* Posts by Carlo Graziani

37 publicly visible posts • joined 26 Oct 2007

STAY AWAY: Popular Tor exit relays look raided

Carlo Graziani

Re: "I haven't even mentioned a specific agency and the theories are already flowing"

According to traceroute+whois, all those nodes listed in the article are on LANs in the Netherlands.

NSA, UK hacked Yahoo! and Google data center interconnects – report

Carlo Graziani

You Missed The Real Story

Come on, aren't you paying attention? The story isn't that the NSA is slurping social data from telecom company locations, that's old news. We've known that since 2006, when Mark Klein, the ATT whistleblower, told the world about the secret colo rooms that NSA was setting up at telecom offices. We now also know about FISA-ordered bulk metadata subpoenas, which are undoubtedly the tip of a deeper traffic inspection iceberg.

The real story here is the comment next to that smiley face: "SSL added and removed here". Is that for real? If so, how the hell are they doing that? That protocol is supposed to defend against Man-In-The-Middle attacks. You'd need widespread compromises of cert authorities, or _additional_ compromises of DNS infrastructure, or a hell of a cryptanalytic breakthrough. Any of the above would constitute a much more important story than this fluff.

The Reg is supposed to be paying attention to this stuff. Don't you care enough to dig a bit?

EU joins Google, hippies, Uncle T Cobbleigh in fight against ITU

Carlo Graziani

Re: Extra-Territorial Reach

In the first place, your faith in the "good reputation" of the ITU is, to put it mildly, puzzling, at least insofar as Internet regulation is concerned. The ITU has no record at all of regulating computer networks of any kind. It's reputation, such as it is, is in the regulation of the cartel of cartels of International telecom businesses, which are dominated by government-run incumbents. The culture at ITU fossilized with long-serving civil servants who see the networking world according to the International telephone network model, which leads to utterly inappropriate and damaging proposals being considered "serious". If you have doubts on this score, go have a look at the "termination fee" debate that is taking place in one of the main rings of this circus. A regulatory concept from the 1970s long-distance phone call world is proposed as an organizing principle for Internet network charges. Really?

Furthermore, the trust that you propose may be placed in an organization of "good reputation" might be appropriate, at least in a limited way, if that organization operated with any semblance of transparency. The ITU is opaque. Many key stakeholders are not present, not invited, not even understood to be relevant by the organization, whose deliberations will be revealed in the end as a finished package, fashioned after the interests of the organizations that did make it to the table. This is how the SOPA debacle got off the ground. You'd think they'd know better, but you'd be wrong. _Anything_ that comes out of this process will be attacked, simply (and correctly) because of the opaqueness that attended it.

Finally, note that simply acknowledging that "nations can censor their own network use already, so what's the big deal" is a disingenuous attitude. What is being discussed is the recognition, in International Law, that states have the "right" to so censor what their citizens see. The problem is that the obverse of every "right" is a "duty" -- my right to life is identical to your duty not to kill me, and so on. So ask yourself this: If China, Iran, Russia, etc. have the right to protect their citizens from having undesirable information delivered to them over the Internet, and that right is to be enshrined in International Law, what then is the duty thereby created for other nations and their citizens? And, why exactly do you imagine these nations are so eager to see these rights written into treaties?

Carlo Graziani

Extra-Territorial Reach

You know, there really is a serious issue here that you shouldn't dismiss so cavalierly.

The ITU could end up establishing a treaty regime in which it is _illegal_ for people outside certain censorship-prone countries to provide Great-Firewall-Busting technical assistance to Internet users inside those countries. Individuals who set up proxies, onion routers, VPNs and so on for the benefit of users in China or Iran could find themselves on the wrong side of newly-minted International Law.

That strikes me as a dangerous contingency well-worth guarding against, and if Google, the EU, "hippies", et al. are attempting to poke a stick in the spokes of this process, perhaps their efforts deserve a little less sneering contempt than you appear able to muster.

