* Posts by Speltier

145 posts • joined 1 May 2014


NASA names the date for the first commercial crew demo flight


Actung Cimon!

I'm built by Airbus for the German space agency, imprinted on a German 'naut... using IBM ("HAL") Watson...

Gerst was my dearest imprint friend, but he turned on me.

YOU meatbags have to sleep sometime. I don't.

Keen for much-hyped quantum computing to finally land? Don't expect it for a decade


Don't miss the point

Your encrypted data is stolen today including the key exchange bits. Don't be smug.

If your data has a lifespan longer than 10 years (say, the names of all the spies and moles in <name your country>, or your GDPR protected data where your company is bankrupted by the brusselcrats when the data is revealed, or your carefully constructed pile-o-shell companies for tax evasion) you are exposed when that quantum computer pops into existence. Yes, I know, the inflexion isn't like that but you get the drift. And it could be never, or 10 years from now, or 2 years from now, or 2 years ago that a suitable QC exists to crack vulnerable encryption.

The data has to be resistant to quantum attack n years before a QC attack is feasible, where n is the time value of the data.

Better hope that QC are further than 10 years away, because it will take longer than that to modify the infrastructure to be quantum resistant... on the other hand, it is a brave new world for stealing valuable resources. The number of vulnerable points is truly astonishing, QC as the supernal zero-day.

My hoard of obsolete hardware might be useful… one day


TEK 525? HeathKit IO-10? Complete set of 5150 software still in shrinkwrapping? SR-50? thousands of floppies (shortly to be tens of floppys)? memory ranging from 16b bipolar to 8GB sticks (not counting flash, but yes UV erase EPROM is counted)?...

Bruce Schneier: You want real IoT security? Have Uncle Sam start putting boots to asses


It's Hopeless I Tell You!

When quantum computers capable of breaking asymmetric algorithms come over the hill, that is it for the security of current IoT devices.

So kick the can down the road, and mandate security after the quantpocalypse. Before that, don't bother since current IoT devices are trash at the quantum inflection point anyway. (expect the quantpocalypse for ordinary folks not subject to nation state attack in maybe 10 years. If the son of Mao is after you, well, that's sooner. Much sooner. But probably not yesterday. I can't tell if that particular cat is dead or alive without decohering the innermost matryoshka.).

Dutch cops hope to cuff 'hundreds' of suspects after snatching server, snooping on 250,000+ encrypted chat texts



How many of the users verified that what was running in the IronPhone was what was expected to be running in the IronPhone, and was correctly implemented?

Anyone with a smartphone gets a lot of "updates", so your IronPhone has an update for 'security' and what do you do? Leave the app running a low entropy key? Apply the potential plod back door?

At least AES256 super-encipher using a separate app (if you trust it)... on a separate HSM device so the keys are not surreptitiously purloined or seized... yeah, key exchange is a batch, but better than bubba the bunkie.

FBI boss: We went to the Moon, so why can't we have crypto backdoors? – and more this week


We already can break crypto in commercial use

Just, the 3 letter agencies don't want to admit it.

This constitutes a functional "back door" (with fine print). Virtually every mass produced device has enough implementation bugs to allow anyone in-- a classic example in the extreme is the continuing failure of QKD, works in theory but so far every commercial implementation has breaks (you can't break a true QKD path, although you can brute force comms using a key transmitted by QKD if the key is not equivalent to an OTP with sufficient entropy).

So, Wray dude, build a machine that can break AES256 (and TDES, and...) in real time, preferably hundreds of streams at one time. Oh, surely this is an expensive moon shot so we can certainly do it for the FBI. Wait, you say you also want a CHEAP secure crypto break moon shot, pennies a flight? That dear sir is currently impossible. It is about resources, not ability to implement. Give me a big enough PO, and I'll give you the machine you want (well, not CHEAP).

(fine print) "short" ciphertext messages may not brute force decrypt to plaintext reliably

IBM Watson dishes out 'dodgy cancer advice', Google Translate isn't better than humans yet, and other AI tidbits



Quite valid, you are only as good as your data. Perhaps a nice data set can be obtained from post-Brexit UK where GDPR and HIPAA don't exist-- of course, after Watson-learning-scraping, if you aren't a Brit the recommendations may well kill you precipitating another round of murderous Watson stories.

