Forgot your password?

Comment: Re:Speculative. (Score 1) 149

by swillden (#47445719) Attached to: How Deep Does the Multiverse Go?

Anything dealing with multiverse is speculative. Math does not constitute evidence.

By that argument, everything we know about stars, quasars, black holes, and virtually everything else that isn't on our planet and relatively close to the surface is all speculative, too. Nearly everything we know about the stuff not immediately at hand is based on mathematical models, calibrated against "observations" which are often very, very indirect and themselves dependent on many layers of mathematical models derived the same way.

I don't know enough about QM and many worlds theories to know how much really is well-supported, but from what little I've read, the many-worlds hypothesis seems to provide a much better explanation of the spooky action at a distance effects we observe than the alternatives.

Comment: Re:Unsafe Advice (Score 1) 71

Any marginal blocks mapped out before you encrypt will remain unencrypted and may be available to a determined attacker. Same goes for hard drives, and SATA secure erase is not provably trustworthy. Always encrypt your storage before you put any data on it. If you do not trust your hardware AES to not be backdoored then use software crypto.

Yes, the safest approach is to enable encryption just after you get the device (after using it for a few minutes to accumulate some randomness in the Linux randomness pool, so you get a good key). If you don't, totally wiping it is more or less impossible, though the odds of anything significant surviving either the normal wipe or the encrypt & wipe (which probably won't actually do any more than the wipe) are pretty small.

Comment: Re:usually will not do the sdcard partition (Score 1) 71

Last time I checked the standard Android encryption will not do the sdcard partition (I mean not the physical card, but the partition on the internal flash, usually the biggest chunk of it, like let's say 11 out of 16GB).

I'm pretty sure that's not true, because it would make device encryption pretty much useless. A glance at the code certainly appears to show that it encrypts all volumes, but maybe /sdcard somehow gets excluded from the list? I'll ask my colleague, who "owns" disk encryption for Android at Google, tomorrow and post a followup.

I'll also note that none of the devices I have handy (Galaxy Nexus, Nexus 4, Nexus 5, Nexus 7 1st & 2nd gen, Nexus 10, Moto X, Moto RAZR M, Samsung Note 2) even have an /sdcard partition, exactly. They all mount their data partition on /data, and /data is definitely included in device encryption. In fact, it and /cache are the primary targets of device encryption (/system doesn't matter).

Comment: Re:Snowden's Patriotism is Gaining Acceptance (Score 1) 164

by swillden (#47445025) Attached to: NSA Says Snowden Emails Exempt From Public Disclosure

It has been my observation that the people who have blistering hatred for Snowden, are the kinds of people who totally embrace jingoism.

But there are also those who don't have a blistering hatred, yet still feel that he broke the law and should be accountable. I find these people to be especially common among those who themselves are or have been under legal and moral obligations to preserve US government secrets and are appalled that Snowden essentially dumped a huge pile of unsifted sensitive data on the Guardian and trusted them to keep it secure and behave responsibly.

These people largely agree with the need to publish some of the data, but find dumping all of it to be criminally irresponsible.

I think there are a lot more people like that than those who have the blistering hatred you mention. FWIW, my own take (as someone who once held a Top Secret clearance) is that Snowden's action was necessary, that it was infeasible for him to properly vet and carefully release the data, that the news agencies have done a good job and been responsible, and that whatever damage it may have done is far more than offset by the good that it has done. So on balance I consider him a hero. But I do know a lot of people whose concern about what he did tips the balance the other way, even though they don't "have blistering hatred".

Comment: Re:result of the lab/funding system (Score 3, Interesting) 96

by pavon (#47444997) Attached to: Elite Group of Researchers Rule Scientific Publishing

I would even argue that as long as the students who did most of the work have their name listed as first author, there is nothing wrong with this arrangement. I dropped out of my master's program after the first semester because I was being pushed to publish, but wasn't being plugged into any research existing programs. Every "unique" idea that I thought of turned out to have already been studied exhaustively back in the 70's or earlier. All the favorite students in the grad program were people who ignored this inconvientent fact and managed to get rehashed bullshit accepted into conferences.

Several years later I went back to school at a large state U that plugged me into the work they were doing, showed me what the state of the art was and where there were gaps that hadn't been researched in detail. Without building off the ideas of my advisor I would have never been able to do meaningfull research that progressed the state of the art, and would have had nothing worth publishing. He deserved to have his name on my papers.

