Forgot your password?

Comment: Re:Contagiousness (Score 2) 445

by WuphonsReach (#48035751) Attached to: Ebola Has Made It To the United States
Don't confuse incubation period with symptomatic period with infectious period. With Ebola, incubation can be 3-21 days, but you are only infectious once you become symptomatic. Because unless you come in contact with bodily fluids, you won't catch it. (The problem is that if the host is extremely symptomatic, there is thrashing / spatter of fluids everywhere.)

This is unlike the common flu where are are infectious, even if non-symptomatic.

Fortunately, it is also highly unlikely to switch from being spread by droplets / fluids to becoming completely airborne. AIDS/HIV have been known about for decades, but have never made the switch from being a blood / fluid spread virus into an airborne virus. The sequence of random mutations required in order to switch infection style is huge.

(The Reston Ebola study was not able to prove simian to simian airborne transmission. So it's not 100% proved that Ebola can spread without physical contact.)

Comment: Re:Still have a boxed copy of Windows 2.0 (Score 1) 633

by WuphonsReach (#48035247) Attached to: Microsoft Announces Windows 10
OS/2 Warp was pretty good for the time (93-96 era). I ran OS/2 2.x and 3.x for a long while as my main operating system. But application selection was really limited, and running 16-bit Windows programs only got you so far.

Not having to reboot for weeks at a time was a very nice feature. This was back when Win95 could only run for about 40-some hours before crashing due to an overflow in a counter.

But there were no open-source development tools at the time, so in order to write OS/2 applications you had to pony up a few hundred dollars for the compiler, then more money for a GUI framework library, plus more money for documentation. That, I feel, was IBM's biggest mistake - charging for development tools. But then, this was the days when a 28k modem was high-speed and ISDN 128k lines were popular - so not sure how they would have distributed it.

Linux was still a minor blip at the time (I installed an early version of Red Hat in the late 90s).

Comment: Re:To summarize: (Score 1) 302

by WuphonsReach (#48016467) Attached to: Consumer Reports: New iPhones Not As Bendy As Believed
I've had a HTC One (m8) since it came out (about 6 months ago). I keep mine in a case (SUPCASE Unicorn Beetle) and have it in my front pocket all the time.

It still lays perfectly flat, no bending.

Maybe having a hard rubber bumper and the hard plastic back of the case is enough, or this is not a big issue on the HTC units.

Comment: Re:Folks.... (Score 2) 185

by WuphonsReach (#48006927) Attached to: Security Collapse In the HTTPS Market
Eliminate that chain, work out a public exchange and verification program (something akin to bittorrent for gpg signed certificates from other people you trust.) and plug that in in place of the current certificate authority model and you're set.


It limits the damage a lot more then the current "trust the CA completely" model. A rogue CA can only damage / MitM certificates that they have issued without raising red flags in the SSL stack.

Is DNSSEC+DANE perfect? No, it has some rough edges and possible corner cases, but it's far better then depending on the current CA model.

Comment: Re:The 4th, 5th... (Score 2) 353

by WuphonsReach (#47999199) Attached to: FBI Chief: Apple, Google Phone Encryption Perilous
I'm amused that it has taken this long for people to start caring about encryption. I remember the mid-late 90s when PGP first came out and those in charge tried very hard to spread the lie that only bad people use encryption.

Regular people *started* to finally care, at least a little bit, once internet commerce became a thing, but even then SSL was only used to protect credit car numbers in transit.

The last few years have been interesting - a lot of people are starting to finally grasp the importance of using encryption everywhere.

Comment: Re:Not my cup of tea (Score 1) 287

by WuphonsReach (#47944623) Attached to: Slashdot Asks: What's In Your Home Datacenter?
Same, I used to have 3-4 servers in the home office, plus multiple desktops.

I now run a single server acting as the firewall, with VMs inside it for dedicated needs, a single laptop and a single desktop. Every few years the server gets a more powerful MB/CPU and double the RAM and larger hard drives. The server has (10) hot-swap 3.5 SAS/SATA bays. Virtualization and cheap RAM is what made the difference.

I also have a 4-bay USB 3.0 external enclosure which holds (4) 3.5 SATA drives which I use for onsite backups.

Anything that I don't need to keep online, gets written out to a pair of USB disk drives, labeled, and stuffed in a drawer.

Comment: Re:Why bother when Carrier IQ and friends exist ? (Score 1) 126

by WuphonsReach (#47944555) Attached to: Next Android To Enable Local Encryption By Default Too, Says Google
Do Android phones automatically update to the latest version?

It varies by phone and carrier. The HTC One (m8) that I have was updated this week to a new Android version. I had to approve the install and could have declined, but I did at least get an updated version.

OTOH, my Asus tablet... is probably still running the original Android that it shipped with.