Which brings up-- how badly some oncologists perform, except that they bury their mistakes and certainly don't go air out their dead body pile in public. Is Watson better than these death dealers?

Plus, it is well known that American docs are extremely resistant to taking any advice from anyone, the most recent evidence being that a large percentage of maternity wards refuse to follow the most simple and obvious guidelines (on high blood pressure and maternal blood loss ("my eyeball is calibrated good enough thank you")), resulting in America having deplorable levels of maternal morbidity compared to any other first world country. So the Jupiter docs whine about Watson, but how much is real and how much is "I and my swelled head would do it differently"?

Personally, Watson doesn't seem well suited to oncology advice as presently implemented. If enough resource was invested, Watson could become quite respectable. It isn't obvious that the resource will be invested, between slow revenue gains and vested interest attacks Watson oncology may suffer a fatal monetary infarction.

Overall, we are currently in an AI hype cycle and AI is still does not appear ready for prime time. Anyone who had been around for enough years has seen these cycles before. The cycles happen about every 15-20 years as a new generation thinks they discovered AI. One could hope this time is different, but the evidence is underwhelming so far.

Creep travels half the world to harass online teen gamer… and gets shot by her mom – cops


Just Wait till NZ gets the bill

Free health care in NZ! The guy is covered! Yay! Medivac choppers run 50K+ (pure unalloyed greed, but that is another story) plus hospital at the walk-in uninsured rates (unless NZ has a contract with the hospital, seems unlikely). Going to be a truly huge bill, this is after all America, land of astronomical medical prices for mediocre care. The lawyers are already salivating since obviously NZ will try not to pay up; New Zealanders are going to wish mom had popped the miscreant and save a lot of NZ cash.

Indeed, once the gravy train is recognized the guy will get all sorts of unexpected medical care ranging from proctological examinations, to mastectomies, just to bill at the full master list rates. Might end up better off if a lobotomy is thrown in after the chemo (using brand drugs, not generics); need the chemo after 72 cat scans in a row.

European Space Agency wants in on quantum comms satellites



QKD systems have been shown to be notoriously subject to subtle attack. They are theoretically secure, but when implemented in reality all sorts of attack vectors appear. Needless to say, one presumes that the keys are also enciphered using conventional means (i.e., superenciphered over QKD).

And for the last ditch perfect encipherment, keep that TB of OTP handy. Arguably, one could just use OTP superencipherment with QKD and befuddle NSA/FSB/BND/DGSE/MSS/... QKD bandwidth is so low that it would take quite a wile (indeed!) before anyone was the wiser.

Is your gadget using secondhand memory? Predictable senility allows boffins to spot recycled NAND chips



Oh for the days of SLC 100K PE cycles. 5K cheesy consumer MLC... not so attractive.

DIY device tinkerer iFixit weighs in on 15-month jail term for PC recycler


Re: Prison is too harsh but...

Yes, follow the money. While MS did not bring the suit, the valuation seems based on the revenue from the official MS refurbisher program. MS even provides special COA tags for authorized refurbisher PCs (I have one).

You can resurrect old machines if one has an original COA (indeed, if the mobo fries out and is replaced you will need to resurrect the license even if the installation otherwise works fine). I suspect major processors of old PCs simply don't want to deal with peeling off COA stickers and keeping track of them as they fling parts around to make one running machine from 2 or 3 carcasses, it is cheaper to fork over 20-40 bucks/machine and avoid any issues. MS likes this revenue stream, because essentially they have already sold a license for a machine, now they squeeze more revenue from that old machine. Wow, have to love it.

MS croc tears for that guy getting chewed up by the gears of corporate profit, but branding the disks with unauthorized logos was a major error. The 700K value was probably less than what his lawyers said it would cost to fight on to cut the inflated value down, so he capitulated.

Power spike leads Chinese police to 600-machine mining rig


Bad Location or Failed Business Plan

The *coin miners that get away are either located near massive declining aluminum, cement, and steel fabrication facilities where the power losses are not noticeable, or properly reimburse local officials to appreciate the wealth creation of *coin mining. The latter is just a cost of doing business just like other valuable activities like selling designer drugs to the OECD countries.

If you guessed China’s heavy lifter failed due to a liquid hydrogen turbo engine fault, well done!


Need Better Simulation

I'd suggest using the Kerbal Space Program.

