* Posts by John H Woods

2252 posts • joined 14 Nov 2007

UK Home Sec's defence of bulk spying: We 'found' a paedo (we already knew about)

John H Woods
Silver badge

Re: So with *all * that time to prepare and the whole of the Home Office to help her out.

"There is another sort of proverb that says "Wer glaubt, daß Abteilungsleiter Abteilungen leiten, der glaubt auch, daß Zitronenfalter Zitronen falten", but so far I couldn't come up with a translation that really works. Sorry. Anyone who wants to give it a try?" --- allthecoolshortnamesweretaken

How about ...

"Expecting the brains of the Department (company, division, group) to be in the Head of the same is like expecting to find pants in the pantry"

3
0
John H Woods
Silver badge

"Theresa May isn't stupid, far from it she's a shrewd political operator..." -- Adam 52

Well; most politicians, however 'shrewd', are certainly not all that far from stupid. Success as a politician, regretfully, relies on some other qualities rather more than intelligence. To some extent, possessing it, let alone demonstrating it, is often regarded as a bit of a disadvantage.

3
0

Loons in balloons: Google asks FCC to approve Net plan

John H Woods
Silver badge

Re: In my area

"This would probably be viewed as aerial target practice by some inebriated locals." -- NotBob

... I think even with the steadiest hand going you'd be unlikely to hit one with anything other than a SAM

2
0

Facebook tells Belgian government its use of English invalidates privacy case

John H Woods
Silver badge

Re: English?

@TRT that is genius. I look forward to telling someone their argument is hemidemibiscuit. And @ElReg can we have a quarter biscuit icon to indicate the same?

7
0

'Printer Ready'. Er… you actually want to print? What, right now?

John H Woods
Silver badge

Re: Printers are evil.

"Cant give exact folder names as i am currently sat on toilet" --- psychonaut

Am I the only one who thinks it's inconceivable that someone who knew all the foregoing could not RDP to his machine from the throne?

4
0
John H Woods
Silver badge

Re: I can point you to some code

Emacs and LaTeX. Everything else sucks - often not just to use, but in terms of the ugliness of its output. It's only been the last few years of a what, two decade?, life that MS Word has been able to produce documents that aren't almost immediately identifiable as the ill-formatted output of the same.

3
0

US rapper slams Earth is Round conspiracy in Twitter marathon

John H Woods
Silver badge

Re: The thing to do with these kooks

"Why are such ideas so attractive to certain individuals" -- Jonathan Richards 1

Best answer I've seen (on FB recently) was that "conspiracy theories help dumb people feel they are smart"

0
0

Cops hate encryption but the NSA loves it when you use PGP

John H Woods
Silver badge

Re: An old but solved problem

"Is there not a program which conceals the encrypted message within a jpg or other image file?" -- Donchik.

Yes, there are several --- search "Steganography." More to the point, if you conceal it within an original creation of your own (i.e. there's no way to compare the picture to an 'original version' out on the web) you can post it publicly on Facebook, Tumblr or any number of well known places and, providing you have enough friends/watchers then they cannot even see to whom it is addressed.

0
0

Axe to fall on staff at IBM's Global Technology Services 'this Friday'

John H Woods
Silver badge

Re: Stock manipulating by the execs again

If you're senior enough to be able to order redundancies, and you have stock in the company itself, isn't that almost insider trading? It's certainly a conflict of interest of some kind.

3
0

Show us the code! You should be able to peek inside the gadgets you buy – FTC commish

John H Woods
Silver badge

I'm not sure I can understand the engineering diagrams of my car ...

... but I know if it is found to suffer from a serious safety design flaw I am, to a greater or lesser extent, protected (viz. large numbers of recalls we have seen).

The problem with a closed source device such as a router, with a massive security hole in it, is that it seems to to fall between two stools: there's very little the user can do check that it is safe, or keep it so, and I'm not aware of anyone who has tried to enforce supplier or manufacturer liability. Not even in the UK, where I'm guessing the Sale of Goods Act should allow you to at least return the device to the retailer.

Perhaps the information required to manage such a device oneself (firmware unlock keys, source code, etc.) should be placed in escrow with consumer organisations so that it can be released if the manufacturer goes under (or just stops supplying updates). But I still think that the detection of certain malfeatures, such as a hardcoded backdoor, should be a matter of manufacturer liability.

