* Posts by John H Woods

2367 posts • joined 14 Nov 2007

Q: How many guns to arm nine coachloads of terrorists?

John H Woods
Silver badge

"Does this mean there would also be 72 coachloads of virgins?"

648 by my reckoning.

2
0
John H Woods
Silver badge

Re: Isn't it more worrying ...

"The BBC just quoted the Detective in charge who made that comparison with coach loads of terrorists." -- Michael B.

If only journalists had some other function than simply repeating what they were told! But the most one appears to be able to hope for these days is that they will try to achieve "balance" by repeating what they are told from people with alternative viewpoints. The idea of actually trying to find out which viewpoint might be closer to the objective truth now appears a quaint notion fading rapidly into the mist of the past.

5
0
John H Woods
Silver badge

Isn't it more worrying ...

... that the BBC should be using this measurement when the arms cache in question was absolutely nothing to do with terrorism?

12
0

US DoJ files motion to compel Apple to obey FBI iPhone crack order

John H Woods
Silver badge

Re: Just give it to Google....

That's pretty condescending. Read my response again properly and you will see that it is a response to someone suggesting cloning the storage and running "a million emulators" --- so none of the side channel, timing attacks etc. are available.

I would not be at all surprised if the phone can be cracked. But I would be very surprised indeed if a dump of its storage could be, especially because resistance to known plaintext is a particular characteristic of AES256.

1
0
John H Woods
Silver badge

Re: Something doesn't compute

"Yeah right. I'm sure you would."

No need for hypotheticals --- one of the victim's mothers, Carole Adams, supports Apple in this matter.

5
1
John H Woods
Silver badge

Re: Honest Question

The 'serious' encryption is universally the XOR function -- No, it isn't.

The WWII Enigma machine had billions and billions of combinations in the 'keyspace', but because they sent weather reports in standard format, and ended with "HEIL HILTER", the nearly-infinite rotor settings fell out each morning in about 20 minutes. -- Huge oversimplification. Known plaintext played a role, admittedly.

Far too many people stop and stare at the key length, do the 2^N math, and are dazzled by the billions of years. That's why they don't crack codes that way. -- Correct. But AES256 is specifically designed to be resistant to known plaintext attack. The keyspace is about 10^77. You need one heck of a speed up to get anywhere near billions of years here, basically you need to know a fatal flaw: a 10^36 (trillion trillion trillion) speed up wouldn't bring the keysearch within the bounds of feasibility.

"It would be extraordinary that the iPhone 5C just happens to represent the first uncrackable encryption system. So many have claimed that, all have failed so far." So far AES256 has resisted attacks fairly well.

You've made a lot of very authoritative sounding statements without supporting evidence.

1
0
John H Woods
Silver badge

"

"Perhaps you're right. But don't forget 'never ascribe to malice that which can be ascribed to incompetence'"

Given that it is now being claimed the password was reset whilst in "government" custody, the level of incompetence is starting to become less believable.

1
0
John H Woods
Silver badge

Re: Just give it to Google....

"I also like the idea of cloning the storage and run a million emulators to brute force it..."

Do you know how big 2^256 is? If, as is suspected, you'll have to, on average, search half the keyspace before hitting paydirt, that is 2^255 or about 6e+76 key attempts. Let's say you can do one per nanosecond (you'd need a hell of a computer, but let's say). That makes 6e+67 seconds. Let's say you have ten million of those computers. That means it'll only take 6e+60 seconds. Let's say there's a weakness in AES256 that you can exploit to give you trillion trillion trillion fold speed up. Now it's only going to take you about 6e+24 seconds.

That's only about 10 million times the current age of the universe.

1
0
John H Woods
Silver badge

Re: Something doesn't compute

"How would you feel if someone you loved got murdered and Apple refused to play ball?"

How would you feel if someone you loved got murdered because Apple did play ball? For instance someone that ISIS wanted to target, and who was very careful and discrete, is nevertheless killed because one of their kids lost their iPhone and it ended up in the wrong hands?

7
1
John H Woods
Silver badge

Re: I can see both sides of the argument...

"Quite often thought needs to be given the to the "old way" of doing something, and compare it with a contemporary problem to try and justify what is right and what is wrong with, in this case Tim Cook's stance" -- Ken Moorhouse

A perfectly sensible approach ... but ...

"Let's say someone lodges an incriminating document in the vaults of a Swiss Bank. Would the bank accede to compelling legal requests to release the document?"

Ah, now that's the problem. If you are going to use analogies to form conclusions to the original case, they have to be analogous in the relevant respects. Try this.