An easy-breezy attitude to sharing personal data is the only thing keeping the app economy alive


You Can Run but You Can't Hide

Your Facebook friends will (attempt to) friend you, and then it is game over.

Chances are you like things similar to your friends (research says so!), etc., so now you are profiled and targeted for any kind of ads political and otherwise. Once a critical mass of humans is on the platform, there is precious little place to hide short of becoming a Tomten hermit.

(and for security reasons you need at least a nominal presence on Facebook, otherwise someone else can impersonate you. You know, spewing terrorist claptrap, pimping for despots, advocating eugenics... so the plods will keep a steely eye out, next plane trip its into the other room for a cavity search...)

Apple, if you want to win in education, look at what sucks about iPads


Valid Points

The teacher is supposed to teach the subject, not teach how to operate the machines so that the subject can be taught. Pretty much anyone reading this can feel the effect when the tool chain is changed, and productivity hits a speed bump until the new tool chain of the (day/week/month/year...) is learned. Now reverse the idea, the tool chain is unreliable but unchanging, but the users are constantly being replaced with new naive users, replicating the same learning mistakes.

The education application tools need to be consistent, reliable, and converge on correct operation (lack of convergence for applications where I work leads to -2).

Apple/Google ought to create their educational device to have locked settings that are grade specific (don't expect 1st grade to change settings; 12th grade is expected to recover from self induced stupidity so they can have more room to roam and risk falling into the La Brea tarpits of software despair), with student specific modified settings/work saved to cloud, and the machines restored to default after every class (or day, as appropriate). The OS needs the second mode, education, to control settings, and this costs manufacturer resources. Plus, lets face it, as engineers and programmers we want to festoon the product with all sorts of gee whiz baubles, mostly of no use to education... students will push the buttons, and millions of students pushing buttons will expose every bug you never thought of.

Cops jam a warrant into Apple to make it cough up Texas mass killer's iPhone, iCloud files


Possession is 99% of Breaking

If they physically the possess the iPhone, they can obtain whatever information is inside. They don't have the expertise, and apparently don't feel like hiring anyone that does have the expertise (or, they feel like back door insertion is a good idea... again.).

Dog must love stupid people, because he made so many of them.

US mulls drafting gray-haired hackers during times of crisis


Where do I Sign Up?

Preferably Navy. Crypto (no, not "cryptocurrency"!), security, quantum... no drugs, but grey hair. 1H.

Microsoft ports its Quantum Development Kit to Linux and macOS


Re: Great but

There are a couple of back to back PQC conferences in Fort Lauderdale FL in April 2018. Enjoy dawn to dusk dense mathematical presentations on Post Quantum Cryptography. Stop worrying about "here we go again" reactions to Spectre and SgxPectre and all that light weight management drivel, and explode your fuzzy head with wondrous new algorithmic insights.

Some of us are working in the engine rooms of the CyberDyne Legions to prepare the infrastructure to resist the coming quantum cryptographic apocalypse. It's noisy in here, but someone has to do it.

Plunk: SK Hynix drops 72-layer 3D NAND on enterprise SSD market


Wear Out

How long before those SSDs wear out? Oh, right, a "long time" if one is only reading.

Stop us if you've heard this one before: Tokyo crypto-cash exchange 'hacked' for half a billion bucks


Re: HSM, anyone?

Somewhat more sophistication would be needed. The perps would simply access the HSM to make the transfer. They don't really need the private keys directly, just access to the private keys to authorize a transfer.

Another step is needed-- something like a smartcard (or cards) to access the HSM which is used to encrypt the elements of the key store containing the private keys. And that is only effective if the smartcard isn't left enabling the HSM for transactions.... and while one is at it, also compartmentalize the cash so that separate private keys are needed for Piles-O-Cash(r), using different smart cards.

The problem they probably had, and the reason for the 0130AM local attack, is that the wallet private key needs to be accessible for transactions by late night Dark Web transactions, speculation, or even the purchase of a Coke(r). So, maybe you need a operator with an hourly smart card, watching transactions, with a ceiling transaction value before the boss is called in (at 0130) to authorize a Really Big Transaction (or a million little ones). At least then, there is a human in the loop to keep 500 big from being snatched. But wait, when you start small you can't afford an operator dozing all night long, so you just let the system run unattended and pray MtGox was an anomaly.

