Forgot your password?
typodupeerror

Comment: Re:It's just wrong (Score 1) 316

When you already have a defined program (and machine in this case) in front of you for review, then you can determine whether or not it will halt

except when you cant

For any computer program with a finite number of states (finite memory) you can determine whether it halts by running it long enough that it must be looping.

For a computer with 16384 states (An 8 state turing machine with an 8 position binary tape. 8 states * 8 positions * 2^8 values that can be on the tape) you can tell if any arbitrary program terminates by running it for 16385 steps. Any program that doesn't terminate in 16385 steps will run forever.

Comment: Re:quick question (Score 1) 202

by locofungus (#48415905) Attached to: Launching 2015: a New Certificate Authority To Encrypt the Entire Web

Web Browsers DID used to accept self-signed certificates (and certificates signed without a known CA - or cert-chain.) People just clicked through and accepted them willy-nilly. That was a poor security model.

The poor security model was browsers asking for confirmation for self signed certificates.

What browsers should have done is:

self signed certificates or unknown CA - how the "unencrypted web" works today.
No encryption at all - popup "are you sure you want to connect"
Signed certificate - tick (check) mark (instead of padlock) to show that the site is verified.

Now that browers are hiding the "http/https" bit from most people anyway it makes even less sense to treat self signed certificates as less safe/require more warning than a normal http connection.

Comment: Re: It's what you do with it that counts (Score 1) 184

by tomalpha (#48334245) Attached to: British Spies Are Free To Target Lawyers and Journalists

Mass surveillance should never be tolerated

I agree and that's not what I said and not what TFS or TFA is about - they're about targeted surveillance of lawyers. Which is always wrong, with a few possible but very rare exceptions. Targeting lawyers of people who criticise the government is clearly wrong and a blatant abuse of power.

I'll endeavor to not be completely ignorant of history

I don't think I'm completely ignorant of history (although I wouldn't would I), but I might disagree with you about how we solve the problem. And as I said above, there is clearly a problem that needs fixing.

Comment: Re:Apologist (Score 1) 184

by tomalpha (#48334075) Attached to: British Spies Are Free To Target Lawyers and Journalists

British spies should be spying on _every_ British citizen illegally

That's not what I said and not what I believe. It's not what TFA is about either.

Trying to conflate the jobs of law enforcement and "spying"

I am dead set against that. The only example I gave was spying on a foreign leader which, as I said, I consider distasteful but (sometimes) necessary. You can, and quite possibly do, disagree with that and that's fine.

apologists don't want debate and dialogue

Whilst I don't believe I'm an apologist, debate and dialogue is what we're having here, and you'll see a previous comment of mine above where I said it's a good thing that we're outraged. And yes, I'm outraged if the government and/or intelligence agencies have been abusing their power. That doesn't necessarily mean that breaking the attorney-client privilege is always a bad thing and to be clear, it absolutely doesn't mean it's a good thing either. It's not too hard to come up with a (very unlikely but not impossible) circumstance where the majority of citizens would agree it was the right thing to do in that very individual and specific circumstance. My position is simply that I favour more scrutiny and accountability rather than more laws and absolute rules - never say never, but you must be able to, and made to, justify why you're doing something as a spy.

Comment: Re: It's what you do with it that counts (Score 1, Insightful) 184

by tomalpha (#48332825) Attached to: British Spies Are Free To Target Lawyers and Journalists
It's a nice thought but I don't think that works in the imperfect world we live in. We don't only spy because everyone else does (though I dare say there's an element of that). There has to be some way of letting the security services in their various forms do what they need to do. And to be clear: I think "need" here means what we the people as a democratic majority agree they need to do. (We the people also need to be realistic about the world we live in in doing so). Slightly changing tack as well: It's good and healthy that everyone's angry if someone abuses a position of responsibility and power. We just need to channel that productively so we make sure we don't throw the baby out with the bath water when we fix the problem. I also think that engineering a culture in our intelligence agencies that shies away from any abusive practices. You want people to avoid abusing power because they think that's right, not just because it's against a law or rule of some kind. My gut instinct is that the culture is probably well intentioned. Caveat the road to hell etc...

Comment: Re: It's what you do with it that counts (Score 1) 184

by tomalpha (#48332737) Attached to: British Spies Are Free To Target Lawyers and Journalists

Spies should respect laws and constitutions, at the very least those of their own country.

No argument from me there, but how do we balance this against other nations or groups that don't play by the same rules? (However limited or flawed the home laws might currently be).