A Swiss Bank vault may contain a document of as yet unknown value. There are four ways to open the vault

a) the emergency code, which is well known but will destroy any such document

b) the secret code to the vault, the knowledge of which has disappeared with its deceased owner

c) cracking the door lock somehow

d) drilling through the concrete into the bunker.

Now, the FBI, aided by the DoJ, want to do (c) but they want the vault manufacturer to make a tool which will open this vault. However the vault manufacturer demurs on the grounds that such a tool will open many of the vaults they have already sold.

If there's a good chance the document contains the date, time and location of a nuclear attack, then why not just drill (i.e. attempt to use electron microscopy to read the required info that the chips won't divulge). It's expensive but it might be worth it.

In this case, it's pretty unlikely there is such a document. Vaults known to have been used by the deceased that probably did contain such documents have been destroyed by him. He shared this vault with someone else (his employer) so he probably didn't put any incriminating documents in it.

So it's probably not worth doing (d). And if it's not worth doing (d) I'm not sure it's worth doing (c). However, because the US govt doesn't care about any of the other vaults, bizarrely including the ones belonging to citizen that it is its duty to protect,it is going to insist on (c).

It seems to me that the only thing the vault manufacturer can do is comply with the order but I think they have a reasonable case that the cost of this isn't just the tool, but the necessity of offering free replacement vaults which are invulnerable to that tool to all its existing customers.

3
0

Feds look left and right for support – and see everyone backing Apple

John H Woods
Silver badge

Re: Optional

You are suggesting that:

A1. There is a supporting network behind terrorists (I agree with this assumption)

A2. ?

A3. ?

<then some logic>

Therefore: It is "intellectually dishonest" to question why the reaction to terrorism is disproportionate.

I won't call it dishonesty, but the logical fuzziness here is all yours. My view is that some liberty is sacrificed for security. I'm satisfied that it is proportionate that I can be compelled to produce a DNA sample if I become a homicide suspect. Well, I'm against homicide you see, terrorist or otherwise. But, given the relatively low risk of homicide, I don't think it is proportionate for the government to track me everywhere I go and monitor everything I do. Even if I thought no harm could come of it (and I don't think that) it would be a massive waste of state resources.

I don't think that everybody should be made more vulnerable to bad actors (criminals, terrorists, foreign spies) on the off chance that it makes it easier to catch the same. Principally because any remotely competent members of these groups cannot be caught by compromising my privacy anyway.

3
0
John H Woods
Silver badge

Re: rip out the SSD

I do hope you are not the same AC I just flamed, I'm beginning to despair.

5
0
John H Woods
Silver badge

Re: Would amuse me that after all this fuss...

You appear to be arguing that I'm wrong but: (1) your statement that nuke secrets leaked because of Soviet infiltration does not prove the Chinese or other non friendly states can (or have) not infiltrated Apple -- indeed it rather suggests the reverse; (2) an ad hominem about "the Left" doesn't advance your argument very much. Tell me again why you think the exploit kit won't leak.

2
0
John H Woods
Silver badge

Re: rip out the SSD

"If they need the info that bad then they should just rip out the SSD and brute force it. It's common for hard disks to be examined in this way so why does this need to be anything different" -- AC

It's understandable that you don't get how it works, it's technical and complex. It is, on the other hand, utterly incredible that you can pull an idea out of your arse in 5 minutes and think that the FBI has not considered that approach in the months they have had the phone.

13
1
John H Woods
Silver badge

Re: Optional

"In short, are you willing to die for your principles?" -- Neverwas

Aren't you? Maybe should have another name for them.

7
0
John H Woods
Silver badge

Re: Forced Labour

"Don't be silly. Courts the world over order the disclosure of "evidence" from innocent parties every hour of every day."

Don't be silly yourself; Apple is not refusing to disclose evidence. They are refusing to build an Apple-cracking machine in much the same way Chubb would probably refuse to build a safe-cracking machine, even if the government said it would pay for the work.

3
1
John H Woods
Silver badge

Re: Optional

"Tell it to the families and loved ones of the 14 dead...."

Why are the terrorist dead so much more important than those in school shootings? In RTAs? Being poisoned by the water suppliers? Responses need to be proportionate and despite the Department of Lets Big Up the Jihadi Threat the statistics really show that to be negligible in the USA and Western Europe.

"I can see it now, sales of idevices to terrorists goes through the roof."

If you think serious terrorists cannot communicate in unbreakable undetectable ways, perhaps reading some John le Carre novels might help; all that cold war tradecraft is in the public domain, you know.

9
1
John H Woods
Silver badge

Re: Would amuse me that after all this fuss...