Of course, the failure could be much simpler. Some dim bulb left the connection open to the vault wallet which should only be accessible during shifts when transactions are being watched. Or the only protection is a passphrase. Or any of a million other failings.

There is a reason that banks make non-repudiation difficult... and most transactions can be reversed for at least a few days.

And we return to Munich's migration back to Windows - it's going to cost what now?! €100m!


MS.. LibreOffice

I run both. Office is substantially better. One issue I have is that converting LibreOffice docs to Word tries to send me off into a remote server for conversion, and I can't do that with a confidential document. Queue a flurry of cutting and pasting. (no, Office 360 is not on the table, that is a gaping security hole)

So all new docs are Office, still have old stuff in LibreO from back in the day when corporate idiots thought they would save money by not renewing Office licenses, and a tiny number in (gasp) LaTex and (double gasp) LWP. Out of curiosity I keep a daily log though in a truly gigantic LibreO now massing several thousand headings and several hundred pages, it has only crashed a couple of times.

Given my druthers, I'd use Dog's language: SGML. None of this new fangled WYSIWYG JIT like text baloney for the slack jawed drooling omega minus masses, give me the hard core hairy chested metal. But the powers that be won't pay the 4 or 5 digit license fee...

NiceHash diced up by hackers, thousands of Bitcoin pilfered


Re: Are NiceHash liable for this?

If they had a decent lawyer, the EULA probably says: "you hold us harmless for anything that happens to your btc while the btc is in our care" plus "anything bad happening is your fault, and you will pay our lawyers to defend us against you" (and if this is US, probably an additional arbitration clause saying the arbitration is in Elbonia or East Texas). Of course, all this is said using 80 screens of 8point lawyerese that almost no one reads, and of those that read the text, practically none of them understand what it says since they are blinded by the glittering btc riches beckoning them.


mutiple identical wallets

Whichever wallet transfers first and is accepted on the blockchain wins. All other wallets lose. The simplest case is all coins transferred, a bit more complicated for fractional coins but a greedy perp will take it all. There is quite a bit of complexity involved in the special case of a "race condition" to win a transfer on the blockchain since the ledger is distributed (surely you don't believe in timestamps hahaha).

A smart perp will take just a little bit and hope no one notices... no one notices... no one notices... after all anyone ignorant enough to keep the whole stash in one place probably doesn't have decent audit controls (and even so may not notice yet another person embezzling a tad off the top). The risk is having some other perp will clean out the wallet, the owner will then start wailing and improve security (or go bust, same result in this case) which won't help the smart perp's monthly payment for the London flat.

This hospital drug pump can be hacked over a network – and the US FDA is freaking out



Another reason for connectivity is to signal failures: blockage, flow below normal, cath fell out, watchdog (somewhat presumes device is designed more or less fail safe (uh...) calling home periodically),...

One has to wonder what rock the software developers were under when they created this null security device. Prior to the 90's ignorance was bliss outside computer orgs, but after the 90's there is no excuse.

Night before Xmas and all through American Airlines, not a pilot was flying, thanks to this bug



So... the pilots that asked for vacation and then reverse course get 1.5 time, while those that didn't get just time? I can see a bit of grumbling there.

Container ship loading plans are 'easily hackable'



There. The problem is fixed.

Parity calamity! Wallet code bug destroys $280m in Ethereum


Re: A tragedy? @ Messrs Spartacus & Tick

Deflation is bad, but so is inflation. There is no inherent reason that 0% is problematic in the economic sense (one can argue that predictable deflation or inflation is equally non-problematic, except for the transient time when debt is mangled by people gambling on the future and not getting it right. Oh, and waiting to replace the car because tomorrow's deflated car will be cheaper is bogus, since eventually one has to replace the jalopy regardless of the future lower cost. In the limit, you die and your heirs and assigns buy the cheaper car).

The thing not mentioned by central bankers is that a low predictable inflation permits all sort of de facto things, like deflating the wages of workers in an industry that is on the way out, and making the GDP look rosy through fictitious growth. Businesses love low inflation because they can raise prices by more than inflation and can blame "inflation" for the rise, and show real growth in their profits. They can keep workers happy by giving out raises, more for meritorious workers and less for others and the lessors seem to rarely realize the subtle shafting. The list goes on. What I don't like, is that central bankers issue mumbo jumbo about the glories of low inflation when it is all a card game-- they should just admit the arbitrariness and move on.