Comment: Re:Really? (Score 2) 126

by WuphonsReach (#47944503) Attached to: Next Android To Enable Local Encryption By Default Too, Says Google
The primary reason to password protect and encrypt the phone is to protect against the mundane threat of someone who steals your phone, then tries to leverage that to gain access to your financial accounts or other accounts.

If you travel on any form of public transit, it's a risk. (Pickpockets, muggers, etc.)

Granted, most thieves are only after the phone for its hardware value. But others will dig into the phone and see what sort of personal information they can glean (emails, bank details, list of contacts, passwords) and then try and sell that to identity thieves.

For modern phones, storage encryption has minimal impact on battery life.

Having to enter a 4-10 digit number every time you unlock the phone is a minor hassle. However, there are tricks where you can tell the phone to only lock (after 15 minutes) if it can't see a certain bluetooth / wifi signal.

Comment: Re: So everything is protected by a 4 digit passco (Score 4, Informative) 504

by WuphonsReach (#47939447) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police
When you speak of 4096 bit encryption, you are generally talking about RSA keys. RSA keys do not share the same "strength per bit" as symmetric keys like AES-128.

Most folks say that AES-128 is about equivalent to RSA/3072, and Elliptic Curve would need to be 256 bits to be roughly equivalent to AES-128.

The big upcoming problem with RSA is that the number of bits needed per key goes up rapidly as you need to get to stronger key sizes. To get something equivalent to AES-256, you would need a 15360 bit RSA key. Which makes Elliptic Curve crypto more interesting because you only need about a 512 bit EC key to match AES-256 strength.

Comment: Re:Worse than it seems. (Score 1) 221

by WuphonsReach (#47934375) Attached to: Obama Presses Leaders To Speed Ebola Response
Generally speaking, the chance of it going airborne is about as likely as you getting hit by lightning tomorrow. Changing how it spreads is generally really, really, hard for any virus - it would have to morph into a completely different family of viruses, at which point it would no longer be Ebola.

The bigger issues is that this is going to set those countries back a few decades or more in their development. Which means lots of instability in the region, which tends to result in bad things happening (wars, societal breakdown, less education, more poverty). That's going to kill a lot more people then Ebola does.

Comment: Re:Bring back windows XP. (Score 5, Informative) 545

by WuphonsReach (#47923655) Attached to: What To Expect With Windows 9
I can give you a few...

SSDs under WinXP gradually degrade in performance, because XP doesn't support SSD TRIM. On Win7, this is not an issue, so you don't have to wipe / reset the SSD / restore the operating system once a year.

Graphics performance of video drivers - I gained 20-30% performance switching from XP 32bit to Win7 64bit on the same machine, maybe even doubled performance. This was back when I multi-boxed EVE Online - I went from struggling to run 3 windows (at least one would only get 15-20 FPS), to being able to have 5-6 open (all with 40+ FPS).

The 32bit limit of 3-something GB of RAM is a bit limiting when Firefox is chewing up 500-800MB, Thunderbird is chewing up another few hundred MB, and a handful of other background tasks chewing up 40-50MB each. Moving to Win7 meant I could put in 8GB of RAM on the box, and make use of it.

Multi-tasking performance is just better in Win7 when compared to XP. Less hiccups / pauses / other strange slowdowns.

The window preview as you hover over the tasks in the task bar is addictive. Being able to see thumbnails of each application window makes it easier to pick which window to bring forward (another bonus for multi-taskers).

A bit more resilient then XP to being infected - not perfect, but a definite step forward.

We run Linux on the servers, but I'm quite happy running either OS X or Win7 on the desktops. Both get the job done well enough and stay out of the way.

(Running Win7 on a 2007-era Thinkpad T series, 8GB RAM, pair of SSDs, and only a dual-core Intel CPU.)

Comment: Re:A non-UNIX OS in a UNIX world? (Score 2) 545

by WuphonsReach (#47923607) Attached to: What To Expect With Windows 9
I've long stated that the worst thing the US DoJ ever did to Microsoft - was failing to force them to break apart into separate companies.

Operating systems should have gone one way (at which point, I suspect that modern versions of Windows would be posix-based, probably on BSD). The application stack should have gone another way (MSOffice running on just about everything, instead of being limited in order to sell Microsoft Phones). The hardware stuff into a 3rd company.

Instead of being separate companies and competing - now they are all bound together, fighting for their little fiefdoms tooth and nail, and slowly sinking into obscurity.

Comment: Re:Lie. (Score 1) 191

You can, and I'd guesstimate that about 50% of legit SMTP connections to our server are encrypted with TLS. But that number could also be as low as 10-20% (the 90% of all connections being spam zombies makes it harder to estimate).

I have not tracked the value over time to see if it is going up/down. And our site is not particularly large, so we don't have a good sample to pull from.

Your code should be more efficient!