* Posts by John H Woods

2546 posts • joined 14 Nov 2007

What's next? FBI telling us to turn iPhones into pocket spy bugs? It'll happen, says Apple exec

John H Woods
Silver badge

"Then there's that whole 'warrant' thing people keep missing" -- Jeff Lewis

If you were right, the court of the first instance missed it is as well: because if it were a simple "warrant thing" then that court would never have needed to rely on the All Writs Act, as failure to comply with a warrant would put Apple in contempt of court.

People who say "This should be as simple as a warrant" are expressing an opinion that could potentially be justified by argument (I haven't yet seen a compelling one, but it's possible). People who say "This is as simple as a warrant issue" are just plain old wrong, and any other authoritative assertions that they make can be safely ignored.

7
0

Knackered Euro server turns Panasonic smart TVs into dumb TVs

John H Woods
Silver badge
Joke

If you want a nice big dumb TV ....

... buy a projector ;-)

3
1
John H Woods
Silver badge

Re: Time for my new Expression

"One could, of course, have argued that the OP is observing the good ship Panasonic on it's voyage to the downhill from a fixed point near the hilltop and so when he looks down he sees it red-shifted as it races away from him" -- 's water music

Bugger, I knew someone would get me with an alternative frame of reference!

2
0
John H Woods
Silver badge

Re: Time for my new Expression

"It's still called the red shift effect, regardless of which way it's going though."

You'll be pleased to know I've given you -1 upvotes. And to be really pedantic, it's called the Doppler effect :-)

9
0
John H Woods
Silver badge

Re: Time for my new Expression

"Panasonic are going downhill so fast, when you look at the floor you can see the red shift" --- Ian Emery

<pedant_mode>blue</pedant_mode>

6
4

FBI says NY judge went too far in ruling the FBI went too far in forcing Apple to unlock iPhone

John H Woods
Silver badge

"Hoooly shit, seriously? That's like the Pope's Divine Cheat Code Chair, only this applies to actual fucking law! If the court puts it into writing, it happens? Seriously?" --- ShadowDragon8685

Whilst I largely agree with your amusing take on this, there are two mitigating circumstances preventing it becoming a tool for draconian imposition of arbitrary burdens:

(a) the caveats, in the Act itself, of "necessary or appropriate" and "agreeable to the usages and principles of law"

(b) a 1977 Supreme Court Ruling that "... the power of federal courts to impose duties upon third parties is not without limits; unreasonable burdens may not be imposed"

0
0
John H Woods
Silver badge

"How is this any different from a warrant for telephone records or financial records where the telephone company or accountant are not complicit - nor alleged to be complicit - in any alleged wrong doing or financial malfeasance ?" -- Deltics

If it were no different, the All Writs Act would not have had to have been invoked because Apple would be in contempt of court for not complying with a warrant.

14
1
John H Woods
Silver badge

The FBI argues that Orenstein looked at the question too broadly and focused on possible future abuse rather than the actual case he was considering. And then effectively accuses him of overreach by saying his ruling "goes far afield of the circumstances of this case and sets forth an unprecedented limitation on federal courts' authority.

That argument would seem to be self defeating: the first part says that it is only about this one individual device (case) and pretends no precedent would be set. The second part is a concern that a precedent has been set (albeit the opposite one to the one they wanted) by a judgment in the same particular case.

21
0

GCHQ: Crypto's great, we're your mate, don't be like that and hate

John H Woods
Silver badge

"If I understood correctly the extracts of Hannigan's speech he is asking for crypto software which falls over if you don't follow a strict procedure, or some such 'human" cause of failure. So you can have your secure crypto but ..."

They already have everything they need to go after targets. No crypto is secure against endpoint compromise and all the old school spycraft (shoulder surfing, infiltration, honeypots) still works; all the new school spycraft (hidden cams, tempest, decoding audio to narrow down password search spaces) still works; and all the bang-up-to-date spycraft (keyloggers, hardware compromise, certificate compromise, rng tampering) still works.

I totally support them going after targets. I shall totally resist the dragnet.

