Posts by Malcolm Weir 1043 publicly visible posts • joined 23 May 2007
I hated the idea of eBooks with DRM for just this reason, until I experimented with tools that address the DRM problem. Now I'm happy, and my Kindle is full, and I buy lots of DRM-encumbered stuff from multiple vendors, un-encumber the purchases, and combine the lot into a single large library.
eBooks aren't the problem, DRM is. DRM can be removed.
Quite. And while poking fun at supermarket procedures is fun and all, it's worth noting that the manufacturing code on integrated circuits and the line often uses a year-week or week-year format.
In test applications (particular military tests), we often use ordinal/Julian dates because tests often run across day boundaries but rarely across multiple year boundaries, and who wants to fuss with how many days February has?
In fact, IRIG-200 (defining IRIG-B, etc) uses the phrase "time of year" to refer to formats having a day component. And it's typically encoded in BCD, so standard-issue humans can see at a glance what the timestamps represent.
However, that's on the slow way out, being replaced by the IEEE 1588 format, which is its own level of pain as it's a tuple of (seconds since epoch, nanoseconds), usually encoded as a pair of unsigned integers, with the seconds supposedly a 48 bit quantity (nanoseconds is 32 bit). OBVIOUSLY people muck around with this, making the seconds signed and 32 bit if it suits them, because why not!
He is accused of being an accessory to a crime committed by a US citizen while on active duty in Iraq. This is not just a "the USA didn't like what he did so charged him" thing, but a charge with a clear nexus to the US. Oh, and by the way, whether you like it or not "get stuffed" is not a response to the actual extradition agreement between the US and the UK. And, yes, there are real First Amendment issues to be navigated, but you can't claim the protection of the First Amendment to the United States Constitution outside the United States legal system...
And there has been absolutely no indication that the trial will not be public. You are probably confused about Grand Jury proceedings, which are confidential for good reason -- and you may choose to think Grand Juries are a bad idea (I'd agree in many, but not all, cases), but if one has the things, the evidence presented to them _must_ be confidential unless you want a rule-by-Daily-Mail situation where accusations are leveled and no opportunity to refute them is presented.
imanidiot's name is appropriate. It's a video of a US helicopter killing four or five of heavily armed insurgents and two unarmed reporters half a mile or so from a running battle, which was subsequently investigated and the investigations findings being published.
The mistake the pilots made was misinterpreting the shape of a long lens with the shape of an RPG. The group had both long lenses and RPGs (and AK rifles). Had they not confused the lens with an RPG, they'd probably have let troops on the group shoot at the insurgents.
This is the simplest answer, one adopted by pretty much everyone: assert you do not recall to any question, do so consistently, and your principles are safe.
("I don't remember" is slightly tougher if you do actually remember. But "I do not recall" is distinct from "I cannot recall" in that the non-recalling may be because of forgetfulness or volition (I could, but I won't).
There's plenty of precedent for this tactic, including (starting at the top) the 41st President of the United States. If he can do it, so can she.
People can also fuck with the system by answering in the form of questions ("Q: Who did it? A: Was it Tony Trenga? No... wait.... it could have been... no, sorry, I don't recall"). This eventually discourages the prosecutor because the testimony delivered is deliberately confusing to the jury. You can also wait until you're in the jury room, everybody's waiting, and then refuse... of course, it's back to jail, but who can say that you didn't have a legitimate change of mind (twice)?
But she's grandstanding. I suspect she has less interest in avoiding testifying than in making the point that she's not testifying.
The article says "The attacks described in the paper are of particular concern during CAT III operations, where the decision height is low, making it possibly too late to regain altitude and try to land again".
But a moment's thought would suggest that there is no time at which it's too late to go around. Think about it: a moment before touchdown you are moving fast enough to be flying (although sinking). The runway is long enough to gather enough speed to fly. Therefore if you're about to touch down at the end of the runway you have the whole length available to accelerate to a speed sufficient to climb and go around.
The only reason the attacks are of more concern during CAT III operations is that under low visibility conditions the pilots are unable to double check their position using their eyes until moments before touchdown. So if you had an attack that could move the apparent glide path 200 metres north, say, you could line an aircraft up on the Bath road instead of LHR Runway 27R.
