joelanders | 10 years ago | on: Shelling Out Sucks (2012)
Is there a reason "fork over" and "shell out" can both (roughly) mean "fork and exec a shell" or the seemingly unrelated phrase "pay?"
joelanders's comments
joelanders | 11 years ago | on: What are your favourite sci-fi books?
Stumbled across and started reading
A. E. van Vogt's "The World of Null-A" last night.
Super trippy.
joelanders | 11 years ago | on: Evil 32: Check Your GPG Fingerprints
Here's a pretty comprehensive guide:
joelanders | 11 years ago | on: Running a South Pole data center
I just posted this Linux Journal article from 20 years ago, "Linux in Antarctica." We've come a long way.
joelanders | 11 years ago | on: Show HN: Snapception – Intercept all snapchats received over the network
Yes, that's my understanding as well; my other comment was sloppy. I'm unsure what was meant by "hook," though. Is that something you set up with the target process running under a debugger? That much privilege wouldn't be available to apps in an app store, right?
joelanders | 11 years ago | on: Show HN: Snapception – Intercept all snapchats received over the network
See links for a bit of reading about how hard it is to break DRM on Spotify or Netflix. They're doing a lot more than Snapchat. The difference between "you just need to reverse engineer the HTTP API to make a 3rd-party client" and "you need to run IDA Pro and PANDA and whatever else" is significant. The latter exploit would have far less reach.
[1] http://moyix.blogspot.de/2014/07/breaking-spotify-drm-with-p...
joelanders | 11 years ago | on: Show HN: Snapception – Intercept all snapchats received over the network
There are trusted software client things (Spotify, Netflix, etc.) that seem to work well enough. Snapchat should be able to do better.
joelanders | 11 years ago | on: The Emails Snowden Sent to First Introduce His NSA Leaks
I wonder how they "confirm[ed] out of email that the keys we exchanged were not intercepted and replaced by your surveillants." Key exchange is the hardest part.
joelanders | 11 years ago | on: Adobe Spyware Reveals Again the Price of DRM: Your Privacy and Security
I think the weak link in the chain is only after decryption, but before uncompression (for lossy formats, so books excluded). See, for example, [1] and [2], where the authors look at randomness and entropy measures of I/O to find where the decrypted-but-compressed buffers are.
[1] http://moyix.blogspot.de/2014/07/breaking-spotify-drm-with-p...
joelanders | 11 years ago | on: How Two Men Unlocked Modern Encryption
Steven Levy's _Crypto_ (referenced in the article) is quite good (as is everything he writes).
joelanders | 11 years ago | on: Write every day
Check out the stuff made by Alphasmart. A larger display would be nice for editing.
joelanders | 11 years ago | on: MTA Responds Citing Lack of “Infinite Change” for MetroCards
I'm going to get downvoted for being a grammar nazi, but this disingenuous "spokesperson" should know the difference between "insure" and "ensure."
joelanders | 11 years ago | on: Lost Lessons from 8-Bit BASIC
Regarding machines and discoverability: I think an interesting comparison to flesh out would be computers vs. cars. Compare how tinkerers in each came to be (opening up their parents' car/computer, for example). Compare how "the average user" treats the thing when it breaks. Etc.
joelanders | 11 years ago | on: Tehran tracked, captured, studied, copied RQ-170
I haven't read this book yet, so I don't know about "triggered" vs. "enabled," but it seems relevant (came up in a talk about American companies providing deep packet inspection / internet censorship tools to, eg., Iran.)
joelanders | 12 years ago | on: Replacing a Thinkpad X60 Bootflash Chip
web of trust
joelanders | 12 years ago | on: Replacing a Thinkpad X60 Bootflash Chip
There is an awkward period (after clicking past the warning and before verifying the signed SSL certificate fingerprint) which is no more or less safe than HTTP, but which is more cumbersome and might encourage often-bad behavior in some users. After verifying that the certificate is signed by her (which requires trusting her public key--more hoops), you get some benefit.
It's difficult to weigh the cost/benefit, and nobody is denying that PKI can be awkward.
/thread?
ed: ok, i guess we might still debate the cost/benefit of getting a free cert--i don't really know.
joelanders | 12 years ago | on: Replacing a Thinkpad X60 Bootflash Chip
The site's audience is going to be technical.
She explains how to check the SSL certificate fingerprint here:
https://blog.patternsinthevoid.net/isis.txt
Once you've whitelisted her self-signed cert, you know from then on that you're not being MITMed (for what that's worth in a blog).
joelanders | 12 years ago | on: Replacing a Thinkpad X60 Bootflash Chip
Her.
joelanders | 12 years ago | on: Mission Impossible: Hardening Android for Security and Privacy
If you like this, you'll also like Peter Stuge's 30c3 talk: Hardening hardware and choosing a #goodBIOS
"A commodity laptop is analyzed to identify exposed attack surfaces and is then secured on both the hardware and the firmware level against permanent modifications by malicious software as well as quick drive-by hardware attacks by evil maids, ensuring that the machine always powers up to a known good state and significantly raising the bar for an attacker who wants to use the machine against its owner."
http://media.ccc.de/browse/congress/2013/30C3_-_5529_-_en_-_...
And this is the best blog post I know of on the above:
https://blog.patternsinthevoid.net/replacing-a-thinkpad-x60-...
joelanders | 12 years ago | on: Free Your Android
I just submitted a blogpost from the Tor Project (Mission Impossible: Hardening Android for Security and Privacy) which covers everything between removing the microphone (from a Nexus 7) and baseband software to recommended apps and configurations.
On HN: https://news.ycombinator.com/item?id=7715041
Original: https://blog.torproject.org/blog/mission-impossible-hardenin...
page 1