9
0
John H Woods
Silver badge

Re: chutzpah indeed

"legislation going through Parliament at this very moment which says "houses", plural, in fact every single household in the land, and beyond." --- 2+2=5

More to the point, they were already doing it even before legislation was proposed, let alone passed, that they should be able to do so.

3
0

Essex cop abused police IT systems to snoop on his in-laws

John H Woods
Silver badge

Re: Why

"Thirdly let the nerds who can say hand on heart that they haven't seen/found more that they should have been entitled to via DB/SA access cast the first stone." --- Gordon 10

Some time ago, walking the dogs at night, I looked up and saw my rather attractive air stewardess neighbour walk naked past her bedroom window. I'm pretty sure this does not give me an excuse to stand outside her house looking up in the hope of a repeat performance.

You might need to acquant yourself with the concept of mens rea.

"Lots of uninformed commentardery on this thread." --- Gordon 10

Well, some, at any rate.

1
0

Norman Conquest, King Edward, cyber pathogen and illegal gambling all emerge in Apple v FBI

John H Woods
Silver badge

Re: Off course Apple must help law enforcement

"Given the encrypted state of the phone they are trying to access, Apple should immediately assist the police in setting up a system that can be used to brute force the encryption. That is the best that can be done given the state of the phone. If the bad guy has chosen a good password this might take a long time." -- Steen Larsen

Let us enjoy the full majesty of your uninformed ad hoc reckon

0
0
John H Woods
Silver badge

"You may want to point to a legal precedent instead of making stuff up"

In case he can't be bothered with your somewhat rude reply, I looked it up for you: Bernstein v Dept. of Justice

3
0

Apple: FBI request threatens kids, electricity grid, liberty

John H Woods
Silver badge

"Really, it's not that different to a safe manufacturer cracking a safe" --- Pen-y-gors

Did you somehow miss all the coverage and comments? It's ok if you did, but you should either catch up or shut up.

3
1

Fifth time's the charm as SpaceX pops satellite into orbit

John H Woods
Silver badge

Re: Missing the point...

"Doing the same thing over and over again and actually getting a different result on its own is praised...as persistence." -- Charles 9

Indeed. In fact the stupid statement about insanity bugs me even when it isn't mistakenly attributed to Einstein. Ther original quote (in an NA pamphlet) is about making the same mistakes over and over again. Almost nothing that is worth achieving can be achieved without some measure of doing the same thing over and over again.

1
0

No more Nookie for Blighty as Barnes & Noble pulls out

John H Woods
Silver badge

I had a nook ...

... it could read almost any format, I could play puzzle games on it and even browse some of the less frantic websites. In fact it was too useful and I carried it everywhere, eventually resulting in it being trodden on by a horse.

If you have one, and this is going to affect you, I suggest you root it like I did, you've got little to lose, and a very cheap e-ink Android device to gain.

5
0

Samsung is now shipping a 15TB whopper of an SSD. Farewell, spinning rust

John H Woods
Silver badge

Correct - raid5 at this scale is a TERRIBLE idea :-)

1
0

There's a courier here says he's got 50TB of cloud data for you

John H Woods
Silver badge

"If my sums are right, it's way less than 100MB/sec" -- Adam52

A Snowball weighs about 23kg and could easily be checked as hold baggage on a plane. It would take a few hours to extract its 50TB over its 10Gb/s port. So by speeding up the shipping a bit you can probably get it anywhere it could be useful within a day, giving you about 600MB/s equivalent making it well over 100x faster than a T3 line.

Executed expeditiously, moving physical storage is faster than networking: always has been, and I think always will be. The Snowball is heavy (ruggedness & self contained PSU, etc) and is only about 2TB/kg, whereas plain old SSDs are > 10x the data per mass. A 747 full of SSDs travelling LON->NYC is probably a Snowball per second.

1
0

Bruce Schneier: We're sleepwalking towards digital disaster and are too dumb to stop

John H Woods
Silver badge

Re: It's gonna be difficult...

AC says: "not their fault, not many of them have engineering backgrounds"

Sorry but I disagree entirely. Most engineers, if tasked with learning relevant parts of national law; company procedures; business modelling; or technology currently outwith our experience, would simply settle down to learn what they could about it. Where they still didn't understand, they would identify someone who could advise, and ask them.