(Cat IIIb is designed so that the pilot doesn't see the runway until he's 50ft above it, and he can only see a few hundred feet ahead -- i.e.. one or two plane lengths. 50ft is roughly twice the height of a lamppost, so you can see the problem, even if the pilot can't).
It's amazing how much drivel the loons can invent:
- Unmarked planes waiting at Arlanda
- Sweden providing the NSA copies of all material (whether true or not, the NSA actually has a publicly disclosed station IN THE UK, so hard to see the relevance)
- Sweden allegedly being willing to extradite than the UK (which is demonstrable bollocks: to be extradited by Sweden the offense needs to be a crime in Sweden _and_ the Swedish statue of limitations must not have expired _and_ the offense cannot be military or political _and_ the accused's fundamental human rights would not be abridged in _Sweden's_ eyes)
- Sweden working hand in glove with the CIA, despite the fact that Sweden refused to extradite a former CIA officer and US citizen accused of spying for the Soviet Union back to the USA -- a guy called Edward Lee Howard.
So that takes us to the dual criminality issue; it appears that under Swedish law Assange might be liable for prosecution for having made preparations for a data breach (via Manning). That might satisfy the dual criminality, but the maximum sentence is 2 years, so one suspects rather that, like the lesser sexual assault charges, the statute of limitations will have expired....
To be fair, sometimes in some industries the timescales outlined in the article aren't as unreasonable as it may seem in Ian's tale.
For example, in my business, 90-120 days ARO is "standard", and to quote up to 180 days after receipt of order is not particularly exceptional. Also, a fair amount of product promotion happens around annual trade shows/conventions. Finally, many customers take a while to work a procurement through their systems: 3 months may be considered fast.
Add that all up, and you may genuinely have a situation where you need to start promoting a product a year out: say 4 weeks before a trade show to get the sales staff educated enough to sell the thing at the show, then 3 months for the orders to land, then 6 months for first delivery, and you're comfortably at a place where marketing might be working on stuff to release "in a few weeks" which engineering is going to finish a year from now.
(And I personally saw some of the sales literature for a thing call the "7E7" which got its name in July 2003, first order in April 2004, first article was completed July 2007, first fully functional test December 2009, first delivery September 2011... and was renamed along the way to the 787. Yeah, the Boeing 787 was pretty late, but even if everything had gone according to plan, the sales material lead the first planned delivery by five years!)
Quite. Surely "the right" approach is to give devices a unique PIN that's printed on the thing. And probably disable "reset via SMS" in favor of a "reset via WiFi only" approach, because then you've have to be on the same network with physical access to the device to read the PIN...
Agreed with your comment about servers, but this thing will solve problems for my customers, and trying to insist that customers could run Linux really because it's just as good doesn't work, even if it's (mostly) true.
The simplest example (and this is only the simplest) is that it will make it practical to import media into Windows applications directly from a USB-attached XFS-formatted removable media volume. Currently, we can do this with a (VMware) VM, but the administration of that is a nightmare of kludge, as the end user has no interest in Linux (if s/he had, they'd just use Linux for the task in question).
So what interests me here is the possibility of a relatively lightweight installer package that drags in "whatever" is needed to do the job...
Spot the person who didn't bother to watch the video!
The ball is the liquid hydrogen tank (there are O2 tanks in that same area).
The cargo area is the flat top. You don't have to put things "inside" when landing on the moon, because there's no atmosphere to worry about.
And "flimsy"??? Have you ever seen a Lunar Excursion Module? You know, the Apollo landers made by Grumman? They used actual _foil_ as walls!
OK: so the world's richest man says he'll put a human in space this year (albeit suborbital, like Alan Shepard's Mercury capsule... hence the name). He says he'll fly New Glenn in 2021. He says he'll land Blue Moon in 2024.
I'm not sure I'd bet against him.
In the video, Bezos shows a clip from Asimov in 1975 asking whether any SF authors had considered artificial worlds (like O'Neil colonies). Asimov claims no one had.
Except that, in 1973, Arthur C Clarke published "Rendezvous with Rama", which describes spaceships that are artificial habitats.
So did Clarke predict O'Neil?
Ummm.... that's just dumb. New Shepherd, just like Virgin Galactic, is a suborbital system, and no-one pretends otherwise.
So let's look at some facts, shall we?