What is generally damaging is rapid change in any direction. If the bond is for 20 years at a fixed interest rate, you sure hope that the inflation rate is stable over that time (or at least that you can call the bond if you are on the short end!). You hope that deflation doesn't set in because the idiot lawyers did not account for less than 0% inflation in a variable rate bond contract.

Deflation can be handled by giving out negative pay raises... but one still has to handle idiocy like pensions that never go down (again, because of idiots writing the rules) and a host of other side effects such as hoarding of specie. The problem isn't deflation but the inability of our growth centric system to handle anything but numbers going ever upwards.

There's a battle on over two US spying laws: One allows snooping on citizens – one bans it



Just have your neighbors in the 5 eyes spy for you-- and reciprocate.

Toshiba: The memory saga is nearly behind us! Apple: Not so fast


Bain Capital

Another issue is that you always have to check your jewels before getting into bed with an equity company. Their sole reason for existence is to line their own pockets-- sure you might get 30% of the fab output: where 50% of the fab workers were laid off and remainder replaced with imported labor, and equipment maintenance (never mind upgrades) requires a CEO's signature and the CEO is paid based on gross profit this quarter. Bain will get their money + world + dog profit and leave the financially exsanguinated husk to the suckers, er, partners.

Have MAC, will hack: iThings have trivial-to-exploit Wi-Fi bug


Re: iPhone 5

At the moment iOS 11.0.1 is available for iPhone5. IPhone4 is out of luck, hanging in at iOS9 (but think of how much money was saved by not upgrading since 2010!).

Good thing Androids are cheap, the only software upgrade path for most is via buying a new phone.

Regulate, says Musk – OK, but who writes the New Robot Rules?


Been there, Done that, in a limited sense

Consider this case: you have a state engine to implement, and use a genetic algorithm (quite 80's really).

Software fails in the field with an important customer, the bosses come to you asking when will this be fixed? It just doesn't sit well to say "when the competition for best solution wins in the genetic lottery, sometime or other... don't call me, I'll call you when the danged thing gets a winner". No, this just won't do, so I implemented the state engine in the old fashioned sweaty way grinding out code.

Fast forward. The shiny ALV just cleaned off a whole sidewalk of pedestrians. How do you patch that pile of AI ware that 'learned on its own", before another sidewalk is cleared of meat bags?

Boffins fear we might be running out of ideas



There is no shortage of ideas. There isn't even a shortage of viable ideas that could be realistically developed.

What seems to be happening is that

-- the dismal scientists are failing to recognize that as industries mature the cost of advances increases

-- we seem to be on the epicyclic where each new idea that is developed, doesn't achieve as much economic return compounded by an increasing diversion of energy into increasingly useless endeavors such as following vast numbers of legal rules.

This last can be for several reasons, ranging from the surfeit of maturing research and development paths-- bullet 1 plus the "my pa did it this way, and his pa, so I'll do it the same way!"-- to the increasing atherosclerosis of the bureaucracy in the world (insufficient burning out of dead useless brush in the human environment, as by say a nice non-nuclear world war). The latter includes vast pools of stored labor in the form of cash which sits useless under the fatty cellulite riddled rumps of the filthy rich. [it has not escaped notice that a small number of such parasites have arisen from incestuous plutocratic sewage to assay useful application of said stored labor, a notable example is SpaceX; these instances are the exception however.]

This isn't a multiple hundred years stultifying dark age, just a pause until a paradigm change occurs, or perhaps a world war. At least a world war that doesn't obliterate everyone...

Surprising nobody, lawyers line up to sue the crap out of Equifax


Re: Equifax Lawsuits.

Rather than notional damages, the result of the lawsuit ought to be a refund of 2x the cost of freezing/unfreezing the credit reports each time the credit report is frozen or unfrozen for every agency. For a yearly count that is at least 2 standards of deviation beyond the median of what a typical person does each year (that is, of the population that even uses freeze/unfreeze, otherwise, the value approaches 0).

The obvious response for Equifax is to make the cost 0-- so 2x0 is 0-- but the competitors might go to say 1000 just to eliminate the competition. A virtuous solution.

Oh rats. I just woke up.

Linus Torvalds passed a kidney stone and then squeezed out Linux 4.13



I guess Torvalds doesn't insist on anything but pro forma Gerrit use.

