Forgot your password?
typodupeerror

Comment: Re:Locking USB... (Score 4, Informative) 97

by Marillion (#48053575) Attached to: Hacking USB Firmware
Lock Switch? Then you don't understand the problem. The problem is that in many USB Flash are two chips: a computer and memory. The host PC communicates with the USB controller and the controller talks to the memory. Most controllers are just a version of the 8051 CPU with USB logic bolted on. The lock switch would be a high-level function that returns an error on a generic block device write command. Hacking the USB device isn't hacking the flash memory, it's hacking the firmware on the 8051. The Device Firmware Update function of USB that allowed that 8051 computer to be reprogrammed should be disabled.

Comment: Re:Folks.... (Score 2) 185

by Marillion (#48007869) Attached to: Security Collapse In the HTTPS Market

For example: Hong Kong Post Root; DoD Root CA 2; Federal Common Policy CA; Staat der Nederlanden Root CA - Any of these CA can mint a certificate for ANY website.

Keep in mind that any sufficiently powerful nation is better served sending lawyers rather than hackers. Step One: All it takes is to send a court ordered warrant with gag-order to get the private key for "Go Daddy Root Certificate Authority - G2". Step Two: Mint certificates

We should do two things. 1) Browsers should also start displaying the root CA. If I go to Google and I know it's Google because "Autoridad de Certificacion Raiz del Estado Venezolano" says so, I'd be suspicious. 2) Fix the all or nothing problem. Somehow limit the domain scope of a CA. "Google Internet Authority G2" mints certificates for Google.Com. What's to keep them from minting one for MyBank.com?

Comment: Re:Is Snowden being tried? (Score 1) 261

by Marillion (#46268495) Attached to: Edward Snowden's Lawyer Claims Harassment From Heathrow Border Agent
Perhaps there are deals being worked out. These deals could be between Snowden and the US. Perhaps a deal with some other country. Perhaps a deal with a book publisher. Until a deal is reached, these deals should be private. Lastly, we should be very worried if no one is trying to make a deal because it signals that everyone has an entrenched and unyielding position.

Comment: Re:As an ex-trucker let be first to say... (Score 1) 135

by Marillion (#46183457) Attached to: Why Robot Trucks Could Be Headed To Afghanistan (And Everywhere Else)
My wife is a UPS driver and for a long time I felt that trucking was one field that couldn't be off shored. Stuff has to keep moving.

Then one day I started to think about Google Car and I realized that the "killer app" for Google Car isn't as a car, it's as a truck. I agree it won't happen overnight, but it will happen. According to the U.S. Bureau of Labor Statistics, there are almost 800,000 big rig truck drivers at $40,000/yr in the US. (2012 data) Another 40,000 drive delivery trucks. Politics are the only thing that will save it. It's too large a cohort of workers. I look at the the NAFTA provisions for Mexican drivers to operate in the US that haven't been implemented as evidence that Congress will discourage their adoption. Also, what congressman wants to be on record of approving "Big Scary Robot Trucks" that accidentally drove over the Smith Family minivan killing both parents and Baby Smith too.

Stats: http://www.bls.gov/iag/tgs/iag...

There is no royal road to geometry. -- Euclid

Working...