* Posts by Eugene Crosser

229 posts • joined 20 Oct 2007

Page:

DeepMind says it's given AI an imagination. Let's take a closer look at that

Eugene Crosser
Joke

sorry..

>DeepMind says it's given AI an imagination.

Nah, it's imagining it.

5
0

Russia, China vow to kill off VPNs, Tor browser

Eugene Crosser

Re: Resist with crowdfunded RPNs...

>Is it feasible to develop a communications device that is visibly discrete, can be easily setup (or is signal-homing once directed approximately), can connect to multiple nodes, detects if a previously-established/trusted connection has been intercepted, and can present the link as an IP network?

No.

0
1
Eugene Crosser

Re: Will The UK Follow Their Lead ???

> I highly doubt western companies would allow "their" government to implement such VPN bans.

Note that that rules are designed to not harm businesses, western or Russian: they can implement censorship and then it is OK to use the VPN.

Still seems pretty difficult (read: impossible) to enforce such a rule as long as VPN servers can be hosted at big cloud providers' infrastructure.

0
0

Tech giants flash Russia their code blueprints in exchange for access

Eugene Crosser
Thumb Up

If security of their products rely on secrecy of the source code, they have a bigger problem that Russian spies. I'd say, it's a good thing if it at least somewhat incentives them to go and clean up their source code.

7
0

The internet may well be the root cause of today's problems… but not in the way you think

Eugene Crosser

Good and clever, until you stumble upon something..

Can we please have some journalists who are capable of analysis, but are not as blatantly partisan as this:

There are large groups of people in the United States who believe a range of views that are clearly and obviously wrong: dinosaurs existed at the same time as Jesus; there is no such thing as climate change; people's sexuality is some kind of deity-imposed punishment; anyone should be allowed to buy a gun.

No? Oh...

0
1

Highly available? Of course you are. But did you download DRBD?

Eugene Crosser
Thumb Up

Cudos

Was building HA fileservers back in about 2004 (or so). The driver was a bit unstable for our heavy load (for the time), and I had quite back and forth with the guys reporting bugs and testing the fixes. Wonderful guys to work with, very responsive and diligent. I ended up with rock solid setup that was running on dozens of servers for many years henceforth, never gave us any trouble. Quite refreshing after flaky propitiatory HA "solutions".

Very pleased to hear about their success!

2
0

Boffins name 12 new types of cloud in first Cloud Atlas since 1986

Eugene Crosser
Coat

Umm,

There was at least one other Cloud Atlas published in 2004...

1
0

BOAR-ZILLA stalks Fukushima's dead zone

Eugene Crosser
Alert

"...picked up radiation doses that make them a very dangerous meal."

Where is Lewis Page to challenge this claim?!

(Yes I know he is not with The Reg anymore.)

13
2

One IP address, multiple SSL sites? Beating the great IPv4 squeeze

Eugene Crosser

Re: Thumbs up, but have to respectfully disagree with some things

> A) I'm sorry, NAT has a purpose. That purpose is renumbering. SO I'm not listening to anything else you have to say about IPv6. Your opinions are now invalid.

Renumbering, yeah... I guess it should be possible to do IPv6 NAT for that, which would just rewrite the prefix, without touching the port. It will be easier to implement, more robust (because stateless), and work for port-less protocols without any special arrangements. Still have to deal with the packets that have addresses in the payload (like ICMPv6 Destination Unreachable etc.), but much less ugly than IPv4 NAT mess. Did not check if a standard exists.

> B) You don't have to have one certificate with all the domains on your server using my method. Only one certificate per server {} block. Each server {} block gets it's own cert and you can have multiple server {} blocks point to a single backend server, if you want.

I really fell behind on this one.

0
0
Eugene Crosser

Thumbs up, but have to respectfully disagree with some things

> ...the real barrier to adoption is that consumer-facing ISPs in many parts of the world still aren't handing out IPv6 addresses to subscribers.

Indeed. For some reason, this fact is often overlooked, while other less important obstacles are undeservedly highlighted.

> NAT breaks the end-to-end model obsession that is responsible for most of the horrible things about IPv6.