"never leaves the lab" is not possible. Even the NSA couldn't stop Snowden, the OPM couldn't stop the Chinese and remind me how long "how to build a nuke" stayed secret from the Soviets.

The Chinese would have a copy of this tool within seconds of it compiling.

19
1
John H Woods
Silver badge

Just seen on Viz Top Tips ...

FBI. Apple not cooperating? Simply call Bono. He got into everyone’s fucking iPhone without permission.

12
0

Facebook and Twitter back Apple's privacy stance

John H Woods
Silver badge

The FBI are increasing the terror risk ...

... if they were to be successful, any person in a remotely sensitive job will be at greater risk of terrorist attack if they, one of their friends or family members has their iPhone stolen.

2
0

Confused as to WTF is happening with Apple, the FBI and a killer's iPhone? Let's fix that

John H Woods
Silver badge

"Then the FBI will put out a story that he coughed up the PIN" --- Gordon861

Now THAT would be a story!

1
0

Terrified robots will take middle class jobs? Look in a mirror

John H Woods
Silver badge

Re: GPs

"So, NHS, perhaps there's an opportunity for you - recruit not fully qualified doctors but disillusioned techies?" -- MyffyW

Isn't this what they are doing with 111 agents? But I've always thought you were right, GPs need to be "people people" and prepared to refer to other experts!

0
0

Why Tim Cook is wrong: A privacy advocate's view

John H Woods
Silver badge

"I don't have my life on my mobile. I don't use it for banking. I very rarely use it for securely accessing any web sites. If spooks are transfixed on my phone, then good luck to them." -- msknight

is approximately equivalent to

"I have nothing to say, so I don't care about freedom of speech"

16
1

Five Eyes nations must purge terrorists from the web, says Theresa May

John H Woods
Silver badge

I think she should concentrate on killing bees and wasps ...

... they kill more people in the UK than terrorists, and she is the HOME secretary.

23
1

All-American Apple challenges US gov call for iOS 'backdoor'

John H Woods
Silver badge

Re: Reverse engineering not possible?

"Surely, with their resources they could reverse engineer these devices to allow them to brute force the encryption." -- alcopops

well, they could use electron microscopy perhaps, depending on any counter measures used by the crypto hardware. Now that would be a specific-to-the-object approach. If the material is that important, then this is what they should try.

0
0

UK to stop children looking at online porn. How?

John H Woods
Silver badge

Re: Stupid or lying?

"You don't get to be in the top 0.1% by being stupid."

I'm afraid a certain number of things: private schooling (and the old-school tie links), nepotism, cronyism, parental wealth (and the consequent ability to do N years of unpaid internships amongst other things) mean that really it very much is possible to get into the top 0.1% whilst being stupid even if not because of it.

Furthermore, characteristics such as charisma (especially media-facing), (apparent) sincerity, ability to form soundbites, knack of detecting the source of power and willingness to suck up to it are all very much more important in this line of work than intellectual horsepower. It seems to me that what you actually need to be (and to do) to become a UK MP almost tends to preclude the kind of people who would contribute most as our representatives and legislators.

33
1
John H Woods
Silver badge

Re: Wanna stop kids looking at porn?

" ... the fictional rubbish that makes up porn fantasies." --- msknight,

Yeah, have you ever tried getting a washing machine repair man round within five minutes of phoning?

(yes I know it's an old one ...)

14
0
John H Woods
Silver badge

What's the point of blocking porn...

... when many of the parents clamouring for it allow their primary schoolers to play 18 certificate games?

13
0

Ofcom must tackle 'monopolistic' provider BT, says shadow digital minister Chi Onwurah

John H Woods
Silver badge

Re: Competition is great...

"Virgin reach most UK homes with their network." -- AC

Well I think it's only just over half, so 'most' might be technically accurate but it's a bit misleading.

0
0

The Nano-NAS market is now a femto-flop being eaten by the cloud

John H Woods
Silver badge

Re: Agreed on all counts

Pascal, I agree with all this but I think RAID5 is a very, very bad idea at these disk sizes. If one of your drives failes, a single Unrecoverable Read Error on one of the other three drives is going to kill your array. If you are using WD 3TB Reds, with a URE probability of 1e-14, and one drive fails, the chance you can rebuild your array is less than evens [1].

Add to that your rebuild time (days, I should think), you have a significant possibility of a second disk failure (especially if you haven't sourced your disks from different batches).

