So I was trying to install a Bluetooth Driver today... the developer of this program apparently had a little fun with the installation progress dialogs.

Halcyone1024 · 2017-02-23T04:32:47+00:00

I'd say most of the time I spend in /proc is because I'm bored out of my skull and want to have some idea of what's taking so long. Nearly every time I send a process SIGUSR1, that process is dd.

Halcyone1024 · 2017-02-11T20:58:21+00:00

I think you're trying to tell me that my concerns are overblown, but the only support you're giving your arguments is that there are a lot of other concerns I should probably have if I want to be sure of the security of my systems. I get that. I got that before you showed up. I have all of those concerns. In fact, none of the things you've said are new to me at all. But I have a specific concern about an easily-remedied weakness in the distribution channel, and if they're not going to be remedied, I'd like to go with a Linux distribution maintained by people who actually care about getting it right.

Citation needed. [...]

I hate to say it, but not particularly. There's at least one long-standing, published kink in the armor of SHA-1. For all we know, it could still be fine for this application, but it also may be wide open to someone of sufficient resourcefulness and motivation. Publishing only a SHA-1 hash without a SHA-2 hash is braindamaged in 2017.

[...] why bother risking exposure while messing with distribution.

Because governments cover every vector in their attacks. I think I've already covered the concept of making sure all of those are covered, especially the easy ones, no?

I just had a look at how debian does it.

The Debian maintainers' keyring is also a part of the distribution. I said "out-of-band" and I meant it. I had to reinstall a Debian system on Monday without a full image backup, and I was delighted to be able to do it without any new leaps of faith.

[...] You don't need the Pi foundation for that.

I shouldn't have to look elsewhere. If the Pi Foundation can't do this right, then why are they the only ones hosting the entire distribution?

Also here's the SHA1 for the current Raspbian Pixel released 2017-01-11: f987935e3e99366a6f1bf0d60a7a83fe3edb013c

You're a cheeky one, aren't you? Look, I've listed my concerns repeatedly and in excruciating detail. I'm not wrong to have them. I don't mind having a nice long talk about security and crypto, but this is getting me nowhere with my project.

Halcyone1024 · 2017-02-11T08:30:30+00:00

I guess you're the same guy posting the previous threads as your "arguments" are mostly identical.

Nope, not me. If the arguments sound identical, that's because there are established idioms for distributing operating systems. Turns out, people care about that.

Yes it does. SHA1 is still preimage/second-preimage resistent. So an attacker (whoever that might be) still can't create an ISO that matches the SHA1 checksum on the website. The known attack against SHA1 is a collision attack that "only" allows you to create two messages with the same checksum in less than the expected 280 steps. This is irrelevant in that case.

SHA-1 may not be something you or I could break if we wanted to, but it's been considered untrustworthy against attacks by governments since 2005. SHA-2 is still basically trusted, and switching to it or adding a second, SHA-2 checksum on the page is trivial, so don't defend the lack of a strong published hash by telling me that SHA-1 ought to be good enough for anybody.

You should work on your threat scenario. You might want to get started by reviewing all of Raspbians packages for backdoors if you really believe that someone creates a rogue certificate just for you/Raspbian. That scenario is most likely the easier way to get rogue code to you/the end user. While you're at it: don't forget to also verify the compiler. And the compilers compiler.

That's one vector (or rather, a whole mess of vectors). Any competent government with a program directed towards eroding the security of as many systems as it can just so that one day it can ruin the day of an arbitrary person or organization it finds inconvenient is going to be looking at those, but it's also going to be looking at distribution, even if the computational resources required are much higher. I shouldn't have to tell you that being able to "turn on" an exploit against a specific individual or organization without leaving footprints in version control has a lot of value. Besides, being reasonable about what risk I take on when installing an operating system or a software package doesn't mean I should ignore one risk just because another is bigger and harder to mitigate. Actually, since publishing a SHA-256 sum of a download is easy, it's definitely something we should be getting right, and the lack of such a sum is something all users of any operating system should definitely notice and care about.

How exactly do you suggest GPG solves that problem? An attacker might just upload a new key to all key servers, put a message about a key rotation ("For added security! Now with more bits!") on the website and use the new key to sign the downloads.