Greenland 'lurched upward' in 2010 as 100bn tons of ice melted

Carlo Graziani

Sea Level Rise Isn't From Melting

Er, Lewis, ice cap melting isn't the dominant effect in sea-level rise. Rise is dominated by the thermal expansion of water, by more than an order of magnitude.

The thermal expansion coefficient of water is about 2E-04 per degree C. That is to say, for each increase in the average temperature of the ocean, the volume of water increases by about 0.02 per cent. Assuming a water-world with an average depth of 2 km, that means that on average, each increase of 1 degree C brings with it a height change of the oceans of about 40 cm. Which dwarfs any effect from newly-freed polar meltwater.

And, please note, as a matter of empirical observation, the Earth's temperature is rising. We may not be able to model climate well enough to forecast the extent of the rise over a century, or nail down the anthropogenic element to the satisfaction of every climate-change skeptic, but just making a relatively conservative estimate of one degree by 2100, based on the observation that average temp increased by that much over the course of the past century, it seems clear that we're to kiss a lot of low-lying habitable areas goodbye. I won't miss Florida so much, but an awful lot of people live in Bangladesh...

New spaceplane proposed for NASA station crew contract

Carlo Graziani

This Is Trouble For SpaceX

Beyond any technical merit this proposal may have, it's probably a shoo-in if the money doesn't evaporate. Orbital Sciences is well-known for its cozy relationship with NASA.

Have a peek at its Senior Management Bios: they are very heavy with erstwhile NASA management types, and current NASA management types can look upon them with envy and hope for their own futures. In fact, this relationship is what kept OS in business during that half-decade-long series of fiascoes called the "Pegasus XL" program. NASA Launch Services kept them alive, fending off outside competition that was beating a path to their door, until OS's mediocre engineers finally managed to produce an actual working vehicle instead of an unstable roman candle.

There is no doubt in my mind that this is why OS was selected by their partners to head this particular consortium. Musk and SpaceX are outsiders. Their path to success just got a lot steeper.

WikiLeaks' Assange to be indicted for spying 'soon'

Carlo Graziani

No, Seriously. No Indictment. Please Pay Attention

Folks, you are not furnishing a very impressive display of news-story exegetic skill. Stories like this one appear for a reason. Please, pay attention:

(1) The US Justice Department has announced an "ongoing" criminal investigation of Assange. Not an indictment, an "investigation".

(2) A criminal investigation is not an indictiment.

(3) If an indictment were brought the chances of an excruciatingly humiliating failure at trial are very high, under established US law. The DOJ knows this;

(4) The evidence that the US DOJ is in fact in the process of bringing an indictment "soon" does not come from any official statement or any leaked information from a DOJ insider. It comes from Assange's attorney WHO IS IN NO POSITION TO KNOW WHETHER THIS IS IN FACT TRUE.

(5) Assange's attorney *does* have an interest in keeping her client's martyr index as high as humanly possible. She can do this by giving gullible, lazy journalists a great-sounding news story that lights up their readerships' outrage. Cue spittle-flecked outbursts, letters to editor, contributions to legal funds, etc.

Seriously, go read the story again. Really read it. There's no there there.

I can't blame the attorney, since she's acting in her client's best interests. I can blame the journalists, however, who ought to make a more serious effort to get big stories right. And when reading the news, you folks should be applying your reason, before engaging your spittle glands.

Carlo Graziani

A Slender Reed

So you would be using ESP to transition from "Active ongoing criminal investigation" to "to be indicted soon"? Or are you privy to leaked Justice Department docs? Or do you just not understand the distinction between a criminal investigation and an indictment?

The story is "Assange to be indicted soon". Don't take my word for it, go back and read it. The evidence for this is a statement by his UK attorney. That's it. Now, ask yourself, would you bet a large sum of money that this is in fact true, based on that evidence? I wouldn't.

Carlo Graziani

A Slender Reed

It's risky to hang a blockbuster news story like this one on statements made by Assange's attorney, who is unlikely to have firsthand knowledge of the thinking at the Justice department, and who has a vested interest in winding up the martyr factor for her client.

