Forgot your password?

+ - Chinese State Media Declares iPhone A Threat To National Security->

Submitted by MojoKid
MojoKid (1002251) writes "When NSA whistleblower Edward Snowden came forth last year with US government spying secrets, it didn't take long to realize that some of the information revealed could bring on serious repercussions — not just for the US government, but also for US-based companies. The latest to feel the hit? None other than Apple, and in a region the company has been working hard to increase market share: China. China, via state media, has today declared that Apple's iPhone is a threat to national security — all because of its thorough tracking capabilities. It has the ability to keep track of user locations, and to the country, this could potentially reveal "state secrets" somehow. It's being noted that the iPhone will continue to track the user to some extent even if the overall feature is disabled. China's iPhone ousting comes hot on the heels of Russia's industry and trade deeming AMD and Intel processors to be untrustworthy. The nation will instead be building its own ARM-based "Baikal" processor."
Link to Original Source

Comment: Expect a new internet by 2020! (Score 1) 305

by jupiter126 (#47233345) Attached to: When will large-scale IPv6 deployment happen?
With net neutrality, piracy and privacy issues... we should indeed expect a "new" internet by 2020.

IPv6 will be the rule of law of course, for one base reason:
IPV4 can not support the growth in emerging markets

and two (interconnected) reasons
- it allows more consumers to connect with more devices
- it allows better tracking - which is a crucial pillar of today's internet sponsorship

Finally, it is the only "partially working" solution today, commercial routers support it, and there is no other protocol that meet today's need and is implemented in most vendors next gen solutions: it has already been tested and accepted by the network's core infrastructure suppliers.

Of course, some custom industrial solutions might need more time to be replaced, but "on the shelf" solutions will be IPV6 before 2020!

SO YES... IPv6 will be mostly integrated (for consumers) before 2020...
In corporations, IPV4 will remain a compatibility issue for a long time, in a similar way that system admins still have to deal with coax cables and VAX or SPARC systems today.

+ - iOS Apps on Android (natively!)

Submitted by Schranz
Schranz (3646499) writes "Columbia University PhD students managed to run iOS apps natively on Android:
They built a compatibility layer (iOS-"kernel" XNU is open source) on top of Androids kernel that lets you run unmodified (no legal issues) iOS libraries and therefore iOS apps.
Apps have only little overhead, it's pretty efficient.
Paper was released in march '14 and it didn't get the attention it deserves."

Comment: I do not agree at all (Score 1) 1

by jupiter126 (#46923551) Attached to: 11 Reasons Encryption Is (Almost) Dead
While all these threads apply to today's public standards, it is still very possible for a motivated person to send strongly coded messages on internet, there are three simple rules to respect:
- Use a secured host which is not connected to any network (try openbsd for example)
- Use many encryption layers, and one passworded key (like I did in )
- Send the pass and archives by secure ways... (ex: the pass on paper, and the key split in 128 different messages)

Encryption is not dead... it is the future, but it is one step behind decryption at this very moment.

+ - OpenSSH no longer has to depend on OpenSSL->

Submitted by ConstantineM
ConstantineM (965345) writes "What has been planned for a long time now, prior to the infamous heartbleed fiasco of OpenSSL (which does not affect SSH at all), is now officially a reality — with the help of some recently adopted crypto from DJ Bernstein, OpenSSH now finally has a compile-time option to no longer depend on OpenSSL — `make OPENSSL=no` has now been introduced for a reduced configuration OpenSSH to be built without OpenSSL, which would leave you with no legacy SSH-1 baggage at all, and on the SSH-2 front with only AES-CTR and chacha20+poly1305 ciphers, ECDH/curve25519 key exchange and Ed25519 public keys."
Link to Original Source

Comment: More spendings (Score 1) 217

by jupiter126 (#46851809) Attached to: How the FCC Plans To Save the Internet By Destroying It
Net neutrality can be approached with two purposes:
- Be neutral about what is allowed on internet (Block specific content)
- Be neutral about who is allowed on internet (Block specific sites)
Content distributors are interested in blocking specific content (MCAA, RIAA, ...), infrastructure providers are interested in blocking specific sites (netflix, ...): it is a battle for money.