Nobody is asking legislators to know about Yagi antennas, microwave propagation, packet level protocols, database schemas, etc. Not having an engineering background must not be considered a be-all-and-end-all excuse for refusing to come to grips with matters for which one is responsible. We expect legislators to be able to consider medicolegal affairs without having a medical (or legal) background; social affairs without psychological qualifications; transport and infrastructure without civil engineering knowledge.

It is perfectly reasonable to expect legislators to be able to learn, to be able to consult, to be able to listen. The apparent fact that many of them can't means that they are unfit for their roles; no excuses.

PS: and yes, I would say the same applies to managers.

19
0

$17 smartwatch sends something to random Chinese IP address

John H Woods
Silver badge

Re: Optional

"Well, I for one, don't. Why? Just cos." -- Electron Shepherd

LOLLO

2
0

GDS gets it in the neck from MPs over Rural Payments Agency farce

John H Woods
Silver badge

Re: Internal IT

Is GDS even good enough to act in an advisory role?

1
0
John H Woods
Silver badge

Re: What could possibly go wrong?

"If GDS could cultivate a little humility, and hone their ability to listen, they might improve their record of successful delivery" -- BurnT'offering

^^THIS. Consultancy, my first ever boss told me, is a listening business. Stop trying to interrupt your clients with the solutions you want to sell them. If you think you've already got something to sell them before you've finished listening to them, you're already on the path to deliver them something they don't want --- and if you're doing your job properly you can't possibly have anything useful to tell them in the first meeting, because you simply haven't had time to think about it.

5
0

'Boss, I've got a bug fix: Nuke the whole thing from orbit, rewrite it all'

John H Woods
Silver badge

Re: Well, this article'll cause some arguments, eh?

"Once you start to use gotos because of lack of an exception mechanism in C, use it clearly. The lack of proper comments is appalling too - if you attempt to do somthing "smart", explain it."

Absolutely agreed. In fact if I had to pick the very worst thing about this code I'd say that the label err: is incorrectly named, everything that happens here seems to me (not a C programmer) about freeing resources. There seem to me to be three exit conditions: (a) success (b) packet length error (c) certificate length error. It looks to me like the first test looks for (b) error, the second for (c) then there is a block between the two snippets that is executed if those tests don't detect their errors.

Now I understand, from your comment and a quick Google, that there is no true exception handling in C, so we sometimes use the goto. So can't it work like this? (go easy on me, I'm not a coder)...

/* trap wrong packet length */

if (CBS_len(&cert_list) < 3) {

SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_BAD_PACKET_LENGTH);

ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);

goto finalise;

}

/* trap cert length mismatch */

if (!CBS_get_u24_length_prefixed(&cert_list, &cert)) {

SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERT_LENGTH_MISMATCH);

ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);

goto finalise;

}

/* code that gets executed if the exceptions above aren't encountered */

/* free resources */

finalise:

EVP_PKEY_free(pkey);

X509_free(x);

sk_X509_pop_free(sk, X509_free);

return (ret);

I'm not normally a fan of the goto and I might have preferred a nested conditional or maybe setting a variable to contain the current error type (or null if no error) and then branching on that lower down, depending on the prevailing style of the other code. But I understand they might have a place where there is no native exception handling.

3
0

Security real talk time: So what exactly do we mean by 'backdoor'?

John H Woods
Silver badge

Re: In a way it is an existing backdoor the FBI is looking to exploit

"Remember a backdoor, is exactly that, it is an entrance that gives full access to a house in exactly the same way as the front door." -- Roland6

Does the same key open both doors? Or is, as I believe as intended in the metaphor, the security of the backdoor weaker (or even non existent)?

0
0
John H Woods
Silver badge

Re: At the risk of being labelled a something-or-other...

"Every time. No shorthand. No lingo" -- AC

Whilst I get the import and largely agree with what you are saying, this is just not practical. Firstly, there's the issue of convenience. You've still got to talk about RAM, SSDs, CPUs etc. without having to spell it out. Secondly, there's the issue of being unable to prescribe, or proscrobe, language. Lay people are going to (continue to) use the term 'backdoor', whether we think they should or not. The best we can do is make sure that they know what it is.