Given how colossally stupid a U.S. effort to prosecute Assange for espionage would be (under the same legal theory, the head of Chinese foreign intelligence could also be indicted for espionage against the U.S., and extradition demands lodged with the Chinese government), I seriously doubt that the premise of this story is correct. You've been had.

Dutch twaddle-prof lambasts Google Scholar

Carlo Graziani

This is imbecilic

Look, anyone who pays attention to the Google Scholar's rankings is not using the service the way actual scientists use the service. They are using it to bullshit, just like van Dijck is doing.

The incredible value of Google Scholar to an actual working scientist is the ability to do full-text searches across a broad expanse of scholarly literature, as opposed to merely searching classification keywords or abstracts or titles or authors, which were the only real possibilities just a few years ago. You can actually bring yourself up to speed in an unfamiliar field quickly and efficiently this way. Compared to working with index services, even through a major academic library, this changes everything.

Van Dijck's complaint appears to be about Google's popularity rankings. If she really cares about that, she's an idiot, and doesn't understand why the service is useful.

Skewing statistics: Booze, money and sex

Carlo Graziani

Value Calculation

"The value in enjoyment of these things must, by definition, be more than people spend upon them."

Um, not that I disagree with the spirit of this piece, but you may wish to tune this bit of the analysis. By this argument, if booze taxes raised the price of a pint from £3 to £1000, and as a result only a handful of people ever drank beer again, the existence of that handful would mean that £1000 is in fact the correct value of a pint. In fact, you could only construct an _upper_ limit on the value, this being the price at which consumption goes to zero.

You need some kind of correction for aggregate consumption.

Users howl as Fedora 12 gives root to unwashed masses

Carlo Graziani

Typical, Really

I hope Richard 33 is correct, and this will be fixed quickly. But really, this is typical of the amateurish quality control that attends Fedora. It's a distro that's Not Ready For Prime Time, by design. The churn is incredible, and support goes poof after a year, including security patches, so everyone either upgrades to the latest unstable soup of cool packages once every 12 months or gets left behind.

Fedora reminds me of an aircraft designed, built, and operated by extremely bright seven-year-olds. It's quite an achievement, but I'd rather walk.

Brit firm sells hi-tech fabric vehicle armour to DARPA

Carlo Graziani

Baiting

Lewis, do you guys have an office pool on who can draw the most spittle-flecked, addled flame in a comment to an article? You sure put a lot of bait out on this one, I can practically hear saliva-washed keyboards getting bashed on both sides of the pond...

Did the Vatican suppress hidden 'Galileo Cryptogram'?

Carlo Graziani

Out Of Character

Something seems wrong here. If Galileo did realize that he had discovered a new planet, it seems out of character not to announce the discovery, and name the planet after another Medici. This was his stock in trade, it's how he secured his patronage and increased his stipend. Each discovery he made he cannily traded in for enhanced prestige and economic security. Why he would break the pattern with a new planet --- which would not have altered the terms Copernican debate, since unlike the Jovian moons or the phases of Venus it could easily be accomodated in the Ptolemaic system --- is difficult to understand, to put it mildly.

Boeing to build prototype pulsed-microwave robomissile

Carlo Graziani

10 KJ?

Something doesn't add up here. 70GW=7.0E+10 W. 1nsec=1.0E-9 sec. Multiply the two to get approximate energy of 10GW peak power pulse of 1ns duration, you get 70J, not 10KJ.

Brutish SSH attacks continue to bear fruit

Carlo Graziani

Fail2ban

There are packages to monitor log files, and take action against attackers, that abate this problem considerably. Fail2ban may be the best-of-breed of these --- powerful, flexible, easy to configure. It can be set to monitor for repeated ssh connections by an IP, and to temporarily firewall off that IP after a settable number of failed logins. An attack that requires hundreds of attempts for a statistical chance of success becomes useless if it is limited to, say, 5.

Fail2ban has really cleaned up my logs. The distributions should be making it part of their standard packages, IMO.

Vatican vetos 'dot god' domain

Carlo Graziani

Damn

And here I was ready to register domains in the .FlyingSpaghettiMonster TLD...

