Forgot your password?

Comment: Easy solution... (Score 4, Insightful) 313

by Em Adespoton (#47948779) Attached to: Canadian Regulator Threatens To Impose New Netflix Regulation

I've got a solution that will make everyone happy:
Have NetFlix partner with the NFB to distribute NFB content... globally. Nothing like providing global access to Canadian content. NetFlix could even provide it for free to everyone in Canada with an account but no current subscription. Under this setup, the CRTC wouldn't have a leg to stand on, as at that point, they will get their Canadian Content on NetFlix (not sure about the French/English ratio though).


I'm pretty sure this really has nothing to do with NetFlix and EVERYTHING to do with the new consortium raising a Canadian NetFlix "competitor" (Shomi) whispering nasty things in the CRTC's ear. Yes, blame Rogers/Shaw for this fracas, as they're likely where the blame really lies.

Comment: Re:Too expensive (Score 3, Interesting) 103

by Em Adespoton (#47941159) Attached to: Dremel Releases 3D Printer

Have you ever used a dremel tool?
For the most part they're crap. Perhaps before the '80s thay had good stuff but it's been downhill for a long time.

I'll bite. I've used a Dremel-brand dremel tool in the late 90's, and found it solid (if made of a lot of plastic), dependable, and accurate. The accessories were way too expensive, but Black & Decker accessories are of the same quality and fit in the Dremel opening.

B&D, Ryobi, Makita and similar manufacturer's dremel tools though -- I've found to be underpowered, made of cheap components, and have a shaft locking mechanism that is abysmal, not holding the shaft in a centred manner at all. DeWalt is also pretty good.

Likewise, I've had hit-and-miss experience with Dremel's other offerings -- some are good, some aren't. But their original tool still works as well as it ever did.

Comment: Re: So everything is protected by a 4 digit passco (Score 1) 501

by Em Adespoton (#47941111) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police

True... which is why talking about large-bit encryption isn't really the issue; it's the implementations that are the issue. I was mostly rebutting the part about exponential difficulty with bitsize making your encryption more secure. I'd give *properly implemented* AES-256 another decade at least before it has any security issues whatsoever. By the time AES-256 can be cracked via brute force, the entire algorithm will be out of date, so increasing bitsize won't be much of a gain.

But it doesn't matter how many bits are used or what algorithm, or even what implementation, if even one password at, or above your level on the system being protected is in the Adobe password file, people.

Comment: Re:CS bonanza (Score 1) 501

by Em Adespoton (#47940479) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police

This actually is a good idea for an Apple Accessory(TM) -- make a line of jewelery that can store your passcode in a "hidden" compartment. Any attacker would need to get both the jewelery and the phone to gain access, which is better than nothing at all.

However, the device unlocking problem has already been solved on iPhones: TouchID. You don't need your passcode to unlock a device, you need your passcode to manage the device in cases where your thumb is missing or you're not actually on the device, but need access to its remotely-stored data.

As such, it makes much more sense to make your passcode really long, write it down, and store it in a safety deposit box. Day to day, you won't need it. But if you do, one trip to the bank and 10 min in the safe room with your phone will be enough to recover from whatever situation you've got yourself into.

Comment: Re:Backups are still provided with a smile (Score 1) 501

by Em Adespoton (#47940407) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police

I think this requires clarification: If you back up to iCloud instead of your personal computer, the backups are encrypted with keys that Apple has. And anyone who has your UUID (which they can likely pick up by sitting on the same open WiFi as you) can spoof your device for a restore of said backup, without requiring 2-factor authentication (they'll still need to figure out your Apple ID and password, or have those given to them by Apple).

If you back up locally, you control the backup key, and it never gets broadcast over a rogue WiFi AP, as any backup attempts (even if you enable WiFi backup) have to happen to a local server, and are not tied to your UUID.

Comment: Re:So everything is protected by a 4 digit passcod (Score 1) 501

by Em Adespoton (#47940303) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police

One other thing to note: on iDevices, if you select a non-simple passcode that is only numbers, the device still presents the simple PIN screen instead of a full keypad. The difference is that it sticks an "OK" button in the text field that you press when you're done.

This provides a passcode of uncertain length (X choose 10, 0 x 4096 or so, realistically 16) that is still relatively easy to enter. It's not as secure as a full-on textual passcode, but it beats a 4-digit PIN even if you only use a 4-digit PIN -- as the attacker has no means to know how many digits long your PIN is -- as it *could* be "11151111" or even "1231230123123" which is pretty quick and easy to enter on a PIN pad (almost as fast as 12345), is 13 characters long, and really difficult to guess.

Comment: Re: So everything is protected by a 4 digit passco (Score 1) 501

by Em Adespoton (#47940129) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police

4096-bit encryption sounds great, but there are always ways to shave orders of magnitude off of the actual sample space, such that encryption strength really tends to grow at about the same rate as processing power.

Once you get encryption keys of that size, you've got storage and transmission issues, which increase the probability of other attack vectors working. Plus, your PRNG has to be REALLY random -- and there isn't really all that much true entropy to go around when you get right down to it.

The issue here is that as your random seed gets larger, the probability that it isn't truly random also increases, and analysis of data encrypted with this seed becomes easier through replay analysis. It won't remove the actual entropy, but forces acting on the values generated will create patterns that will still limit the amount of true entropy stored in the resulting value.

