statement without affirming the consequent.

If you were encouraging the simple-minded to form a conclusion by affirming the consequent, despite your own knowledge of it being a logical fallacy, that would make you worse than simple minded -- it would make you a person using your superior intellect, or at least logical ability, to exploit those with less impressive capabilities.

So, I'm going to apologise for calling you a pedant and thank you for supplying the information, whilst considering the same to not advance us materially in the matter of dealing with terrorism.

3
0
John H Woods
Silver badge

Re: @ Trevor_Pott re @ Big John

"By and large, it's Muslims who do it to themselves and the rest of us." -- Big John

True but only valid as pedantry.

Those who didn't grow past the fallacy of "affirming the consequent" (e.g. All the terrorists in the world are fat, bald, middle-aged men from the West Midlands THEREFORE all fat, bald, middle-aged men from the West Midlands are terrorists) before adulthood should stick to the Daily Mail and Guardian forums where, as apparently in all popular politics, coherent phrasing is almost universally mistaken for coherent thinking.

2
3

GPS, you've gone too far this time

John H Woods
Silver badge

Re: How far off? @Gomez Adams

Thanks for that useful explanation. I can see that it is certainly true if the path has high walls either side, but what about a wiggly footpath across an open field? Isn't it possible that the drunk will actually take a shortcut in these circumstances?

But then, with the 10 metre box described in the article, I'm pretty sure that time intervals between samples would sometimes cause the corners to appear to have been cut, and the overestimate still appears.

My other concern is whether this applies where maps are used --- an earlier reg article 'tested' GPS units against each other and tried to compare their accuracy. I was surprised how close they were to each other, and wonder if that is caused by snapping the route to a path on the map?

3
1

BBC encourages rebellious Welsh town to move offshore

John H Woods
Silver badge

Re: Will it work?

"The reliable, high quality of the beans these people secure" -- Some Starbucks employee

Well, if only you guys would turn the damn roasters off a bit sooner, we might be able to tell if that's true.

2
0

The Edward Snowden guide to practical privacy

John H Woods
Silver badge

Re: TAILS

"If the NSA / GCHQ really want to waste their time keeping tabs on anything I've ever said or done then they must have money to burn" --- LucreLout.

They do. But it's ours.

7
0
John H Woods
Silver badge

Re: The only thing about which I agree with Scott McNeally

"You have zero privacy anyway. Get over it."

Provably false. Do you know everything about Scott McNeally? Can you even find out everything about him? No. Privacy is a matter of degree: nearly no-one has absolute privacy and nearly no-one has no privacy at all. Blanket statements like this are just attractive soundbites --- any more than superficial analysis shows them to be fundamentally unhelpful in any mature debate about how much privacy we can reasonably expect in various circumstances.

18
1

Apple's OS X App Store downloads knackered by expired security cert

John H Woods
Silver badge

Re: This is why the....

" This is why the whole certificate concept is flawed" -- AC

There are some problems with certificates, but expiry isn't really one of them. It's nothing like DRM orphans; certificate expiry is virtually a cryptographic necessity.

There's a lot of dates companies need to remember: tax returns, profit filings, public holidays, audit points, backup schedules, etc. etc. --- it's really not too onerous to track certificate expiry dates.

9
0

UK citizens will have to pay government to spy on them

John H Woods
Silver badge

Re: Why are the ISPs making such a fuss?

If all that was needed was Timestamp (you forgot that) and another 8 bytes to store two IP4 addresses, you might indeed get to no more than a dozen bytes per record. But there's a hell of a lot more going on than one connection per site, just have a look at your own connection log. (And remember all that DNS activity, as well as DHCP, as well as all the other various network activity your computer is doing even when you are not browsing.)

But the thing is, 2 IP4s and a Timestamp would be worthless for the purposes of the IPB. It's a lose-lose --- either the data collection is indeed this small or it includes quite a lot more information. In the former case, the legislation is of much less utility than claimed, and in the latter it is of much greater intrusiveness than claimed.

3
0
John H Woods
Silver badge

Save your country money ...

... do your duty as a UK citizen.

I intend to. If this bill gets passed, all internet connections from this household will be summarised by a single Internet Connection Record per year.

2016-01-01 00:00:00 connection to xyz.vpn.ch:443

... approx 200TB data transferred

2017-01-01 00:00:00 connection to xyz.vpn.ch:443

39
0

Shadow state? Scotland's IT independence creeps forth

John H Woods
Silver badge

What is driving this?

Is it nanny-statism? irrational fear of ultra-low-death-toll mainland terrorism? What is wrong with so many UK politicians (and citizens) that they cannot see that this is completely unacceptable?

17
1

Identifying terrorists: Let's find a value for needle in haystack

John H Woods
Silver badge

"Worse this puts a pressure on the criminals to improve what they are doing" -- AC

But it does relieve pressure on the poor terrorists; after all, the security services were already too busy to prevent people on their watch lists from committing terrorist acts, so once there are very many more leads the terrorists can shelter in a very much lower signal-to-noise environment.

A 99.99% effective terrorist spotting algorithm is going to give you at least 10,000 UK suspects. It's going to require about 90,000 field agents and at least 10,000 support staff to watch them 24x7; the salary costs alone would be around five billion pounds sterling per year.

1
0

Old tech, new battles: Inside F-Secure’s formidable Faraday cage

John H Woods
Silver badge

Re: Colour blind risk

"that particular colour blindness is male chromosome linked" -- AC

Doesn't mean it doesn't affect females, just that the proportion of affected females in the population is the (smaller) square of the proportion of the affected males: e.g. if 10% of males are X-linked R/G colourblind, 1% of females are (because 0.1 * 0.1 = 0.01).

2
0

DC judge rips into the NSA over mass surveillance

John H Woods
Silver badge

Re: @croc

@Graham I think his handle actually refers to his footwear...

0
0

Forums