Forgot your password?
typodupeerror

Comment: Re:Derp (Score 1) 164

by Mathinker (#47486131) Attached to: New Mayhem Malware Targets Linux and UNIX-Like Servers

There's this link that references USB-HID specifically at 750 characters per second. I can't find other references to USB HID rates, and the HID protocol is semi-flexible (i.e. it's really fucking hard to implement NKRO on HID, since HID keyboard protocol specifies 6KRO in boot mode; but you're free to implement an alternate HID protocol once your keyboard's out of boot mode).

Thanks for the hint to look at the USB-HIB standard (1.1) in which even high-speed devices are limited to 64KB/s. That's interesting info. Does the USB hardware + operating system on most computers actually enforce that?

OTOH, comparing the "1-2 second turn-around" in your reply to the "750 characters per second" undercuts your original argument as a whole

1-2 second delay is an expected human-facing turn-around: this actually happens on most modern systems. I pointed it out and then theorized eliminating that rate limit entirely, instead relying on the limits of the HID keyboard protocol at 750 characters per second, which is the faster measurement and thus can be taken as a worst case.

You don't actually seem to be addressing my argument here, perhaps you misunderstood? It's clear to me what you did, my argument was that doing what you did made no sense given the "1-2 second delay" you state, and given that datum, your characterizing Windows as "retarded" for not distinguishing between 750 char/s and the much faster network, was illogical.

Your naivety about the average entropy in a typical 8 character password is striking.

We're talking about theoretical password complexity here, not dictionary attacks.

Yes, I am capable of reverse engineering your math. You err, though. "We're talking about..."? No, you're talking about...

I'm not quite getting this. You dismiss the possibility that weak passwords are used, so that hardware password attacks are dismissable, but at the same time address the problem that these same non-weak passwords aren't strong enough to withstand network password attacks without lock-outs? Yes, I suppose there is some real-life situations in which that's true, but why would you rag on Microsoft for trying (in what I agree is not a reasonable way) to cover other possible situations (and, given their user base, much more probable ones)?

Comment: Re:Translation (Score 1) 121

by Mathinker (#47485505) Attached to: New York State Proposes Sweeping Bitcoin Regulations

> The IRS will know who you are when you bought your bitcoin from a regulated exchange.

OK... I suppose so (still doesn't address the "multiplicity of jurisdictions" problem), but that is a quite different scenario than that posed by the poster I replied to, who wanted bitcoin "criminalized and shut down" via legislation.

Your comment was already covered by, for example, this poster.

Comment: Re:Derp (Score 1) 164

by Mathinker (#47485365) Attached to: New Mayhem Malware Targets Linux and UNIX-Like Servers

> That's called a movie plot security threat, and it's not a concern.

Do you always start out your arguments by "poisoning the well"? BTW, the person who coined "movie plot security threat" doesn't exactly agree with you.

> Aside from all the obvious shit like "how do you get in there unnoticed?"

Did you miss the "on a public computer" part of my post? Never heard of social engineering?

> Even without a 1-2 second turn-around for testing a password, keyboards can only enter 750 characters per second.

Where did this "750 characters per second" come from? Is this a limit built into Windows? USB 2.0 runs at 35 MB/s, according to Wikipedia.

OTOH, comparing the "1-2 second turn-around" in your reply to the "750 characters per second" undercuts your original argument as a whole --- if the password check itself is the limiting factor, even for the "slow" keyboard, it make no sense to make a distinction between password attempts from the keyboard and those from the network, so it would be silly to call Windows "retarded" for doing so.

> That's less than 100 password attempts per second for 8 character passwords,
> or 10^12 seconds to try them all. 800,000 years!

Your naivety about the average entropy in a typical 8 character password is striking.

Comment: Re:Derp (Score 1) 164

by Mathinker (#47482719) Attached to: New Mayhem Malware Targets Linux and UNIX-Like Servers

Windows does stupid shit like lock the local console if you set up rate-limit log-in...when logging in through the Microsoft log-in manager. That's retarded. A person is sitting at that console, and can't enter passwords fast enough; it should NEVER BE LOCKED.

You have limited imagination, what about an attack on a public computer via replacing its keyboard with one which includes a CPU + password cracking program?

So Windows isn't quite as retarded as you think; it's just retarded in that it doesn't rate-limit the two kinds of logins separately (i.e., still very retarded).

Comment: Re:Derp (Score 1) 164

by Mathinker (#47482643) Attached to: New Mayhem Malware Targets Linux and UNIX-Like Servers

I think nowadays that one can assume that 1400 random infections (for the botnet in question) on the net would include most countries. Even more so for the larger botnets which exist. So my suspicion is that this tactic has limited utility, possibly so limited that it is no longer worthwhile ("Damn, I forgot to turn off the geoblocking before my unexpected trip to Peru!").