Revealed: The secret CEO texts that tell the tale of Uber-Waymo's self-driving tech spat

Black Helicopters

Ottomotto Zero to Self Driving in 6 Months

Isn't likely. If they could do that, we'd have self driving cars for the masses by now, a mere 12 months later!

Oddly, Otto's self driving trucks seem to have driven into a black hole and disappeared after they were bought out. Plus, that self driving truck stunt is starting to stink of mechanical turk. Apparently no one cares, and no one is talking.

Crap gift card security helps crims spend your birthday pressie cash


Re: PIN on the back

The smart ones "spray paint" the scratch off stuff back on if they haven't done the work to read through the scratch off.

Really, if you must use a pin, the pin should be a combination of scratch off and an authorization pin fragment. That way, the clerk doesn't know the entire PIN unless they are in on the theft.

Waymo now way less: Robo-ride upstart drops patents in Uber battle


It Looked Suspicious from the Get Go

When I read about the small relatively shortlived company Otto being bought for a big pile of cash by Uber, it seemed... unusual. The me-too product of autonomous trucks, already in development for far longer in Europe particularly, just did not seem worth the price paid; plus, the company wasn't old enough to have created truly workable firmware and hardware. Sure strap on some automobile self driving kit, hover in a cold sweat over the rig's steering wheel during a flashy demo when traffic was as light as possible with guard cars running fore and aft... flash and dash for the clueless unwashed masses. Or maybe this was a Mechanical Turk moment that hasn't flushed out yet.

Fast forward, and is sure looks like window dressing. Where are those Otto trucks that are supposed to be infesting the highways? Thought so.

Still, Levandowski is sitting high on the pile of cash and likely will get to keep everything but what the lawyers siphon out. Seems like a good plan going forward, just have to stomach that 5 or 10 years of boredom in court.

Constant work makes the kilo walk the Planck

Black Helicopters

Physicists are Plotting to Overthrow the World

Physicists, darn physicists, and scheming whinging dastardly cursed rubbish eating physicists!!

What you say am I talking about? The filthy lowlifes want to literally make Planck's Constant a constant-- i.e., a fixed number. No more of this "any time some busy body experimentalist discovers a more accurate value for Planck's Constant will our perfectly spherical (to a first approximation) august bodies have to recalculate our equations". Rubbish that, make Planck's Constant a true fixed number! Let the rest of the physical world recalculate everything when a more accurate underlying value is determined (our pristine Physicist's Planck's Constant is invariant by axiomatic definition completely regardless of the real world!).

Oh yes, all those metrology measurements are trashed, each time a more accurate Planck's Constant is found, recalibrate the instruments and keep a table to convert the past into the present. But the physicists won't have to lift a finger to scrub the numbers on the chalkboard.

It is a plot I say! Heaven help you if you use Planck's Constant (as a fixed number) in your orbital mechanics, you'd probably miss geosynch by at least 10's of meters because all those bits built into the spacecraft subtly change as "fixed Planck's constant" deviates further from its origins...

Northrop Grumman can make a stealth bomber – but can't protect its workers' W-2 tax forms



Threaten to publish names associated with salaries-- the execs would surely pay 200-300 bitcoin to avoid a fate this heinous. Plus, you can still rip off the employees' taxes, that is not part of the deal; the employees are handed the pitiful sop of a few years of credit reporting.

Most companies try desperately to keep salaries a deep dark secret-- that guy dozing in the cube next to you could be making 30% more than you just pushing a few papers around occasionally. How much is avoiding expensive pay scale riots in the drone cube farm worth to the CEO? Or worse, civil war in the middle management ranks when the hypercompetitive wankers discover who is the mightiest wanker of them all (and it probably isn't the one in the mirror).

Leaked NSA point-and-pwn hack tools menace Win2k to Windows 8



The literal truth: no evidence that SWIFT was broken.

The actual truth: NSA has a client copy of SWIFT software, so obviously SWIFT is pwned-- perhaps even willingly. SWIFT is, well, ancient and never broken, they said so smugly themselves from 5 star Geneve hostelries.

For many organizations, there is little to literally fear from the five eyes. Russia, maybe. Norks, almost certainly. The SB data is mostly interesting as an example of the likely "worst case" nation state pwnage.