1
0

Sainsbury's Bank web pages stuck on crappy 20th century crypto

John H Woods
Silver badge

Re: Prosecution required.

"Negligence = duty + b[r]each + damage. Someone can sue as soon as they suffer damage" -- ThomH

Sure, that's what's required to prosecute the guys who fsck'd up the crypto ... but making the statement isn't negligent, it's dishonest. IANAL but surely there's another offence which covers making false claims about financial services? Doesn't seem to me that it would be acceptable to imply that your customers were adequately protected when they were not. Any actual lawyers got a view on this?

0
0
John H Woods
Silver badge

Re: Model M

I'll pay the postage if you send it to me!

2
0
John H Woods
Silver badge

Prosecution required.

Someone, hopefully multiple someones including the budget holders, should face internal disciplinary action for the bad state of crypto. However, the person who made this statement "Customers visiting the Sainsbury’s Bank website can rest assured that they are protected at all times by multiple layers of online security" should be prosecuted; the statement is simply false, and they have hoped to have worded it in such a manner as to attempt to escape being caught in an outright lie. But the purpose of the statement, in the context of the established facts, is to deceive. And the purpose of that deception, at this moment in time, is to falsely reassure customers that their financial details are adequately protected.

If Sainsbury's or their PR department fancy suing me for libel, I'm happy to provide my details, and I look forward to hearing from them.

14
1

Five technologies you shouldn't bother looking out for in 2016

John H Woods
Silver badge

Re: Year of Linux?

"Well then, where are all the games? No serious gamer would use a Linux desktop" -- Charles 9

No serious gamer would use a machine from PC world costing a few hundred quid either --- they're likely to be spending that (at least) on their graphics card(s). If that's out of your budget and you're still a serious gamer you are looking at self-build or buying from a specialist. Whilst I agree (and personally regret) that it's almost Windows or bust for headline games, these are not the kind of users that are being discussed here.

2
0

Apple backs down from barring widow her dead husband's passwords

John H Woods
Silver badge

"Half the key"

is a figure of speech, hopefully. There's a lot of flexibility here: you can "split a key" into n pieces and require m of them for decryption, without any loss of security. So you could, for instance, create 10 keys and distribute them round your family, but only require 4 of them to unlock your stuff.

1
0

Swivel on this: German boffins build nanoscale screwing engine for sluggish sperm

John H Woods
Silver badge

Re: Wir haben Möglichkeiten, die Sie schwanger

"Not proper German.... try harder" -- petur

Hey, if we're being really pedantic, that's not a proper ellipsis!

8
0

200 experts line up to tell governments to get stuffed over encryption

John H Woods
Silver badge

"You also can't monitor a subject without their knowledge" -- Paul Hovnanian.

I disagree: sure, using 'hand-over-the-key-or-else' legislation does have that consequence. But keyloggers, key stealing, shoulder-surfing, bugging devices, etc. can all be used to monitor a subject who is using strong encryption without having to either attack the crypto or let the subject know that they are being watched. Endpoint compromise is effective against everything, even quantum crypto.

2
0
John H Woods
Silver badge

What 200 experts should really do ...

We need an audited, open-source, secure, traffic-analysis resistant system, impervious to blocking and denial of service.

This is problematic, because it would be of use to terrorists, but any remotely competent terrorist can do this stuff anyway and, as we have seen, they don't even have to: it seems they can be on everybody's watchlist, pretty much announce their intent publicly and still commit atrocities before being intercepted.

Such a system would kill, once and for all, the technically ignorant idea that all communication can be policed, as we would just say --- look, what's the point? Bad actors can always use System X.

4
0
John H Woods
Silver badge

"Is there a system in the wings?" -- T. occipitalis

Doesn't matter - the bad actors won't use it. If I can post random thoughts on Facebook I can communicate in code with any system of my choice without anyone apart from the recipient being aware of the hidden content. If I am allowed to post photographs I have taken, that content can be of quite significant size.

"Given that the UK authorities, at least, can demand keys from suspects why bother with SBDC"

Because you can't dragnet; That is the whole motivation here. Even with unbreakable encryption they can hit known targets through a variety of old school and technological measures; what they want to do is monitor everyone, all the time, just in case.