Kind of like if you flip a coin once, anyone guessing really doesn't know if it'll come up heads or tails. But if you flip a coin ten times, the method you use for flipping the coin and the environmental factors will start to have an impact on which side comes up more often, and also on the pattern of what influences a heads or tails result. If you flip the coin 2^4096 times, you'd probably be able to pretty accurately predict the result before the coin had even fully launched into the air.

Yeah; the coin experiment is often used as an example of how entropy is entropy and the probability doesn't change from toss to toss. But if you take all other factors into consideration, you limit the effect of entropy such that your guess on a given toss can actually improve over time. Try it, and you'll see I'm correct.

Comment: Re:What's your suggestion for intelligence work? (Score 1) 501

by Em Adespoton (#47939997) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police

The whole argument that "Hollywood" always gets history wrong in favor of the Americans when making fictional films is just petty jingoistic whining. If it really bothers you that much, go make your own films and set the record straight.

True as far as it goes, but "Hollywood" is a subsidized arm of the US government that mass exports modified propaganda to the rest of the world -- it's why the prevailing view of many Chinese of the US prior to the Internet was based on 1950's films. The result is not that everyone believes the movies (although if you repeat something false often enough, a large portion of the listening population will begin to take it as fact), but that everyone's perception of the subjects of the movies is strongly shaped by them (so as a result, people become wary of giant robots because they might possibly beat us to the moon).

Jingoistic whining is one thing, but oversimplifying herd dynamics isn't much better and helps nobody.

If petty jingoistic whining really bothers you that much, complain about it on slashdot -- not that this will stop the whining.

Comment: Re:So then they get another warrant ... (Score 1) 501

by Em Adespoton (#47939935) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police

Exactly. This also means that any data exfiltration HAS to be targeted, unless Apple is forced to install a keylogger on/in every device (which is possible, what with secret courts/warrants/etc). As soon as you have real targeting, warrants come back in full force, and you have a working set of checks and balances. The issue here isn't with governments gaining access to targeted data, it's with governments gaining access to everyone's data and then rummaging around to see what they can find that is "bad" or "useful". In short, there's less room for abuse, and more transparency with regards to any actions actually taken.

Comment: Re:So then they get another warrant ... (Score 1) 501

by Em Adespoton (#47939867) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police

You have several choices here.

1) Sue, claiming that the government can neither force you to design your software differently, nor require them to sell a specific software. It is a very different thing than the existing system where people are required to provide access to existing backdoors, rather than being required to create backdoors.

Except that now that Apple's warrant canary is gone, it appears they've been served secret orders, which could include such things, and not allow them to sue in public. So this choice is gone

2) Move your corporate headquarters off shore. Then tell them they have no authority over you, but if they want to sue your country or publicly demand you stop selling your product in the US, they can do it - but your warrant requiring secrecy does not affect them in any way shape or form.

This one is possible, but risky, as your competitors who are willing to sell out will gain an immense tactical advantage, especially in the US. The advantage increases even further as the government then stops being willing to share its intel with you that gives your coproration an advantage in the marketplace, but begins to provide your competitors with inside information about your company.

3) Separate the hardware and software, using different sub-companies to produce each one. Then have the software company declare it is hereby closed, and will provide no more updates. Tell the government that they can't force you to be in business anymore. Hire a new company to provide software and REPEAT.

Actually, Sony does something similar to this, using a vast web of companies and contractors. It seems to work pretty well for them, except that I think they also allow the local companies to share local intel/advantages with the host company. But it means that the US can't get Sony Electronics USA to do something that will affect Sony Electronics Japan or Sony Entertainment USA -- the co-operation would have to flow out of the country for this to work. It would really be in, say, Apple and Google's best interests to begin restructuring themselves in a similar manner -- but they'd have to move the parent corporations offshore, which would have its own issues.

Comment: Re: I never thought I'd say this... (Score 1) 323

The reason you don't think it's even close to a two way street is precisely due to the fact that the necessities of rural living are subsidized.

If they weren't, cost of living would skyrocket... and suddenly, all natural resources would be unaffordable to most people in urban areas.

This fundamentally doesn't make any sense. Say current subsidies to rural areas are $X. Those are clearly enough to get people to live there, work in agriculture, mining, etc. If the subsidies went away, then prices for some goods would rise, but they wouldn't rise by, in aggregate, any more than $X, by definition.

As you state, current subsidies of $X are clearly enough to get people to live there and do work. If the subsidies went away, then Y% of the workers (guessing close to 100%, but that's just a guess) would also go away, resulting in the prices for some goods to approach infinity -- those goods being tied to energy production, food production, and the like.

This would eventually balance by wages for some of the jobs increasing such that some of Y would return to work, increasing costs of products Z, which would then go back to the urban areas at adjusted market value A.

The end result would be that instead of things like milk and electricity being at prices low income wage earners in the city can afford, it would be set at higher values.

The result of that is that the minimum wage floor would need to be increased so that the urban support workers could afford to make a living. This means that urban products and services would increase in price.

Basically, keeping rural costs low subsidizes the few so that each person up the line who takes a cut of the profits is taking a cut of a smaller pie, keeping cost of living lower. Increase the costs of the initial resources, and you create relative scarcity and create accumulation of wealth at the top of the monetary chain.

How does this not fundamentally make sense? It even follows the laws of physics -- we don't live in a world with no friction, and if you increase the coefficient at the start, the point at which things come to a standstill via waste energy happens much sooner.

"In matters of principle, stand like a rock; in matters of taste, swim with the current." -- Thomas Jefferson