In my opinion you'd be much better off using RAID10 [2] and getting 6TB. You've lost 33% of your capacity but really increased your data safety. Although of course, RAID <> Backup :-)

[1] Chance of success, simplifying somewhat, is no better than the chance of reading each bit successfully (1-prob(URE)) raised to the power of the number of bits 8 x number of disks x capacity of disks; i.e. (1-1e14)^(8*3*3e12)= 48.7%

[2] Although I'd be tempted to use RAIDZ2 rather than a HW RAID10

0
0

Coding is more important than Shakespeare, says VC living in self-contained universe

John H Woods
Silver badge

Re: Tell me

"Tell me ... why learning Shakespeare is so important?"

You aren't -- or at least shouldn't be -- taught Shakespeare to enhance your writing style, even though it may help. And perhaps it may not help you, but perhaps there's an author you admire who would say it helped them?

Anyway, the reason it's still around is that enough people think it's great. Same reason people still watch Casablanca; enjoy box sets of Blackadder; listen to the Beatles; play retro video games; read Dickens; etc. etc. You get taught it in school -- or at least should be -- to get an opportunity to see if you, too, might enjoy it. Unfortunately the way it is taught sometimes adversely influences that.

We should also remember that the Arts make serious money in the UK, so even if you only measure utility through monetization (I don't) there is still value to be had.

3
0
John H Woods
Silver badge

"I replied to an article entitled "Coding is more important than Shakespeare", stating that I prefer coding." -- Bahboh

I agree that those are the first words of the title, but its meaning is altered by including the phrase after the comma (just like this sentence).

You stated: "My own creativity is expressed not through writing plays, but through writing code to make programs." That's absolutely fab, I'm glad for you and completely understand where you're coming from. In fact, I doubt anybody here would criticise you for that. But, more pertinently, the article does not imply such criticism, so your response to it is at best irrelevant (like saying says "I'm a vegan" when someone asks if there's a doctor in the house) and at worst a misinterpretation of the argument it contains. That, in your original comment, confirmed by your misquotation of the title in this one, is the reason I question your comprehension.

Then you say "I am surprised that the Register does not think that is a valid use of my time." Now where do you get that from? Even if you agree with VK that all literature lessons should be replaced with coding lessons, you cannot sensibly claim that people who reject this premise must think that coding is not a valid use of anybody's time. This is why I impugn your grasp of logic.

40
0
John H Woods
Silver badge

Re: Shakespeare? who is he anyway?

"The difference is, of course, that not knowing the things that you mention doesn't imply ignorance, whereas a lack of appreciation of the wonders of Shakespeare's language apparently does." -- Bloodbeastterror

It tells me that either you haven't had the opportunity to enjoy Shakespeare, or you have, and have decided you don't like it. Neither of these would lead me to conclude you are an ignoramus. But let me try something on you [I've changed the line breaks so it's more obvious how it reads]:

The quality of mercy is not strained;

It droppeth as the gentle rain from heaven upon the place beneath.

It is twice blest; it blesseth him that gives and him that takes

This means that mercy cannot be compelled: it has to be freely given and, when it is, it benefits both the recipient and the originator (it's actually a plea for a character to show mercy whilst understanding that the same cannot be demanded). The first line, however, could also be used to attack an apparently generous decision that was actually not a free choice: a shopkeeper acting as if they are doing you a favour by exchanging a faulty item, or whatever.

Now your response:

a) I understand it now, but I still don't like the archaic language, this isn't for me.

b) cool, I didn't realise Shakespeare was so great / relevant / beautifully written!

c) actually I disagree that's what it means, doesn't it mean ... ?

d) I still think it's overrated, and probably not so relevant to modern society.

e) who gives a shit? Nobody should learn this crap, they should concentrate on $SUBJECT because that stuff matters and this doesn't!

Only one of these answers would lead me to the view that the respondent was an ignoramus.

14
1
John H Woods
Silver badge

Re: Shakespeare? who is he anyway?

"If even 5% of El Reg readership, or even the general public, could name the play from which these now-everyday quotes are taken I'll eat my hat." --- BloodBeastTerror

I think you might be underestimating the commentardariat. The plays are not incomprehensible - watch Baz Lurman's film "Shakespeares Romeo and Juliet" and tell me you don't understand it. Sure some people use their knowledge of Shakespeare to show off, but that doesn't mean that others don't enjoy it.

The real flaw in your premise is that it doesn't imply any valid conclusions. 95% of the El Reg readership, or the general public, couldn't name all the bones in a horse; all the particles in the Symmetric Theory; all the storage array technologies; the artists of the Precisionist school; the key mineral bearing ores; the human oncogenes responsible for most cancers; etc. etc. Does it mean that nobody should know this stuff? If we consider useful knowledge to be restricted to that which 95% of people know, eventually nobody would know anything (although civilisation would have ceased long before that point).