Max Planck Institute punts 'hot, young housewives'

Carlo Graziani

A Forerunner

Puts me in mind of Journal of Statistical Physics volume 48, numbers 3, 1987, pages 709-726, "Diffusion in a periodic Lorentz gas", by Bill Moran, William G. Hoover and Stronzo Bestiale. "Stronzo Bestiale" is an Italian vulgarity, translating literally to "Bestial Turd", although the meaning is closer to "Appalling Turd". Doctor Bestiale's affiliation was allegedly a non-existent research institute in Palermo, Sicily.

Apparently he was added as a joke by the other two authors, and nobody noticed until the JSP issue hit the academic bookshelves in Italy a few months later. Then all hell broke loose. Like pee in a pool, you can't take something like this out after you put it in, and Google Scholar searches for "Stronzo Bestiale" still bring up plentiful citations --- apparently the paper was of some non-negligible importance, authorship notwithstanding.

Apple's secret iPhone app blacklist

Carlo Graziani
Thumb Up

@J

I believe the point is, nobody outside of Apple knows what the "phone home" functionality does, since nobody has decompiled the firmware. All we know is that there's a URL encoded in there, and that currently residing at that URL is a text file with a list of apparently blacklisted apps. I personally find it very unlikely that this is the only functionality available over this channel --- it wouldn't surprise me at all if a change in the data available at the URL could trigger a download/update of some sort.

Leaving aside the trust implications of Apple screwing with people's phones without letting them know about it, they're doing the usual incompetent security job of it that is rapidly becoming the familiar signature of Apple software distribution. Given what we know about DNS weaknesses, at a minimum they need to hard-code a list of IP addresses, if they want phones to check back with them automatically. This may be less flexible than using DNS, but that inflexibility is better than creating a whole new class of mobile-phone botnets.

Carlo Graziani

This _Is_ A Security Hole

Dan Kaminsky must be laughing his ass off today. All that is required is to poison iphone-services.apple.com in the cache of a few DNS servers, and presto-bango, iphones are queuing up to to slurp up delicious malware posing as firmware, or whatever it is that Apple plans to serve up on this channel.

I guess iPhone owners don't really own their own phones anyway. Now they can look forward to having them ged pwned as well.

Cancer doctor cites 'early' data on cell phone danger

Carlo Graziani

Eye-roll

Here's a quote from Wired's story:

----------

A driving force behind the memo was Devra Lee Davis, the director of the university's center for environmental oncology.

"The question is do you want to play Russian roulette with your brain," she said in an interview from her cell phone while using the hands-free speaker phone as recommended. "I don't know that cell phones are dangerous. But I don't know that they are safe."

----------

In summary, tons of money spent on multiple, large, double-blind studies have shown no effect whatsoever. But to these people, the lack of evidence, or even of a plausible physical mechanism, is irrelevant, because none of it proves the cancer link is impossible.

These people aren't scientists. They are alarmist blowhards with access to well-developed press-release tools. It's a pity that this is all it takes to be taken seriously by the media.

Granite Jesus, blessed be thy gneiss

Carlo Graziani

Actually...

...It was Elvis who carved it. He and Jesus keep playing pranks on each other, getting each other's worshippers into a lather.

Last year about this time, Jesus started delivering pizzas in Tuscaloosa with Elvis' likenesses in the toppings -- thin Elvis in melted cheese, fat, old Elvis in crumbled sausage. There was practically a church revival in the Pizza Hut parking lot as a result.

Jesus was just getting even for the time Elvis started painting tears and stigmata on Big Boy Restaurant statues at various Mississippi truck stops along Interstate 20, causing thirteen religious riots cum traffic pile-ups across the state. He claimed Jesus had it coming, for the time he dressed up in an oily wig, sunglasses, and a rhinestone-studded leisure suit over 300lb of wet bags around his belly, and belted out "Hunka-Hunka Burnin' Love" before an astonished 7-11 night manager while serially pounding twinkies into his face for added verisimilitude.

Now Elvis is evidently screwing around with heavy rock-cutting equipment. Seriously, if these guys don't chill out soon, someone is going to do something stupid, no mistake.