15
0
John H Woods
Silver badge

Re: Let me get this straight

@asdf - apologies, I deleted my earlier comment because I thought I was being unnecessarily pedantic and I actually agreed with you. Unfortunately that then 'orphaned' your reply, apologies :-)

3
0

Going on a date, and it's just the two of you? How ... quaint. OkCupid's setting up threesomes

John H Woods
Silver badge

Re: To answer your question about demisexuals

Brilliant idea, although might I suggest HSL rather than RGB --- it's a bit more sympathetic for conveying gradients

3
0
John H Woods
Silver badge

Re: order by breast_size

"Leaving choice aside, some people really don't have a distinguishing body part and it does seem unreasonable to assign them to an arbitrary category for administrative convenience." -- absolutely

There are 4 standard values for gender: male, female, unknown, unspecified and you've got to be able to support AT LEAST these 4. "experienced healthcare software designers" who are using Booleans should be taken out the back and shot --- IEC 5218 is forty years old this year FFS.

4
0

Foetuses offered vaginal music streaming service

John H Woods
Silver badge

I think the seminal hit is sometime before the insertion of the babypod

8
0
John H Woods
Silver badge

Hmm...

My eldest son had a difficult birth. Some time after he was born, we received a baby gift of "relaxing womb sounds." The normally placid little chap reacted with considerable distress when the disc started to play, and settled only when it stopped.

Being a scientist, I had to try another couple of times to see if it happened again --- it did. Being a father, I wasn't going to do it more than thrice --- I didn't.

Now, I wouldn't normally want to infer something from a sample of three. However, might it be possible that some ill-timed music during foetal distress could result in a baby who would be distressed by such music?

On a related note, I'm now wondering whether my parents travelled back in time with some Kanye West tracks?

23
0

Password-less database 'open-sources' 191m US voter records on the web

John H Woods
Silver badge

"Wouldn't it be much simpler to follow one from station to home after work?"

That would give you 1 address and would involve both more time and more risk. It's the same with a sexual predator following a young woman home, or an investment scammer following an older person home to see if they are likely to be asset-rich and income-poor (and a good target for an equity release scam). You'd still have more work to get a name and phone number (handy for "household surveys" where you can usually find out if someone lives alone --- especially if you have a handy conversation starter like registered political affiliation) but it's not going to be impossible.

What IS going to be impossible, though, is finding thousands of targets this way. Finding a wallet with someone's name, address and phone number is completely different to finding a DB with millions of addresses and phone numbers. Sometimes the scale of a quantitative difference is so large it is more effectively interpreted as a qualitative difference: my engineering inclinations would ordinarily, depending on the context, put that "switch" between about 3 and 6 orders of magnitude.

2
0
John H Woods
Silver badge

Re: What's the concern?

I presume the concern is that the voters did not necessarily give permission for this information to be given to anyone, without restriction -- or audit.

Privacy is not one dimensional: I really don't mind the UK secret services knowing what I use my VPN for, but it doesn't mean I want the council's parking control officer to know; I don't mind the latter knowing my address, but I don't want him to know my date of birth; etc.

There is also the issue of aggregation. Sometimes secrets that aren't even in the data can be given away by the data (e.g. a geographic clustering of security cleared people in a rural town). Databases which contain gender and D.o.B. information can be used to identify the locations of thousands of young women, for instance.

However, the key flaw in your argument is to assume that everyone else should be comfortable with your own personal privacy levels. I post here using my full name, but I don't expect everyone else to, and I'd be highly unimpressed with someone "outing" a fellow commentard who had used a handle or posted AC.

23
0

China wants encryption cracked on demand because ... er, terrorism

John H Woods
Silver badge

Best laugh of Christmas:

According to Reuters:

"The draft law, which could require technology firms to install "back doors" in products or hand over sensitive information such as encryption keys to the government, has also been criticised by some Western business groups.

U.S. President Barack Obama has said that he had raised concern about the law directly with Chinese President Xi Jinping."

I hope Mr President will be calling David CamJongUn to express his concerns about draft legislation proposed by Treasonous May.

34
2

Assessing the UK’s Government Digital Service

John H Woods
Silver badge

Re: It's just a little trivial

What if I don't really want to have a laser focussed on me?

4
0

I have you now! Star Wars stocking fillers from another age

John H Woods
Silver badge

"The only exception being Rouge Squadron ..." --- Bladeforce

rose-tinted glasses?

