* Posts by -tim

552 posts • joined 10 Jul 2009

Page:

Australia joins the 'decrypt it or we'll legislate' club

-tim

Re: Sigh ... Oranges are not the only fruit.

USENET already has lots of encrypted data flowing around. At least as long as it last as there are now only 647 usenet servers listed in the "top 1000".

Decades ago I needed to reduce bandwidth so I wrote a program that would take images and drop them to 6 bit gray at about 100x100 and then checksum that to see if it had recently been seen. There were a bunch of images that reduced to the same checksum but had different checksums on the original images. On group of them had single color borders about 20 pixels thick but the encoding of the image wasn't typical of "make the next 1000 pixels light blue" but was more like "5 pixels of light blue", "2 pixels of the same light blue" and so on so somehow someone was encoding data into those images or they had the worst image encoding library ever.

2
0
-tim
Facepalm

Clipper chip sails again

Yet another attempt at the Clipper Chip nonsense.

I've been tempted to come up with the "King James Bible Encryption" and hack it into openssl. It would use AES but split the encrypted data stream into 14 bit chunks and then looks up a Bible verse and sends that along. So if AES would produce binary 0000 0000 0000 00, the packet would contain "In the beginning God created the heaven and the earth." That will let the lawyers argue religious freedom vs bad laws about mathematics.

1
0

Oracle open-sources DTrace under the GPL

-tim
Coat

Re: Methinks ...

"NOTHING that they were talking about had anything at all to do with the decisions about CPU design changes that were already in the works at Intel, AMD etc."

About that time CPUs were getting fast enough that the average program was doing enough system calls that the multitasking interrupt was no longer the major cause for the kernel to shift things around. Sun had already announced their newer processor and it included lots of performance improvements for doing things like flushing page tables and switching between system mode and user mode and between cores. Intel at the time was still trying to catch up in the server market and introduced their solutions to those problem about 3 years latter. At that time Intel was trying to break into the server market and at least one of the people in the thread did architectural work at Intel.

3
1
-tim
Boffin

Re: Methinks ...

Some of what they were debating in that thread 2 decades ago resulted in the Meltdown/Spectre mess we have now.

There are also some other interesting things in that discussion. The Linux TCP stack was faster than the SunOS one at the time because Sun used a modular network stack based on isolated layers of the Streams concept while Linux allowed for anything that worked fast to be in the Kernel. Oddly enough the instance of preserving the modular layered nature of the Linux file system layers is why the Linux ZFS port is behind other operating systems and still would be even if Oracle reopened the source for that.

That "ancient thread" has a large number of familiar names that are still active.

11
1

A computer file system shouldn't lose data, right? Tell that to Apple

-tim
Boffin

There are other very serious bugs

It appears they have installed another layer in the file system starting around 10.10.

I have a FAT formated USB stick and from the command line this often happens:

$ cd /Volumes/RED8/

$ ls

.

Opps all the files are gone except they aren't. Things like "ls -s | sort" won't work at all sometimes yet ls -s sometimes does. There are plenty of online complaints about this but most seem to think it is related to the shell which it isn't.

I don't know what that extra layer does but I expect it might help protect flash drives from being pulled out without being turned off first or related to their new file system but that is pure speculation. Maybe Apple should have used some of its huge pile of cash to by Larry a new boat and then roll out ZFS properly.

1
0

nbn™'s HFC fix will see connections tested from March to July 2018

-tim
FAIL

HFC = Cable TV network

We had the overgrown Cable TV network connection installed at the office and the speed was about half the speed of the ADSL. They couldn't switch it back and they couldn't fix it. I ordered a new ADSL service via Internode's online system and once that was installed, I canceled the HFC. At least there are some options for going back even if they powers that be claim there aren't.

0
0

Australia's new insta-pay scheme has insta-lookup of any user's phone number

-tim
Alert

No Privacy Payments?

So a hacker has to send 100 million request to enumerate all phones in the country?

If their API can talk over the phone network, that would nearly use a months data on most of the lower end prepaid plans. Without a rate limit and a good network (say a Not Built Network 1G plan), that should take a few minutes.

Why is there so much ignorance about side channel attacks? So they have a rate limit. My bank card also has a rate limit but if someone hacks a grocery store, all they have to do is try all cards with pin 1234 the 1st day, 8520 the next day and in 30 days they will have 30% of all card PINs without hitting the rate limit on any card.

1
0

From July, Chrome will name and shame insecure HTTP websites

-tim

Re: Let's encrypt?

