top Wireless Keylogger Masquerades as USB Phone Charger
Serious question (in case it sounds like I'm being antagonistic):
Since AES is a block cipher, and an AES block is 16 bytes, and since keypresses appear to be transmitted "instantaneously", does that mean for each keypress, a 16-byte block is formed, and encrypted? And what about the encryption mode? (Otherwise doesn't it basically become ECB?)
Seems like a stream cipher would make more sense, although you'd need a protocol on top of that to stay synchronized, since packets can become lost/corrupted.
I could only find a very
non-technical PDF on the topic. Interestingly, the wording seemed to imply something like a DH key exchange (one time, during pairing).
top Sony Leaks Reveal Hollywood Is Trying To Break DNS
Anyone remember Gilmore's quote from 1993:
The Net interprets censorship as damage and routes around it.
Here we have Sony trying to interfere with routing in order to accomplish censorship. That certainly won't backfire...
about a month and a half ago
top Dr. Dobb's 38-Year Run Comes To an End
You guys know about sites like
Computer Magazine Archive and C lassic Computer Magazine Archive, right?
(Got my start on Atari 800 w/ the 6502, never looked back... yes, I do have a lawn that I regularly chase kids away from!)
about a month and a half ago
top Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor
Well it depends.
Mr. Polansky himself (while certainly not a security expert or a cryptographer) describes it as a "weakness" built into the system. The streets are littered with products and systems built with backdoors/weaknesses that are found & exploited by attackers (sometimes an insider who knows about or helped implement the weakness.)
On the other hand, while still subject to abuse, if the "weakness" is a 2nd, high entropy key, then you either have to get the key, or break the crypto (getting the key obviously being the attacker's 1st choice). This is different than a backdoor.
about a month and a half ago
top How Relevant is C in 2014?
C++ is no more complicated to use than C.
This I have to take issue with. I will agree that C++ is a useful language, including embedded systems, but it's much, much more complicated than C. You can write in a subset of C++ which is largely the same as C (never quite the same though), but if you were to draw a Venn diagram of C++'s features vs. C, it's crazy (I went through this exercise, for a presentation). Again, don't get me wrong, I've been using C++ on real time systems for 20 years, but it is an entirely different animal. For an example (this is a quote from Peter van der Linden's outstanding book "Expert C Programming", in fact I think he was quoting Tom Cargill):
"If you think C++ is not overly complicated, just what is a protected abstract virtual base pure virtual private destructor and when was the last time you needed one?"
There are other examples, but hopefully that one serves as a good example.
If you don't like a particular part of C++? Don't use it.
Here I am 100% in agreement with you, at least when it comes to personal projects. The problem is that when you work in a larger organization with a disparate knowledge of the language, you've got some people writing "C with classes" (if even that) and some people using template metaprogramming, complicated overridden copy constructors, placement new, custom allocators in STL containers, etc. Now, sometimes you can either just "use" that wizard's code and hope for the best, or just read it and run away, but sometimes you have to maintain it.
I am working with a group right now where I am the "C++ expert" in the group (I don't consider myself an expert), and there were a few individuals in the group, years back, that
/clearly/ were language wonks. Their code is (mostly) correct, but it's almost inscrutable, and when it needs to be changed or fixed, everyone in the group except for me is terrified. So here is where the whole "Just use what you're comfortable with" breaks down. You can try to address this with a coding standard that restricts usage, subsets the language, etc. but still, it's very easy to introduce code that some in the group just can't understand. IMO this is possible in C too (hello, IOCCC!) but it's "harder" to do, because the language is simpler, there's just less you have to understand and keep in your head while you're reading someone else's code. about a month and a half ago
top IsoHunt Unofficially Resurrects the Pirate Bay
I won't be surprised if something like
Lenticrypt (crypto using a running key cipher which ends up decrypting into different plaintexts) ends up being the nail in the coffin.
It's an interesting thought experiment... just how far will the desperate & ravenous copyright cabal go to claim ownership of bits that aren't even related to their product?
Let's say I have a bitstream that is *almost* bit for bit identical to an MP3, an MKV, etc. How bits have to change before it is no longer infringing? Don't start with things like, "Well, it depends how it was created and for what purpose..." Bits are bits. If I AES encrypt something (e.g. Linux distro) that ends up being 500 bits away from "Star Wars", am I in trouble? Do I have to prove how I created my "almost Star Wars"
.bin file to avoid going to jail? What if it was different by 5,000 bits? 50 bits? Is it the data that is infringing, or how I created it?
I think pretty soon we're going to start seeing big binary blobs (my term, BBBs) that can be transformed into Star Wars, the Oreilly book collection zipped up, or a backup of my dropbox (of course that would be possible today using OTP and 3 different keys, but Lenticrypt simplifies it). So am I going to get sued because these 30 billion bits, manipulated in one specific way, could become Star Wars?
My point is that at a certain point, common sense must prevail. I understand that Amy Pascal likes her $100M payouts, and Tom Cruise likes his $50M movie checks. But all good things must come to an end. Many IT & software development professionals met head-on with the whole "adapt or die" reality when outsourcing to Asia & eastern Europe began years ago. And yet here we are.
about a month and a half ago
top New Destover Malware Signed By Stolen Sony Certificate
First of all, kudos to your small shop for actually signing your executables. I still find myself needing to install software from companies ($100M+ companies) that don't sign their executables (IAR Systems (ARM cross compiler), I'm looking at you, for example...)
Anyway, I just wanted to clarify one thing that you wrote, because a lot of people don't understand the security implications:
Note that all this provides is proof that the exe was created by us
Technically, all this provides is proof that the exe was created by someone who has your private signing key. That's exactly what's going on here with Sony. The whole signing / certificate thing works, right up to the point where the signing key is leaked or extracted. I know you know this, but it's important enough IMO that it merits re-stating...
about a month and a half ago
top The New-ish Technologies That Will Alter Your Career
It's good to know embedded systems are new-ish technology!