38
2
John H Woods
Silver badge

"My own creativity is expressed not through writing plays, but through writing code to make programs ... I am surprised that the Register does not think that is a valid use of my time." -- Bahboh

If that's indicative of your grasp of (a) comprehension and (b) logic, I hope I never have to come across any of your code.

64
7

National Pupil Database engorged to 20 million individual kids' records

John H Woods
Silver badge

Re: Remove names

"A full postcode is far too much information" -- Tromos

Correct: it applies to, IIRC, an absolute maximum of 70 letter boxes. [Edit, maybe 80. But still not very many when you have other identifiers to narrow it down].

2
0

Hold the miniature presses: Playmobil movie is go

John H Woods
Silver badge
Joke

Re: @Simon Harris - Lego movie and lego batman, star wars etc

"But will it be 187.5% better?" -- Graham Marsden

No. It will be 87.5% better, or 187.5% as good as the original. But I'm wondering if this is a rather one-dimensional approach to comparing the two?

7
0

Don't mention the F word: Adobe releases Animate CC

John H Woods
Silver badge

Re: Bah!

Ali Um Bongo: "Up to two thirds" and "under two thirds" are functionally equivalent... to them wot can actually do English

Mathematically yes. But they can carry a suggested value judgement; for instance, generally speaking, people will use "up to two-thirds" when the ideal would be greater and "under two thirds" when the ideal would be lower.

1
0

Ex-TalkTalker TalkTalks: Records portal had shared password. It was 4 years old

John H Woods
Silver badge

Re: Not just Talk Talk

^^THIS

Unfortunately the banks, utilities etc. and everybody who is always nagging customers to "be safe" have been the principle agents in softening up people to the point they'll answer all manner of personal questions on the phone. I never [1] take such calls.

[1] I'd be prepared to take a call from an entity that could prove it's identity, and we all know that it is technically possible, but I have yet to come across one that actually can.

2
0

We're going to use your toothbrush to snoop on you, says US spy boss

John H Woods
Silver badge

Ahem...

... shouldn't the NSA be operating to tighten the security of these things to protect US consumers?

4
0

Security? We haven't heard of it, says hacker magnet VTech

John H Woods
Silver badge

IANAL(BIPOOTI) and I think it is extremely unlikely that there is any country on earth which allows contractual terms to overrule its national legislation. Certainly in the UK it is absolutely the case that it really doesn't matter what companies put in their contracts, if it contradicts the law, it's dead in the water. Restocking fee? No. Must be returned in original packaging? No. etc.

7
0

Don't Fedex your tapes, people! We're so fast it's SANdulous – WANrockIT

John H Woods
Silver badge

@SolidSquid

In that case, rust is only about 8TB/Kg, compared to about 30TB/kg for SSDs.

100 tonnes of Samsung 850EVO 2TB SSDs at 66g is 3EB which I rounded [1] to 2EB; 100 tonnes of WD Red 6TBs at 753g is only 0.8 EB

[1] We probably need packing overhead but, in any case, when I'm guestimating I like to go for what I call 'currency logs' in other words, chose a 1, 2 or 5 then a number of 0s. I find this is a good compromise between the intuitiveness of 'order of magnitude' and the difficulty of, in situations like this, getting enough precision for even 1 significant figure (although I've never really been sure whether the choice for first digit should include '8').

0
0
John H Woods
Silver badge

"How does it compare with FTPing a tape image? Or even the classic "747 full of DVDs (or Bluerays)"

The bandwidth of a 747 full of media is well in excess of 10TB/s [1] so the raw transmission time for 1GB is less than a millisecond. A motorcycle courier can manage 1GB/s (i.e. 10Gb/s) London to Edinburgh.

Ping time is several hours though!

I cannot remember a time in the past (nor envisage one in the future) when any networks had a higher bandwidth than the movement of contemporary physical media.

[1] A 747 can carry 100 tonnes of cargo (I think), a 2TB SSD weighs less than 100g including appropriate packaging, meaning that is 2 Exabytes per Jumbo, say 8 hours for a LON->NYC flight time and 2 more hours handling time, around 50TB/s unless my maths is letting me down.

6
0

Government hails superfast broadband deal for new homes

John H Woods
Silver badge

What is "superfast" broadband? Does it just mean > 12Mb/s of ADSL on POTS?

I'd say 2(N+1) Mb/s, where N is the number of bedrooms in a property, should be the absolute minimum.

0
0

Forums