My definition: "An always intentional and typically secret means of bypassing or weakening normal access control mechanisms"

2
0

We survived a five-hour butt-numbing Congress hearing on FBI-Apple ... so you don't have to

John H Woods
Silver badge

Re: Yes, you CAN remove the "non-volatile memory".

"So, just to clarify (this is not my field of expertise) and to wrap my mind around this: it would be possible to remove the memory chips from the phone and make a 1:1 copy of the data stored on the chips - but that would not bring you any closer to decrypting1) the data, so in this case it's pointless?" --allthecoolshortnamesweretaken

My usual explanation of brute forcing AES256:

Keyspace 2^256, average time to find key 2^255=6e+76. Allow a nanosecond per attempt (that's almost unfeasibly fast) and you need 6e+67 seconds. Allow ten million of those machines and you are at 6e+60 seconds. Find an as yet unknown algorithmic weakness in AES256 and award yourself a trillion trillion trillion fold speed up, and you get to 6e+24 seconds --- which is about 15 million times the current age of the universe (4.3e+17 seconds or thereabouts).

AES256 may not be invulnerable (and it probably isn't) but standard (i.e. non-quantum etc) brute forcing of the keyspace is simply never going to be possible.

5
0
John H Woods
Silver badge

Re: Trey

"It's an extreme analogy from Trey, but it is valid. "-- bazza

I disagree. I think the analogy is seriously flawed but if we must stick with it, it is more like this:

We have always been allowed to remove bullets from corpses for forensic purposes. These new fangled bullets wont come out without disintegrating, so they'll be forensically worthless. The bullet manufacturer does not have a tool to extract the bullets intact. Maybe they could create one? The trouble is that it would allow other people to remove other bullets from corpses, allowing the possessors of such a tool to commit crimes (more exactly destroy the evidence of the crimes they have committed).

Analogies have their uses, but the frantic - and largely [1] fruitless - search for a good analogy to describe the current situation makes me concerned that many of the people engaging in the discussion are simply not equipped to do so.

[1] the only reasonable analogy, IMHO, is the one presented by Richard12 above: the safe manufacturer can only open this one safe by creating a tool that would open very many of the safes they have already sold. But for the analogy to work, this tool has to be one that, once created, is easily stolen or copied.

11
0

Photographer hassled by Port of Tyne for filming a sign on a wall

John H Woods
Silver badge
Joke

Re: Not all security is like that, I'm not

"What I would instead do is quietly turn up a long way away on my bicycle (no ANPR records for a bike) and quietly photograph the place using a camera with a long lens peeping out through a hole in a bag. Even if I couldn't do this, a camera in a shoulder bag with a remote shutter release is not going to arouse the notice of security guards if all the photographer does is walk past without obviously taking photos (whilst snapping away with the concealed camera)." Dr Dan Holdsworth

Wait a minute there, fella ... This is information of use to a terrorist!

1
0
John H Woods
Silver badge

Re: Birds Eye?

"Or is it the peas? I never trusted peas." --- Huw D

they have a habit of winding up on the floor: escapeas

10
0
John H Woods
Silver badge

Re: Unfortunately...

"So go on, enlighten me. What offense has been committed... " -- AC

"Is there any comeback for what this actually is - namely illegal seizure..." -- Martin Milan

(Note: IANALBIPOOTI)

Pretty sure the law you're looking for is Trespass to Goods It's a tort, so the police cannot be involved, but I think the victim has a pretty clear case for a compensation claim. Wonder if any of the no-win no-fee guys fancy having a go?

7
0

Poor recruitment processes are causing the great security talent drought

John H Woods
Silver badge

Re: HR Dept

HR should simply not be involved in recruiting in anything but procedural details -- checking driving licences, security clearances, credit check etc. The idea that any of them should participate in, let alone conduct, any interview in which the technical (suit)ability of a candidate is addressed is ... well, it's beyond stupid.

29
0

Institute of Directors: Make broadband speeds 1000x faster than today's puny 2020 target

John H Woods
Silver badge

^^^^ strong contender ...