As long as you consider withdrawal from NAT addiction to be the most horrible thing about IPv6...

> NAT is a fantastic means horribly hacky way of plopping an entire network down behind a single IP address and making individual servers behind that IP available on different ports.

And it is only possible because the original design accidentally overbooked for the port namespace, and underbooked for the address namespace.

(Perhaps, the concept of classless subnetting should have been extended to include the port part... Though dealing with ICMP and other non-TCP-or-UDP protocols would be tricky. And it is too late anyway.)

> cd ~/letsencrypt DOMAINS="-d example.com -d www.example.com" /root/letsencrypt/letsencrypt_gen

Except you will have to use one certificate for all domains hosted on your server. Which kind of defeats the purpose of TLS, at least in part.

There have been suggestions to make it possible to pass the `host` indication before the TLS handshake, but none of them took off, to the best of my knowledge.

2
5

IPv6 vulnerable to fragmentation attacks that threaten core internet routers

Eugene Crosser

Clarification

The article goes to some length to explain what are atomic fragments, but does not emphasize enough the DoS mechanism in play here. Specifically, according to the RFC, the practice of blindly dropping IPv6 packets with extension headers is so widespread, that if an attacker ticks the victim into producing such packets, it will have disruptive effect.

4
0

Idiot millennials are saving credit card PINs on their mobile phones

Eugene Crosser

Re: Encryption?

Indeed.

I keep all my passwords (couple hundred I think) and pins (a dozen) on the phone, encrypted under master password in OISafe. 55.

Millenials, you are saying...

1
0

Why Tim Cook is wrong: A privacy advocate's view

Eugene Crosser

Not exactly a "design flaw"

> What appears to be involved is a design flaw.

Not so much a design flaw, as a hardware deficiency of an older iPhone model, i.e. lack of "Secure enclave" in the model in question. This guy provides a very plausible analysis.

2
0

Router configurations suck (power out of mobile devices, that is)

Eugene Crosser

> Does this mean I would have to wait and average of 4.25 (worst case 8.5) minutes before my phone can connect to a new network?

No.

When a device connects to a network, it may, and usually do, send "router solicitation" multicast packet, to which the router(s) respond with "router advertisement" instantly. "Gratuitous" RAs are there to ensure that things are eventually corrected if the process did not work first time.

5
0

Canonical and Spain's BQ team to put Ubuntu on a tablet

Eugene Crosser

Right direction, wrong choices.

I am definitely the target audience for this sort of device. I currently carry an x200 series ThinkPad with me (and use an old-school deskside box at home). I want my next "luggable" computer to be a tablet running a full Linux distro, accompanied by a BT keyboard/mouse.

But it will definitely not be this one. It is specced as a cheap Android tablet. To be useful as a "portable workstation" it must have no less than 250 Gb of storage. To be useful as a tablet, it must have GPS. If Android-specced hardware was acceptable for me, why would I want a BQ when I can get a Nexus or a Z tablet and install Ubuntu there?

2
0

Learn you Func Prog on five minute quick!

Eugene Crosser
Boffin

currying and partial application are largely orthogonal

At least in Haskell parlance, currying and uncurrying is conversion between a function that takes an argument of a product type (typically a tuple) and a function that takes multiple arguments of the types of elements of that product type

uncurried_func :: (Hight, Weight) -> HoleSize

curried_func :: Hight -> Weight -> HoleSize

The only connection to partial application is that you need a function with multiple arguments, so if your original function was uncurried, you will need to curry it before you can use it for partial application.

1
0

Anyone using M-DISC to archive snaps?

Eugene Crosser

Never on the shelf, always live.

Take it from someone who's been there for a long time.

As others mentioned, it's not the durability of the media, it's the mere existence of the technology. By the time you need to read the archive, you find that there is no compatible hardware anywhere but in a museum.

On the other hand, when it's on a NAS plus in the "cloud", you are forced to keep up with progress. When the NAS gives ghost, you'll have to get a current piece of tech, and restore all your data there. When the cloud provider dies you'll have to move to a new one.

Just make sure that you keep three copies "normally", and no less than two during the migration.

