Forgot your password?

Comment: Re: So everything is protected by a 4 digit passco (Score 4, Informative) 420

by WuphonsReach (#47939447) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police
When you speak of 4096 bit encryption, you are generally talking about RSA keys. RSA keys do not share the same "strength per bit" as symmetric keys like AES-128.

Most folks say that AES-128 is about equivalent to RSA/3072, and Elliptic Curve would need to be 256 bits to be roughly equivalent to AES-128.

The big upcoming problem with RSA is that the number of bits needed per key goes up rapidly as you need to get to stronger key sizes. To get something equivalent to AES-256, you would need a 15360 bit RSA key. Which makes Elliptic Curve crypto more interesting because you only need about a 512 bit EC key to match AES-256 strength.

Comment: Re:Worse than it seems. (Score 1) 214

by WuphonsReach (#47934375) Attached to: Obama Presses Leaders To Speed Ebola Response
Generally speaking, the chance of it going airborne is about as likely as you getting hit by lightning tomorrow. Changing how it spreads is generally really, really, hard for any virus - it would have to morph into a completely different family of viruses, at which point it would no longer be Ebola.

The bigger issues is that this is going to set those countries back a few decades or more in their development. Which means lots of instability in the region, which tends to result in bad things happening (wars, societal breakdown, less education, more poverty). That's going to kill a lot more people then Ebola does.

Comment: Re:Bring back windows XP. (Score 5, Informative) 532

by WuphonsReach (#47923655) Attached to: What To Expect With Windows 9
I can give you a few...

SSDs under WinXP gradually degrade in performance, because XP doesn't support SSD TRIM. On Win7, this is not an issue, so you don't have to wipe / reset the SSD / restore the operating system once a year.

Graphics performance of video drivers - I gained 20-30% performance switching from XP 32bit to Win7 64bit on the same machine, maybe even doubled performance. This was back when I multi-boxed EVE Online - I went from struggling to run 3 windows (at least one would only get 15-20 FPS), to being able to have 5-6 open (all with 40+ FPS).

The 32bit limit of 3-something GB of RAM is a bit limiting when Firefox is chewing up 500-800MB, Thunderbird is chewing up another few hundred MB, and a handful of other background tasks chewing up 40-50MB each. Moving to Win7 meant I could put in 8GB of RAM on the box, and make use of it.

Multi-tasking performance is just better in Win7 when compared to XP. Less hiccups / pauses / other strange slowdowns.

The window preview as you hover over the tasks in the task bar is addictive. Being able to see thumbnails of each application window makes it easier to pick which window to bring forward (another bonus for multi-taskers).

A bit more resilient then XP to being infected - not perfect, but a definite step forward.

We run Linux on the servers, but I'm quite happy running either OS X or Win7 on the desktops. Both get the job done well enough and stay out of the way.

(Running Win7 on a 2007-era Thinkpad T series, 8GB RAM, pair of SSDs, and only a dual-core Intel CPU.)

Comment: Re:A non-UNIX OS in a UNIX world? (Score 2) 532

by WuphonsReach (#47923607) Attached to: What To Expect With Windows 9
I've long stated that the worst thing the US DoJ ever did to Microsoft - was failing to force them to break apart into separate companies.

Operating systems should have gone one way (at which point, I suspect that modern versions of Windows would be posix-based, probably on BSD). The application stack should have gone another way (MSOffice running on just about everything, instead of being limited in order to sell Microsoft Phones). The hardware stuff into a 3rd company.

Instead of being separate companies and competing - now they are all bound together, fighting for their little fiefdoms tooth and nail, and slowly sinking into obscurity.

Comment: Re:Lie. (Score 1) 190

You can, and I'd guesstimate that about 50% of legit SMTP connections to our server are encrypted with TLS. But that number could also be as low as 10-20% (the 90% of all connections being spam zombies makes it harder to estimate).

I have not tracked the value over time to see if it is going up/down. And our site is not particularly large, so we don't have a good sample to pull from.

Comment: Re:+-2000 deaths? (Score 1) 119

by WuphonsReach (#47912129) Attached to: US Scientists Predict Long Battle Against Ebola
From my reading, it's possible to be infected for two or three weeks without visible symptoms. This means that there's plenty of opportunity for somebody in Africa to get on a plane and go somewhere else, and then have ebola hit. I have no confidence in confining it to one continent.

You need to go back and read again.

Until you are symptomatic, you are not infectious.

(And it's highly unlikely, as in lightning-strike odds territory, to become able to infect via airborne methods. It will remain a touch bodily-fluids and be infected virus.)

Comment: Re:geek or not (Score 1) 238

by WuphonsReach (#47897341) Attached to: Ask Slashdot: Advice On Building a Firewall With VPN Capabilities?
For DYI, the choice really does boil down to either pfSense or IPFire depending on whether you want BSD or Linux underneath.

Personally, I went with a full blown CentOS with Shorewall / OpenVPN on top, but it was definitely not the easiest thing to setup. Next time around I'm strongly considering a firewall distro.

