Forgot your password?

Comment: Re:Alternatively... (Score 1) 102

by Kardos (#47622903) Attached to: Massive Russian Hack Has Researchers Scratching Their Heads

That would be because any (competent) backdoor will be encrypted and cryptographically signed with key(s) known only to the TLA. Consider a router -- it passes all packets normally unless it finds one that is properly signed, then it extracts and executes the payload, fully opening up the device to the whims of the TLA. In lieu of someone leaking or determining the key, it would be extremely hard to identify such a backdoor.

Comment: Re:ineffective political pandering (Score 1) 135

by Kardos (#47588965) Attached to: Cell Phone Unlocking Is Legal -- For Now

> and it may kill some business models that could have brought phones to the poor with no monthly charges

If a potential business model relies on creating a captive market via legislated freedom removal, it's a bad business model, full stop. Cell phone subsidization plans are already protected by contract law. The additional criminalization of unlocking is unnecessary.

Comment: Re:Malicious Actors? (Score 1) 127

by Kardos (#47563259) Attached to: Old Apache Code At Root of Android FakeID Mess

Really? The summary describes a software flaw with grave security implications, and you weigh in with some whining about the use of 'actor' and a mediocre quality sentence?

Education time: Some words have multiple meanings. Actor is one of them.

    noun: actor; plural noun: actors
    1. a person whose profession is acting on the stage, in movies, or on television.
    2. a participant in an action or process.

It's bog standard to use the second sense in this context. See

Comment: Re:Open Source Dangers (Score 2) 127

by Kardos (#47562649) Attached to: Old Apache Code At Root of Android FakeID Mess

I see it as good news that security software is getting more attention. There was a lot of bug backlog that's finally getting fixed. Each bug a bug is fixed we slowly and steadily eliminate attack vectors. Heartbleed is undoubtedly one of the drivers of this renewed attention, as are the revelations that nation states are actively working to exploit weaknesses. Patching bugs is one of the ways ordinary people can work against mass surveillance.

> Despite the fact that, as in Heartbleed, hyped to the max, very few actual bad things seem to happen.

Not all exploits get noticed. If your old laptop was keylogged, and a year after you got a new laptop you discovered that you were a victim of some sort of identity theft--- would you ever trace it back to the keylogger? If your $device was part of a botnet used for some sort of click fraud, would you notice?

Comment: Re:Worst Response of all Time (Score 5, Insightful) 176

by Kardos (#47520281) Attached to: Dropbox Head Responds To Snowden Claims About Privacy

So, you would have preferred a positive sounding statement indicating that they are aware that some users have privacy concerns and a vague reference to ongoing efforts to address these concerns?

I didn't find that response "worst of all time". It came across as lacking in the bullshit department, almost refreshingly so, actually.

+ - Google Offers a Cool Million Bucks For a Better Inverter

Submitted by Anonymous Coward
An anonymous reader writes "With the Little Box Challenge, Google (and IEEE, and a few other sponsors like Cree and Rohm) is offering a $1 million prize to the team which can "design and build a kW-scale inverter with the highest power density (at least 50 Watts per cubic inch)." Going from cooler-sized to tablet sized, they say, would make whole lot of things better, and the prize is reserved for the best performing entrant.

"Our testing philosophy is to not look inside the box. You provide us with a box that has 5 wires coming out of it: two DC inputs, two AC outputs and grounding connection and we only monitor what goes into and comes out of those wires, along with the temperature of the outside of your box, over the course of 100 hours of testing. The inverter will be operating in an islanded more—that is, not tied or synced to an external grid. The loads will be dynamically changing throughout the course of the testing, similar to what you may expect to see in a residential setting." he application must be filled out in English, but any serious applicants can sign up, "regardless of approach suggested or team background, will be successful in registering." Registration runs though September.

#power #google #invertor #contest #ieee #technology"

Comment: LibreSSL not ready for deployment yet (Score 5, Insightful) 151

by Kardos (#47470483) Attached to: LibreSSL PRNG Vulnerability Patched

> The OpenBSD project late last night rushed out a patch ...

Sensationalist introductory sentence. LibreSSL is is not used in any production environment, there is no "rush" here.

It is an early version released to solicit feedback. Feedback was provided, resulting in a bug fix. This is *exactly* anticipated outcome.

The shortest distance between two points is under construction. -- Noelie Alito