2
0

'Wipe everything clean ... Join us ...' Creepy poem turns up in logs of 30 million-ish servers

Eugene Crosser

X-Clacks-Overhead anyone?

I wonder if they checked how many of the responses contained the "GNU Terry Pratchett" message. (They did get one from my server...)

24
3

Cyber-terror: How real is the threat? Squirrels are more of a danger

Eugene Crosser

A little more than a month passed, and ...

--Cyber Attacks Allegedly Targeted Power Stations in Ukraine

(January 1 & 4, 2016)

A cyber attack last month in Ukraine caused a significant portion of the

country's power grid to go offline. The SANS Industrial Control System

(ICS) team has obtained a sample of the malware allegedly used in the

attack.

http://motherboard.vice.com/read/malware-found-inside-downed-ukrainian-power-plant-points-to-cyberattack

-- SANS NewsBites Vol. 18 Num. 001

0
0

Google wants to add 'not encrypted' warnings to Gmail

Eugene Crosser
Facepalm

Yeah, right.

Rather than fussing about largely useless TLS SMTP, Google ought to make better effort to support PGP in its webmail client.

3
8

The internet's Middle East problem: Who is going to do something about Whois?

Eugene Crosser

Failure?!

I think ICANN chaps are doing their job marvellously. They are keeping layers and politicians (and journalists) debating with them, and getting angry at them, and demanding change, while the Internet chugs quietly behind, unscathed.

4
0

Perhaps the AIpocalypse ISN'T imminent – if Google Translate is anything to go by, that is

Eugene Crosser

They are on it

The robots, the algos, unrestrained aren't about to take all our jobs. Simply because they're not yet very good at doing things which we humans do without much effort, which is to distinguish between different potential meanings of words and put them into context on the fly.

This project strives to solve exactly this problem. Not yet there, but...

0
0

Bruce Schneier: 'We're in early years of a cyber arms race'

Eugene Crosser

I think Schneier was mixing with generals and politicians a bit too much lately. All that talk about nation states, military and police... "Cyber-enemy" is border-less. And the defence ought to be border-less. And actually, it already is, in case not everyone noticed. Attempt to bring in national interests and national forces to the discussion is just a desperate attempt by the said generals and politicians to stay relevant.

2
0
Eugene Crosser

Re: @1980s_coder

> Until they turn the electricity off.

And leave "them" without the battlefield? They won't, where's the fun in that?

2
0

Lenovo CEO: We will axe 3,200 workers as our profits shrink to nowt

Eugene Crosser

I'd like them to axe the clowns who arranged inclusion of NovoSecEngine2 in the BIOS

But that does not seem likely...

4
0

Did speeding American manhole cover beat Sputnik into space? Top boffin speaks to El Reg

Eugene Crosser
Headmaster

Most probably, the first man-made object outside atmosphere was V2, the first man-made object on Earth orbit was Sputnik. This plug, if it did not disintegrate (and most likely it did) and kept escape velocity when it exited the atmosphere, could claim to be the first man-made object to go to space and stay there.

Otherwise, that would be Luna 1, launched in 1959.

1
0

Amazon just wrote a TLS crypto library in only 6,000 lines of C code

Eugene Crosser

Re: OpenSSL

> There should have been a division between crypto and protocols from the beginning.

And there was, in case anyone did not notice. SSLeay/OpenSSL came as two libraries, libcrypto and libssl from the very start. And in case anyone did not notice, s2n replaces the latter, but uses the former.

OpenSSL code is not as bad as it is often presented nowadays. Although it does suffer from the luggage of old coding practices, and lack of attention from infosec experts (for a long time, the latter problem is rectified now). Lack of strong leadership contributed to the problems, too, I think, since the original authors where kidnapped[*] by the NSA.

[*] Figuratively speaking. Don't go looking in the Snowden files. It happened in 1998 when Eric Young and Tim Hudson where hired by RSA and where not allowed to touch SSLeay code since then. That's the official story, anyway. There was only one post signed by Eric Young since then, and nothing from Tim Hudson.

5
0

Secure web? That'll cost you, thanks to Mozilla's HTTPS plan

Eugene Crosser

Bring up DANE

I've said it and I'll say it again: introduce DANE first, ban clear HTTP after that. Otherwise it's just helping CA folks to make a quick buck out of thin air.

