Slashdot Mirror


User: lgw

lgw's activity in the archive.

Stories
0
Comments
21,562
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 21,562

  1. Re:Well there's the kernel, with scheduler, etc on ReactOS 0.4 Brings Open Source Windows Closer To Reality (techrepublic.com) · · Score: 1

    https://social.msdn.microsoft....

    First useful google hit for me. There are many more. \\?\ and you're good.

  2. Re:All drives fail, sooner or later... plan for it on Backblaze Dishes On Drive Reliability In their 50k+ Disk Data Center · · Score: 1

    I lost data once too when an IBM Deskstar died suddenly and my backups somehow got corrupted too.

    You don't have a backup until you've tested the restore. The nice thing about simply copying all files to an external drive (with nothing clever going on, just a file tree copy) is that the "restore" is just using the new drive. But that approach doesn't really scale past home/home office use.

    I wish there was a better selection of tape backup software in the world: LTO-7 finally shipped, and a 6 TB (uncompressed) tape is nice.

  3. Re:I can see it now... on Judge Tells Apple To Help FBI Access San Bernardino Shooters' iPhone (engadget.com) · · Score: 1

    Sure, I agree with "shouldn't", but I full expect they (or someone) will, so I do what I can to protect my privacy by assuming that every corporation will leak everything I do. I have no choice but to hope my financial institutions can keep a secret, but I certainly don't expect the likes of Google or Apple or Facebook to do so, not long term.

  4. Re:Well there's the kernel, with scheduler, etc on ReactOS 0.4 Brings Open Source Windows Closer To Reality (techrepublic.com) · · Score: 2

    And yet NTFS still has a 255 character limit for path names (combined directory, subdirectory and filename) length

    Nope- it never has had that limit. Legacy win32 APIs have that limit, but the work-arounds are documented in MSDN (something like //?/C/long/path/...

    NTFS supports most things you'd want a filesystem to support, and some odd things most filesystems don't (multiple data streams).

  5. Re:Bring the GIF button to Slashdot on Twitter Rolls Out GIF Button (usatoday.com) · · Score: 2

    IAintClickinThatShit.jpg

  6. Re:I can see it now... on Judge Tells Apple To Help FBI Access San Bernardino Shooters' iPhone (engadget.com) · · Score: 1

    The lock on the front door of my house is enough to keep out the average interested person, the alarm that goes off if they kick it down will address most of the rest. If turning the handle opens the door without effort, then the lock doesn't matter, now does it?

    Ah, but you were making absolutists claims about security up-thread. That's all I was objecting to.

    Second, Secure Enclave isn't in the iPhone 5c, so it has nothing to do with this case, since the technology in the 5c is far closer to the 4s than the 5s and beyond.

    I suspect Apple could, if they REALLY wanted to, break the 5c and earlier models, due to them being less secure. I suspect Apple could NOT do the same trick with the 5s and beyond. If designed correctly, they would be virtually impossible to break. A new firmware doesn't help with a 5s, because that has nothing to do with the Secure Enclave. If you update the SE chip, you wipe the key in the process (as designed).

    Yeah, I was just reading up on that It's a 5c, so Apple could definitely give the FBI access. It's not a technical question. Hopefully Apple stands firm on "we can, but we shouldn't", which I certainly agree with.

    For the 5s and beyond, I'd believe Apple lacked the technical know-how to provide access, though it's not clear you couldn't mess with the SE object code in memory (I believe you can update the SE firmware, but it needs the PIN to do it, which is a nice feature).

    Just getting the key on the phone won't let you read the phone's contents. Why is it that people miss that key detail?

    Because you can brute force it from there, trivially (but the point of the SE is to not expose the key without the PIN).

    If that is your take-away, then you simply don't understand the security implications.

    Let me put this another way. Imagine if your wallet was stolen and in it was your drivers licence, social security card, credit cards, and checkbook.

    Those things are not in my phone. Nor are they to be found unencrypted on my home PC. My home PC has no login screen, because that doesn't provide any real security. I don't care if the person who steals my PC can watch my porno collection. What they won't find is any of my financial details, any browser history that might be mineable, any of the hundreds of other ways Windows leaks stuff. When I want to do some online banking, then I'll type in a strong password, and use an environment only used for banking. And I certainly won't involve my phone in any way in this process.

    Sure, this approach is vulnerable to an "evil maid" attack, but I'm not trying to keep my details from the government - I'm fully protected from theft and normal sorts of hacking, while retaining convenience.