@Alain,

You seem to be one of the few that looked into certbot and I see you have your own reasons not to run it on your systems. I don't like the idea that the default install can update the script and replace it with something else running as root. While there has been care to make that harder to MITM, anyone who can get a bad cert installed in the system CA chain might be able to p0wn the server. It is a big enough target surface not to have thousands of people working on that right now.

On my virtual host servers, I use dehydrated which is a simple shell program running as its own user.

I trust all CAs equally but see them as a necessary evil. As soon as I find one that doesn't have a spook or former spook high up in their management, I might trust one more than the others.

1
0

nbn 's CVC discounts worked - ISPs splashed for 38 per cent more bandwidth

-tim
Unhappy

Still way overpriced?

Perhaps someone from El Reg should look into why the CVC pricing model isn't more like a peering point exchange than and old school ISDN link? IX-Australia now provides 1gb for $350/mo or you can opt for the 10gb plan also for $350/mo but that is only in data centers. The NBN is still charging a link cost in addition to over charging for the CVC by a factor of about 500 and they are effectively a distributed peering exchange.

3
0

Tall, slim models are coming to take over dumpy SSD territory

-tim
Coat

Where is the backwards compatibility?

For some odd reason, there seems to be some very odd backwards compatibility in hardware formats. For example 8x 3.5" drives will fit nicely in an 8" disk drive case yet 8 inch floppies were very hard to find by the time the 3.5 inch drives were introduced. Some of the ill fated 2ish and 3 inch drives could fit four in a 5.25 half hight drive bay.

While the Intel ruler format is long, it still is about a connector width shorter than the old 8" drives which happens to be about a nano-light second.

/mines the one with about a million 1 x 2 x 3 mm drive chips lost in the pocket.

1
0

Trump White House mulls nationalizing 5G... an idea going down like 'a balloon made out of a Ford Pinto'

-tim

Just like the Aussie Not Better Network?

Having just one group building a shared network should be more efficient, quicker and cost less. Reality says that doesn't happen. See Australia NBN as an example.

4
0

Security hole in AMD CPUs' hidden secure processor code revealed ahead of patches

-tim
FAIL

BIOS updates? What BIOS updates?

I have a stack of machines that will never ever see a BIOS update again. Anything over about 2 years old won't ever see one either.

Anytime someone says something will be fixed in the BIOS, it means it will never be fixed on at least 99% of the machines that have the problem.

What happened to BIOS initializing enough hardware to load the boot block and then handing everything else off to the OS which should reset everything and start from a blank slate. The OS is much easier to patch and it should be able to do anything the BIOS could.

88
0

Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs

-tim
Facepalm

I will get worse...

If you can play two cores off of each other, there will be a way to convince the inter-cpu cache controller to write the cache line back to ram after it has been modified depending on the architecture. I'll call that hack "psychopathic breakdown"

1
0

We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

-tim
Facepalm

Old is new again?

Theo from OpenBSD had a rant about Intel and similar problem in 2007. https://www.theregister.co.uk/2007/06/28/core_2_duo_errata/

And people say I'm crazy for using SPARC.

56
2

Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

-tim
Facepalm

Re: Crap indeed

A problem seems to be that the data is feed into the data pipeline (and L1 cache?) via speculative execution. To simplify the problem... if you have some code like:

if(false) {

x=some data that shouldn't work

} else {

do something slow

}

y=some data that shouldn't work

The x= gets the data loaded into the cache while the slow code is slow enough to make sure it gets there. Then the y= pulls data that is in the cache (and whatever makes up the other 64 bytes in its cache line) and that might not be checked against the permission bits in the virtual memory tables. I can't think of any situations where the x86 does speculative writes that would hit memory so this should be limited to reading data. The trick might work to slow down memory sharing on multi-core systems. x86 I/O sometimes is read based so that reading a memory location could resets a counter or buffer and that would be a problem limited to some i/o device. If someone can come up with a way to have the speculative data being read and then written back through the cache, the security game is over.

1
1

Oracle swallows sales spurt from one of its niche categories: Cloud

-tim

Leased hardware?

"Most of what is in our revenue base did not come from our on-prem user base," Hurd said. "We are hopeful we will start to see a higher percentage of Oracle's user base moving."

So they want to lease hardware in place of selling it?

Their lowest SPARC offering today is 4.4 million percent faster than what was using when I first built a version of the current systems for my employer. Even though the new machine is a quarter of the price, I simply don't need that kind of performance. What I do need is a small telco ruggedized server appliance. While I would love to have the new SPARC processor's features like encryption and compression between the CPU and RAM, I don't Need it.