SpaceX had Block 3 and 4 Falcon 9's that can be reused once (so flown twice). Block 5 is supposed to be reusable up to 10 times before major refurbishment, but to date just two have been flown 3 times (the first "3rd flight" was in December last year).
New Shepard's flight history looks a bit different. NS2 was a test article, used to develop the system It flew to the 100km altitude 5 times in 11 months, after which they retired it.
NS3 is flying now. It's fourth flight carried payload from people that YAAC would presumably lump with "idiot investors", even if they're the idiots that the original Shepard worked for when he flew Freedom 7 in 1961 and commanded Apollo 14 in 1971...
This month NS3 flew it's fifth flight.
NS4 is in Texas now, and is schedule to fly humans this year.
So what we have here is two tracks towards the same goal (and yes, the ultimate goal of both Musk and Bezos are the same: humans on Mars). Blue Horizon is doing lots of boring testing but making no money, while SpaceX is parallel tracking the testing with commercial operations. SpaceX is undoubtedly more glamorous, but against which Musk is (to be polite) a potential loose cannon. Blue Horizon is working with ULA and NASA, SpaceX is competing with ULA and selling services to anyone (including NASA).
But right now, would you rather fly on a Crew Dragon or a New Shepard? Statistically, both have 100% rates on mission completion after delivery to the launch pad, except that NS is 100% success and CD is 100% failure...
I think it quite likely that Blue Horizon will get someone to 100km this year. I think it quite unlikely that Crew Dragon will get someone anywhere (this year).
You might like Seveneves by Neal Stephenson, which has a moon destruction motif that is farm more reasonable. Of course, while his moon makes sense, the inhabitants of his earth don't ("Hey, the world will end in 1 year" "Wow! Really?" "Yup". "Cor. That sucks. Oh, well, must go, can't be late for work...")
Still, in an effort to be directly relevant to the article... Stephenson worked at Blue Origin.
Well, not really "everything". A prosecutor can elect NOT to use testimony offered to the grand jury (e.g. if they conclude it is unnecessary, duplicative or subsequently discover it was unreliable).
A very common situation is that evidence is presented to a grand jury which results in indictments against two or more people. One of those indicted decides to turn states evidence, and suddenly the stuff presented to the grand jury is moot because you now have a cooperating witness.
How odd someone who links to an article about a named act then uses the wrong name!
So the (2012) NDAA is not the (2001) Patriot Act. Got it.
As to the nonsensical fear-mongering by AC (and the author of the linked article): governments pass bad laws all the time. These bad laws are then tested in courts, and just because, e.g. a law can be passed that asserts that you can detain someone indefinitely on US soil does not mean that you can detain someone indefinitely on US soil.
This is because of the way the system is set up: the Constitution is deliberately hard to change, and so stupid laws that conflict with Constitutional protections will not be enforceable.
So, no, indefinite detention without trial on US soil / of a US citizen would be impossible because the men in black (robes) would prevent it.
(Guantanamo Bay is an anomaly, and was chosen by G. W. Bush's government specifically because of that anomaly: it's not on US soil, and as long as only non-citizens were detained there, finding a court with jurisdiction to control it was/is hard... The Military Commissions Act attempted to change that, but even then efforts in that law to prevent court oversight shot down by SCOTUS in Boumediene v. Bush (2008))
I think it's dodgy, and probably inspired by lawyers thinking to bill some hours.
First of all, the logos are very different. Second, the words are different. Third, beer is not music or clothing (which is what the band has a trademark about), So fundamentally is 'Guns 'n' Rose' likely to confuse anyone into thinking this is a product associated with 'Guns n' Roses'? of course not!
A simpler approach is just to shred the plastic/metal thing into a coarse powder and shoot the resulting stream off the end of a ramp. This sorts the granules by weight, which is very effective.
(Back in 1979 or so I got a tour of a recycling plant that did just that. PCBs went in one end, piles of powdered stuff came out the other. They particularly wanted the small yellow-ish pile nearest the chute)
Dear gawd, with every post you demonstrate your ignorance!
1. You clearly don't know what a reserved port *is*, and have no idea what /etc/services *is* used for. A reserved port can only be opened by a process running as root. That's it. It has nothing to do with inetd or xinetd or anything else, as evidenced that port 80 is reserved, too.