13
0

Netflix looses FIDO hack attack dog as open source

Eugene Crosser
Facepalm

I wish they did not abuse the acronym so badly

It was bad enough when FIDO Alliance came into being and stole it from the good old FidoNet. And now this.

2
1

WIN a RockBLOCK Mk2 Iridium sat comms unit

Eugene Crosser

UDDER

Ultra Distant Discovery & Emergency Radio

0
0

Timeout, Time Lords: ICANN says there is only one kind of doctor

Eugene Crosser

It's paramaunt to keep spin doctors out

the rest are acceptable casualties.

0
0

The secret of Warren Buffett's success at Berkshire Hathaway

Eugene Crosser

What about other insurance companies?

Insurance market in not competitive, and as a result, those who own an insurance company have "free money" to invest. OK, I got it.

But Buffett's not the only insurance company in existence. Why aren't the owners of other insurance companies making the same crazy profit as Buffett?

0
0

IBM punts cryptotastic cloudy ID verification services

Eugene Crosser

Re: IBM and "The Man" do not need to be involved

The point of the tech in question here is that Alice can prove to Bob that The Man guarantees that she is above 18 yo, and that The Cashier received payment from her. So now Bob can send a p0rn flick to her but neither The Man nor The Cashier are wiser about her taste of movies.

Of course Bob has to trust The Man and The Cashier.

0
0
Eugene Crosser
Thumb Up

IBM and "The Man" do not need to be involved

The service is hosted on IBM cloud only for demo purposes. It can be run on one's personal hardware (notebook or smartphone) and then the person will be in full control. It's also open source and thus auditable.

1
0

Hola HoloLens: Reg man gets face time with Microsoft's holographic headset

Eugene Crosser
Joke

"You hold a fist in front of your face, raise a finger vertically, then roll it back down."

I am trying to image this.

Seems both obscene and hazardous.

6
0

EU copyright law: Is the Pirate Party's MEP in FAVOUR of it?

Eugene Crosser

Artificial scarcity is the key problem.

I believe that many, if not most, "pirates" are willing to pay fair price for the content they consume. I for one certainly am. The problem is, in many if not most cases, that the consumer is denied access altogether. Such as, in order to watch "Citizen Four" I would need to request visa to the US, buy a $1000 air ticket, and go to a movie theatre there for $10.

Copyright regulation that is fair to both creators and consumers should disallow creation of artificial barriers, such as geographic restrictions or lock-in on particular technological solution (implied by DRM). The only legal reason to deny the consumer access should be their refusal to pay the price.

I don't want "product of human creativity" to be "free as beer". But I do want it to be "free as speech".

(Yes, I know that it is hard.)

0
0

Boffins open 'space travel bureau': Come relax on exoplanet Kepler-16b, says NASA

Eugene Crosser

Pet peeve

I hate these pictures with two big celestial bodies in the sky. It's impossible. You can have two suns, but either one or both will look like very bright star, not a disk. Otherwise the system will be unstable. Same for two big moons.

1
0

So: Will we get net neutrality? El Reg decodes FCC boss Tom Wheeler

Eugene Crosser

I don't understand

you have to provide the service across the country

How this is going to work now for the ISPs, and, even more interesting, how could it work in the olden days of railways, steamers and coaches?

0
0

Armouring up online: Duncan Campbell's chief techie talks crypto with El Reg

Eugene Crosser

Re: Truecrypt is a threat

@Ben

I am not familiar with truecrypt, but I assume that it does not let an observer see "a blob of random data" precisely because it would be pretty convincing evidence of "hidden volume". If my assumption is true, then the mere fact that truecrypt can have hidden volume is no better proof than the fact that a bikini picture can have hidden information.

0
0
Eugene Crosser

Re: Truecrypt is a threat

I am not sure how this kind of possibility is realized in real life (and IANAL), but surely, even if you don't have TrueCrypt in plain view, a prosecutor can argue that you have data steganographically hidden in your holiday photos (or free sectors on the disk) and demand that you decrypt it. There is no difference in the possibility of a hidden truecrypt volume and the possibility of secrets hidden in plain view without truecrypt.