0
0

As Apple fixes macOS root password hole, here's what went wrong

-tim

Can this be used to set a password?

Does this mean after a fixed number of tries, the password might be able to be set to something and then if the patch only works if the encrypted password hasn't been set, it means someone could have added a backdoor that won't be detected or fixed?

0
0

Vodafone's NBN plans may include voice-over-WiFi, virtual landlines

-tim

Why no wifi phone? We are the customer

Phones don't have the wifi phone features simply because end users aren't the main buyer of phones. The major buyer of phones in most places in the world are still the carriers who still see their land line business as part of their core and wifi as a threat to that. There is more than a decade of solid evidence showing that land lines are going the way of the dodo and yet they persists. Even companies like Vodafone who have no land line business at all in many countries seems to operate the same as all the other phone companies. Fixed cable TV and Fixed line phones are dead, it isn't a matter of if, but how soon. They need to start treating data networks as data networks and not over grown phone companies or cable tv operations.

1
0

Mauritian code-cutters to help deliver TLS 1.3

-tim

Re: Broken by design then.

Its also broken by design so that users can't plug in their own block cipher, hash or public key encryption. The days of enumerating a few options just to save a byte in a startup packet are long gone and the concepts of plug in ciphers are well known and offer options once something falls to the crypto gods. If my client and server want to do AES512 with 20 rounds, the protocol should allow me to add a config line saying prefer "AES512_20rounds-GCM-SHA512_160rounds" without breaking anything. Right now, the client and server software need to be hacked, and ID type that will conflict in the future will need to be added, the crypto libraries need to be updated and then everything has to be recompiled. That process is why there are so many broken systems out on the web today.

0
0

Security pros' advice to consumers: 'We dunno, try 152 things'

-tim

Email - why html?

It is amazing how clear scammy email is when you use a very old email program that only does text. Things like Pine are great for that. Even old school mail isn't going to get p0wned but it is so clear.

1
0

How to make your HTML apps suck less, actually make some money

-tim

If only ...

Had some smart people figured all this out in 1970s and published a book about how humans cope with slow interfaces, all this would have been avoided.

Its almost like a mythical man microsecond just magnified 32 billion times.

0
0

nbn™'s problems were known – in 2008, a year before its birth

-tim

Re: NZ vs Aus

If you discount any square KM that has 0 population, the population density argument goes away as the rest is more densely populated than the USA, Russia or Canada if you use the same metric. Australia is a very densely populated area with large amount of nothing in between. The nothing in between is cheap to cable.

8
0

Oracle users meet behind closed doors: Psst – any licensing tips?

-tim

Dear former Sun:

I need you to get a pair of T8-1 in every major IT department in every university in the world.

A stripped down T8 on the cheap would be great too. Can you do a T8-.0001 for under $2k?

Thanks,

One of your real customers.

0
0

BOFH: Oh dear. Did someone get lost on the Audit Trail?

-tim
Flame

Shredders?

The base I worked at had a paper shredder model number 007. I've seen a hard drive shredder that started out life tearing apart some sort of military equipment as it started out crushing, then shredding followed up with a few hours of incineration. That thing would cope with a 14 inch disk pack complete with the cake cover.

4
0

Q. Why's Oracle so two-faced over open source? A. Moolah, wonga, dosh

-tim
Coat

Closed vs open source email server costs?

When the US Govt decided they needed a standard for email in about 1990, they came up with a X.400/X.500 based thing covered under a butchered standard called GOSSIP. Those systems in 1992 costs about $50,000 for the license and another $20k just to find someone who could drive the thing. The $100k worth of VAX, Sun or other hardware was on top of that. Much of oddness in Microsoft exchange was a result of them trying to comply with the odd changes to the X.400 protocols. Open source SMTP was allowed as a migration strategy and most places shifted to that and never looked back.

6
1

How bad can the new spying legislation be? Exhibit 1: it's called the USA Liberty Act

-tim
Big Brother

Some WWII refugees welcome

It wasn't just the rocket and nuclear scientists that the US government worked very hard at importing during and after the war. The FBI had an entire group of people who had been involved with the collection and correlation of information on people from European countries. The OSS and DIA were formed with a number of people who had worked for other countries gathering intelligence on their citizens.

7
0

Home Sec Amber Rudd: Yeah, I don't understand encryption. So what?

