Re: reduced fat lard?
Isn't that when you use half as much?
337 publicly visible posts • joined 24 Feb 2008
correct horse battery staple is nice, but I prefer the Bruce Schneier password: uTVM,TPw55:utvm,tpwstillsecure.
Y'know, there is a bug report which explains all of these things. It's even linked from the article.
Here, I'll read it for you. Cryptkeeper calls encfs to create an encrypted filesystem interactively and feeds it answers through stdin. The code is even included in the bug report:
execlp ("encfs", "encfs", "-S", crypt_dir, mount_dir, NULL);
exit (0);
[...]
// paranoid default setup mode
//write (fd[1], "y\n", 2);
//write (fd[1], "y\n", 2);
write (fd[1], "p\n", 2);
write (fd[1], password, strlen (password));
write (fd[1], "\n", 1);
Not only does it answer "p" to the "Paranoid or eXpert mode?" prompt, it also used to answer "y" twice before that, presumably to answer questions about creating the filesystem and mount point specified in crypt_dir and mount_dir. The man page for encfs even specifically warns about that possibility:
-S, --stdinpass
Read password from standard input, without prompting. This may be useful for scripting encfs mounts.
Note that you should make sure the filesystem and mount points exist first. Otherwise encfs will prompt for the filesystem creation options, which may interfere with your script.
The end result of this is that Cryptkeeper will ignore the user supplied passphrase and create an encrypted filesystem with the password "p". Since the error was restricted to the creation code, any further attempts to mount the newly created filesystem with the correct password would fail.
While the real source of this error is the sloppy use of an interactive session with encfs in Cryptkeeper, the trigger was a recent fix made to encfs which removed the "paranoid?" prompt. Since this fix was committed on December 12th, when Cryptkeeper was no longer maintained, it was not caught until the next time a Debian testing user tried to create a new encrypted filesystem and found that it didn't work.
The linked writeup goes into some depth about this, but here's an overly brief summary which probably misses several important details:
1) End user downloads a copy of a popular search app or free wifi app onto their phone and installs it, presumably by sideloading.
2) The trojan app then runs, checks to see if it has connected to a new wifi network and then phones home for instructions.
3) The app then uses a range of super-secret military grade encrypted ciphers such as "admin/admin" and "admin/123456" to log in as an administrator to the wifi access point it just connected to.
4) Once it has admin access to the AP the trojan will then reconfigure it to use a rogue DNS server for itself and for all DHCP clients which connect to it from then on. According to the article it seems to only understand the web interface for common TP-LINK routers
5) The trojan-infected phone can then be switched off, wiped clean, fed into a wood chipper and then have its ashes launched into the sun, but the damage to the WIFI AP will still remain.
So the initial infection is done by sideloading an app, but once the AP has been owned every user of that WiFi network who uses the provided DNS addresses will be affected.
Most humans in competitions _do_ use speed cubes, which are designed to avoid unfortunate accidents like popping or corner cutting and then disassembled, lubricated, adjusted and reassembled at least twenty times during the lead-up to a competition. The first adjustment ensures that all of the cube's parts will be turning at top speed with exactly the amount of friction required while the next nineteen or so are just to give the cube's owner something to do with their hands while waiting.
I can understand the screen. It's a 3:2 aspect, big enough to display two pages side by side at something around 200 dpi, so it's great for doing print work.
It's touch and has a fancy pen so that you can draw right on it. The Soar Knob does the job of a mouse wheel and give you something to do with your left hand while you're drawing that won't get you arrested.
The screen can tilt from vertical down to almost flat so that it can act like a traditional desktop or a drafting table, and the whole thing is counterweighted to make the transition as smooth as possible.
There's a ridiculously high resolution camera built into the top bezel so that you can share all of your conversations with Skype and that the botnet owners can watch your expression right after you realize that all of your files have just been encrypted with unbreakable triple-ROT13.
That all makes sense.
Why does a desktop computer, designed to be placed with its back against a wall or tilted so that its back goes down to the desk, have both front _and_ back mounted cameras?
The sixth and final explosion—frame 313—starts on the Falcon 9 in the oxygen tank near the front. This is the big one. The Falcon 9 going back to its left. The explosion came from the front and right. Totally inconsistent with a routine filling operation. Again... back and to the left… back and to the left… back and to the left… back and to the left.
"Maybe the solution is to add a further category for whom the "Ignore these warnings" buttons are greyed out."
Perhaps an "I am aware of the risks" checkbox could help. Activating that and also pressing the "Ignore these warnings" button would not actually bypass the certificate warning, but instead open up a large text box with the caption "Then tell us what you think they are".
I was reminded of this guy instead...
"Friday at last!" crowed Conan springing from his mats with the agility of an antelope. "Crom's Beard but it took long enough to get here!"
I understand the github reference, but what's so amazing about Bloomberg's 404 page?
Aside from having over 110k of scripting and menus, the page just says "404. Page Not Found / Unfortunately, this page does not exist. Please check your URL or return to the Home Page".
Am I missing something, or are those two sentences just that much more amusing than anything else Bloomberg ever reports on?
"...and of course cost more and NASA hammers..."
...because NASA is just a bunch of fly boys, and the Navy needs to have better hammers than the Air Force. If they didn't... then... Well, the Russians would just come in and take over with their superior hammers.
Er... Wait. It's not the Russians now? Well, then who's the real enemy the Navy is fighting against today? Beside the Army and Air Force, of course.
"Next episode the Enterprise will hunt Pokemons...
...On space station K7. The Pokemon are being sold by Cyrano Jo-Smith, played by Penn Jillette, who accidentally uses them to uncover a sinister Klingon plot to poison the station's supply of... um... space barley.
There will be a fifty minute long brawl between Scotty and the entire Klingon crew, briefly framed by a few minutes of story.
And the best part is that it will be completely and totally original, just like all of the new Star Trek films.
Or... You could just have your phone lie about its current location. Really, it's like two taps on the screen and then you enter the longitude and latitude of any place on Earth and your phone will report that it is there, and any apps running on it will believe it.
But your way works too.
"Analysis over, job done. Just pop my doctorate in the post."
Doing the analysis is only part of a doctorate. The other part is being locked in a small room with a panel made up of toddlers who spend the rest of the day asking "Well, why is that?", "What's that for?" and "Why should I care about this?".
If you can survive the day without ever saying "I don't know" and being cast into the Gorge of Eternal Peril by The Man From Scene 24, then... Well, then you get to do it again because the right people didn't all show up. But eventually it does get stamped, misaddressed, popped in the post, folded in two, fed to a small dog and then stuffed into a mail slot that is three times too small for it to fit.
You're all talking about the app, you all know the name of the developer, and... well... before being blacklisted forever, Grey Goo was nominated for several awards.
As long as you believe that there's no such thing as bad publicity, this whole experience has been awesome for everybody involved.
"But LinkedIn? An evanescent user base and 10,000 employees with titles like Talent Solutions Solutions Consultant (I kid you not)? Whose operating income is increasingly negative?"
Perhaps that position could be replaced by a contractor. A Talent Solutions Solutions Consultant Consultant, if you will.