Posts by Adam 1

Also, seconds! Really? I thought this was a tech site. Shirley we should be measuring time in beard metres.

Re: I'm going to keep doing this...

I especially liked this bit:

7ttqmBCzMoNKFcSliD7f6cLUNw6/nqeWqkGJ6HxJbd

Is the rabbit European or African?

I can see the benefit of a connected car for safety. If my car's autonomous emergency braking kicks in to avoid something, it is a good thing if my car immediately broadcast to surrounding vehicles so they can take evasive action if needed (particularly those following me). I am thinking things like exact position, speed, shortest time to stop, longest time to stop whilst avoiding the obstacle (so cars with different braking capabilities can avoid collisions if possible), negotiating cars in adjacent lanes or the other side of the road to pull over/speed up/slow down to avoid or minimise a collision.

What I don't see here is any need for a mobile network. This only needs WiFi range. A car that is 1km away doesn't need to know my intentions in an emergency.

Re: It will retail for just $35,000

H2 is a non starter for cars in my view (and I'm hardly alone). It isn't dense enough without compression/liquefication for a practical driving range (huge energy overhead right there). It requires some pretty expensive parts inside the catalyst (that bit does have some progress but it's not happening tomorrow).

Most importantly, it requires hydrogen in very large quantities. Hydrogen is light* so doesn't on its own collect in untapped wells. That means you need to split it off some other molecule. Water works, sure. Add some electricity, get your 2 H2O => 2 H2 + O2. But you have just lost at least 35% of the energy you put in. Far more cost effective to start with natural gas: CH4 + O2 => 2 H2 + CO2. Then I guess you can vent that CO2 into the atmosphere thereby defeating the purpose of switching away from fossil fuels in the first place.

So apart from being dirtier, less efficient, harder to handle, more expensive to construct the"engine", I say it had great potential. It's only saving grace is that you can refill it quickly. Don't get me wrong, that's important, but to me that's a much easier problem to imagine a solution to than all the others I have listed.

*Citation needed

It's also worth considering whether you used to reuse the same password on other services.

A good opportunity to spend the hour or two resetting the password on those online accounts you only use every tenth of never with strong random passwords you store in a password manager (any of the top few password managers are fine). Use a strong password to unlock the password manager. Backup that password database frequently and depending on your threat model, decide whether to print out your password putting it out. One last thing, if you backup to the cloud, then have your cloud credentials somewhere else too because you'll need them to recover the password database.

Re: An admirable effort.

@ShelLuser,

Now I have a conundrum. Your rant deserves to be upvoted in one part and downvoted in the other.

CAs abusing their positions, reminding of the need to continue using the grey matter in addition to HTTPS, yes, yes, yes again.

But then you go off and claim it is no safer than http. Sorry, but that is amanfrommars crazy talk.

Let's address what you get from HTTPS. Firstly, you get a degree of privacy from MitM observers.* You get a guarantee that the page and resources referred were not changed in transit. You also get a guarantee that data you submit (including identifiable information) is not visible to a MitM. You are right to point out its limits. For example, the certificate on this site stops anyone interfering with the site between here and cloudflare. It doesn't say anything about MitM between cloudflare and el reg. It doesn't mean that El reg has appropriate controls about its staff access to those servers and databases. It doesn't mean they don't sell my data to advertisers. But I don't think HTTPS needs to cure cancer for it to have earned the praise of "an improvement".

It is like arguing that autonomous braking systems are a load of bull because people who have them adopt riskier behaviour.

* I should note here that the DNS lookups and data payload from those domains still allow partial MitM tracking, at least at the ISP or VPN provider level.

Re: Who still uses farenheight for things like this ?

> Technically, it's 49999726.8 C

Wow. That's nearing 5 MegaHiltons.

Re: Semantics?

I read your post with a Peter Harvey voice.

Re: 8 or 9 exabytes?

Well it says 9 on the tin, but it's only about 8.2 once you format it.

There comes a point where the fact that this year's model is half a bee's dick skinnier really wasn't worth that sacrifice. 7 years back pretty much all phones had replaceable batteries. Some even came with a spare in the box. The difference between then and now is how hardware is plateauing. There was always the case to buy the next model after a few years. Higher resolution screen, better camera, more storage, more memory. The landfill android category is basically gone, even the cheap ones will comfortably run the os and a handful of apps. In turn, we respond by holding onto our phones for longer, so planned obsolescence isn't about how much ram is installed anymore or how crap the camera is but rather knowing that in 3 years the battery will have lost 75% of its capacity and can't be replaced.