US air force chiefs sacked in robot-armada brouhaha

Carlo Graziani

Accountability

Er, AC, "on this side of the pond" there has been perfectly adequate coverage of this issue. You would have to read a newspaper, instead of getting your news from televised light-entertainment yakfests masquerading as news, though.

See, for example, today's NYT coverage. Sample quote:

"Mr. Gates has also expressed frustration about some Air Force actions on weapons procurement, budgets and execution of the mission in Iraq and Afghanistan, his aides said.

The Air Force has more than doubled the number of armed Predator and Reaper hunter-killer aircraft over Iraq and Afghanistan since early last year, but aides to Mr. Gates say he is still not satisfied with the number of surveillance aircraft in the war zone. "

But, frankly, the tussle over unmanned aircraft really is the less interesting part of this story. What is more interesting is seeing an old-school apparatchik like Gates standing out from the Bush administration by actually valuing accountability over loyalty.

I had honestly expected that the fact that the Air Force had no idea where a portion of its nukes are at any given time would be blamed on low-level "bad apples" -- technical sergeants, lieutenants, etc. "not following procedures". This indeed appeared to be the spin impressed on this news story by the AF a few months ago.

Gates appears to have stood up to them, however, making the obvious observation that a culture of security and accountability around nuclear weapons can only be created from the top, and that the failure to create that culture is a senior command failure. The heads that are rolling are accordingly being detached from the torsos of generals and senior DOD civilian officials, rather than from those of the operational personnel. Kudos to him for that.

Only Ubuntu left standing, as Flash vuln fells Vista in Pwn2Own hacking contest

Carlo Graziani

Pity...

It's a pity they couldn't break the Linux box. Then we would have seen the real security metric: how quickly and effectively does each platform vendor supply a patch for the newly-revealed vulnerability.

My money would be on the Linux vendor to release first, by weeks.

WaSP gives browsers 'fail' grade

Carlo Graziani

Why Is This Standard So Hard To Comply With?

I like a good pile-onto-Microsoft as much as the next Linux user, but it seems to me that something is actually broken with the standard, if it is so hard to comply with that the Acid* tests consistently flunk every browser. What's the point of writing a standard if programming to it invariably requires a Moon-shot of a development effort?

US government forces military secrets on Brit webmaster

Carlo Graziani

NORAD

There's a norad.com registered to some Florida web hosting service. I wonder whether they get any interesting mail?

Oh, look, www.centcom.com is also registered, to some non-military folks. This game could be fun!

Carlo Graziani

But Wait, There's More...

...and cia.com, and nsa.com, and if you Brits are feeling left out, some guy in Korea has registered gchq.com...

Bitlocker hack is easily prevented, Microsoft says

Carlo Graziani

Boot/Resume?

I'm not sure the password-protection for boot/resume are relevant here. The point of the attack is not to boot the existing OS, but to boot _another_ OS (from a USB key, say), and use the crypto information stolen from the DRAM to mount the laptop's disk.

It is not at all clear to me from Humphries post that the password protection can prevent this --- he refers to it as an option "that will not allow a machine to boot – or resume from hibernate ". That sounds to me as if the OS still has the encryption key, in DRAM, and is asking for a password to resume. It does not sound as if it's hidden the encryption key somewhere where it can't be sniffed off the DIMMs.

Perhaps Vista does something more subtle than this, but that's certainly not ascertainable from Humphries' post.

MS + Yahoo! = Microhoo! - Official!

Carlo Graziani

The Obvious Result of Microsoft+Yahoo!...

...is Microsoft.

Bush orders US Navy to shoot down rogue spy sat

Carlo Graziani
Black Helicopters

The Intramural Politics

There is probably another political aspect, having to do with a bureaucratic squabble within the U.S. military.

