* Posts by Almost Me

15 publicly visible posts • joined 26 Mar 2011

The AN0M fake secure chat app may have been too clever for its own good

Almost Me
Big Brother

Re: One Time Pads.

The problem isn't the key exchange, it's knowing who you just exchanged keys with is the right person and not a man in the middle.

Over a million Android users fooled by fake WhatsApp app in official Google Play Store

Almost Me
Big Brother

Just in case you thought Google cared and/or Google engineers were intelligent...

Just checked in the app store: there are two new fake WhatsApp apps... if adding a Unicode space no longer works, just add an asterisk or an ellipsis...

FCC Commissioner blasts new TV standard as a 'household tax'

Almost Me
Devil

Re: OTA TV

Since the switch to the ATSC standard and digital TV in the US and in Canada, the range of the OTA signal is significantly less and also the picture is either perfect or blocky at times .

<rant>

One thing to realise about TV in Canada (and possibly the US) is that the objective of the broadcaster is not always to provide OTA reception. Putting up a transmitter gets you on "basic cable" in that area even if the reception is crap. Hence here in Ottawa some transmitters are in cheap rather than good locations and, since the transmitters aren't all co-located, you need an antenna rotator and a tower if you want to get all the OTA stations.

</rant>

Fortunately there is the internet.... although the speed sucks in rural areas.

'Israel hacked Kaspersky and caught Russian spies using AV tool to harvest NSA exploits'

Almost Me
Big Brother

Why the delay?

In 2015 Israel finds evidence that Russia is using Kaspersky AV to spy on everyone.

In 2017, US Government warns its government employees to stop using Kaspersky AV.

So either (a) Israel (an "ally") did not tell USG until 2017, or (b) USG intentionally allowed all its government employees to be spied on for two years by the FSB.

There is something very wrong with the official story

Troll it your way: Burger King ad tries to hijack Google Home gadgets

Almost Me

Disabled? Worked perfectly when I tried it...

And the top result was "Google shuts down Burger King's cunning TV ad (The Verge)", followed by the Wikipedia entry on the Whopper.

Has trouble recognizing my voice, though... so I don't use the misfeature.

Microsoft cloud TITSUP: Skype, Outlook, Xbox, OneDrive, Hotmail down

Almost Me

Probably asking everyone for their parent's permission to log in

All of our Skype accounts suddenly stopped working because apparently (a) we apparently were born in 2015, (some years after the accounts were created), and therefore need our parent's permission to log in, and (b) have Credit cards with US addresses even though we don't live there so we can prove our age...

Makes me glad my company's not using Azure... and now not planning to.

Mysterious Gmail account lockouts prompt hack fears

Almost Me
Big Brother

But did it ask you to agree to the Terms of Service?

It just happened to my wife: I just assumed it was a not-so-subtle method of forcing everyone to agree to their latest Terms of Service... probably the new clauses about introducing droit de seigneur and rights to the mortal soul of your first-born...

Don't let banks fool you, the blockchain really does have other uses

Almost Me
Coat

Blockchains need large numbers of untrustworthy people...

The main problem the blockchain solves is a distributed ledger which it is computationally infeasible for any party to alter. Each block depends on the previous block, and is computationally expensive to create. For alteration to be infeasible, machines must continuously (and honestly) creating new blocks faster than any attacker can. If this requirement isn't met, the attacker can create an alternative block chain which, if it becomes longer than the genuine one, will supplant it.

If only a small number of computers are involved, then each of the nodes has to be trusted. Otherwise recent block chain entries can be rewritten by anybody with a credit card and an AWS account. But if there are only a small number of trustworthy parties, digital signatures and trusted timestamp servers will also work and not require any significant computing resources.

So for a blockchain to be the better solution you need a large number of untrustworthy people who have an economic incentive not to cheat...

The really neat aspect of Bitcoin is the economic incentives it provides for nodes (untrusted people) to join the network and to "mine" new blocks honestly.