-tim
Facepalm

How hard can it be?

Even Caesar understod a cipher.

6
0

SPARC will fly: Your cheat sheet for cocktail banter at Oracle's upcoming shindig

-tim

Re: Even x86 is an option for legacy SPARC, these days

Mark 110,

One of the reasons I use SPARC is because it can't run code on its stack. That makes it immune to a class of attacks that can bypass firewalls. It is much harder to write Return Oriented Programming exploits for SPARC (and MIPS and ARM and POWER) than it is for X86.

It is also a much smaller target than x86 for hackers so they often just skip the systems.

Code development is just like Linux. Linux has always copied many things from Solaris and while Linux supports far more hardware, is it still catching up with 10 year old features from Solaris such as ZFS and Dtrace and Basic Security Modules. I can get an Linux system to audit every system call but the machine will be so busy doing audit work, it won't be able to do any real work. Any program that will compile on FreeBSD and Linux will most likely compile on SPARC without issue except for the coders that don't understand the "all-the-world's-a-VAX syndrome".

The disadvantage of SPARC today is that I simply don't need the new hardware. I figured their current 1RU offering is something on the order of 4 million percent faster than the $70,000 Suns we had in the mid 90s. Their newest 1RU box would replace a rack and a half of the last new 1RU SPARCS we bought new for the price of 4 of the those machines. I need more than one box for hardware failover, and my load isn't close to stressing the thing out.

I don't see SPARC increasing share unless they come out with a low cost appliance server but I can't see Oracle doing that.

3
0

Solaris update plan is real, but future looks cloudy by design

-tim

The more things change in IT, the more they remain the same

The Solaris vs Linux today looks very much like the OS2 vs Windows issue when OS2 was new. One is vastly better on very high end equipment with better features but the alternates are better running on generic machines. I use ZFS on both Solaris and FreeBSD and the Solaris version has more features and seems to be better optimized. I would love to have some of the new SPARC hardware but the base model cost more than a new car and my work load just doesn't require that much power.

1
0

Groundhog Day! ACCC again calls for truth in broadband advertising

-tim
FAIL

Speed?

One of our offices was moved to NBN's HFC network. The 12/1 plan at best delivered half what the old ADSL plan did and it only was close to 8 mb at about 4am. Others in the building had signed up for 100mb plans and also only were getting the same speeds as we were at the same times. Months latter, they still don't have what they are paying for. Luckily we could still sign up for a new ADSL service so we are now back to about about 21 mb.

There is also a serious lack of features on the HFC network. For example I don't know of an ISP that can provide IPv6 and a static IPv4 address yet. Some of use need those features.

0
0

Brit firms warned over hidden costs of wiping data squeaky clean before privacy rules hit

-tim
Facepalm

Are you sure you can erase data?

Most modern file systems do a copy on write so they put the new data on different disk blocks. SSDs do something like that as well often with a RAID6 like feature using other blocks as well. It seems that if you try to scrub a record, you can still go trolling around in the raw disk partitions to find the scrubbed data even on encrypted disk volumes. The same can be done with SSDs if you pull their chips off or use some of the special firmware to reconfigure the disks. It would be nice to be able to tell file systems not to do a copy on write for some data but I'm not aware of any that make that optional.

2
0

NEWSFLASH Now even science* says moneybags footballers are overpaid

-tim

How much are they taxed?

There has been some talk down under about getting sports people to pay back what the government invested in them once they start making lots of money. It is much like the university repayment system currently in use. Of course the government just offered some nice tax breaks for footballers due to "their fame" so I don't see it getting enough traction to get the kids at the local youth football club taking out footy loans.

0
1

nbn™ blames cheap-ass telcos for grumpy users, absolves CVC pricing

-tim
FAIL

CVC pricing is still insane

CVC pricing should be in 8 to 20 cents per megabit, not 8 to 20 dollars.

Every peering point in the world is in the cents per megabit range, and the NBN CVCs are simply locally backhauled peering exchanges. Australia IX charges 4.5 cents per megabit of peering and $3 / megabit for intercity peering fabric that cover major cities on the continent.

2
0

Al Capone was done for taxes. Now Microsoft's killing domain-squatters with trademark law

-tim
Facepalm

Scammy domains?

Two decades ago it was common to register wwwbigcompany.com to run scams. While working for a fortune 500 company, I found a large number owned by the same guy and contacted some of the trademark owners. The in house IP lawyer for another company coordinated 10 processes servers to meet the guy who was trying to run a scam. Its one thing learning your being sued by a company with unlimited money for lawyers, it is another be learn about 10 law suits in about 5 minutes.