Comment: Re:Snowden / Binney 2016 (Score 1) 164

by swillden (#47444983) Attached to: NSA Says Snowden Emails Exempt From Public Disclosure

Except Snowden is 31 and you must be 35 to meet the candidacy requirement for POTUS.

It also helps to be able to set foot on US soil without being arrested. Not a constitutional requirement, per se, but a fairly important practical one. Otherwise even if you win you have to figure out how to sneak into the country and your own inauguration so you can get sworn in -- and acquire the ability to pardon yourself -- before being body slammed to the ground, thrown into the back of a black Suburban and transported to Gitmo for waterboarding.

Comment: Re:Full-disk wipe or only current data? (Score 3, Insightful) 71

Who gives a shit what the documentation says. Actual implementation is what matters.

Absolutely. So, look at the source: https://android.googlesource.c...

That file contains the code that generates the master key, derives the key encryption key used to protect it (using scrypt), stores the protected master key, and configures dm_crypt with the master key.

Some functions to look at:

- create_encrypted_random_key(), which creates the master key (reading from /dev/urandom).
- encrypt_master_key(), which derives a KEK from your password and uses it to encrypt the master key.
- decrypt_master_key(), which does the reverse.
- create_crypto_blk_dev(), which creates dm_crypt block device.
- cryptfs_setup_volume(), which mounts an encrypted block device.
- cryptfs_enable_inplace(), which encrypts an existing file system.

Do you really trust a mobile platform to be faithful to the documentation when you're trying to wipe a partition (which could easily be implemented directly but isn't) by first encrypting all data and then throwing away the key?

The device doesn't know you're trying to wipe. It knows that you (a) requested full disk encryption and then later (b) requested a wipe. So it can't optimize (a) away. I suppose it's possible it could just lie and tell you "Yep, I'm encrypting" even though it isn't, but that's the sort of thing that would definitely get noticed by security analysts and gleefully published.

Comment: Re:Wow. (Score 1) 176

by Rei (#47444479) Attached to: Rocket Scientist Designs "Flare" Pot That Cooks Food 40% Faster

That I actually have done ;) On a 60-degree slope down into a deep canyon nonetheless! Also there's manmade objects and yes, *gasp* trees in some places ;) The country isn't totally treeless!

But yes, it's not exactly a very practical solution for Iceland. I'd really prefer something more designed for both roles, hanging and on the ground.

Comment: Re:Translation (Rough) (Score 1) 198

by Lord Kano (#47444209) Attached to: Geographic Segregation By Education

And making analogies involving racism is a good way to get people to talk about real problems like this.

No. Making such analogies offends people who have been subjected to actual racism. They tend to stop listening to whatever else you say.

Like when someone takes whatever gripe they have, even when it's legitimate and likens the opposition to Nazis. At that people they lose people who might have been willing to side with them. That's also what a fake racism analogy does.


Comment: Re:Wow. (Score 1) 176

by Rei (#47443739) Attached to: Rocket Scientist Designs "Flare" Pot That Cooks Food 40% Faster

Are you talking about a Hennessy? I love mine. And I live in Iceland, where it's harder to use. I have no clue where you're getting that they're heavy. Unless you're comparing the regular nylon version to a silnylon tent, rather than nylon to nylon, silnylon to silnylon. The one-man silnylon versions are in the ballpark of 800 grams, including the fly. You kind of have to adapt them to use them as tents on the ground, though, they're not designed for that (but it is possible). Another criticism of them I have is that underside insulation seems to be an afterthought, and I'm not a big fan of their insulation kit (there's no reason it should be foam, I'd like a self-inflating mat). Their snakeskin packing system works well, but you can't pack up the hammock with the insulation on it; honestly, I'd love it if I could have my sleeping bag, hammock, and insulation all roll up as one element. And if had been designed to work both a tent and a hammock from the beginning, the insulation could double as a sleeping pad.


Chinese Couple Sells Children To Support Online Game Addiction 100

Posted by samzenpus
from the think-of-the-children-no-really-think-of-the-children dept.
hypnosec writes After several controversies arising about in-app purchases, a Chinese couple has done the unthinkable by selling their sons to buy in-app items. An unmarried couple, A Hui and A Mei, severely addicted to online games, were accused of selling their sons and were arrested. In an interview with Guangdong TV, they revealed that they chose to sell their sons to child traffickers. A Hui said A Mei is fond of playing online games and likes to buy game items. As he could not give up his in-app purchases, he was not able to support his first son and they sold him to Fujian-based child traffickers. When the wife bore another son, they felt they would not be able to support their second child either, and they again sold him to the traffickers.

"Engineering without management is art." -- Jeff Johnson