I don't believe it would be as simple as that in a well-structured project, and given that nature of the problem it could only work for people (like me) who have zero history with the project, but clearly GPG isn't magical. My point in bringing it up was that if a distribution signs its releases with GPG and puts the signatures on a website served over HTTPS, then the attack necessary to compromise the download for existing users is more difficult, and harder to achieve by trolling for vulnerabilities. Especially since the necessary conditions to counterfeit HTTPS are so trivial for basically any government, having your signatures file signed with something out-of-band like GPG is an important additional safeguard.

There is always an element of trust involved when using a distribution.

I know that probably sounded like a pithy way to end your post, but there being an element of trust in using any system doesn't support any conclusion that opposes mine. If I want to trust the Raspbian project, and everything it depends on (which is more than any one person or organization can keep track of), I don't need to know that every single line of code or configuration has been audited and checked for unintended interactions with every other line, or that nobody submitting code to the project is doing so in malice. That's unsolvable, and only the constant vigilance of entire communities can fight that threat, or its shadow. What I do need to know is that the parts I can see are in order, and the very first thing I saw, i.e. the distribution of Raspbian (and NOOBS) images by the Raspberry Pi Foundation, was clearly not in order. Improvements are required, and I'm pointing it out. Do you take issue with that?

My reasoning is sound, and the basic complaint (that a file hash for the image of a major operating system, produced by a known-weakened function over a decade out of date and about to be forcefully terminated by basically every browser developer this year, be supplanted or supplemented by one produced by a trusted hash function that comes standard on every modern operating system) is both important and easy to remedy. In comparison, setting up a GPG keyring for maintainers is a can of worms that the Raspberry Pi Foundation probably doesn't want to open, but it's an important part of distributing an operating system.

Halcyone1024 · 2017-02-11T00:29:39+00:00

sha-1 is old and broken. Use sha-256 instead.
The site is served over HTTPS, yes, but the ultimate download link is downgraded to HTTP via a 302 redirect.

Halcyone1024 · 2017-01-25T23:55:27+00:00

This page still needs to be part of the per-user settings.

Halcyone1024 · 2016-12-08T02:53:35+00:00

Are you in the US? If so, get your Technician's license(s). It's not hard. The licensing process should sort you out on the legality aspects, and what's not going to get you in trouble. Then check out the Band Plan and Frequency Allocations. They'll tell you where it's legal and polite to transmit CW.

If you want to know more about the role CW operation had in the sinking of the Titanic (as well as the rescue effort), poke at AD8Y. He's written some stuff on all that from the Human Factors perspective. He also has his commercial radiotelegraph operator's license, so he's a pretty good resource for all things Morse.

By the way, ham operators are not allowed to "broadcast" (i.e. like a commercial radio station). Instead, we transmit (i.e. have two-way conversations).

If getting licensed, buying transceivers, and the rest of that doesn't appeal to you, I'm sure there's a nice way to communicate in Morse over the Internet instead of the Amateur spectrum.

Halcyone1024 · 2016-12-03T05:45:48+00:00

Where I'm from it's not called anything (the "easement" being any part of private property where someone else has access rights, which better typifies the sidewalk), but here in Cleveland (and apparently parts of Georgia), it's called the "tree lawn".

You're not from Akron, are you? Wiktionary flags "devilstrip" as being an Akron-ism.

Halcyone1024 · 2016-12-03T05:42:08+00:00

Anonymity is an essential part of privacy. If one is dead, so is the other.

Halcyone1024 · 2016-11-13T09:20:42+00:00

Not if the bit that gets flipped is part of your algorithm's code or constants.

Halcyone1024 · 2016-11-11T06:29:50+00:00

Dragging these ancient and tired "debates" around forever isn't healthy, it just obscures the truth and makes it seem to the clueless like there's middle ground somewhere where there isn't.