Comment: Re:Good decision? (Score 1) 352

There's really only three Linux distros... Red Hat, Debian, everyone else.

Which is somewhat similar to the days where you had Windows 95/98 vs Windows NT - and you couldn't always run software from one on the other.

And really, once you get past the package manager, most of the differences between the distros are only skin-deep. It's all GNU/Linux underneath.

Comment: Re:Seems kind of pointless- the DNS has to be subv (Score 1) 67

by WuphonsReach (#47882731) Attached to: Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted
DANE is mostly to guard against rogue CAs. CA #1 cannot sign a certificate claiming to represent the domain that was actually certified by CA #2. So it limits the amount of damage that a rogue CA can get away with.

It may also eliminate the need for CAs and certificate altogether. You just store the public half of your certs in the DNS system.

Comment: Re:They declared that security required, https (Score 1) 67

by WuphonsReach (#47845873) Attached to: Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted
Even if you don't do financial transactions on your site - consumers / customers / users are getting more savvy and want *any* personal information to be encrypted in transit. Login details are naturally something that should always be encrypted, but that also extends to things as mundane as URL history or search terms.

I just wish DANE was farther along (plus DNSSEC).

Comment: Re:Can we have a [credible] MS Access equivalent? (Score 1) 185

by WuphonsReach (#47836703) Attached to: Why Munich Will Stick With Linux
The bigger issue with MSAccess and where other tools fall flat is the ease of linking together multiple, disparate, data sources - without having to register dozens/hundreds of ODBC drivers - mashing the data together, then sending it off to yet another destination.

This is especially critical when you work with ad-hoc data sets that are somewhat or completely different from job to job, client to client, so putting that data into a proper database and writing proper SQL queries to massage it or slapping a web front end on it -- is not worth the time investment.

I've looked at OpenOffice/LibreOffice Base over the years. It's still an infant, not even equivalent to the old MSAccess 2.0 functionality yet. Import/Export of CSVs is difficult - it won't create the tables for you and create reasonable field definitions. Linking to another database requires an ODBC driver connection to be configured on the system.

Worse - it uses HSQLDB, where you have to put double quotes around all of your field/table identifiers. That makes it garbage - because you can not prototype a SQL query in Base, then copy/paste it to another SQL compliant database and get it to run without major changes.

Comment: Re:Isolating the problem (Score 1) 220

by WuphonsReach (#47819271) Attached to: Firefox 32 Arrives With New HTTP Cache, Public Key Pinning Support
I really cannot think of a reasonable workflow where that would make sense but I'm not trying to judge

The workflow is pretty much anyone who has to wear multiple hats during the day. Think of open tabs in background windows as short-term bookmarks.

One browser window with half a dozen tabs to keep an eye on the internal ticket system. Another window open with a dozen tabs to track stats on jobs in-progress across multiple days (so that you can just alt-tab to that window, glance through the tabs, rather then rummage for bookmarks or use the awesome-bar). Then typically one window per task / project with anywhere from 1-20 tabs.

As an example, let's say I need to look into GlusterFS. I can either re-purpose one of the my existing browser windows, or better, open a new one and keep all tabs relating to GlusterFS in a single window. I'll start with Google or the GlusterFS home page, then will start proliferating tabs as I find things that are interesting enough to be read, but I'm not ready to dive into that tab yet, nor is it something that I'll want as a long-term bookmark.

As I work through the various tabs, they either get bookmarked after I've read them or just closed.

Not hard to hit 100 tabs. Today is about average and I have 10 windows open, each has 1-15 tabs in it.

Comment: Re:Seemed pretty obvious this was the case (Score 1) 311

by WuphonsReach (#47819101) Attached to: Apple Denies Systems Breach In Photo Leak
Of course, you should keep a record of those questions and answers so you can correctly answer them if the need arises.

That's what GPG encrypted text files were invented for.

One text file per account, the contents are a GPG ASCII armored encryption block containing things like the site name, password, account name, answers to security questions, or anything else.

I then store those text files in a version control system, which makes it easy to share across multiple machines.

(The weak link in all of this is the GPG key - but there are options to strengthen that like smartcards.)

Comment: Re: Too late (Score 1) 107

by WuphonsReach (#47806513) Attached to: Hackers Behind Biggest-Ever Password Theft Begin Attacks
Encrypt the tablet / phone - use a 6-9 digit PIN (which is a lot better then just a 4-digit PIN). Have the device wipe after 10 bad attempts (the default on Android).

Most thieves, when presented with that obstacle - will just reformat the device for sale rather then try and steal information off of it.

As for apps, keypass / lastpass are frequently mentioned. My personal preference is a strong master password in Firefox, and just let it remember the 100s of secondary website account passwords (i.e. not my bank, webmail, or other financial sites). The best choices are those where you setup your own webdav cloud storage on your own hardware, and use that to keep things synchronized.

Scientists are people who build the Brooklyn Bridge and then buy it. -- William Buckley