Re: Lessons will be learned

@AC, sorry, not following your point. I am not railing against the failure of some open source project to implement some feature that I want. I do not personally use GnuPG, but no doubt some information about be is at some point encrypted using this library, so I am an indirect stakeholder. Or do you personally also check up on openssl, ms crypto, and the dozens of others that other people handing your data may be using?

This isn't even a complaint that they got something wrong. Good crypto is freaking hard at the best of times. But what has happened here according to TFA is that they *knew* of the partial compromise but believed the keyspace was big enough that they could get away with it. As with the OP above, that sort of attitude of near enough is good enough, bred through an entire codebase of a security product is concerning. All I said was that I hope that when they concluded "not practically crackable because of massive key sizes at play"that they nonetheless had an expectation that they needed to get back and fix it properly anyway.

Re: AUS Medicare and US Medicare

Not following your line of argument. The US equivalently named card is easy to guess if you have the SSN, which is a apparently cheap. Therefore people must be crazy for paying 30 bucks for it? They aren't buying a US card, so the fact that you can get a US version cheaply is irrelevant. From your subject line you seem to know this.

When you apply for a loan or a passport or a birth certificate, phone contract, lease, etc, they request that you provide a copy of some quantity of documents from list 1, some quantity from list 2 and so on. A Medicare card goes a long way towards passing that test.

<div class="TotallyCoherentAndLogicalObservationsAboutTheTopicAtHand" />

EPIC LINUX FAIL

-Nodae

Re: Deer may be worse in the US because of what's around our roads

They weigh similar to an adult male human and can move at over 10m/s+. They are unfortunately coloured making them very hard to see in the first place, especially at dawn and dusk where they are most active. They can and do change direction on a dime making appropriate evasive action difficult to determine. The only real way to minimise chances and reduce collision severity is to slow down at those times of the day. They tend to congregate in flocks (called mobs) so if you see one or two in a short distance then slow down.

Re: Imminent danger.

I disagree. I have complete confidence that George Brandis is exactly the guy you need when trying to balance personal freedoms against safety.

Re: Well, at least he has good taste in music

If he wanted a lighter sentence, he could have just come up with a scheme to bundle junk loans into credit default swaps.

Re: Link mayhem

ICBMaaS?

Re: AES was not cracked, cut the click bait

And I should acknowledge the title has been corrected (thanks) from "AES-256 crypto cracked in 50 secs using €200 of kit one metre away" to "AES-256 keys sniffed in seconds using €200 of kit a few inches away". If you didn't see the original headline then my comment definitely seems unreasonable. Wayback machine caught the original.

Re: I'm baffled

You must have missed this bit then:

"filed suit in the East Texas District Court"

Re: A big job.

But was it severity 1 or 2?

Re: It's an old idea

All tor packets are the same size. Any malware with a c&c server that is remotely a threat is using the dark web to make it hard for law enforcement to locate.

Also, with any modern crypto you can't differentiate the byte stream from random. If you can via DPI then we all have much much bigger problems.

Maybe some sort of crypto downgrade attack might be possible during the negotiation phase to something practical to brute force (and the Muppets in charge still like the idea of backdoored encryption, will they ever learn from past mistakes).

Re: Bleh

Firstly with g/G, I read g as a unit of mass but whatever floats your boat. I was originally going to convert to N but that makes the sheer forces more difficult for someone who hasn't studied physics to comprehend. I don't think that central to my point. There are some pretty unrealistic assumptions in my 25x acceleration due to earth's gravity at some specific location and altitude.

Firstly, I was very generous with the amount of distance the car has to crumple. Having no engine up front certainly improves that, but you don't get 25G resistance equally across the whole collision. So if the first part of the crumple is say 4 or 5G, the remaining parts must increase well above my quoted figure.

Secondly, there is a velocity squared relationship here, so 33ms-1 is 4 times the energy to dissipate as 16.5ms-1 all else equal (not double as many people assume).

Thirdly, I'm not aware of any crumple zones that are able to be dynamically strengthen or weaken their rigidity based on collision speed. I am only guessing here that they pick a set of materials that get progressively more rigid the closer to the T cell you get. I guess it may be possible to use explosive charges to selectively weaken panels during an accident but I'm not aware of any production car that attempts anything like that.

Re: The price you pay for using generic OS for industrial control

> I suspect it is more down to shitty vendor's software that breaks easily with MS patches

Reminds me of the time about a year back when this obscure little product named Outlook 2013 was broken* by a Windows 7 patch Tuesday "fix" that took them 2 or 3 goes to get right.

* As in, crash on every launch and not fixed by a reinstall of Outlook.