Comment: Re:Translation (Score 1) 121

by Mathinker (#47480691) Attached to: New York State Proposes Sweeping Bitcoin Regulations

No, I won't bite on the Ponzi flamebait. But <sarc>I'm sure Satoshi is quaking in his boots</sarc>.

Er, reality check?

  • Your "little bit of legislation" is only going to affect people in your little bit of jurisdiction.
  • Except for someone who actually is stupid enough to directly declare he has bitcoin, it is trivial to conceal it, and trade/spend it outside problematic jurisdictions.

Are you one of those who also believe that we just have to pass stricter laws and piracy will disappear?

Comment: Re:.. not in italy (Score 1) 151

by Mathinker (#47469259) Attached to: Mt. Fuji Volcano In 'Critical State' After Quakes

> They were convicted for making statements that earthquake will not happen

And they actually made such statements? Or, perhaps they merely said that "as far as science knows, the probability of an earthquake is no larger than, say, last year". The whole thing looked like a witch hunt to blame someone for damages which were caused by natural causes, because no politician is going to get up in front of the electorate and actually tell them "Sorry, there is a very small chance that large numbers of people in our country could die from X, Y, or Z and there is no practical way to prevent these dangers."

It frankly looked like scientists sacrificed on the stage of security theater.

Comment: Re:WAT (Score 1) 59

by Mathinker (#47326537) Attached to: Intuit Beats SSL Patent Troll That Defeated Newegg

> RC4 is math. It's either broken or not-broken. You can't go half way.

Security isn't binary. Cryptography, being targeted for practical application, is different than theoretical mathematical statements, which we all know can be discovered to be either correct or incorre... hang on, Godel is calling me from the afterlife...

(heard from distance) What? Really! Mind-blowing, man. Yes, I know your name has those two funky dots, but Dice thinks "pretty" is more important than "functional", so it might be a while before Slashdot can actually display them...

Comment: Re: the stuff just comes out by itself (Score 1) 83

by Mathinker (#47206505) Attached to: Fuel Cells From Nanomaterials Made From Human Urine

If humanity is ever going to colonize other solar systems with slower-than-light travel, it's a no-brainer that we're going to have to learn how to recycle our waste. In a closed ecosystem, it makes sense to find ways to use urine, or plants/bacteria/yeasts grown using urine, as raw material to produce essential materials for repairs.

Comment: Re:What a dumb waste of energy... (Score 1) 94

by Mathinker (#47145843) Attached to: As Crypto Mining Grows, Data Centers Begin Accepting Bitcoin

You're still not arguing against the points raised by DanielRavenNest and ultranova. Neither of them claimed that the bitcoin protocol was the "best-designed" protocol from an energy efficiency point of view.

If you're really interested in solving the problem which seems to irk you so, just go out and make Peercoin (or whatever other alternative cryptocurrency you invent which doesn't require proof-of-work in the long term for maintaining the block chain) more popular than Bitcoin. You could start by talking about Peercoin's advantages every time Bitcoin comes up...

> OK, I think you see the point,

What? I merely see that you don't know how to argue logically well.

Comment: Re:What a dumb waste of energy... (Score 1) 94

by Mathinker (#47140463) Attached to: As Crypto Mining Grows, Data Centers Begin Accepting Bitcoin

Honestly, if the machines were that profitable then the companies making them would just keep them and mine on their own, as it would be more profitable than just selling the hardware.

This actually isn't totally true, since cryptocurrencies rely on several kinds of trust, and one of them requires that no single entity controls the mining. So it can sometimes be in the interest of a mining equipment manufacturer to even sell mining equipment at a loss, if the manufacturer also mines.

Comment: Re:What a dumb waste of energy... (Score 1) 94

by Mathinker (#47140395) Attached to: As Crypto Mining Grows, Data Centers Begin Accepting Bitcoin

> Uh huh. Me and 97% of climate scientists

I'm so glad that you know what 97% of climate scientists think about bitcoin. Nice way to not actually argue on points, though, like showing that the CO2 generated by mining over the life of the bitcoin protocol will exceed the CO2 which might be saved?

Comment: FreeOTFE no longer maintained, it seems (Score 1) 566

by Mathinker (#47117679) Attached to: TrueCrypt Website Says To Switch To BitLocker

Wikipedia:

The FreeOTFE website is unreachable as of June 2013 and the domain name is now registered by a new owner. The program can be downloaded from a mirror at Sourceforge.

Given what we know about Big Brother nowadays, I'd say that it would be nice if we could maintain several diverse solutions to this problem. Unfortunately, it seems that there's not enough developers around to do that...

The opposite of a correct statement is a false statement. But the opposite of a profound truth may well be another profound truth. -- Niels Bohr

Working...