20
0

.. ..-. / -.-- --- ..- / -.-. .- -. / .-. . .- -.. / - .... .. ... then a US Navy fondleslab just put you out of a job

-tim
Pint

It was a skill that some were very good with

The WWII signalman who taught my father morse code decided he would join a typing contest run by the towns office supply place. The first prize was one of the brand new daisy wheel typewriters. The guy brought his manual typewriter and managed to out type all the local secretaries and then tried the new electronic typewriter and it couldn't keep up with him. He would routinely communicate for hours at time in the 100+ WPM bands and he could do bursts to the limits of the equipment.

3
0

Dev to El Reg: Making web pages pretty is harder than building crypto

-tim
Boffin

Not even 140 characters?

The 95 character limit is related to the limit of how much data RSA can encrypt. AES256 can encrypt 256 bits (or 32 characters) with a single key. RSA runs some mathematical operations on the data to be encrypted and the keys and the results can not exceed 2048 bits for 2048 RSA. That limits how much data can be encrypted at once resulting in about 95 bytes depending the keys and data.

Secure communications typically start with creating new random key and using a public/private cipher like RSA, DH or EC to share that key with the other side and then follow that with data encrypted with a block cipher like DES or AES so there is no limit to the message length. Early SSL often did that in weak or broken ways which why we shouldn't be doing that anymore.

2
0

nbn™ hits the half-way mark – but has more than half of the job left

-tim
FAIL

How many have disconnected?

My boss decided to move the small office off Internode into NBN HFC. It turns out that the HFC was providing half the speed of the naked DSL. We also lost our static IP address and our IPv6. Internode said they couldn't reconnect the DSL so I went to their online form and had a new DSL connection installed. Once that was live, I disconnected the NBN. It won't come back on until they can get their act together. Someone else in the office is running their business phones over 4G as the tower is out their back window. They won't be keeping their NBN connection either.

3
1

BOFH: That's right. Turn it off. Turn it on

-tim
Facepalm

Re: do not enter the hypen!

Not only are card number 19 digits, the MOD-10 check works with letters (in EBCDIC). While the CVC happens to be 3 or 4 digits now, there isn't anything keeping letters from appearing in the field either. Expire dates aren't quite what they appear as well.

We found that allowing spaces in card numbers reduces our change backs as people make fewer mistakes. The worst are the silly Javascript things that screw with the browser filling in the card numbers since they will do funny things and increase mistakes in non-obvious ways.

5
0

Oz government wants its own definition of what 'backdoor' means

-tim
FAIL

Way too late?

Years ago when the US Govt decided Skipjack was a good idea, some Aussies didn't like it and rewrote the RSA libraries. Those are now known as openssl and the basis for most encryption done in the world today.

There are people who have decided the best way around the recent backdoor attempt is one time keys added to messaging and VPN apps. The way that works is one side fills a large USB stick with random keys and then gets that into the hands of who ever they wan't to talk to. A large USB stick can hold enough random keys to transfer centuries worth of message apps while never reusing a key. You can't break that no matter how hard you try to back door it.

1
0

Don't panic, but Linux's Systemd can be pwned via an evil DNS query

-tim

Re: Trust a hackers data?

To people who think reverse DNS is a good idea, consider concepts like CNANE loops. Smart DNS servers will catch it but there are plenty of dumb DNS implementations out there. In IPv4 we could send a UDP request out and expect to get a UDP response back but now with IPv6, the packet sizes often exceed the MTU resulting in several packets. Once you get a large chunk of data back, someone at the other end might just be playing games with malformed DNS packets or even just broken DNS settings. What does you application do when you get back thousands names for a reverse lookup? What happens when each lookup results in a chain of CNAMES? What happens when the end of those chains result in hundreds of addresses that are all the same?

DNS isn't authoritative, it is informational. It is great when it doesn't lie to you. But you can't test for when it does.

1
0
-tim
FAIL

Trust a hackers data?

I've always found it odd that systems would enable dns reverse lookups for all sorts of things where it provides no value. I don't trust DNS to give me a valid name if all I have is an IP address.

The whole thing of probing someone's network and have them look up your IP address where you then send TCP packets back to crash their name server or other application has been around since the early 1990s.

7
4

Not that scary or that hard: Two decades of VLANS

-tim

Very secure until it isn't

Isolation in VLANs has been an issue for 2 decades. Most of the time it works great but when it fails, it tends to fail open or in very odd ways.