1
0

Beware of merging, telcos. CHEAPER SPECTRUM follows

Eugene Crosser

Re: Questionable logic

@Teresa

That's right, but auction on spectrum does not help it a little bit, does it?

(I specifically underlined "when there is competition". That's the key, obviously.)

0
0
Eugene Crosser

Questionable logic

Whatever their cost base, they're going to charge us consumers the maximum they can get away with. So increasing the spectrum price doesn't change what we pay.

Err... I am not so sure about the logical relation between these statements.

When there is competition, every player wants to cover costs plus get as much profit as they can without losing their customers to competition. When the cost base is the same for all competitors, they all end up adding some "average" profit margin on top, and this results in the "average market price" that the consumers pay.

When cost rises for all the competitors, they all do the only possible thing, and raise prices simultaneously, preserving the margin. If any of them don't, it starts losing money and go out of business. If any of them rises prices too high, it loses customers and go out of business.

In a sense, auction on "natural resource" is anticompetitive, because it raises the barrier of entry, while doing nothing to impose "fairness".

2
1

Next gen ransomware: Elliptic cryptic, talks on Tor, demands Bitcoin

Eugene Crosser

Re: Specific to VMs...

What does exist in the way of hardware monitoring

Most virtualized environments these days are hardware-assisted (on mainframe, for a long time; on x86 - for a few years now). Even so it is tricky to hide the fact that a program is running in a VM from that program. It is possible, but in most real-life scenarios it is better to let it know, so the fact is rarely being hidden well enough to fool sufficiently sophisticated malware.

0
0
Eugene Crosser

Re: Specific to VMs...

Running the program in a VM allows the researcher to observe "from the outside" (i.e. from the hypervisor) what the program is doing, down to one instruction at a time when necessary. On bare metal, the malware will just do its deed without giving the researcher any insight about how it works.

5
0

The Pirate Bay SUNK: It vanishes after Swedish data center raid

Eugene Crosser

Beware of the new domain

thepiratebay.cr is reported to be a proxy, devoid of real content, albeit showing the home page.

0
0

The Nokia ENIGMA THING and its SECRET, TERRIBLE purpose

Eugene Crosser

It's a tyre repair kit

just saying

6
0

Obama HURLS FCC under train, GUTPUNCHES ISPs in net neut battle

Eugene Crosser

Re: Time to speak up

"Unfortunately you get no benefit from the traffic and its costing you money"

Consumer ISPs have paying customers. The more service (i.e. data transferred to customers), the more revenue (at least, that is how it should be - service must be paid for). For the customers to want the service, there must be people whose data the customers want to get. I.e. Netflixes etc.

ISPs should praise those data producers, buy them flowers, and maybe even share some of their revenue with them. Not demand money from them.

This is how it is when there is no monopoly.

18
3

MasterCard adds fingerprint scanner to credit cards for spending sans the PIN

Eugene Crosser

relative difficulty

the correct fingerprint is stored on the card and it is likely a canny thief could reprogram the card, or take a copy of the data stored on it.

This particular attack is very unlikely. EMV cards are quite good at preventing the leak of data stored in the chip (otherwise it would be easy to clone, and we don't hear much about that).

Making a gelatine "fake finger" from a fingerprint is relatively easy, and will defeat best mass market readers. It is easier than chopping off fingers. But still more difficult than simply eavesdropping on the pin entry.

2
0

Crims zapped mobes, slabs we collared for evidence, wail cops

Eugene Crosser
Boffin

Faraday cage will not help

Assuming the "remote kill" functionality is set up, the phone needs to be (1) FDE encrypted, (2) not rooted, and (3) have a system app that simply turns power down if it cannot connect to the "remote kill" server for a long enough period of time.

2
4

Bash bug flung against NAS boxes

Eugene Crosser

Miscreants will be hard pressed to find bash on embedded systems

- they usually run busybox(/ash) or some other "lesser" shell.

"Real" servers, and especially hosted VMs that boot from pre-built system images are probably more lucrative.

0
1

Page:

Forums

Biting the hand that feeds IT © 1998–2017