1
0
John H Woods
Silver badge

Re: I can state with some confidence

"If I had a spare few grand" ... ah yes. But we can always use MAME :-)

1
0

Juniper's VPN security hole is proof that govt backdoors are bonkers

John H Woods
Silver badge

Re: Dzjeeez

"Why is nobody commenting on the significance of quantum computing as a real threat to encryption" -- Jerth

It isn't insignificant but it isn't the end-of-life for classical encryption. Firstly, quantum prime factorisation is faster than classical but the speed up is not so vast that it cannot be impeded by using much longer keys. Secondly, there are already quantum-resistant algorithms.

0
0

UK ISP Sky to make smut an opt-in service from 2016

John H Woods
Silver badge

SKY: "Can I ask what you mainly use the internet for?"

Me: "Porn"

*agent chokes on coffee*

After all, The Internet is for Porn

1
0

There's an epidemic of idiots who can't find power switches

John H Woods
Silver badge

" it's now some 35 years I keep seeing intelligent, educated professionals being totally confused by a box of, well wires and stuff, acting like they have been zapped by a 1950ies B-movie MoronRay or something"

Precisely --- they are operating so far out of their comfort zone that they regress intellectually. People who would never dream of phoning up their garage and saying "my car doesn't work" routinely tell me "my computer doesn't work" and I have to play 20 questions, getting only "yes", "no" and "i don't know" answers to each question.

Even when people are specific "I've got a ghost post on Facebook I can't delete" you have to play the game: question 1) "is it the app or in a browser?" (usually answered by "I don't know" or, worse "how should I know?")

So the problem isn't idiots, it's intelligent people behaving like it. However, even that is forgiveable --- the real issue begins when they start to treat *you* like an idiot when you're trying to help them.

7
0

Hillary Clinton says for crypto 'maybe the back door is the wrong door'

John H Woods
Silver badge

Re: Jury-based encryption

"This essay by Vinay Gupta explains the context..." -- Francis Irving

Your source appears to explain a specific and clever solution that can be used by people who want to cooperate (e.g. to share encrypted video to avoid liability for copyright infringement whilst still providing a decryption path for e.g. identifying the source of banned content). We wouldn't need a big project to work out how to do this as the article you quote already contains a solution!

The people that the powers-that-be are constantly pointing to as the threat which justifies mass surveillance are both able to use non-compliant cryptography and to hide the fact that they are doing so with steganography and other counter measures. It doesn't matter if you invent a new system that keeps all the good guys happy --- because the bad guys will ignore it.

3
0
John H Woods
Silver badge

Re: Deliberately vague

"but the first good quantum computers *will* pwn all classical algorithms" -- DavCrav

I thought that (a) there already exist quantum-computing resistant algorithms and (b) that the speed-up offered by, e.g. Shor's Algorithm is not so vast that it cannot be realistically kept at bay for a while by using (maybe much) bigger key sizes with classical encryption.

0
0
John H Woods
Silver badge

Crucial difference

The Manhattan Project (like the Apollo Project) was about engineering a way to realise the theoretically possible. Only idiots think a sufficiently big project can manage the not theoretically possible (let alone the theoretically not possible) and only liars would suggest it could if they suspected otherwise.

The political elite seem to be, almost to a person, fools or frauds.

32
0

Kids' TV show Rainbow in homosexual agenda shocker

John H Woods
Silver badge

We should promote homosexuality

It's a win-win: (1) it forms a scientific trial; if after a few years of promoting it, the incidence of homosexuality stays roughly constant (within statistical bounds) we will at least confirm that all these people are talking rubbish but (2) if it causes a massive increase in homosexuality, we can reap the consequent benefits of population reduction.

7
0

NZ unfurls proposed new flag

John H Woods
Silver badge

No Welsh in the Union Jack / Flag

If we superimposed that Welsh dragon on the flag would at least stop idiots hanging / flying it upside down.

0
0

Electrician cuts wrong wire and downs 25,000 square foot data centre

John H Woods
Silver badge

Re: Do you get paid the same money as a professional?

"So, when the IT guy says 'there's only a 99% chance of success', what he's saying is 'this is ten million times more risky than our uptime SLA allows for, do not do this under any circumstances'" --- Naselus

That's what he is saying to a fellow techie. What the same sentence says to management is "yeah, it's definitely going to work" Remember, many of these people not only think that ninety nine point nine recurring is not exactly equal to a hundred (a little bit stupid) but are prepared to argue it with someone who does know (a little bit more stupid) and to not even change their mind when it's proved to them (unbelievably stupid).

