Forgot your password?

Comment: Randomized MAC for background scans ... (Score 2) 163

by Wrath0fb0b (#48213819) Attached to: Austin Airport Tracks Cell Phones To Measure Security Line Wait

If you've got a recent iPhone, it's already randomizing the MAC used for background scans:

When iOS 8 is not associated with a Wi-Fi network and a device's processor is asleep, iOS 8 uses a randomized Media Access Control (MAC) address when conducting PNO scans. When iOS 8 is not associated with a Wi-Fi network or a device's processor is asleep, iOS 8 uses a randomized MAC address when conducting ePNO scans. Because a device's MAC address now changes when it's not connected to a network, it can't be used to persistently track a device by passive observers of Wi-Fi traffic.

Of course, that doesn't work if you are using the phone to read Twitter while waiting in line, because seriously, what else are you expected to do while shuffling along?

Comment: Re:Biased summary (Score 1) 282

by Wrath0fb0b (#48127757) Attached to: Four Dutch Uberpop Taxi Drivers Arrested, Fined

This isn't a product, it is a service. So ergo the only way to regulate the service is to regulate the person doing the selling.

And you can regulate the person doing the selling and the car he's driving without favoring one person over another or empowering a cartel.

Falling into the "regulation-bad" "regulation good" dichotomy is really killing us here. Regulating the driver's record, the vehicle and his insurance is eminently sensible. Beyond that, it's just protectionism.

Comment: Re:Biased summary (Score 1) 282

by Wrath0fb0b (#48127741) Attached to: Four Dutch Uberpop Taxi Drivers Arrested, Fined

I really don't have any problem with any of the requirements you've listed at the end there, so long as they are administered objectively and impartially. They all seem unobjectionable.

But providing favorable treatment to some licensed taxi companies over others -- such as the use of taxi stands and spaces -- rubs me as unjustified favoritism.

Comment: Re:Biased summary (Score 3, Insightful) 282

by Wrath0fb0b (#48126051) Attached to: Four Dutch Uberpop Taxi Drivers Arrested, Fined

What kind of person bills his grandmother for taking her to the supermarket? Jeezz...

Repeat after me: "it's against the law to drive people around for money without the proper credentials".

Your bit about "without proper credentials" makes it sound like all that's needed is for a driver to apply for a license and meet some objective requirements like driving records, vehicle inspections and insurance. If that were the case, you'd have a lot more folks siding with the law.

Instead, in order to pick up a fare in Amsterdam, you need to meet some other arbitrary requirements, chief among them being a member of a TTO ("Regulated Taxi Organization") with at least 100 cars. And to pick up a fare from a taxi stand in Amsterdam, you need a further license -- one given at the discretion of the municipality for "professionalism".

So there we have it -- there's a whole set of common sense regulations that are applied and that anyone can meet based on a set of objective criteria. Then there's another set that got "glued on" which makes no sense at all. So ditch the latter, and soon you'll find there's no reason for uber at all.

[ But hey, at least it's not as bad as the US medallion system ! ]

Comment: Great feel but poor ergo ... (Score 1) 304

by Wrath0fb0b (#48093363) Attached to: The Greatest Keyboard Ever Made

Straight keyboards are really poor ergonomically, but I do love the mechanical feel of these old IBM models (and their newer imitators).

Might as well use this as an impromptu Ask Slashdot: are there any ergonomic one-piece mechanical wireless keyboards out there? I periodically Google for it (to replace an old Logitech one that's nearing EOL after a decade or so) but have never been able to find anything suitable.

Comment: Re:Honestly, rifles are not the problem (Score 1) 651

by Wrath0fb0b (#48039593) Attached to: The $1,200 DIY Gunsmithing Machine

Pistols, however, are used by criminals, by people committing suicide, and by kids playing around with them. As a direct result, over 30,000 people die every year after being shot with a pistol.

This is an example of a truthful but not useful statement. Yes, 30,000 people die every year as a result of being shot by a pistol. According to the CDC, in 2010 there were 11K firearm homocides and 19K firearm suicides.

That's a big difference in perspective, since a regulation that might be justifiable to prevent an individual from shooting his wife or neighbor might not be justifiable to prevent him from shooting himself. It's not dispositive, of course, but society has a much larger interest in preventing individuals from killing each other than killing themselves.