... for COTW and it's only Monday.

4
0

Phorm suspends its shares from trading amid funding scrabble

John H Woods
Silver badge

Guys ...

... 40 comments and no "Kill it, kill it with fire" or "Take off and nuke it from orbit" --- what's happened?

2
0

Dead Steve Jobs owed $174 by San Francisco parking ticket wardens

John H Woods
Silver badge

yes ...

... ironically if you use the phrase petito principii the people who misuse "begging the question" ask why you feel you have to use Latin

1
0

Raspberry Pi 3 to sport Wi-Fi, Bluetooth LE – first photos emerge

John H Woods
Silver badge

... and it would be even better if they did a 2 port model

10
1

Cook moves iPhone debate to FBI's weak ground: The media

John H Woods
Silver badge

Re: First Amendment.

"The term grasping at straws doesn't even begin to cover it ... Tim Cook better start packing his bag now, cos he's heading to the clink"

These two don't fit together; the first part suggests you think you have a stronger grasp of the legal issues than Apple's lawyers, but the second part suggests you don't even realise that Apple is, by challenging the ruling, behaving in a perfectly legal manner. I have to conclude that the latter suggests you are not quite the legal eagle implicitly asserted in the former.

3
0
John H Woods
Silver badge

Re: @DainB - FBI vs Apple

"The thing you did not understand is that I did not present any dilemma." -- DainB

We'll, about 12 hours ago (Reg, can't we have proper time stamps back?) someone used your account to do so, scroll back and you'll see.

5
0
John H Woods
Silver badge

Re: But who owns the device?

"I’m (obviously) not a lawyer, but I wonder whether the real owner has the legal and moral right ask for help picking the lock. Apple would then have the face-saving option of agreeing on the grounds that they are assisting the owner and not some evil third party, and that this could not possibly set a precedent for government to gain access to everybody else’s phone." -- Mark Simon

I'm afraid the ownership doesn't make any difference. When either the owner or the state has the phone they can legitimately examine the contents. However, the contents are gibberish without the key. The key is ALSO in the phone. But it cannot be extracted by Apple unless that company creates a tool that jeopardises the safety of other customers. Apple, if they are telling the truth, and it looks as if they are, have provided every assistance right up to creating that tool, and now they're asking the courts to dismiss an earlier judgment ordering them to do so.

"this could not possibly set a precedent..."

There is literally no way that this would be possible. For instance, owner asks Apple for help, Apple provides it. FBI asks Apple for help ... Apple say no on the grounds they only help owners? There is nothing any of the parties can do within a court case that will determine (or perhaps even influence) whether or not it later forms a precedent. Remember, precedent does not have to be binding, it can be merely influential.

0
0
John H Woods
Silver badge

Re: Apple is trying to convince us

"This is simply a marketing exercise to limit the damage to Apple caused by the Snowden revelations" --AC

So what? Person X says Y because of reason Z. I disagree with Z. I don't like person X; actually it's worse than that, person X did bad thing W.

What the hell does any of that have to do with the truth or otherwise of Y?

How can actual adults, moreover people who can spell, have passable grammar, can use a computer etc. make such absolutely trivial logical errors? I dream of a "logic auto-correct" that would just put wiggly red lines under all such braindead content, and when you hover your computer s̶q̶u̶i̶r̶t̶s̶ ̶w̶a̶t̶e̶r̶ ̶a̶t̶ ̶y̶o̶u̶ takes you to some web pages on elementary logic and makes you read them until you have wised up.

2
0
John H Woods
Silver badge

Re: Anyone heard of a "subpoena"?

"If Alice is a witness to Bob murdering Charlie, the prosecution most definitely can compel Alice to appear and testify (i.e. speak) in the case against Bob." ... "Don't post about the law unless you know how it actually works, " --- AC

I'm not sure the analogy is useful - in fact I think the way this sub-argument has progressed proves that. I think the AC you are attacking was making the point that there are already exceptions (refusing to self-incriminate by "taking the fifth") to what the court can compel you to do. Your point that they can compel you to do other things (testify against others) doesn't really counter his point. In this case, reluctantly continuing the analogy, the attempted compulsion is more like trying to get an expert witness to publish a book containing all their expertise rather than compelling them to help on a particular issue.