My answer would have been "It's not a risk I would be happy to take: I think the chances of anything going wrong are small but the consequences, especially if we don't plan a mitigation strategy, would be fairly disastrous"

23
0

Rupert Murdoch wants Google and chums to be g-men's backdoor men

John H Woods
Silver badge

Tetchy teens toll trumps trained terrorists

Between 2001 and 2013, about 3,400 USA citizens died from terror attacks (10% of which were outside the USA). In the same period there were over 400,000 deaths by gun violence inside the USA. [CDC figures, CNN report]. Measures which reduced USA gun crime by even 0.1% would save more lives than a 100% effective counter-terrorism system.

Before we can engaging in a discussion about "balancing" safety and privacy, the people asking us to discuss it need to explain what they feel is so uniquely awful about terror-related deaths and injuries that it requires such disproportionate resource expenditure and rights restrictions. In my experience, despite their insistence on being rational people who understand money, the 'stop-terror-at-any-cost' proponents are rarely in favour of any other 'big state' activities which would have a higher expected health payoff: increased health and safety provisions; supporting mental health; improving road safety; promoting changes in diet and lifestyle; increased research and treatment of major diseases.

16
0

National Crime Agency: Your kid could be a nasty interwebs hacker

John H Woods
Silver badge

Enraged Brits demand Donald Trump UK ban

John H Woods
Silver badge

Donald Trump: "[parts of London are] so radicalised the police are afraid for their lives"

Boris Johnson: "As a city where more than 300 languages are spoken, London has a proud history of tolerance and diversity and to suggest there are areas where police officers cannot go because of radicalisation is simply ridiculous ... Crime has been falling steadily both in London and in New York - the only reason I wouldn't go to some parts of New York is the real risk of meeting Donald Trump"

14
1

Brits leave 138,000 gadgets in the pub

John H Woods
Silver badge

Bluetooth belt buckle / broach?

How about a small, rechargeable Bluetooth device that serves no purpose other than to keep your smartphone, tablet or laptop unlocked when said device is within range? You could even use it in 'pub' mode where when the device goes out of range you get an audible warning. Maybe the device could have its own buzzer to alert you when the connected devices drop out of range?

0
0
John H Woods
Silver badge

Re: I still have to both

"PANTS for short" --- AndyS

Handy umbrella term. I have been using the term e-pocrisy to refer to the practice of using social media to diss social media (all those FB posts saying one, or one's kids, should put down their smartphones and experience real life). I think we could probably apply a similar classification for comments on a news site telling everybody what you think of Facebook, when it is not the central point of the article.

3
0

Obama calls out encryption in terror strategy speech

John H Woods
Silver badge

"He and the rest of the political elite never ask Toyota to come up with technological means to make it harder for terrorists to use the Hilux, do they?" --PassiveSmoking.

But they could prevent the vast majority of Hilux related deaths by limiting their speed to 20mph, though. I bet that would be super popular!

1
0
John H Woods
Silver badge

Re: The truth is not relevant to politics

"The technology exists to regulate encryption and prosecute those who choose to violate the new laws."

I agree that technology exists "to regulate encryption" but, as we know, shorn of headers, decent ciphertext is indistinguishable from random numbers; these are easy to smuggle in media files. Furthermore, there is no practical detection of, or defence against, idiot code.

I'm pretty sure we are in agreement here --- they can regulate and criminalize but it wont stop the people it is "really supposed to stop"

0
0

Entropy drought hits Raspberry Pi harvests, weakens SSH security

John H Woods
Silver badge

"It should be well-known that something as cryptographically sensitive as key generation *must* use /dev/random"

Cause of weirdest "bug" (actually a feature) I've ever seen. Using a Linux Citrix client, connection to server timed out. Unless I got impatient and wiggled the mouse like crazy --- then it worked. Took me a while to figure out what was happening ... :-)

8
0

How to solve a Rubik's Cube in five seconds

John H Woods
Silver badge

Simple Pole on a complex plane...

yeah, anyone care to apply the method of steepest descents?

1
0

Italians to spend €150m ... snooping on PS4 jabber

John H Woods
Silver badge

Ban pasta now!

Yes: prohibit impennetrable networks!

3
0

Forums