But most proposed blockchain applications neither provide the incentive not to cheat nor allow untrusted nodes to join their network. Their main purpose seems to be to separate naive investors from their money.

Cracking Android's full-disk encryption is easy on millions of phones – with a little patience

Almost Me

Some more Engima Figures

*Assuming* only 8 rotors available at any one time:

3 Rotor Engima.

Rotor choice 8*7*6 = 336 = 8.4 bits

Rotor Position 26*26*26 = 17576 = 14.1 bits

Total Entropy = 5905536 = 22.5 bits

4 Rotor Enigma (Naval)

Rotor choice 8*7*6*5 = 1680 = 10.7 bits

Rotor Position 26*26*26*26 = 456976 = 18.8 bits

Total Entropy = 767719680 = 29.5 bits

The daily key also determined how the rotor starting positions were offset, and (possibly) also when a rotor change would "carry" to the next position. Sometimes the wiring of a rotor needed to be deduced too. There were different keys in use on different networks, so it wasn't just a matter of breaking one key each day.

The key insight of Turing, Welchman and others was that it was possible to break the rotor settings by brute force search based upon a known plaintext, and then to break the plugboard setting afterwards.

The original breaks were *by hand*. Best description I've found is in "The Hut Six Story" by Gordon Welchman.

(And if you think it's all trivial with modern computers, check out the enigma@home project.)

Inside GOV.UK: 'Chaos' and 'nightmare' as trendy Cabinet Office wrecked govt websites

Almost Me
Black Helicopters

Canada following suit.. is it a global conspiracy?

The government of Canada is busy doing the same thing. The Environment Canada weather website is so busy telling us how wonderful the government is, all the government services available, and how we can all apply for government jobs, that on mobile phones it pushes the actual weather forecast well below the fold.

Cisco open-sources experimental cipher

Almost Me
Big Brother

What this is and isn't. The TL;DR version.

It's a tweakable cipher (encryption depends on secret key plus something publicly known which varies with each record, like a record number or a person's name) designed for encoding very short bit strings without increasing the length of the data. Think of storing encrypted credit card numbers in a database without increasing the size of the field.

For efficiency concerns, the authors point out that AES is directly supported by modern hardware.

It therefore isn't directly comparable with AES in CTR mode or nor with GCM. Nor is it intended to obscure message lengths or provide message authentication.

Whether this is an acceptably efficient and more secure solution than other approaches I will leave to professional cryptographers to decide.

Think Amazon is CHEAP? Just take a look at these cloudy graphs...

Almost Me

It's not just the CPU/RAM

For deploying a practical application, it's the databases, the bandwidth charges, the load balancing, the redundancy, the location of data centres, the backups, the long term storage...

It's the availability these that currently draw me to use Amazon for my next project: the cost for the CPU/RAM combination is only one factor.

A more useful comparison might be based on a set of sample applications with N web servers, a N gig database, 2 geographic/availability zone redundancy, and an assumed amount of traffic, regular backups, failover between servers, etc. and then estimate the running costs of the example setup.

IT guy answers daughter's Facebook rant by shooting her laptop

Almost Me
Headmaster

Reply to post: @Nuke

@Nuke

"For one thing, in the video they did not appear to explode.

For another thing, they are banned by international law - last time I looked anyway."

Actually exploding bullets are only banned in warfare under the Hague Convention of 1899.

Police, hunters, and irate fathers still get to use them.

Verity's secret shame revealed

Almost Me

Phonetic Alphabets

At one place I worked, one person would spell out the address Science Park on the phone as follows:

S as in Stupid, C as in Cretin, I as in Idiot...

He didn't last, but I think I know how he felt.

Microsoft: Mystery bug blocks Syrian secure Hotmail

Almost Me
Big Brother

A Convenient Bug?

Which now we have the username and password we were looking for, we don't need any more...

But why do people assume that only anti-government protesters use anonymous hotmail accounts?