Human nature dictates us to be creative to reach our objectives.
These laws will thus only accelerate the birth and growth of new networks, which their creators might surprisingly base on the shortcomings of what they miss in the existing one.
As users will be motivated to search for alternatives, demand will be raising, and while TOR is only a "first generation" secure network and its use remains marginal, these laws will help these kind of networks to go mainstream.
They will then try to block these networks, triggering further evolution, back to the chicken and the egg.

On the meantime, illegal organisations will benefit from those new mainstream technologies, and our dear agencies might need to gear up a bit ^^
Now for the funding: Taxes.

And this is how you lost the war for money, even if you did not buy their content or bypass their architecture \o/

+ - One week of OpenSSL cleanup ->

Submitted by CrAlt
CrAlt (3208) writes "After the news of heartbleed broke early last week, the OpenBSD team dove in and started axing it up into shape. Leading this effort are Ted Unangst (tedu@) and Miod Vallat (miod@), who are head-to-head on a pure commit count basis with both having around 50 commits in this part of the tree in the week since Ted's first commit in this area. They are followed closely by Joel Sing (jsing@) who is systematically going through every nook and cranny and applying some basic KNF. Next in line are Theo de Raadt (deraadt@) and Bob Beck (beck@) who've been both doing a lot of cleanup, ripping out weird layers of abstraction for standard system or library calls.

Then Jonathan Grey (jsg@) and Reyk Flöter (reyk@) come next, followed by a group of late starters. Also, an honorable mention for Christian Weisgerber (naddy@), who has been fixing issues in ports related to this work.

All combined, there've been over 250 commits cleaning up OpenSSL. In one week. Some of these are simple or small changes, while other commits carry more weight. Of course, occasionally mistakes get made but these are also quickly fixed again, but the general direction is clear: move the tree forward towards a better, more readable, less buggy crypto library.

Check them out at"

Link to Original Source

Comment: Solution (Score 1) 1

by jupiter126 (#46280621) Attached to: The RSA/NSA Controversy And What We Can Do About It
I asked myself the same question a few months ago, and came up with a homemade solution. The solution I adopted to make up for the lack of trust of vendors and algorithms, has been to layer many implementations of many algorithms to encrypt my files... this result is much more intensive encryption procedures, but the data feels safer - as long as we believe at least one vendor or one algoritm were not compromised. I scripted the method in bash:

+ - Ask Slashdot - Multilayer cryptography->

Submitted by jupiter126
jupiter126 (2471462) writes "Not knowing which vendors/protocols have been compromised, I figured that my best option was to set a few layers of them.
I thus started to throw together a bash script, that would use many different algorithms and vendors to crypt a file.
What became interesting is that while encrypting, the script generates a decryption script as a key — rather than a monotonous key.
I dug a bit further, and put this bash code together, I'd love to have some feedback on the concept and it's implementation!
Thanks ;)"

Link to Original Source

+ - The Best and Worst from CES 2013->

Submitted by
CowboyRobot writes "InformationWeek has collected what it considers to be the five dumbest ideas presented at this year's CES. The list includes: "The HapiFork is an electronic fork that tracks how many mouthfuls of food you consume during a given meal, how many seconds pass between bites, and how long the meal took to complete." Also on the list is the iPotty, which is about what you would guess from the name. And for balance, the list of the seven standout technologies includes 3M's 84-inch touchscreen display and Parrot's $300 "AR Drone 2.0, a gravity-defying spectacle that puts yesteryear's remote-control helicopters to shame with its ability to dive, spin and whirl through the air.""
Link to Original Source

"If there isn't a population problem, why is the government putting cancer in the cigarettes?" -- the elder Steptoe, c. 1970