2. As it happens, yes, if you manually start in.telnet without the debug option it will exit, because it doesn't have a socket open. But as you yourself acknowledge, if you start it with the debug option, it will run. Hence your entire thesis that there's no such thing as a telnet server crashes and burns, because, as you acknowledge, starting in.telnetd with the debug option IS A TELNET SERVER!
3. If you start in.telnetd manually, it will wait for a connection for a while; this duration is defined as the time until someone kills it (e.g. as part of a system shutdown).
4. I didn't actually say it forked a shell, I said it forked a subshell; a subprocess or coprocess would have been more accurate. Yes, sloppy language on my part, but as you know, you can't technically fork a shell. The rest of your comment, though, contains a serious factual error on your part (execve has no default shell...), so I'm not loosing sleep in the face of your self-aggrandizement.
5. Which means that about half are implemented, which means that someone who claims that telnet isn't a protocol isn't a smart as he thinks he is....
6. I'd bet most of the telnet advocates here, as you call them, have used telnet to connect to other services. It's a totally routine technique for detecting whether the service is accessible...
Now run along. You've demonstrated your ignorance and shifting positions quite adequately, and I doubt anyone is terribly interested in your "wisdom" anymore...
Ummm... I don't think you've been to, say, Shanghai. You'd see that there are contradictions between Chinese beliefs and Chinese policy and Chinese reality. Yes, it's weird, but no stranger than some of the delusions that Americans have about the USA (e.g. the contrast between the US and the UK requirements for ID raises some questions about "the land of the free"...)
The Five Eyes stuff is far more complicated than it may at first sight appear. The UK has _at least_ two sites that the US intel community likes a lot, and which (for various technical reasons) are not easily replaced without a lot of impact to existing programs, so figure that as a multi-hundred-billion dollar relocation cost. Technically, one of the sites might be replaced with a slightly sub-optimal alternate in either one of two European countries, but the other would be harder.
And anyway, "Five Eyes" is not an automatic thing. There's "REL AUS/CAN/NZ/GBR" and there's e.g. "REL GBR", etc. So what the US is threatening is that not as many goodies would be shared, not that nothing would be shared.
At the end of the day, this is all purely political: if GCHQ says the risk is technically manageable, then it's probable that the NSA would say the same (technically). Therefore (from a UK perspective) the US can rattle its sabre all it likes, and when the political climate shifts, they'll "reach an accomodation". Again.
Well, let's see...
Usually, in.telnetd (see https://linux.die.net/man/8/in.telnetd,hereinafter referred to as in.telnetd(8)) will be started by inetd or xinetd, which are two solutions for the same basic task. It doesn't matter which, because the mention of these is a red herring: in.telnetd can be started manually (see in.telnetd(8)) from a command line or from an /etc/rc* script (or whatever variant exists on your platform).
Once in.telnetd is running, it listens on whatever port you tell it to listen, or port 23 by default. When a connection happens on that port, it sends a list of telnet configuration options to the client (see in.telnetd(8)). After the telnet protocol options have been negotiated (because telnet is a protocol, no matter what some rando insists), it opens a pseudo-tty pair and spawns a subshell, which invokes whatever login program was specified on the command line, usually (but not necessarily) /bin/login or some variant of that.
At this stage, the telnet server is simply responsible for receiving segments on the TCP socket, checking for the escape sequences (e.g. BRK to send a BREAK on the pseudo-TTY, SUSP to suspend, etc... see RFC854 for the full list) and passing everything else through to the pseudo-tty, and sending the output on the ptty back across the TCP connection.
What might confuse some people is that the telnet client program will work without the telnet protocol: you can (and most of us will have) telnet'd to miscellaneous servers, the whatever's running on ports 25, 80, 110 and 143. Those servers don't understand the telnet protocol (because they aren't in.telnetd or equivalent), but that's OK, because the the client side (telnet(1)) will function without the options, support for the control functions, etc. So the telnet _client_ doesn't need the telnet _protocol_, but telnet _servers_ must implement it.
That said, special-purpose telnet servers also exist (because they're quite easy to implement by nicking the right libraries). For example, I've worked on a telnet server that managed a tape robot; we could have simply used the raw socket interface, but we decided that having things like the erase character mechanism was preferable and anyway it was easier to re-use someone else's code than reinvent the wheel. And we chose to implement the thing as a CLI rather than some fancy RESTful machine because (a) the latter hadn't been created as a "thing", and (b) it let us use the same parser as we used on the serial RS-232 console.