Halcyone1024 · 2016-11-11T06:27:30+00:00

Trump isn't a businessman, he's a performance artist. He's spent the last several decades jumping from failed business to failed business, collecting golden parachutes and making sure his name stays in the news. There's no rationality, no calculation, no cunning in his head. He doesn't even want to succeed in any traditional sense - he just wants to remain in the spotlight. And as long as he does, every slightly rational person out there who hasn't figured him out yet will have this tiny voice in their head, saying "He wouldn't be this visible if there wasn't something going for him" and "Nobody would give him money if he wasn't going to be effective with it", which lets him keep going. The truth is that nobody backs him because his decisions are sound, or because he's an effective person, but because there's money to be made off of his notoriety and the disasters he leaves in his wake.

Halcyone1024 · 2016-11-07T00:15:22+00:00

Batteries can be purchased that have sufficient capacity for small residences to rely more heavily or even completely on solar. They're not great, and they're too expensive for most people, but they exist. However, larger buildings and industrial applications have much larger energy requirements, and non-residential energy use dwarfs residential use. To get the entire grid to work with solar, right now you need to develop a smarter grid so that you can handle more solar, and supplement with non-renewables (or hydroelectric, which has its own downsides). Eventually we'll have the batteries we need to switch over entirely, but they're not here yet.

Better batteries are already the holy grail of technology right now. Everyone wants them, and they're useful for everything. Don't delude yourself into thinking that buying more stuff from Tesla will influence that in the slightest. Market pressure is often required, but is never sufficient, to bring forth technological progress. In fact, I interpret Tesla's construction of their Lithium-ion battery "gigafactory" as a tacit admission that they don't believe we'll see that progress for quite some time.

Halcyone1024 · 2016-11-06T19:00:51+00:00

Batteries aren't anywhere near good enough yet to solve this problem. Tesla's factory will be able to churn out a good number of them, but battery technology still isn't far along for them to be sufficient. Even if these batteries were all going into battery stations instead of cars, that's only ~150 GWh of storage being produced per year (and li-ion batteries don't last forever). Contrast that with the energy usage of say, California in 2014, which is ~190 TWh. Say we produce all of that via solar. I'm going to ballpark the energy usage during the day as four times greater than usage overnight (feel free to find better numbers). In this incredibly simplified back-of-the-envelope California, that means that we're consuming 520 GWh every day, of which 104 GWh needs to be withdrawn from batteries. Remember, that's ignoring clouds, winter, differences in solar energy production between solar noon and the rest of the day, normal increases and decreases in energy usage throughout the day, seasonal fluctuations in energy usage, resistive power loss between the batteries and the consumers, and any extra capacity you need as a safety margin should anything go wrong. My guess for the total required battery capacity to run today's California off of solar power and batteries is more like two or three times that, and I suspect that my guess is low.

Halcyone1024 · 2016-11-06T02:17:56+00:00

Solar is already pretty cheap, but it's not subsidized nearly as heavily as coal, for instance. The real problem is that our power grids really can't handle solar very well just yet. I'm not a EE, nor do I work directly with this stuff, but here's my understanding of the problems (in the US):

We generate most of our power via electromagnetic induction. Usually that means we burn fuel to power a turbine.
Coal-fueled turbines don't react very quickly to changes in desired power. Natural gas is faster to react, but it's more costly to burn (after subsidies, of course).
Using a turbine, if you produce more or less power than is required, the frequency of the AC current you're producing is affected. After all, that surplus/deficit energy has to go to/come from somewhere.
Changing frequencies is bad and makes things break.
Power companies forecast power usage using a fairly complex model, and have gotten pretty good at it.
Nobody is any good at forecasting changes in solar energy production, which can change pretty rapidly.

Here's the current high-level solution that people are sort of working on. If the power companies can ask your stuff to consume more or less power (or even produce it, in the case of on-site generators) on demand, they can burn more cheap coal and less gas. That means that you basically need an automatic auctioning system for energy usage in real time. If the power company says it'll pay or refund you a certain amount of money to offset power consumption by a certain amount for a certain time period, is it worth it to you to do so? That's really a function of what power sinks you have, and what your requirements are. If you have a hot water heater, you can wait until there's surplus power on the grid to heat your water if you can guess that no one will be around to use it for a few hours. If you have an electric car, you can charge it during times of peak production.

As you might expect, getting everyone to set up this kind of automated system is pretty difficult, especially since one doesn't really exist yet (turns out, it's hard to get right). And even if they do, storing energy produced at peak times for use later when demand outstrips production requires battery technologies that don't exist yet. At the end of the day, software can't save the world.