Comment: Re:So everything is protected by a 4 digit passcod (Score 2) 504

by Wrath0fb0b (#47939731) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police

Too bad for "standard forensics" that the passcode is mixed in with a hardware-specific key baked into the SOC. So you'll first need to be able to run arbitrary code on the individual's phone itself in order to keep guessing beyond the limit. That's going to require a significantly more intrusive examination.

Comment: Re:Sanity... (Score 1) 504

by Wrath0fb0b (#47939437) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police

Self incrimination has never applied to physical evidence that the individual has in his possession, it only applies to things that are "testimonial" (quotes because this is a term of art). After all, the 5A specifically talks about being a witness against one's self, not about providing evidence. See also Fisher v. United States, 425 U.S. 391 (1976), Schmerber v. California, 384 U.S. 757 (1966) and United States v. Wade, 388 U.S. 218 (1967).

The classic example is business or tax records related to fraud prosecutions. An individual served with a valid order cannot refuse to turn over documents because they would tend to incriminate him, that doesn't make sense. You can't force the individual to testify to anything, but you can compel them to produce physical objects that you have probable cause to believe are evidence relevant to the prosecution of a crime.

Another canonical example is a court order forcing an individual to provide a cheek swab for a DNA test. Again, not testimonial because it's not communicative in any way -- you are just talking about physical, tangible evidence.

Comment: In combination with an accurate summary ... (Score 1) 311

by Wrath0fb0b (#47817049) Attached to: Apple Denies Systems Breach In Photo Leak

In combination with iCloud credentials obtained with iBrute, the password-cracking software for iCloud released on Github over the weekend, EPPB lets anyone impersonate a victimâ(TM)s iPhone and download its full backup rather than the more limited data accessible on

So basically, in combination with your password, this tools let's you access resources secured by your password. Amazing! Next up you'll tell me there's a tool that lets you open my front door in combination with a copy of my house key!

Let's put this another way -- you tell some /.er that he can buy a new iPhone, enter his password and immediately restore from an iCloud backup. Logically then, we expect that he understands that the password controls access to the backup, since the only thing he needed to provide was that password.

Comment: Re:What's wrong with Windows Server? (Score 1) 613

by Wrath0fb0b (#47816239) Attached to: You Got Your Windows In My Linux

Which is why clamd should provide a systemd.socket, unit in which case the init system installs the sockets and then hands them off to the spawned process as soon as the respective daemon is to be started.

It's just as easy to to do this in systemd as it is to bung together shell that does it, but it's not as familiar. In a few years, most system admins will be able to mash out a systemd.socket unit in their sleep.

Comment: Re:Honestly, when will people learn? (Score 1) 98

by Wrath0fb0b (#47765693) Attached to: Project Zero Exploits 'Unexploitable' Glibc Bug

An acquaintance recently posted "Six Stages of Debugging" on his g+ page. (1. That can't happen, 2. That doesn't happen on my machine, 3. That shouldn't happen, 4. Why does that happen? 5. Oh, I see, and 6. How did that ever work). Doesn't an software dev who has been working for more than about three years go straight to No. 4?

Absolutely true for debugging. But there's a few steps you missed.

Somewhere near 3-4: Ok, how bad would it be if that happened? Does it recover without user intervention (i.e. service crashes and cron restarts it)? Does it recover with user intervention ("did you turn it off and back on?)? Does it lose user data (oh poop)?

The question here (which is altogether not trivial) is exactly this: "how bad would it be if we wrote an extra '\0' somewhere"? And what geohot did was answer that in the most productive way possible - by actually showing with a real example that the impact is major and permanent. If you aren't explicitly doing assessment of the impact of your bugs for schedule/priorities then you must be doing it implicitly somehow because most projects have more bugs than coders/time.

There's another step you missed, happens probably at step 10 or 11 and probably not by the developer that fixes the bug -- given the impact and the risk of the fix, when/how should this be deployed? Should it be backported to the stable releases? Do we have to ping everyone downstream? Is this so bad we should post on /. telling everyone to pull the emergency fix ASAP or else zombie Putin will kill Natalie Portman?

Again, if you aren't doing this step explicitly, it's either happening implicitly or else you are just letting it land whenever/however.

Recursion is the root of computation since it trades description for time.