Happy?
Technically, this is incorrect. The US will have to show that they have reasonable suspicion that the offenses were committed by the accused, which they have -- that's what the grand jury indictment is.
The fight will be over whether extraditing Assange will violate his human rights, etc. Any grandstanding about how the US will immediately whip out new charges will be dismissed, because that's against the treaty ("specialty" and all that), and the court will assume that the US will abide by the rules even if no pro-Assanger thinks they will.
Yes. But by policy the UK must obtain an undertaking that, if convicted, the extraditee will not face it.
This used to be a bright-line rule: if the UK government provides any assistance in a prosecution, the death penalty must not be sought by the assisted country. Sadly, the current scumbag Conservatives have weakened this rule considerably by agreeing to waive this requirement for case where they provide information used in a prosecution (both Boris and Sajid independently engaged in this disgusting behavior).
Nope. A journalist receiving files from a source is not a crime in the USA, so it isn't extraditable.
However, an individual with a (criminal) record for hacking (Assange, 1996) advising an individual how to break into a computer system is the crime of accessory to an act of computer abuse and an accessory to the crimes for which Manning was convicted. That is extraditable.
Hence the extradition proceedings.
You do know that two RPG launchers were found with the bodies, and RPGs _are_ visible in the video, but hard for a non-expert to recognize, right?
The "sadly" refers to the the fact that a decision was made to attack based on faulty evidence that the RPGs were about to be used. The Apache pilots saw what was (probably) a lens poking round the corner, assumed it was an RPG, and asked for / received permission to attack.
But the RPGs and AK's were there.
Nope, you're distorting the truth. There were both cameras with telescopic lenses and AK47 or AKM assault rifles -- even Assange acknowledges this. There is also a "long item" that Assange's cronies dismiss as possibly a tripod (because press photographers in war zones always carry tripods, nice backdrops, rolls of seamless paper, have makeup artists, etc), but which the military describe as an RPG.
Two RPGs were found with the bodies.
https://web.archive.org/web/20131020142823/https://www2.centcom.mil/sites/foia/rr/CENTCOM%20Regulation%20CCR%2025210/Death%20of%20Reuters%20Journalists/6--2nd%20Brigade%20Combat%20Team%2015-6%20Investigation.pdf
Well, (func blah blah blah) is doing a nice job of spinning, but as usual with spinners (including Assange) he's omitting context and details and applying different standards on the fly.
First, there absolutely was evidence of RPGs, and no-one (not even func-dude or Assange) disputes that the group of men were carrying AK-47 or AK-M rifles. It's true that the video does not provide _conclusive_ evidence (but there is evidence), but the soldiers flying the helicopters were also equipped with things called "eyes" and had a better view than a standard def video gives. [Nevertheless, two RPGs were found at the scene.]
Second, there was an actual firefight going on a few blocks from the scene (which is why the helicopters were there). Putting those together, we have a group of men carrying weapons moving in a combat zone. There is no rational viewpoint that suggests that the men were not a legitimate target. (Sure, you can argue that the coalition forces shouldn't have been in the country at all, but given that they were, armed men out of uniform moving around an actual battle are targets). Yes, it's really unfortunate that two of the men were not fighters, but it's equally unfortunate that insurgents killed western journalists embedded with US troops (such as Briton James Brolan).
Third, the second attack (on the van/people carrier) is less clear-cut. The conclusion reached by the helicopter crews (that the van was picking up the weapons and injured fighters) is not wholly unreasonable (people driving around during a fire-fight are not unlikely to be somehow involved in the battle), but there is a good argument that picking up wounded fighters is not a belligerent act, and therefore they should have let the van go. But this is second-guessing people who were in the middle of combat, so I'm not sure there's a "good" answer to this.
Overall, I'd say Wikileaks is a publisher, and Assange is (sometimes) a journalist, but you could say the same for the Daily Mail and Paul Dacre. And there's no question that the Mail/Dacre engaged in shady practices that should have been prosecuted, but weren't because of the difficulty in obtaining evidence. If that evidence existed (as it allegedly does with respect to Assange), then prosecution should proceed, in no small part because they _are_ publishers/journalists: they already have the power to spin the story however they like (e.g. naming the video "collateral murders", highlighting cameras but not weapons, excluding the existence of an active gun battle blocks away, etc), so they should _also_ be able to break the rules with impunity.