Comment: It's what you do with it that counts (Score -1, Troll) 184

by tomalpha (#48332669) Attached to: British Spies Are Free To Target Lawyers and Journalists
Spies should listen in to whatever they need to listen in to. That's what they're there for. Nations spy on other nations. It's not pretty, but it's reality. That might include otherwise privileged or sensitive conversations - I bet Angela Merkel would feel that her conversations are in some way "privileged" (clearly not in an attorney-client sense). The worrying aspect here appears to be if, when, and how that data might have been passed to other areas of government. Passing, say, data gained from spying on defence lawyers and passing that to the government prosecutor should be criminal.

Comment: Surely not the "largest" tank? (Score 1) 163

by tomalpha (#48219371) Attached to: British Army Looking For Gamers For Their Smart-Tanks
From TFA:

the largest and smartest tank ever designed for the British Army

So my first thought was surely not - the Challenger 2 is a main battle tank and must be bigger. But it turns out I was wrong. The Challenger 2 is still 20 tonnes heavier, but significantly shorter in height:

Challenger 2: Length 27ft 3 x Height 8ft 2 x Width 11 ft 6
Scout SV: Length: 25ft x Height: 9ft 10in x Width: 11ft

Crudely multiplying those numbers to get an approximation of volume gives the Scout SV the edge (just).

Comment: Re:symbols, caps, numbers (Score 1) 549

by locofungus (#48138859) Attached to: Password Security: Why the Horse Battery Staple Is Not Correct

They ask for e.g. first, third and fifth characters of a password that must be between eight and twelve alphanumeric characters, and the dropdowns to make the selection are lower case only.

This means they're storing the password unhashed, at best locally encrypted but decrypted to check the user login.

While I suspect that this is true, I don't think it has to be true.

Initialization:
Step 1 - user choses password.

Step 2 - generate hash in normal way and store it.

Step 3 - generate error correcting check digits such that the password can be recovered from any three characters in known positions. (any three characters in known positions must be both necessary and sufficient - designing such an ECC is left as an exercise)

Step 4 - store the check digits but throw away the password.

Login:
Step 1 - user enters three characters

Step 2 - error correct the password
e.g. __p_pp__+CCCCC -> PPpPppPP

Step 3 - hash the corrected password and test against stored hash.

Obviously this isn't very secure - it's susceptible to a brute force attack that only requires guessing (any) three digits correctly once an attacker has gained access to the hash and the check digits.

Comment: Re:Not going to be as rosy as the YES! campaign sa (Score 1) 494

by locofungus (#47926997) Attached to: Scotland's Independence Vote Could Shake Up Industry

The UK general election will be 7th May 2015. The government that agreed to this vote almost certainly won't be the government that is negotiating.

No party is going to stand on a policy of "We're going to give your taxpayer money to this new independent Scotland because the last government agreed to the vote." They're going to stand on the "we're going to save as much money as possible for you and stop these handouts to Scotland."

Comment: Re:It's getting hotter still! (Score 1) 635

by locofungus (#47910113) Attached to: Extent of Antarctic Sea Ice Reaches Record Levels

This might a good "negative" feedback mechanism that reduces overall infrared absorption

Unfortunately not. it's night in the Antarctic so the Antarctic sea ice has negligible effect on the albedo of the planet, melting out each year (almost) completely.

Arctic sea ice is significant for planetary albedo because millions of square km (still) survive though the peak sunlight summer months.

Comment: Re:You Fail at Quotations (Score 4, Insightful) 635

by locofungus (#47910065) Attached to: Extent of Antarctic Sea Ice Reaches Record Levels

Since 9/15 is also the day of lowest ice cover in the Arctic, how does this year's minimum compare with history?

It's one of the lowest in history but not the lowest. It's very close to tieing with last year.

Sea-ice volume appears (it's harder to measure reliably although it's more significant that area or extent) to be up on last year which in turn was up on the previous year. That might be a good sign for Arctic ice feedbacks or it might not - 2-3 years is far too short a time to separate signal from noise. Volume is still exceptionally low compared to the historical record.

Comment: Re:Question... -- ? (Score 5, Interesting) 215

by locofungus (#47332621) Attached to: Exploiting Wildcards On Linux/Unix

Back in the (iirc) bsd 4.2 days, su was a suid shell script - at least on the machines I was using at the time.

Setup a symlink to su called -i

$ -i
# rm -- -i
#

There was a security bug handling suid shell scripts where the user was changed and then the #! interpreter was run, i.e. /bin/sh -i

and you got an interactive root shell :-)

Was very informative when the 'script kiddies' (although I don't recall that term existing in those days) had symlinks called -i in their home directory that they didn't know how to delete ;-)

Lo! Men have become the tool of their tools. -- Henry David Thoreau

Working...