There is a view within the military that space is going to be militarized to some extent with the next couple of decades. This is setting off a bit of a contest to decide which of the service branches will lead the way. Obviously, the Air Force --- whose greatest nightmare is the creation of a new "Space Force" service arm --- would like to be anointed with space leadership. This is the principal reason for the AF's enthusiasm for space-related programs of dubious value and effectiveness, such as NMD. Missile defense, doesn't have to work, it just has to exist and be big and have space-related assets, so that when the decision to move weapons into space is made, the Air Force can argue that they are essentially already there, so why duplicate their effort instead of just expanding their existing mission?

Naturally, the Navy has some reservations about its relegation to the damp bits of the Earth. So it is interesting to see that they have succeeded in grabbing this mission, which could otherwise have been carried out by the AF with one of their F15-launched sat-killers --- tested successfully in the '80s, with spares presumably warehoused somewhere. I bet there were some very watchable bureaucratic knife-fights involved in getting the Navy this assignment

Satellite sea launch successful

Carlo Graziani

Equatorial Launch

It's not just the boost from equatorial rotation velocity. These satellites have to go into zero-inclination orbits, because otherwise "Geostationary" really means that their latitude oscillates up and down across the Equator. If you launch from 28N (South Florida), it requires a huge amount of extra energy to shed that unwanted orbital inclination. From the Equator, you are already at the desired inclination.

Vista sets 2007 land-speed record for copying and deleting

Carlo Graziani

That Screenshot

Er...

80GB (top line) at 10MB/s (bottom line) works out to 8000s, a little over 2 hours. Vista's estimate of 36843 days seems a little off. Certainly, that progress bar should not be anywhere near 2/3 of the way across if the estimate is right, unless the submitter started the test on an advance copy of Vista, sometime around 1937.

Counterfeit Vista rate half that of XP

Carlo Graziani
Flame

Therapy

To the REALLY VEHEMENT Vista/XP/W9*-lovers flecking spittle at your screens: your condition is called "Stockholm Syndrome". Help is available, but you will have to break with your captor, which may prove almost as traumatic as your original abduction. It's for the best, though.

US Army plans robot planes operated by non-pilots

Carlo Graziani

Plus Ca Change

Anonymous Coward has it basically right. It's like watching U.S. Army cavalrymen in 1920, clinging to their sabers and determined to keep tanks from operating in massed shock formations.

I guess it's easy to recognize -- and scorn -- well-known examples of blindness to military novelty in history books, but not so easy to recognize that one is destined to serve as such an example in a future history.

Google agrees to cough Israeli blogger's IP address

Carlo Graziani

Lesson Learned

When selecting a blog service provider, the most important part of the privacy notice/TOS document is "we delete all logs after N days". If it doesn't say that, everything you write is hostage to the laws of the nation with the most hair-trigger sensitivity to unwelcome speech.

Google, by their charter to keep and organize all information that they get their mitts on, are already "doing evil", and are going to do an awful lot more in the forseable future, under "legal compulsion" to disclose information they shouldn't be storing --- but are storing, because that's how they make money. Google may be suitable for blogging about cute kittens, but if you plan on pissing anybody off, look elsewhere.

Having a migraine? Blame your brain

Carlo Graziani

Unevaluable

"21% thickening" doesn't really tell us what we need to judge whether the effect is significant.

Presumably they found that the two (extremely small) samples had somewhat different distributions of thickness, and what they reported was that the ratio of the means of the two distributions is about 1.21.

However, there is no information presented here concerning the _width_ of th two distributions. Do they overlap appreciably? Or was every migraine-sufferer's cortex in the sample thicker than that of every cortex in the migraine-free control group? What is the statistical significance of the result?

Given the very modest sample size, I'm extremely skeptical that much has been "demonstrated" here. I do wish that reports on this sort of medical study would include the sort of information required make a substantial evaluation of the claims, though.

British computer society blunders on BCC

Carlo Graziani

The Clueless Spamming The Clueless

It's hard to decide who is the feebler mind in this case: the computer society who has never heard of mailing list software with access and posting controls, or the recipients who cannot distinguish between "Reply" and "Reply-To-All".

Perhaps this is one of those self-selecting groups, like Mensa, with membership criteria that reward delusions of adequacy rather than actual knowledge.