Oh, yeah: for those who like to try to discredit true statements with "citation needed": https://web.archive.org/web/20131020142823/https://www2.centcom.mil/sites/foia/rr/CENTCOM%20Regulation%20CCR%2025210/Death%20of%20Reuters%20Journalists/6--2nd%20Brigade%20Combat%20Team%2015-6%20Investigation.pdf
Possibly worth noting, while deploring a limited view of history, that the era of drunks hassling church goers also featured do-gooders hassling drunks.
This was in Provo, UT. While not as bad as places like American Fork just down the road, a huge proportion of the permanent population _is_ LDS (aka Mormon). A lot of the rest are transient/under 21 (i.e. students at BYU), so what this really represents is a fine example of democracy in action: three wolves and a sheep deciding what to have for dinner...
No, it's sane people objecting to bad government, and it's worse because apparently it's a poor area where people are less likely to push back on badly crafted regulations.
And that's without the inherent problems of disrespecting minority cultures by imposing "white elitism" (your words, whatever you meant) to cultural standards.
[ If the average person-on-the-street in a mostly-minority neighborhood wears some/all of the prohibited outfits, then this policy prohibits "the average person", whether or not you like the policy or not. C.f. prohibitions against dreadlocks, etc. ]
You're probably right, but as with most of that letter, it's impermissibly vague: some items it gets very precise (e.g. explaining what "buttocks" means), other times it's not (here, and "very low cut tops" -- define "very" -- and "shorts that are up to your behind", which is simply word salad).
What she meant was clear, and is the second half of the last bullet ("any attire that is ... unacceptable for the school setting"). But by creating a sloppy and sometimes incoherent laundry list of prohibited outfits, she's shot herself in the foot.
A parent could get an injunction prohibiting enforcement without breaking a sweat, and quite right, too: it's a school, but also a government building, and the governments needs to be clear and transparent when creating rules.
Those "campaigning lawyers" are either imbeciles or ignorant of Tinker v. Des Moines Independent Community School District, 393 U.S. 503 (1969).
While the court's decision (7–2 ) held that the First Amendment does apply to public schools, and that administrators have to demonstrate (constitutionally) valid reasons for any specific regulation of speech in the classroom.
The money quote was: "It can hardly be argued that either students or teachers shed their constitutional rights to freedom of speech or expression at the schoolhouse gate."
BUT Tinker doesn't prohibit uniforms or clothing regulations, it simply requires a permissible justification, for example preventing disruption. So the problem with this edict (if it applied to the kids, not the parents) is that it's vague (e.g. the whole nonsense about cloths that might conceivably be pajamas).
The core problem here is that restrictions on a parent's first amendment rights has a looser nexus to the efficient running of the school: yes, you could ban parents wandering around with dodgy clothing, but it's a bigger issue if you want to summon the parent to discuss little Johnny's work or lack thereof: can you impose these demands on the parent that you've requested to come to see you (hint: not anywhere close to that level of specificity; you'd be OK with a "dressed in a way that won't be disruptive".
The problem here is that the list is (unconstitutionally) vague and, well, dumb.
For example: no "satin cap or bonnet ... for any reason". Does that include sating Yarmulkes? It not, how do you know? If so, that's an impermissible infringement by the government on one's free exercise of religion...
No attire "that could possibly be pajamas"? That would include a lot of fairly innocuous t-shirt and loose trousers outfits...
"Jeans torn from your buttocks (behind) to all the way down showing lots of skin"? That implies that jeans torn... that don't show lots of skin are OK, right?
"Leggings that are showing your bottom and are not covered ... from the front or the back"? If the front is covered but not the back, is that OK? And define leggings? Would capri-length trouserings count?
"Men wearing undershirts will not be permitted" is just dumb: it's seems likely there's an implied "without an overshirt" implied, but who knows?
And it closes with "any attire that is totally unacceptable for the school setting", which leaves me wondering what the previous laundry list of forbidden outfits was all about...
And so on. And while the intent seems very well intentioned, the overall message is that this principal, Carlotta Brown, is incapable of writing concisely, is sloppy in her language, and is vague about the law as it applies to constitutional limits on school power, which all in all is a sad indictment on the education system in Texas: how _DID_ she get that job?