  7. Re:kids are like pets on Surveillance Culture Brought To the Masses, Courtesy of Verizon (consumerist.com) · · Score: 1

    Never heard of it working any other way, except in very rich families. Every single person I grew up with who got a car, got a beater of one kind or another, and usually the "and you can't ever drive the good car" was explicit. I don't know anyone who was offended by that - we all knew that responsibility wasn't chief among our virtues, and anyhow the first year driving was just that.

  8. Re:I can see it now... on Judge Tells Apple To Help FBI Access San Bernardino Shooters' iPhone (engadget.com) · · Score: 1

    No, it means the house wasn't locked in the first place. You're only as secure as your weakest link.

    Ah, but that's not what you first said. And it's not really true - "all the doors and windows are locked" is a perfectly reasonable definition of a secure house, but that still doesn't mean I can't enter. Security just isn't about absolutes.

    omething that appears possible on the iPhone 5c, but should not be possible (even for Apple) on the iPhone 5s or later (thanks to Secure Enclave).

    That's the matter of dispute "Secure Enclave" is marketing, and we don't know what's real. Apple rolled their own security with "Secure Enclave", which almost never turns out to actually be secure. Apple of course claimed they can't break it, to avoid bad press. They're now being asked to prove they can't, to prove the FBIs suggestions, such as a firmware update, or just altering the object code directly in RAM, won't work. Those seem like reasonable suggestions to me.

    Try erasing the actual 256-bit AES key on the phone and try to recover the data and see how well that works without the key.

    How is that relevant? No one ever attacks the math itself, except as an academic exercise. Practical attacks are always about getting the key. The key is on the phone. (But the phone is still "encrypted", regardless.)

    The take away from this is that if you really care about your data, don't use a 4 digit pin, use a long password. Then this request for help wouldn't work. The key embedded on the phone only helps once you enter in your own key that goes with it. If your personal password is 12345 then you really have no protection. If your personal password is DEj28s^%$h3nkdol?EqP then you're 100% secure (or as close to 100% as it gets in this world).

    My take-away is very different. I don't even have a PIN on my phone. I don't trust my phone provider to keep my data safe. If my phone were lost or stolen, of for that matter the PC in my house (which also doesn't have a login screen), I'd want to change my email password, but that's about it (and if I were worried about a government, I arrange things so that changing my email password was also irrelevant).

  9. Re:Forget about the teen drivers... on Surveillance Culture Brought To the Masses, Courtesy of Verizon (consumerist.com) · · Score: 1

    No, that's pretty much the definition of a redneck.

    A Redneck is the guy who drinks a bottle of beer while he's speeding down the freeway in hi pickup truck, and tosses the bottle out the window when he's done. A Good Ole Boy, on the other hand, puts the empty in the trash.

  10. Re:kids are like pets on Surveillance Culture Brought To the Masses, Courtesy of Verizon (consumerist.com) · · Score: 1

    kids are like pets you don't trust them and always monitor them

    Bullshit - by normalizing surveillance you create the totalitarian state. Teens need to learn to be adults. That means trusting them some, and helping them with the inevitable mistakes. No, that's not optimal for your convenience.

    if you want to borrow my $30,000 a year toy

    That's an expensive habit!

    But who lets the kid drive the good car? That's why you buy them the beater, or give them the aging hand-me-down.

    with legal implications if you hurt someone

    Legal implications? I hope it hasn't come to that yet - surely the totalitarian state isn't so far along that we're punishing people for the actions of family members yet. Right? Right?

    If you meant financial implications, that what insurance is for. And that's why the kid gets his first job - to pay for that insurance.

  11. Re:Teen driver checkup? yes please on Surveillance Culture Brought To the Masses, Courtesy of Verizon (consumerist.com) · · Score: 1

    That stopped being true over a decade ago. That's why the Millennials stopped caring about cars. Now they just have sex at the permissive parent's house - no car required.

  12. Re:I can see it now... on Judge Tells Apple To Help FBI Access San Bernardino Shooters' iPhone (engadget.com) · · Score: 1

    If a door can be opened without the key, then it isn't locked in the first place.

    If I enter your house through the open window, that doesn't mean you had a bad door lock.

    If a device can be decrypted without the key, then it wasn't encrypted in the first place.

    Sure, but that's not the question. The FBI doesn't currently have the key. If there's a way to give them the key, that doesn't mean the device is not encrypted. And in fact this is the case here: what the FBI is requesting is a version of iOS that lets them brute-force the password on the phone (the key is only protected by the phone password). Apple could trivially do this.

