* Posts by Philip Mather

13 posts • joined 22 Sep 2014

Quantum cryptography demo shows no need for ritzy new infrastructure

Philip Mather

"but isn't this still susceptible to man in the middle attacks?"

"but isn't this still susceptible to man in the middle attacks?"

No they shouldn't be, as per wikipedia (https://en.wikipedia.org/wiki/Quantum_network#Trusted_repeaters)

If you have a Trusted Repeater that repeater will decode your message, if you have a Quantum Repeater then it can't, even though it will be doing error correction to clean and further propagate the signal. I'm a bit vague about whether you would be able to distinguish (from a fundamental point of view) between a remote end point and a TR masquerading as it.

I can understand how the Quantum Repeater works, broadly speaking, based on my degree but I'm not clear about distinguishing an endpoint from a TR. I get the bit where they start talking about Bell States but nobody seems to address the question of identity, but the easy way of telling would be to communicate with yourself via your ISP i.e. have a transmitter and receiver at your end, establish entanglement between them and then examine their state to make sure they are directly entangled.

As per wikipedia...

"A true quantum repeater allows the end to end generation of quantum entanglement, and thus - by using quantum teleportation - the end to end transmission of qubits. In quantum key distribution protocols one can test for such entanglement. This means that when making encryption keys, the sender and receiver are secure even if they do not trust the quantum repeater. Any other application of a quantum internet also requires the end to end transmission of qubits, and thus a quantum repeater."

Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

Philip Mather
Mushroom

"PS: It appears 64-bit ARM Linux kernels will also get a set of KAISER patches,"

Why has no one asked the most critical question... do I need to patch my Pi?

Also, given the number of recent SNAFU's like this and Apple's login cock-up etc... I'd like to request a new +1 level of FAIL icon so that we can ring in 2018 with a new, appropriate level of numbnuttedness that the existing FAIL icon er... fails to encapsulate this new level.. Something like a double face palm icon?

GRAPHENE: £120m down, UK.gov finds it's still a long way from commercial potential

Philip Mather

2D

Graphene is not really 2D, it's 0.00000034 mm thick.

Skype shuts down London office, hangs up on hundreds of devs

Philip Mather

Clippy

You didn't anything about it being useful or valuable.

Jeff Bezos' thrusting cylinder makes Elon Musk's look minuscule

Philip Mather

Re: But can it land?

I tell you what if it could launch Westminster Palace instead of the Pentagon in to orbit I'd crowd fund the shit out of it?

Philip Mather

Re: Paper rocket

Rumour has it that Slashdot is in fact running out of a excel spreadsheet.

Philip Mather

Re: ....but third US astronaut to make a flight. (Not counting the apes.)

I was going to crack a "fire Trump into space" joke but actually, genuinely don't want to slur the apes with comparison to that "thing".

Man-in-the-middle biz Blue Coat bought by Symantec: Infosec bods are worried

Philip Mather
Mushroom

Game Over

The End.

It's not us, it's you: Boffins ditch supercomputers in lust for new materials

Philip Mather

Re: Scratches head

> Take the electron for example

Don't! There's only one of them, maybe, or not... https://en.wikipedia.org/wiki/One-electron_universe

Monster crowdfunding total raised for Sinclair ZX Spectrum Vega+

Philip Mather
Facepalm

Needs a decent video output format before anyone will care...

"Headphone socket doubles as an A/V connection, allowing stereo audio and composite video connection to a TV. Supports PAL and NTSC formats."

Staff 'fury' as penny pinching IBM offers legal minimum redundo payoffs

Philip Mather

Re: Owners matter too

I think perhaps you missed... "Work is being shifted to lower labour cost countries." ...that minimum wage you're talking about ...it just got a lot, lot lower.

AWS control freak can now manage ON-PREMISES servers

Philip Mather
Mushroom

Even less work for the true BOFH...

Now, when the intersnizzle falls on it's face you can not only wipe you hands of restoring your cloud hosted services but you can claim that you can no longer manage your own on-prem kit as well. ;^)

Let's make the best efforts, decentralised, ball of chaos that is the Internet a single point of failure for our entire civilisation. What Could Possibly Go Wrong?

CloudFlare ditches private SSL keys for better security

Philip Mather

More secure for who exactly?

Strikes me that this appears to absolve CF (now a literal MITM as pointed out) of maintaining private key security which is a good thing for them and also for the "server" to some extent I guess but this leaves two issues...

1) All of the most important traffic between the "client" and the "server" is now concentrated over a far smaller route being that it's now bottle-necked into the MITM (CF). I understand it's not the encrypted content being sent back to the customer's key server, just the "twice" encrypted and then "once" encrypted (on it's return to CF) pre-master secret but that is the "effective" security of the content. Tell me more about this "encrypted channel" between MITM/CF and "server"? Is the "client's" ID/IP transmitted over the same channel? Cloud flare do DNS as well don't they?

2) It always struck me that any architect/engineer with a clue, aware that they were handing over a private key to a third party, carefully considered the security of the MITM/CDN, the importance and sensitivity of the data involved and then segregated it from anything that was unique or otherwise un-cachable (i.e. important stuff). I can see that this would "incline" (?) people to just let CF handle everything and proceed not to think to hard about it.

Not entirely sure about this. It doesn't seem to benefit the end-customer/client at all and doesn't really offer the provider/server much real benefit (rather just shifts some risk about or trades it off from one place to another). The only clear winner here seems to be CF? Is this product cheaper than a "traditional" CDN, I mean they seem to be off-loading the risk of holding a private key? It must increase the network traffic for the "server"? Am I missing something? I dunno.

Biting the hand that feeds IT © 1998–2019