Forgot your password?
typodupeerror

Comment: Re:Good luck with that. (Score 5, Funny) 317

by MrNiceguy_KS (#47566199) Attached to: Ford, GM Sued Over Vehicles' Ability To Rip CD Music To Hard Drive

Yeah yeah, I do it all the time. My car is my primary CD ripping device.

  I take my CD out, rip it, then disassemble the car's audio system and pull the hard drive. Take it to my home computer and upload the files.

  Piece'o'cake, why do you think I bought my car, anyway? Driving? Hahahahahahahaha.....

That's nothing. I've set up a massive file-sharing service based around these systems. And it's completely undercover; to the casual observer, it looks like a used-car lot!

Comment: Re:Because... (Score 1) 325

by MrNiceguy_KS (#47182015) Attached to: Fixing the Humanities Ph.D.

The quote in the summary:

"These programs have gotten both more difficult and less rewarding: today, it can take almost a decade to get a doctorate, and, at the end of your program, you're unlikely to find a tenure-track job."

So you're talking about a people getting a degree where the only career option is teaching others so they can seek the same degree? And the MLA thinks the fix is to make that degree easier to get? I suppose it does have the benefit of people wasting less of their life pursuing a degree that is worthless out in the real world, but it looks to me like a PhD in Humanities is the academic equivalent of a Ponzi scheme.

Comment: Re:Steve Gibson (Score 1) 475

by MrNiceguy_KS (#47150193) Attached to: The Sudden Policy Change In Truecrypt Explained

Steve has made some mistakes in the past and over-hyped some things...

Kind of interesting, since the linked article is basically the exact opposite of over-hype. I think the really relevant point is this:

TrueCrypt's formal code audit will continue as planned. Then the code will be forked, the product's license restructured, and it will evolve. The name will be changed because the developers wish to preserve the integrity of the name they have built. They won't allow their name to continue without them. But the world will get some future version, that runs on future operating systems, and future mass storage systems.

If we assume that the TrueCrypt announcement is a NSL warrant canary, then the question is "Why now?" "Why?" is a stupid question - of course the government would like a backdoor into TrueCrypt. But why the NSL now?

Option A is that, since the TC developers are anonymous, their identities have only recently been discovered by the government agencies that issued the warrant. I'll admit this is possible, but it seems unlikely.

Option B: Version 7.1a of TrueCrypt has a flaw that is known to government agencies, but has not yet been discovered by the community. The government is worried that the ongoing code audit will discover and remove this flaw, and they issued a NSL requiring that if the flaw is discovered, the updated version include a government-approved backdoor. TC devs made the warrant canary announcement rather than agree to comply.

Option C: At some point after the release of Version 7.1a, the TrueCrypt devs received a NSL requiring a backdoor in the next released version. TC dev team technically complied by not releasing a new version, since there were no known weaknesses in 7.1a. The code audit has uncovered a flaw and informed dev team, leading dev team to shut down the project and invoke warrant canary.

It will be interesting to see what happens with the code audit. Hopefully the audit team had the foresight to set up a warrant canary themselves. At any rate, Steve Gibson does have a point - the code is out there, and the audit will continue. TrueCrypt will be forked, and work will continue.

Comment: Re:I wonder... (Score 1) 566

by MrNiceguy_KS (#47123049) Attached to: TrueCrypt Website Says To Switch To BitLocker

WTF... I heard that all TC developers are from Czech Republic, (or some other central european country)... They don't need to answer to any US NSL.

Their actual identities and locations are unknown. There's plenty of intelligence agencies around the world that would go along with a firmly-worded "request" from US intelligence agencies. I think it's safe to assume that, if this announcement is due to government threat, we're talking about legal threats rather than death threats. An agent that says "backdoor your software or we kill you" is very likely going to kill you for making the sort of announcement that popped up today.

Comment: Re:I wonder... (Score 1) 566

by MrNiceguy_KS (#47122969) Attached to: TrueCrypt Website Says To Switch To BitLocker

yes but there is still the private signing key that allows for trusted uploads of new (possibly compromised) versions.

True, but it's still an open-source project. Uploading backdoored binaries would be easy enough, but compromising the code would be a lot more complicated.

I'm sure the NSA is very good at writing obfuscated code, but there are other factors in place. The TC code audit started a few month ago, and there hasn't been an update to TC in 2 years. Any new updates to TC are going to be reviewed *very* carefully - sudden updates to a 2-year-stable project right after the beginning of a code audit looks very suspicious.

I use TrueCrypt. I realize that there are other options out there, but TrueCrypt has a few advantages - namely that it allows hidden volumes and it's cross-platform, free-as-in-beer, and open-source, (even if not technically FOSS). So now what? TrueCrypt won't go away. I can save a copy of the installer for the 2012 release, and, more importantly, there are copies of the code out there - particularly in the hands of the code audit team.

If we assume that the TC dev got an NSL, it would potentially explain the announcement. The dev decided to burn the crop and salt the field rather than let it be co-opted by the NSA. And, based on what happened with LavaBit, the NSA must have anticipated at least the possibility of this response. If anything, it was probably more likely. LavaBit was a commercial operation - they had a financial incentive to go along, keep their mouth shut, and keep the business going. Instead, they decided to do the right thing and shut down.

So assuming the NSA sent a National Security Letter to the TC dev, why, and why now? NSLs have been around for years. It seems odd that the NSA would wait until now to try to force in a backdoor, particularly with the likelihood that attempting to do so would result in the "burn and salt" response. If the NSA felt it was worth forcing TC into a go-along or shut down choice, they would have done it years ago.

One possibility is that TrueCrypt has an exploit that is currently know by the NSA, but not known by TC devs. Once the code audit started, the NSA was concerned they would lose their backdoor, and issued National Security Letters to the audit team requiring they don't expose the flaw, and to the dev team requiring they don't fix it. At this point, this seems like it might be the most likely option, assuming we aren't looking at a site defacement. Hopefully we'll get some clarification soon.

Comment: Re:They surely are shuffling things around (Score 1) 293

by MrNiceguy_KS (#46930269) Attached to: The Upcoming Windows 8.1 Apocalypse

No mod points, but thank you for this. I've managed to tweak my work PC enough that the parts of Win8 that piss me off mostly stay out of my way, but hunting through the mess of settings makes me curse the day Balmer emerged from the primordial soup of whatever parallel evolutionary track coughed him up.

try again

Working...