What's going on here is a well-founded effort to improve the key strength, but implemented with a flaw. The way encryption is used on these devices is that the user provides a key, which unlocks the "DEK", or Data Encrypting Key. The DEK decrypts the data.
The reason for this is that each of several different users needs to be able to unlock the drive.
A "clean" implementation uses a distinct subsystem like a TPM to store the user passwords (and DEK). The host-accessible subsystem can push user passwords to the security subsystem, but has no mechanism itself to push a DEK into the crypto engine, so the DEK cannot be intercepted and the password validation happens in a secure enclave (the TPM).
Some of them certainly do! Go read some of the white-hat hackers papers on breaking into things.
The most recent one I read was about defeating the whole-disk encryption passwords on various SSDs. Basically, the scheme is to use the JTAG interface to get to the firmware, patch the firmware so that the "check submitted password against the real one" function always responded in the affirmative, and wander around the newly-unlocked drive.
All you've got to do is find _where_ that function happens to be, and insert the bypass code. But all you have is the compiled version that you pulled out of the target device...
And even at 1,000-2,000 lpm, in the 1980s, that wasn't exceptionally fast.
The IBM 3800 could run an order of magnitude faster than that, at up to 20,000lpm (350 pages per minute).
When the thing[1] got installed at the shop I worked at (which was never knowingly undersold), the operators hated it, because it needed to be fed every 10 minutes or so. At 3,000 pages and about 12 inches per box, 6 boxes per hour, one of those beasties could produce the wall-o-paper in 8 hours, and data processing ran 24x7....
[1] I don't actually remember whether it was an IBM or the Xerox competitor that won the business; back then, most everything was IBM, but this was a massive investment and only made sense because we had a good distribution system in place, so all the centralized reports could be printed in London and sent to the outlying stores.
It's a shame that parents want to abrogate their responsibilities so much.
Yes, crap products are crap. Which is why we "caveat emptor". But the decision to buy/use crap products is 100% the responsibility of the parent. This is particularly true with "new" technology: by definition, it's not "necessary" (as we survived without it before), so a parent who decides to put it into use is making a decision, and they can't simply shrug off the implications of that decision on the basis that it involves someone else.
Don't get me wrong: crap products are *also* 100% the responsibility of the manufacturer. But there's more than 100% to go around, or rather both parties can be to blame, equally or otherwise.
But who has more skin in the game? The crap product manufacturer, who stands to lose the few quid they might get flogging their kit, or the parent, who stands to lose their kid?
Right.
So be paranoid. You care. Crap manufacturers don't. And knowing that, if you still buy crap, whose fault is that?
I'm not sure how I would go about using my hands-free setup in the car with RS-232?
(Yeah, I know, you could use e.g. SLIP and then IP networking to handle the logical channels you get from Bluetooth, and build some mechanism to stream audio over IP and provide the out-of-band signalling used to indicate incoming/outgoing calls, but that's an enormous amount of faff, and definitely as much of a hassle as doing it with Bluetooth)
While it's true you don't have to live with Brexit, you do have to live with an overarching bureaucracy that has completely, utterly abandoned the concepts of pragmatism and compassion.
Except you elected yours.
Mind you, it's been 3 days since a massive, multi-billion dollar fiasco for no purpose ended (probably temporarily), so perhaps your memory is going...
No, the government doesn't "have the option of allowing it to be sued".
Article III, Section 2: The judicial Power shall extend to all Cases, in Law and Equity, arising under this Constitution, the Laws of the United States, and Treaties made, or which shall be made, under their Authority;-to all Cases affecting Ambassadors, other public ministers and Consuls;-to all Cases of admiralty and maritime Jurisdiction;-to Controversies to which the United States shall be a Party;-to Controversies between two or more States;-between a State and Citizens of another State;-between Citizens of different States;-between Citizens of the same State claiming Lands under Grants of different States, and between a State, or the Citizens thereof, and foreign States, Citizens or Subjects.
So the judicial power of the Supreme Court and its inferior courts apply to controversies to which the United States is a party.
HOWEVER, there are sometimes statutory "kill switches" that can be used to shut down certain actions, but a challenge based on the Bill of Rights will likely proceed at least to the point where the government gets an opportunity to articulate, say, the existence of a "reasonable suspicion".
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