1
0
John H Woods
Silver badge

Re: It's not often I agree with Apple but...

"At this juncture I do not understand the difference between the opening of a physical safe to extract analogue information or the opening of a digital safe (read Phone) to extract digital information." -- Peter R. 1

Nothing wrong with asking Chubb to help you open that one safe, or with them doing so. But if, having assisted you in every way they can, the only way Chubb could assist further is by creating a safecracking tool which would open this safe, but also work on millions of the safes they have already sold, then I think it would be reasonable for them to contest being compelled to do so.

7
0
John H Woods
Silver badge

Re: @DainB - FBI vs Apple

DainB your logic is comical: you presented something as a dilemma, it was (correctly) pointed out to you that it was a false dilemma, and you respond it isn't because the second part is true? You do realise that whether two lemmas form a true dilemma or a false one is ENTIRELY independent of the truth of one of the given lemmas?

7
0
John H Woods
Silver badge

Re: FBI vs Apple

"You can of course continue fooling yourself that there is some kind of moral principles Apple is fighting for but in reality all they're fighting for is their profits. " -DainB

and your point is ... ? The motive and degree of hypocrisy of the proponent makes no difference to the validity or otherwise of the argument. Come on, we all learned that in big school, didn't we?

People arguing that Apple are merely chasing profits make an even more egregious mistake than not realising this is an irrelevance of hypocrisy: it is almost a counter-argument. If Apple make more profit by keeping their customers safe than they do by cooperating with the government, that is what their customers want --- it is very nearly democracy through the proxy of capitalism:

11
1

Building a fanless PC is now realistic. But it still ain't cheap

John H Woods
Silver badge

Cheating ...

... a friend reused an old chimney: all the noisy hot bits went in the chimney and all the sockets were extended to the living room: one custom wall plate with and video out (VGA it was that long ago) several USB sockets supporting mouse, keyboard, media readers. He did want to have a small "status panel" lcd but SWIMBO demurred. Looked bloody good though, and you could not hear the gubbins on the other side of the wall at all.

I've often wondered if one could create a single big fat cable (bundle) to carry, say 2 x USB3, 4 x USB2, 2 x 1Gb/s Ethernet, 2 x HDMI and just run it down from, say, the attic in a single piece of trunking. Is it even physically possible?

4
0

Apple fires legal salvo at FBI for using All Writs law in iPhone brouhaha

John H Woods
Silver badge

Re: One thing I don't understand

Brute forcing an AES256 bit key is out of the question: it would take on average 2^255 tries; allowing a minimum of a nanosecond per try; ten million of those amazingly fast computers with an algorithm that exploited an as yet unknown weakness yielding a trillion trillion trillion fold speed-up and it would take you more than ten million times the current age of the universe.

The only form of "imaging" I can see helping here is electron microscopy; imaging the data is a non-starter.

2
0

Apple fans take iPhone unlock protest to FBI HQ

John H Woods
Silver badge

Re: I want to be safe. Roll on the flames

"The need to keep me, my loved ones, my country and the world safe outweighs my "right" to keep my information secret. I consider this to be a "cost" of living in a society that is generally safe" -- AC

The need to keep me, my loved ones, my country and the world free outweighs state organisations' "right" to my secret information. I consider the tiny risk of terrorism to be a "cost" of living in a society that is generally free.

4
0

Lonely bloke in chem suit fuels Mars orbiter

John H Woods
Silver badge

maybe the fuelling should be performed by

this guy

0
0

Between you, EE and the lamppost ... this UK cell network is knackered

John H Woods
Silver badge

Re: First world problems eh?

When my teenage son pays for goods and/or services and they don't get delivered as per contract, I fully support him getting mad about it. I encourage him to deal with it calmly and professionally, because that is part of growing up; but I don't say "ooh, back in my day, people never had to abide by legally valid contractual terms, ooh, first world problems" because if I did he'd think, correctly, that I was an idiot.

19
1

Forums

Biting the hand that feeds IT © 1998–2017