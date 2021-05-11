Security Leftovers
-
One of the first lessons in cryptography 101 is Kerckhoffs’s law: a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. This is an often-repeated maxim accompanied with “there is no security with obscurity.”
I always found this framing confusing: it felt inconsistent within itself. “don’t rely on secrecy except for the secrecy of the key” What is so special about keys? Why is it ok to rely on the secrecy of keys and not on secrecy of anything else? And because it is so focused on keys, it’s hard to really take this foundational lesson and apply it in contexts other than cryptographic algorithms.
-
Court documents released in the Colonial Pipeline case say the FBI got in by using the encryption key linked to the Bitcoin account to which the ransom money was delivered. However, officials have not disclosed how they got that key. One of the reasons criminals like to use Bitcoin and other cryptocurrencies is the anonymity [sic] of the entire system, as well as the idea that funds in any given cryptocurrency wallet can be accessed only with a complex digital key.
-
Australian media reported that the country's most wanted fugitive, Hakan Ayik, was given early access to the device by undercover agents and unwittingly promoted ANOM to his associates.
Demand for the messaging app grew when European investigators dismantled the popular EncroChat encrypted platform in July 2020. And usage exploded when the FBI dismantled Sky Global, another encrypted platform, in March 2021, officials said.
-
Operation Trojan Shield is the most wide-ranging attack on underworld communications, but not the first. Last year, the EU’s law enforcement agency, Europol, revealed that an operation initiated by French police had [cracked] a system known as EncroChat, which many criminals used. The [crack] has led police to arrest more than 1,000 people so far.
-
ANOM's users believed the devices to be secure, according to Jannine van den Berg of the Dutch National Police at the press conference. Access to the communications of those involved in criminal networks meant that law enforcement agencies were able to read encrypted messages.
-
For years, organized crime figures around the globe relied on the devices to orchestrate international drug shipments, coordinate the trafficking of arms and explosives, and discuss contract killings, law enforcement officials said. Users trusted the devices’ security so much that they often laid out their plans not in code, but in plain language.
b Unbeknown to them, the entire network was run by the F.B.I., in coordination with the Australian police.
On Tuesday, global law enforcement officials revealed the three-year operation, in which they said they had intercepted over 20 million messages, and arrested at least 800 people in more than a dozen countries.
PGP Marks 30th Anniversary
It was on this day in 1991 that Pretty Good Privacy was uploaded to the Internet. I had sent it to a couple of my friends for distribution the day before. This set in motion a decade of struggle to end the US export controls on strong cryptographic software. After PGP version 1.0 was released, a number of volunteer engineers came forward and we made many improvements. In September 1992 we released PGP 2.0 in ten foreign languages, running on several different platforms, upgraded with new functionality, including the distinctive trust model that enabled PGP to become the most widely used method of email encryption.
q I became the target of a criminal investigation for violating the Arms Export Control Act by allowing PGP to spread around the world. This further propelled PGP's popularity. The government dropped the investigation in early 1996, but the policy debate raged on, until the US export restrictions finally collapsed in 2000. PGP ignited the decade of the Crypto Wars, resulting in all the western democracies dropping their restrictions on the use of strong cryptography. It was a storied and thrilling decade, and a triumph of activism for the right to have a private conversation.
today's leftovers
-
Epilepsy can be a very terrifying and dangerous condition, as sufferers often experience seizures that can result in a lack of motor control and even consciousness, which is why one team of developers wanted to do something about it. They came up with a simple yet clever way to detect when someone is having a convulsive seizure and then send out an alert to a trusted person. The aptly named Epilet (Epilepsy + bracelet) system uses a Nano 33 BLE Sense along with its onboard accelerometer to continually read data and infer if the sensor is picking up unusual activity.
The Epilet was configured to leverage machine learning for seizure detection, trained using data captured from its accelerometer within Edge Impulse’s Studio. The team collected 30 samples each of both normal, everyday activities and seizures. From this, they trained a model that is able to correctly classify a seizure 97.8% of the time.
-
Birds have an amazing sense of direction that aids in migrating across vast distances, and scientists think this is due to their ability to detect magnetic fields — just like a compass. Chris Hill on Instructables wanted a way to experience this for himself by using a sensor and some sort of feedback mechanism to feel a magnetic field’s directionality and strength.
The sensor implemented is an AAH002 GMR module, which senses magnetic fields using a sandwich of materials that change their resistance when a field is nearby. By reading this value, the strength of the magnetic field can be calculated. Hill’s device employs a pair of these to accurately pinpoint the direction, while an Arduino Nano does the controlling. He also soldered together a set of nine ERM vibration motors into a grid to create a very low-resolution tactile display for the wearer.
-
Canonical, the publisher ofUbuntu, announced today that it is working with King Abdullah University of Science and Technology (KAUST), a postgraduate university in Thuwal, Saudi Arabia, on a major upgrade of its cloud computing infrastructure. The project makes it easier and more economical for KAUST to manage its cloud environment while ensuring the high levels of computing performance that researchers need.
Even by the standards of most universities, KAUST’s computing requirements are intense. The institution is dedicated exclusively to scientific and technological research, with all students undertaking PhD or master’s studies. Its network must be able to support a wide variety of workloads without downtime.
-
It has become a common practice for developers to own more operational aspects of their product’s lifecycle in what is commonly known as DevOps. This brings with it several challenges especially in context for developers who may only be responsible for ops on a rotating or part-time basis.
Some examples include: finding the needle in a haystack, navigating disjointed tools, managing time pressure, and an increasing number of services, applications, and their relationships. All of this while they are still crafting new code.