    It also assumes that a key-escrow is safe against non-government actors. Math doesn't care who you are, it would never stay secure for long.

    Depends on whether the government or Apple keeps the keys, and if Apple keeps them, whether they'd take the fairly simple steps needed to protect them from causal hackers and inside threats (most companies don't take even the most obvious steps to protect their customers). But the argument against key escrow is better found in the constitution than the technical details.

    e key is designed to not be readable, not even by Apple. The only possible way to read the key would be to decap the chip itself and use an electron microscope, which would take time and cost a lot of money.

    Yup. Very straightforward if it's not tamper-proof. Merely not cheap. But that's not what the judge is asking them to do.

    If the chip is designed properly, it will self-destruct when decapped, making even that option not possible.

    Tamper-proof chips can still be coerced into leaking their keys through side-channel attacks. That's the point of the difference between FIPS 140-2 Level 3 and Level 4.

  13. Detroit fought seat belts because their customers didn't want them, and they didn't want to give the impression that their cars were particularly unsafe. Forcing products on an unwilling consumer base is something to think twice about - I think both the government and Detroit were in the right here - Detroit to resist until it was forced on all manufacturers, and the government to insist.

    If Wal-Mart decides that non-certified cut-rate cat food, er electrical plugs will sell profitably enough to exceed potential liability costs, expect to see non-UL plugs on Wal-Mart's shelves.

    As long as we have truth in labeling, I'm hesitant to say that's a bad thing. Maybe, if the risk of fire spreading to hurt people who didn't buy the non-listed products was there. But if you don't support the right of people to make stupid decisions and hurt themselves, you don't believe in freedom. That's what freedom is, after all, my right to do something you think is foolish, and vice versa.

  14. Hahahahahhahahaah ha ha ha ahahaha ha. ... ha.
    Phew I need a tissues. That brought me to tears.

    UL has worked for 100 years. When's the last time you heard of a new lamp, or radio, or other appliance catching fire when plugged in?

    Why do you imagine it's not working? Do you have evidence? Or just a belief that all problems are made better by more government?

    Airbags hurt children, so no airbags were better?

    False dilemma. Early airbags killed children and the elderly. That was unnecessary - had airbags hit the market a few years later, we could have been at the same point today without killing early adopters.

    Remember, airbags were initially pushed as a replacement for seatbelts. We know they don't work that way. Engineers at the time fully understood they don't work that way. Airbags are now understood as a "Supplemental Restraint System", and they serve that role well, but they were never going to work as a replacement for seatbelts.

  15. Re:I can see it now... on Judge Tells Apple To Help FBI Access San Bernardino Shooters' iPhone (engadget.com) · · Score: 1

    The key is stored somewhere. Wherever that is can be imaged, unless the tamper-resistance is good. Even if you don't have physical access, you can generally get the key to leak through side-channel attacks. All of which could be really quite expensive.

  16. Re:I can see it now... on Judge Tells Apple To Help FBI Access San Bernardino Shooters' iPhone (engadget.com) · · Score: 1

    If Apple can decrypt it, then it isn't encrypted in the first place.

    Clearly not true. It could be encrypted, but Apple could ave a copy of the key hidden away somewhere - a key escrow program. This would protect iThing users from non-government attacks, and is what the government wants to future to be.

    Also, it could be encrypted, with the key on the device, as appears to be the case, and so Apple just needs to read that key. That may be unduly expensive, but any form of persistent storage can be read by some out-of-band method.

  17. Re:On-device key useful for secure deletion on Judge Tells Apple To Help FBI Access San Bernardino Shooters' iPhone (engadget.com) · · Score: 1

    Most security pronouncements by companies are bogus. That's why there are federal standards for real encryption. Apple might have done the right thing - but if they did, you'd think they'd mention the standard they complied with, and not make up marketing terms like "secure enclave". I don't see "tamper-proof" in that marketing material. Does it wipe the key if the voltage goes too low? If the temperature goes out of range? Heck, if the case is opened?

    I suspect it's easier to break than getting the PIN off a chip-and-PIN credit card.

  18. Re:I can see it now... on Judge Tells Apple To Help FBI Access San Bernardino Shooters' iPhone (engadget.com) · · Score: 1

    1. In my experience apps can run in the background and use wifi while the device is locked.

    Letting the thing actually run sounds dangerous to me, and certainly not a normal forensic technique. Heck, it could do something as simple as wipe all files when a certain date is reached. Best not to let it.

