Forgot your password?
typodupeerror

Comment: Re: x.509 WTF? (Score 1, Insightful) 110

by maswan (#46553291) Attached to: Fake PGP Keys For Crypto Developers Found

Of course attacking SSL on the protocol level is by far more useful, since you can just silently sit there and eat all the "secret" data, instead of having to actively MITM particular connections.

But do you really think there is a single US CA out there that would say no to a national security letter requiring them to issue a torproject.org certificate if they actually needed it? Especially given how Joseph Nacchio was treated for resisting voluntary assistance to the NSA? Or that the Chinese ones wouldn't issue whatever was asked if the Ministry of Public Security turned up and wanted some certificates?

Stuxnet actually proves another part of why the CA system is utterly broken. Because they just had to break in *somewhere* in order to get a key signed by *any* CA in order to sign their stuff. To impersonate Tor developers, they'd have to steal the Tor developers keys, or make up new ones that looks plausable enough. Unlike the X.509 CA system where any attacker might just as well steal the keys of any random project and they'd be just as acceptable since they are signed by a CA.

But you're right, that it isn't a CA-level compromise, unlike DigiNotar who shows that particular line of attack. And were only found out by widespread intercerption of Iranian connections to Gmail.

Comment: x.509 WTF? (Score 4, Insightful) 110

by maswan (#46552959) Attached to: Fake PGP Keys For Crypto Developers Found

The CA model for X.509 certificates has been shown to be utterly broken for protection against intellengence agencies, they clearly have both access to some of the private keys of "trusted" CAs as well as the leverage to have "trusted" CAs issue arbitrary certificates in their home jurisdiction. There is no way in which this would get better by switching to X.509 compared to PGP.

We have already have plenty of malware with valid signatures backed by trusted CAs using stolen keys etc, check stuxnet/duqu for instance.

Now, I know it can be hard to bootstrap a PGP web of trust, and there is certainly plenty of work to be done there to make it easier and user friendlier. But chucking out the one piece of actually working low-level technology for real security in favour of one that is utterly broken, and has been shown to be broken for years, is just plain stupid.

Comment: Re:Nice concept (Score 2, Informative) 262

by maswan (#45779133) Attached to: Linux x32 ABI Not Catching Wind

The main benefit is that it runs faster. 64-bit pointers take up twice the space in caches, and especially L1 cache is very space-limited. Loading and storing them also takes twice the bandwidth to main memory.

So for code with lots of complex data types (as opposed to big arrays of floating point data), that still has to run fast, it makes sense. I imagine the Linux kernel developers No1 benchmark of compiling the kernel would run noticably faster with gcc in x32.

The downside is that you need a proper fully functional multi-arch system like is slowly getting adopted by Debian in order to handle multiple ABIs. And then you get into iffy things on if you want the faster /usr/bin/perl or one that can handle 6-gig lists efficiently...

Comment: Re:Whoever extracts elements first wins. (Score 1) 58

by maswan (#45769367) Attached to: MIT Study: Only 3.1% of USA Used Electronics "e-Waste" Were Exported

Gernalized way? Not likely. But in this particular setting (electronic scrap), there is plenty of activity. I know these because they make the local news: http://www.boliden.com/Operations/Smelters/E-scrap-project/ - but there are several competitors to them too. Lots of copper and gold and other metals in electronics that is commercially recyclable given that someone sorts it out and throws the electronics in containers with just electronics.

Comment: Re:Complication of making a distribution (Score 1) 63

by maswan (#41427803) Attached to: XBian's Koenkk Replies To the XBian/RaspBMC Flap

The turbo mode stuff together with the kernel and firmware all come from the same raspberrypi.org repository. Raspbian is really the Debian:y environment around this.

If you want to run Debian, you can do that too (at a performance penalty since you need to use the soft float version, armhf is targeted for a newer version of ARM than is in the Raspberry Pis). You still need the same non-free blobs to do anything graphical etc though.

Comment: Re:Complication of making a distribution (Score 1) 63

by maswan (#41426853) Attached to: XBian's Koenkk Replies To the XBian/RaspBMC Flap

Yes, it is called Raspbian, which is Debian with a recompile for the target and some installer tweaks and hooks for pulling in the necessary non-free stuff from raspberrypi.org which comes from the pi being a closed platform.

Xbian, RaspBMC, etc take Raspbian and then make a custom install based on a package presets and some scripts for automagic setup for those that think Debian is "too complicated". And apparently lots of drama.

"Indecision is the basis of flexibility" -- button at a Science Fiction convention.

Working...