Posts by Cynic_999 2855 publicly visible posts • joined 15 Aug 2013
An OTP just shifts the problem. You must first get a copy of the OTP (or bunch of OTPs) to the other person/people in a secure way prior to sending each message or group of messages. You then have no control over how securely the other person has stored that key. OTP is often cited as being the most secure form of encryption, but if the OTP is intercepted and copied during or after its delivery to the intended receiptient then the encrypted message is 100% compromised. A very big problem when the decryption OTP has to be given to many people in advance, and run the risk of having a copy stolen. Key interception is almost always a far greater risk than the probability that a modern electronic encryption algorithm can be "cracked" (at least in any reasonable length of time).
These were the very problems that PK encryption (e.g. PGP) was designed to overcome - and to this day it does so very well indeed. Every single communication using PGP, including the initial key exchanges may be intercepted with no loss of security whatsoever. What's more, nobody can use any exposed key to spoof a signed PGP message to pretend it came from someone else.
One advantage of using OTP however is that you can make a different bogus OTP that will turn the real message into something of the same length but with completely different content so that any encrypted message can, if demanded, be "decoded" to show something completely different.
Of course there are digital equivalents to the supermarket impulse buys. They are just different items to those typically bought in-shop due to the lack of instant gratification when waiting for delivery is involved.
But while supermarkets can only offer a fixed selection of the same impulse-buy items to all customers, digital stores can tailor the selection offered to suit what's already in the customer's basket. Amazon for example brings up its selection of "Often purchased together with this item" and "Other customers also bought" - both of which I am quite sure result in a healthy number of impulse buys.
The whole infrastructure has reached a level of complexity where it is unreasonable to expect to anticipate and/or test every eventuality. The best we can hope for is for a swift reaction to and fix of unforeseen problems - which I believe was achieved here. Yes, of course all the things you mention are "a thing" - but they do not guarantee 100% reliability by any means. Things are of course a lot more obvious with hindsight.
Nah. If that were the case I don't see any advantage in making up a story that amounts to a similar (or worse) amount of culpability, but which risks being exposed as a lie. Their explanation sounds perfectly plausible to me, and also nothing that I can fault as involving a large amount of inadequate planning, carelessness, recklessness or stupidity. They also responded promptly and corrected the issue within a perfectly reasonable time. Of course, hindsight always alows us to do things better.
But that assumes that an error in a particular core has been detected in the first place. Where errors would have serious consequences, I would say the best policy would be to have at least 2 different cores or CPUs running the same code in parallel, and checking that the results match. Using 3 cores/CPUs would be better and allow the errant device to be detected. Best for each to have their own RAM as well.
The real money to be made here may be going to the people selling Stack Overflow who managed to persuade Prosus that it would be a good investment. Would be interesting to know whether those people and the board of directors of Prosus have any common elements.
No, the most important details of the invasion were not known to many people until very close to the time - at which point the majority who knew were being held incommunicado until D-day. In addition, there was a lot of deliberate false information "leaked" so that should the real plans be leaked the enemy would hopefully not know what information to take seriously.
It's one thing to know that a large invasion will take place some time in the next 3 months, but quite another to know the exact time & place where it will happen.
All that is required is to install a separate background application that is always running and changes the relevant bits of that register reasonably often. This will alter the register in between the times the two communicating applications use it, so destroying their pseudo-clock and resulting in corrupt data. Such an application would be very small (just a few bytes of code), easy to write and have insignificant impact on system performance.
While I am usually very much against new laws, I do believe there is a case to be made to make it illegal to knowingly allow an infected computer to have Internet access. So that if, for example, a person is informed that there is a computer on a network they control that is running "zombie" software or delivering a virus, they can be prosecuted if that computer is not shut down within a certain period of time after notification has been given.
Except it doesn't need to carry anything close to 48 Amps. If both device and PSU signal that they are capable of operating at the higher power levels, they switch to a higher voltage in order to deliver the high power with a lower current. At 48 volts, 240 watts will require the cable & connector to pass 5A of current.
"
You do know that starting an engine is where the bulk of the wear occurs, right?
"
Only if the engine has been stopped long enough for significant oil to drain away from the lubricated surfaces. Starting after a short shut-down does not cause extra wear, and so the wear that is caused while running for (say) 5 minutes is more than the wear caused during the subsequent re-start.
Unless you are talking about a turbine (jet) engine, in which case every start incurs a significant mechanical penalty due to the heat cycle, no matter how brief the shut down.
Horses run on renewable bio-fuel, and are equipped with sophisticated sensors that constanly monitor the environment to allow its in-built inelligence to carry out collision avoidance, auto-braking, lane holding and it will reliably follow a familiar route with no driver input. Getting its highly inebriated owner safely home from the pub was a routine and commonplace occurance. It is also self-repairing and self-replicating.