Really makes me feel good about the implantable cardiac defibrillators, hard disk drives, engine control units, CNC machines, remote weather stations, mobile phones (baseband), insulin pumps, etc. that I've worked on for the last 20+ years.
A home might have 3-5 desktop/laptop processors in it, while that car on the driveway probably has at least 20, maybe 50, processors in it.
Embedded systems, and the engineers who design the hardware, software, firmware, etc. are kind of like air - all around you, and you don't really notice them, but you sure would if they disappeared.
Now if you'll excuse me, I have a soapbox to step down from, and a lawn in need of protection from young whipper-snappers.
top Ask Slashdot: Is Non-USB Flash Direct From China Safe?
Remember that kerfuffle a couple weeks ago about FTDI bricking products that were using counterfeit FTDI USB-serial chips? Some of the product designers were unknowingly using counterfeit chips bought from companies we've all heard of (no, not Alibaba or Ebay...)
top AT&T Won't Do In-Flight Wi-Fi After All
I don't know exactly how this would have worked anyway.
It's been a while since I worked on LTE (call processing, not RF or hardware or even baseband), but I thought that with UTRAN there was a 350 km/h "speed limit" (perhaps up to 500 km/h under certain circumstances) with motion relative to the base station.
(Now that I spent 5 seconds thinking about it, I suppose the sine of the angle (from base station to aircraft, relative to vertical) would reduce the velocity that the plane was moving away from the base station... I think?)
I'm sure there are many other effects such as transmit power, interference, fading & multipath, etc. Sheesh I'm getting rusty...
top Codecademy's ReSkillUSA: Gestation Period For New Developers Is 3 Months
I'm not trying to be antagonistic, but basically in the same breath, you said that you're not a programmer, yet you judge programming to be a trade like plumbing.
I can't reconcile those two, and I respectfully disagree.
By the way, I totally agree about code riddled with bugs. I work on safety-critical software, and I can assure you, not all software (firmware in my case) is of such low quality. But I'll also concede that the cost and time to develop such software is much longer than your typical slap-happy PHP script running on foo.com's webserver...
top What People Want From Smart Homes
When I lived in Germany I saw quite a few of them. Lawns tend to be smaller and flatter than in the U.S. Also, landscaping services are more expensive, in general, over in Europe. Last thing, and unfortunately I'm being serious, the U.S. is pretty litigious, so companies are hesitant to jump into the market.
I think there are about 10 companies or so making robotic mowers. Could be wrong, but I thought you could get a Husqvarna in the U.S. now. They require a wire to be buried along the perimeter of your yard so the 'bot knows when it needs to stop & turn around.
I';ve always wondered what happens if you lose power at home, and the buried wire no longer emits its signal. Probably a battery backup, and you have to tell the 'bot to run no longer than the battery can last.
top What Will It Take To Run a 2-Hour Marathon?
Actually that's just how
you're thinking about it. Dan East is correct, time and distance are fundamentally different dimensions.
top FDA Issues Guidance On Cybersecurity of Medical Devices
Jay Radcliffe's research is old news to you, correct? If not, I'd t ake a quick look-see...
top Rosetta Code Study Weighs In On the Programming Language Debate
Sincere question - I've heard that Fortran blows away (or at least beats) C++ for scientific/calculation programming, and considering the 2 languages' history and "raison d'etre", I'm not surprised... but can you lend any insight into what accounts for that, specifically? I mean, if I create arrays or matrices or whatever in C++, and I pay attention to cache effects, etc. it seems like my C++ still can't be as fast when it's compiled down into machine code... I've never seen a good explanation of what's going on under the hood to account for that. Thanks.
top Indian Mars Mission Has Completed 95% of Its Journey Without a Hitch
the last few feet that count
or is that meters
I see what you did there
top After Celebrity Photo Leaks, 4chan Introduces DMCA Policy
Serious question: Do you know of any instance where the originator of a bogus DMCA takedown request was punished?
From what I understand, the originator can't just search for "Lindsay Lohan" on BitTorrent and Usenet, and fire out a bunch of takedown requests -- the signed/authenticated takedown notice stipulates that they are the owner of the material.
Said another way, if you uploaded a Linux distribution and called it "Rihanna Nudes" or something, and Rihanna's people sent a DMCA takedown notice for this, I think (at least theoretically) they'd be in hot water.
Of course, that's the theory, and that's my question: is there any incentive for content creators to not shotgun-blast out a ton of notices?
top Software Error Caused Soyuz/Galileo Failure
I agree with the sentiment about programming skill, but I think Toyota, not Honda, had the more significant unintended acceleration issues (according to
CBS News and NHTSA, as many as 89 deaths).
top FBI Investigates 'Sophisticated' Cyber Attack On JP Morgan, 4 More US Banks
The FBI is under the Department of Justice, not Treasury.
top Wheel Damage Adding Up Quickly For Mars Rover Curiosity
As an embedded systems (electronics/firmware) engineer, I was going to half-jokingly, half-seriously say, "Well, we'll just send a new firmware update to Curiosity to help with the problem." And then of course as I read the article, that was one of the proposed mitigations:
Changing driving software to reduce the forces experienced by wheels hanging up on pointy rocks. <snip> The rover can sense wheel currents, so it can sense when a wheel is sticking. <snip> By implementing a "smart controller" on the wheel current and allowing wheel rotation rates to vary intelligently in response to sensed conditions, they might be able to mitigate the damage.
I've been developing embedded systems for more than half my life, and I never get bored...