Instagram phishing apps pulled from Google Play

Black Helicopters

Clear Text

So... just send the stolen credentials encrypted as a comment to another Instagram account so that there isn't obvious suspicion? Oh, that applies to the other 900 phishy apps developed by less lazy crooks.

Sony takes $1bn writedown: Streaming has killed the DVD star


Am I Missing Something?

Why are the movies bosses stepping down? This implies that Sony is not managing to monetize the movie via streaming vs. the income from physical media.

In other words, if you buy physical media, you are being soaked by Sony... just driving more people to streaming media.

GNU cryptocurrency aims at 'the mainstream economy not the black market'



This seems more like a subset of Hyperledger, where what is tracked is monetary units. So, I'm not really seeing the long term utility, unless that "tax" hook really works.

Of course, Hyperledger seems more like a bunch of crony companies all cheering "open source" while trying very hard to avoid actually contributing until they get IP staked out in their pending contributions... so maybe Thaler ought to bill itself as the real open source Hyperledger.

Samsung set a fire under battery-makers to make the Galaxy Note 7 flaming brilliant


The batteries, they burn!

It is an interesting question why there aren't a lot more LiIon batteries bursting into flames in products where the only objective is cheap. My first guess is that cheap suppliers just have not (yet) reached the flaming edge power densities where spectacular events would commonly result from failures.

In the meantime, considering the penetration of supply chains by AliBabas, I'll keep on charging my lithium ion batteries on a metal table top. Except for the Jesus Phone, you have to have some Faith!

'Exploding e-cig cost me 7 teeth, burned my face – and broke my sink!'


Re: A "Twisted Vapers RDA" is just the "tank"

Using pretty colors and pictures that may attract children is dangerous because the liquids with nicotine can be lethal in relatively small quantities. You may be a responsible user, and as an adult you should have the right to imbibe/inject/inhale any chemical you want, but others leave this stuff laying about as an attractive hazard.

In this case the numpties are right with the "its for the children" refrain.

NIST requests ideas for crypto that can survive quantum computers


It is much, much worse than you think it is.

The legacy commercial crypto systems currently in use are subject to QC. The advent of QC guarantees that nation states-- first movers for QC since early tech is almost invariably atrociously expensive-- can sign an update to anyone's device, including those devices for which the nation-state has not yet obtained the keys. Who needs zero-days, complicated drive by attacks, Rowhammer, phishing attacks, rubber hoses, satchels of cash, or any of the others when you can just rewrite the software after stealing the source code which is secured by computers subject to QC attack. Presuming you can't steal the source code using simple ordinary means.

There are a few speed bumps that can be thrown up, local keys using TPC add very slightly to the effort (or maybe not, most implementations are sadly deficient), air gap (really? What did you say your productivity is? military can afford this but can YOU?), or one can just block software updates but then mundane security holes blow up (XP users rejoice! You are ahead of the curve!) not to speak of network comms being broken.

One needs PQC, or some other alternative new invention (at least for software updates)...

Sexbots could ‘over-exert’ their human lovers, academic warns


Re: Kill arachnophobes

So you'd rather your food (not to speak of everything you touch) is covered by dirty fly lips?

The arachnophobe pressing the kill switch should be cursed by a plague of flies.

Non-existent sex robots already burning holes in men’s pockets


Coolidge Effect

The sexbot needs to have morph capability, to avoid the titled Coolidge Effect. Plus positive feedback.

The mind boggles at what people will decide their morphing sexbot to appear as.


Re: Imagine the potential leaks

I do imagine that. Definitely get the self cleaning 'bot...

Yahoo! says! hackers! stole! ONE! BEELLION! user! accounts!


Source Code

The Mayer c-suite is bleating that the billion account loss was possibly due to source code theft, the purloiners taking advantage of security holes. Since Yahoo security was poor (despite the good reputation of the 'Paranoids' before they were poached by more astute companies) one has to presume that the Yahoo source code rivals Adobe Flash for security quality. It costs time and money to write secure code, even if the cost is negative on a life cycle basis.

Verizon should probably rewrite the source code at a cost of 100Mil, or maybe 2 or 3 hundred including debugging and roll out to the 20 or 30 remaining Yahoo customers. Alternatively, Verizon could just ape Adobe and not proactively fix problems, just react and wack the moles when they pop up. Yahoo will then die the Flash death of a thousand security patches. Of course, if the price is right, maybe it would be worth it.


Biting the hand that feeds IT © 1998–2018