Deciding to use a far less reliable form of transport was sheer folly.
"
Assuming you could get it, the insurance for keeping your car in your garage might be very expensive unless you've made significant mods to cope with hydrogen leakage from your car.
"
That's not too logical. Fuel spillage from a petrol car results in explosive vapour at ground level, where it can pool and build up even if the car is outdoors on a windless day. The same is true of a car powered by bottled gas (butane, propane etc).
Escaping hydrogen OTOH will rise very fast, where it will usually be able to escape & disperse PDQ even if the leak happened inside a garage. If there is no hydrogen escape route in your garage so hydrogen could possibly get trapped under the ceiling, the modification to provide one should be pretty trivial (a few vents in the roof).
"
In fact my latest car will even turn off the engine when coasting
"
Really? Presumably it does not have power steering or power brakes that rely on the engine running. My car will re-start the engine if it is auto-stopped and I allow it to run downhill even very slowly while leaving it in neutral (often happens in very slow moving traffic). If it did not, then the loss of power braking and steering could possibly contribute to an accident that might see the manufacturer getting sued.
In my car (which has an auto-engine stop feature), I have found that having the engine turned off for the duration I am typically stopped at lights or a junction is nowhere near long enough for the heater to cool appreciably or mist to build up on the windows. At a longer stop (e.g. railway barriers) if either were to become an issue, I could simply press the clutch to cause the engine to re-start.
My petrol car, like many made in the past few years, automatically cuts the engine as soon as it is stationary in neutral with the clutch not depressed. Pressing the clutch or if the car starts rolling (e.g. down hill) causes the engine to start instantly, and I've not found any significant downside to that feature when driving normally, though it can be disabled with a button-push if necessary (e.g. to keep the heater or aircon working while stationary for a prolonged time). The feature only becomes operational after the engine is up to temperature and the ambient temperature is not too cold, and the engine will also automatically re-start if you are stopped so long that the engine cools below a certain temperature.
I don't believe that there is any way that anyone can prevent the state from conducting mass surveillance of normal communication networks. What we *can* all do is to make that surveillance useless by routinely employing encryption for all our communications - even the most mundane (in fact *especially* the most mundane).
Whenever possible use communications applications that employ end-to-end encryption, and encourage friends & family to do the same. Encourage 3rd party auditing of such applications to ensure they do what they state they do. Let's all push to get the popular email clients having an option to encrypt as standard.
If almost all communications are encrypted, then encryption will not be seen as a suspicious activity and mass interception will not be feasible. So long as the encryption is completely transparent to the end user, there will be no disincentive to using it - just like the use of SSL for accessing web sites has become normal and standard for the majority of web sites, not only those passing sensitive or personal information.
If there was a big enough demand for self-encrypting phones, the manufacturers would start including it as standard and offering firmware updates for existing mobile phones so that all calls to & from a compatible handset are automatically and transparently end-to-end encrypted.
"
I suspect the clerks in MI5 have been replaced by an AI that looks for key words and phrases now
"
A lot more sophisticated than merely looking for key words and phrases. It's capable of correllating thousands of communications looking for connections and reactions. Reactions to statements and contrived events can be analysed in real time, allowing instant adjustments to the propaganda etc. to cause a desired outcome.
Mooseman, nobody actually needs to read through it all, any more than anyone has to read through all the information available on the Internet to find out what they want to know. You program a computer to do the searching and filtering.
And while terrorists and criminals will often encrypt, obfuscate and/or disguise their communications, businessmen and politicians usually don't, allowing the interceptor to gather lucrative insider information about big companies, and all sorts of useful information that can be used to influence/blackmail politicians and political decisions.
If you have access to masses of private communications & other data, and the means to run it through complex algorithms, there is also a huge temptation to search for things that will make you money or give you power rather than merely things that are a threat to the country. And if the whole process is secret, there is little risk of being caught doing so, and so the probability of it *not* being used for those things is practically zero.
Data is power. Power corrupts.
As small GA aircraft do not have to file a flightplan or give any notice whatsoever as to their whereabouts, what you say cannot be true. While most light aircaft these days do carry a transponder, it is not mandatory to either fit or use a transponder unless the aircraft is flying IFR (instrument flight rules), and transponder codes are not unique to any aircraft anyway.
Good idea! Then if you annoy me by driving too slow for my liking, I can trivially find where you live and chuck a brick through your window. I will also be able to follow a pretty girl to her car and find out where she lives. Same for finding out where a celebrity or ex lives by looking at their car reg on a social media photo ...
Yes, it will enable all sorts of useful things to be done a lot more easily ...