  19. Re:On-device key useful for secure deletion on Judge Tells Apple To Help FBI Access San Bernardino Shooters' iPhone (engadget.com) · · Score: 1

    Any key that's stored on the device can easily (but not cheaply) be retrieved, unless the device is FIPS 140-2 Level 3 (and eventually be retrieved unless it's Level 4). It can be as trivial as bypassing the instruction that checks the password, or as tedious as forcing the key to leak through side-channel attacks, but Apple could certainly do it.

  20. Re:I can see it now... on Judge Tells Apple To Help FBI Access San Bernardino Shooters' iPhone (engadget.com) · · Score: 1

    I don't think it's that dire. One can almost always break in if you have physical control of the device. At worse you have to hook up JTAG and watch the instructions being executed, look for the pattern in the code where encryption is checked and force signals to be in the configuration you want.

    That only works if the key is stored on the device, and the text the user types is merely a password to authorize use of the key, which would be a damn silly implementation.

    OTOH, the phone probably has a short key, and brute force would likely work, though you may need to physically bypass the CPU (in inbuilt software) in order to bypass any limit on number of attempts.

  21. Re:My Company Had One... on Camless Internal Combustion and the Digital Age (hackaday.com) · · Score: 1

    Yep - that "envelope" of timing vs rpm ve power demand can all be pre-calculated and built into VVT systems. Some are simply RPM based, some are more fancy.

  22. Re:My Company Had One... on Camless Internal Combustion and the Digital Age (hackaday.com) · · Score: 2

    Well, TFS says

    digitally controlled actuators instead of a camshaft to decide when each cylinder should fire

    Which isn't what a camshaft does. Ignition timing has been "digital" in most cars for some time now.

    rumor is the hydraulics used a ton of power. The thing was much less efficient than a traditional cam driven engine. Sure, the valve timing and lift was perfect, but it was otherwise a nightmare.

    My car has camshafts, but the timing of the open and close is plenty computer controlled. You don't need actuators to open and close the valves, you only need hydraulics to make the cams "bigger" when more power is wanted, or alternately to start opening a (usually much larger) set of valves past a certain RPM (insert "VTEC kicked in!" meme jpg here).

    It's not like you need to calculate cam profiles on the fly - the envope can be defined when the car is designed, for whatever factors you want to adapt to.

  23. If your product has a plug, you wont get it sold in US stores without UL listing - liability fears have meant there's no need for government intervention here. (There have been problems with some direct consumer imports from China, but that's true in many countries.) UL doesn't handle all forms of product safety, but they're great at electrical and fire safety testing for products.

    the way that Detroit automakers computed the cost/benefit ratio of lives lost versus cost of installing seatbelts

    It's worth noting that the government-mandated rush to install airbags actually cost lives, as it took a couple years for the "no kids in the front seat" warnings to show up. (Though these days you're "old" if you remember when airbags were dangerous, kids were banned from the front seat, and minivans too old for airbags were valued as they could haul 1 more kid to soccer practice.)

  24. Re:idiots on New Energy Efficiency Standards Take Effect This Week In the US (nrdc.org) · · Score: -1, Troll

    Actually, much of that is covered by UL, not the government, in the states.

    Funny you mention smokestacks: my roommate in college was an Environmental Engineering major. He found government interference in the ability of engineers to improve (chemical) plant emissions so extreme that he quit the field entirely. The government is chiefly interested in forcing the plant to buy a particular scrubber conveniently only made in one state, or only by the company that donated the most to the committee members.

    Truth in labeling, though, that's solidly legitimate government business. Redefining everything everywhere as "safety", and thus the governments business, however? Spoken like a true totalitarian.

  25. Re:Technology Paradox on Why Some Cities Get All the Good Jobs (chicagotribune.com) · · Score: 1

    You seem to be under the impression that people's votes have some influence on who rules over us. Money is power, and those who have it get what they want (more), and the rest of us are screwed. Elections are held periodically to perpetuate the illusion of democracy. No one's vote that is unaccompanied by a check is worth the paper it's marked on.

    Lets see what happens in this primary. If you ignore the primaries, you allow the wealthy to choose the candidates on both "sides", so of course you're screwed. But Bernie is doing well, and Trump is doing well (he may be rich himself, and his sanity is dubious, but he's not at all aligned with the current DC/donor establishment).

    American democracy is all about the primaries.