Let’s go into more detail starting with time pressure. In 2016, a major airline had a five hour outage which cost an estimated $150M. That’s over $8,000 per second — talk about pressure! Combine this with having separate tools for your logs, metrics, tickets, chat, documentation, and more, as well as the increase in complexity in modern cloud architectures where applications consist of 100s or 1000s of microservices. This environment presents a steep hill for developers to climb.
-
Selecting the right Linux distribution out of the gate could make the difference between enjoying a long, productive life with the operating system or a short-term experience filled with frustration.
But for many, the hundreds of options can be overwhelming. Of course, all of those varied choices, are (at the same time) one of the many reasons Linux is such a great operating system. You can have a desktop operating system that perfectly fits your needs and style.
-
Brigador: Up-Armored Edition, a beautiful cyberpunk top-down shooter with awesome city-wide destruction has a big free upgrade out now for all players. Stellar Jockeys / Gausswerks have clearly been busy while building the next game with Brigador Killers.
Soaked in glorious neon with big tanks and stomping mechs, Brigador is a serious treat for the eyes. Probably is one of my favourite top-down shooters. The Blood Anniversary Update is certainly something too coming with the addition of blood for fleshy enemies, some big weapons now leave nice craters, special pilots from two other indie games (Cruelty Squad and Starsector) have been added, four new optional missions in the campaign, "wildcard" enemies might spawn during Freelance skirmishes, 11 new vehicles, new lore and the list goes on.
-
In this Linux guide you will learn how to install Starcraft 2 on Ubuntu Linux. The Starcraft 2 game has been released free of charge for anyone with registered Battle.net account. Before you proceed with the installation make sure that you have correctly installed an appropriate VGA driver whether it is for your NVIDIA or Radeon graphic card.
-
I've been using Pipewire for a few months and since my initial video I've noticed more and more problems showing up and I felt like I needed to do a follow up video, I am starting to get really concerned with distros that are starting to ship it as a default.
-
If you have been using ProtonMail beta version, you may have noticed the user interface improvements they have been doing for years now.
While the old design was simple and effective, it did lack a lot of essential design choices and features.
For the very same reason, I preferred to use the beta version. But now, you no longer need to use the beta version to get a modern user experience. With the official announcement, ProtonMail has finally deployed the modern redesign for web users.
Programming Leftovers
-
Of course, bugs always happen for logical reasons, but I’ve definitely run into bugs that felt like they might be impossible for me to understand (until I figured them out!)
I got about 400 responses, which I’ll try to summarize here. I’m not going to talk about how to deal with these various kinds of “impossible” bugs in this post, I’ll just try to classify them.
Here are the categories I came up with for ways a bug might feel impossible to understand. Each one of them has a bunch of sub variants which are bolded below.
-
For several years already Meson has had a web service called WrapDB for obtaining and building dependencies automatically. The basic idea is that it takes unaltered upstream tarballs, adds Meson build definitions (if needed) as a patch on top and builds the whole thing as a Meson subproject. While it has done its job and provided many packages, the UX for adding new versions has been a bit cumbersome.
Well no more! With a lot of work from people (mostly Xavier Claessens) all of WrapDB has been overhauled to be simpler. Instead of separate repos, all wraps are now stored in a single repo, making things easier.
-
It is funny how exotic computer technology eventually either fails or becomes commonplace. At one time, having more than one user on a computer at once was high tech, for example. Then there are things that didn’t catch on widely like vector display or content-addressable memory. The use of mass storage — especially disk drives — in computers, though has become very widespread. But at one time it was an exotic technique and wasn’t nearly as simple as it is today.
However, I’m surprised that the filesystem as we know it hasn’t changed much over the years. Sure, compared to, say, the 1960s we have a lot better functionality. And we have lots of improvements surrounding speed, encoding, encryption, compression, and so on. But the fundamental nature of how we store and access files in computer programs is stagnant. But it doesn’t have to be. We know of better ways to organize data, but for some reason, most of us don’t use them in our programs. Turns out, though, it is reasonably simple and I’m going to show you how with a toy application that might be the start of a database for the electronic components in my lab.
You could store a database like this in a comma-delimited file or using something like JSON. But I’m going to use a full-featured SQLite database to avoid having a heavy-weight database server and all the pain that entails. Is it going to replace the database behind the airline reservation system? No. But will it work for most of what you are likely to do? You bet.
-
This post describes a purpose-built bit of code that you might find useful if you do triangulations.
I know, nobody does triangulations anymore! Except maybe surveyors, and they have gadgets and software that do triangulations automatically. But my wife and her fellow volunteers at a local arboretum still do triangulations "by hand", and often.
-
Cloudy data-wrangling outfit Snowflake has opened itself up to Java and Scala developers.
At the company's annual event, Summit, the firm talked up Snowpark, which will allow developers to use the abovementioned languages to manage its platform. Until now, Snowflake has focused on SQL-centric developers. Java user-defined functions will also be permitted on the platform, allowing both code and business logic to be applied to Snowflake.
Peter O'Connor, Snowflake's veep for sales in Asia Pacific, told The Register it was recognition the company needs to be more accommodating to developers if it is to continue its growth.
Recent comments
2 hours 24 min ago
2 hours 32 min ago
10 hours 15 min ago
10 hours 22 min ago
10 hours 54 min ago
11 hours 2 min ago
12 hours 32 min ago
16 hours 54 min ago
17 hours 9 min ago
17 hours 12 min ago