The tor site makes it extremely clear that tor is not of itself sufficient to ensure anonymity. However you are completely incorrect to say that it is likely to get your real IP address banned - the destination site is highly unlikely to know what your IP address is. It might get an online *account* banned. It may well also get you flagged with law enforcement as a "person of interest" if your ISP monitors and logs all connections made via a tor entry node, though the more people who use tor at least occasionaly the less this will be the case. There was a time when anyone sending any encrypted data over the Internet would be flagged as a potential ne'er-do-well. But these days almost all web sites use SSL so encrypted traffic is the norm rather than the exception.
But the protocol should be implemented in the browser (as ftp protocol is), not passed off to a completely different application. IMO this should include "mailto://" - either the browser should bring up a "not available" message or should implement an outgoing mail client in the browser itself (or browser add-on) rather than opening the OS default mail client.
In my experience of visits to India, most Indians under the age of 20 or so will have at least part-time access to the Internet, be sufficiently tech-savvy to install and use a phone application, and understand English sufficiently to use the app. The people with severe problems will be the older generation - but those people are very used to asking a younger relative to assist with anything internet or computer related, and the youngsters are more than willing to help. The last time I visited a family in India I watched a 12 year old effortlessly set up chromecast for his grandparents and explain to them how to use it.
Incidentally, that particular modest rented house had unlimited 75Mbps Internet supplied via FTTP, which cost the equivalent of £80 per *year* and had been installed & running within 24 hours after it was requested. Greater than 100Mbps is only slightly more expensive. Wish I had the same service where I live in the UK! OTOH a huge proportion of Indians would not be able to afford anything like that much money.
Organised crime refers to crimes committed by a group of people who cooperate with each other in order to perpetrate various crimes. Serious crime refers to crimes that are considered to be of a serious nature (Not sure of the exact definition, but ISTR is any crime that has a maximum sentence of 5 years or longer).
A group of people who organise the fly-tipping of building waste would be an organised criminal gang, but this would probably not be considered to be *serious* organised crime. A person who murders his next door neigbour over a fence dispute would have commited a serious crime but it would not be an *organised* crime.
Robberies and murders etc carried out by a group of people acting in a common interest would be considered serious organised crime.
HTH
Banning encryption because it is possible to use it for criminal purposes makes as much sense as banning any other useful tool that could be used by a criminal. Knives, cars, bolt-cutters, hydraulic jacks etc. etc. are all used pretty regularly for criminal purposes.
The statement by the Aussies that WhatsApp, Telegram and Signal are mainly used by criminals is of course completely absurd, and can only be a deliberate lie designed to influence policy by fearmongering.
The point is that they will likely not break into the car in the first place if it does not appear to contain anything worth taking. They will instead go for the car parked next to it, which contains a more expensive radio or has a lot of loose change visible in the cup holder.
If you want to prevent the bonnet ornament of your Mercedes being vandalised, park next to a Rolls Royce!
"
Just stop for a coffee and a loo break, and let the supercharger recharge your car while you're doing that.
"
Even if there was a battery that was capable of being recharged in a few minutes, just do the arithmetic to see how much power each charging point would have to supply while recharging. And multiply by the number of cars you would want to charge at the same time at any recharging site to see what sort of power each site would need to be supplied with. First I'll assume a car consumes 250Wh per mile (real-world values vary between 200Wh and 500Wh per mile). Next, assume the vehicle is recharged every 100 miles on a journey, and we want the recharge to take no longer than 15 minutes. All very conservative estimates (few people stop for 15 minutes every 100 miles on a long journey)
Total charge needed each 100 miles = 25kWh
Therefore power supply needed to charge in 15 minutes = 100kW
Assume each service station can accomodate 10 cars, then power needed to supply each service station will be 1000kW or 1MW, which is equivalent to a 4000 amp 250V domestic supply. And for many hours during a bank holiday weekend, it is likely that almost every motorway service station would have every charging bay used and so actually be taking the full 1MW of power. It would thus entail making a very significant upgrade to the national grid in order to supply every motorway service station with a 1MW supply.
And if you want to do more miles between charges, or charge in less than 15 minutes, the amount of power needed would increase proportionately.
The first and last days of a typical August bank holiday sees 16.5 million cars in the UK making an average 200 mile journey each. Total power used per car will be at least 50kWh, so total power needed in each of those days will be an *additional* 825 GWh. This is almost the same as the present daily Summertime electricity consumption of the UK, and so would need the national grid to be able to deliver twice as much electricity if all cars become electric.
Any increase in the amount of data collected and sent to others amounts to a worse invasion of privacy. I would argue that it is far less practical to avoid using a car than to avoid using a mobile phone (at least for selected periods of time where we do not want our location to be known), or to avoid sending private data to social media. Right now we can of course avoid using a car that collects such data and sends it to HQ, but it is likely that more and more cars will be doing so until we will soon not have such a choice.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