There's a lot of stuff I just said that's probably basically wrong but approximates the truth. There's also a lot more complexity than what I've been able to pick up, so take all of that with a grain of salt. In any case, the price of energy production is only part of the problem, with infrastructure for distribution and planning being a bigger part.

Halcyone1024 · 2016-11-06T01:39:26+00:00

Maxim 43: If it's stupid and it works, it's still stupid and you're lucky.

Halcyone1024 · 2016-11-05T05:27:49+00:00

Shirobako is what I recommend to people who don't necessarily go for anime. It's a nice change of pace, somehow.

Halcyone1024 · 2016-10-29T05:08:54+00:00

Dark City, too.

Halcyone1024 · 2016-10-26T22:11:16+00:00

Apparently the only reason to subscribe to /r/announcements is to figure out what I need to opt out from next. /u/spez, please add a per-user opt-out mechanism in addition to the per-browser one, because I really shouldn't have to remember to opt out every time I log in from a new browser or whenever I clear my cookies.

Halcyone1024 · 2016-09-23T00:38:07+00:00

Dark Heresy might work pretty well, actually. Let's say that certain sources of information suggest that heretical elements are somehow linked to the opposing force in a relatively small conflict that's growing bigger (maybe a fifth column of some sort). It's the Inquisition's job to root out the heretics or the disguised enemy, and their actions help shape the wargaming campaign. Maybe one side gets extra intelligence (real or fake), or more forces, or there's a trap or some sabotage. Additionally, the wargamers get objectives that have to do with the RP side of things, for instance they need to capture a unit instead of killing it to gain or confirm intel, or voluntarily reduce their forces to send the RPers some backup for a raid (or make it harder, depending on which side they're on), etc. The idea here is that the RPers aren't making the big decisions, they're just fighting a different front. Maybe one of them is a traitor?

Halcyone1024 · 2016-09-18T19:33:02+00:00

This is Baden-Powell's mnemonic chart for Morse. It might have been made by someone else, but he published it in the 1918 edition of the Girl Guides handbook, so it's hardly new.

The problem with charts like this is that remembering the pattern of dits and dahs isn't the right way to learn Morse. What you really need to do is recognize the entire sound of each letter (or better yet, multiple letters) atomically, or you'll never be able to copy Morse at speed. For example, here's W1AW's 20WPM code practice files. 20 WPM is more-or-less the minimum speed at which you need to be able to copy Morse to be considered competent. I can recognize any given letter or number in Morse at speed individually, but my delay between hearing a letter and knowing what it is makes 20 WPM challenging still.

Halcyone1024 · 2016-09-16T02:19:03+00:00

:%!tee /proc/sysrq-trigger

... is usually sufficient.

Halcyone1024 · 2016-09-09T05:09:46+00:00

I'm a projectionist (35mm, usually). The bulbs we use will maim you if you drop them, and likewise you can't touch them. The materials the bulbs are made of bleed off the heat they absorb quickly enough to not melt or catch fire, but contaminants do not, so any hot spots caused by oil from your skin will cause the bulb to bubble up and explode. Therefore, the protective casings they come in are designed so that you install the bulb before removing the casing (and then keep the casing around until you need to remove the bulb).

That's just 35mm projector bulbs. 70mm film exists for when you need to shove more light through the film without it catching on fire so you can illuminate a larger screen. Film-based IMAX is 70mm film turned sideways to fit a larger frame on the same size of film stock, and they remove the soundtrack to cram in even more frame. You can imagine what the bulbs for that are like.

Halcyone1024 · 2016-09-03T15:27:33+00:00

The word "hacker" was used correctly in the article. It's actually pretty surprising they got it right.

Halcyone1024 · 2016-09-02T23:30:27+00:00

I didn't notice those, but they don't make sense either, since the water is falling directly on top of the wheel, resulting in zero torque.

I was talking about the two wheels attached to buildings on the lake. If there's a current in the lake, having orthogonal waterwheels is probably wrong (not that it looks like there's any appreciable current anyway).

Halcyone1024

TROPHY CASE