The trick twenty years ago was simply flood the switch with arp packets that would overload the mac table in which case every packet went to every physical port turning it into a hub. That still works in an amzaing amount of current hardware. Long ago you might need to generate a bit over thousand packets while 64k is more typical today, there are machines that get confused with just over 2 million packets which takes all of two seconds to send out.

There are techniques now that make use the mostly unused auto-configure features on different switches that allow it to auto-configure holes in the security.

VLANs are great for "keep the VoIP traffic off the video camera network", You just can't count on it for "keep the R&D secrets isolated from the credit card processing network"

1
0

WannaCrypt blamed for speed camera reboot frenzy in Australia

-tim

Re: Revenue cameras

The congestion related accidents in Victoria are going up faster than new car technology and trauma response are saving lives.

If you study traffic engineering in Australia, you must go to a university that is sponsored by Redflex and you must toe their line. I figure that is only resulting in about 20 to 40 deaths a year in Victoria.

0
0

Teen girl who texted boyfriend to kill himself guilty of manslaughter

-tim

Munchausen syndrome by proxy?

This sounds much like Munchausen syndrome by proxy with a twist of at least one other mental health issue. That tends to be very rare and mostly women abusing their children or and adult abusing an elderly parent but I've never heard of someone abusing a boyfriend.

Some of the psychiatric pharmaceuticals can have very strange effects. The turn on and turn off thresholds for different symptoms can differ by ratios of 1:100. The half life of drugs that pass the blood–brain barrier is often measured in months which means by the time the shrink discontinues a drug, it can take years before a side effects disappears. Most non-psychiatric drugs have half lives in the range of hours. There seems to be a strong lack of understanding of how to do proper half life calculations from medical students based on the tutoring I did.

4
1

Yeah, if you could just stop writing those Y2K compliance reports, that would be great

-tim
Coat

That reminds me

We have a file folder full of Y2K report requests that we never quite got around doing or even sending to the circular file. We now keep it around for comedic value. Maybe we should get an intern to answer them.

1
0

If you live in a network lab, you'll get gigabit NBN over HFC soon

-tim

They can't sell a 1gig plan without a gig of backhaul which current costs more than $1,400 a month. With a 20:1 contention ratio, the link from the NBN POI to the ISP is $70/mo. That means an ISP needs to have at least 20 willing to sign up in the same area before it is economical to turn it on.

What I would like to see is the ISPs use the 1gig NBN plan but offer something smaller like 233/100 and raise it as they add capacity to their backhaul from the NBN but I don't think they can offer that.

1
0
-tim

So, progress?

Would this be the same NBN HFC that can't provide static addresses and IPv6 from any* provider? Our shiny new HFC NBN connection gets 70%^ of the bandwidth we are paying for and it only costs slightly more than the naked DSL that was providing double the download speed and 4 times the upload speed.

*Aussie Broadband claims to be planning IPv6 and may do IPv4 static today. Telecube is working on IPv6 too. Internode will migrate IPv6 ADSL plans to HFC where they don't support it.

^70% on IPv4 traffic. 0% of IPv6.

5
0

Bank of Canada finds flaws with current blockchain solutions

-tim

Its secure... right?

If you have a system that is based on two different types of cryptology, you need to test it by dropping both to some thing silly like AES-512 keys but they are all 0000...0 to 0000...00ff and then make your hashs only return 256 values. Now you only have 65536 combinations to play with and you can see what happens when someone breaks it. Block chains gets very wobbly when someone breaks them. If you add in the fact that "no one can break it" and add that to the level of trust, your asking for a disaster in the future.

4
0

Guess who's getting fat off DRAM shortages? Yep, the DRAM makers

-tim

What? Tell me it isn't true?

Oh, wait... this happens ever few years doesn't it.

There wasn't a flood in some 3rd world country that provide a rare but unexplained part (that didn't effect any other silicon based products) to blame for the shortage this time was there?

4
0

No laptop ban on Euro flights to US... yet

-tim
Mushroom

Barometers?

From another post...

There are barometers that are drop in replacements for most of the temperature sensors in a laptop or phone. The cpu that reads those isn't the main processor so it can run a very long time and is running in a semi-sleep mode most of the time when the laptop is "off".

The mini-cpu that those are hooked to has direct control to the battery charging circuit. I don't think this stuff should be where people can't help out putting out the fires.

1
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018