Dan Bowman kindly pointed out to me that former Commodore engineer Bil Herd wrapped up his discussion of the ill-fated Commodore TED machines on Hackaday this week. Here in the States, few remember the TED specifically, but some people may remember that oddball Commodore Plus/4 that closeout companies sold for $79 in 1985 and 1986. The Plus/4 was one of those TED machines. So was the Commodore 16.
What went wrong with those machines? Commodore miscalculated what the market was doing. The TED was a solution to too many problems, and ended up not solving any of them all that well. Read more
Dan Bowman sent me this link to Steve Gibson’s analysis of Truecrypt, a suddenly dear departed piece of full disk encryption software.
The important thing to remember right now is that we still don’t know what’s going on.
Johns Hopkins cryptography professor Matthew Green is heading up an effort to audit the Truecrypt code. Last month he said the code could be of higher quality, but at that point he hadn’t found anything truly horrible in there either.
That said, his analysis of the cryptography itself is phase 2. Cryptography is notoriously difficult to do–even when cryptography is your specialty, you can get it wrong.
So it’s premature to declare Truecrypt 7.1 as the greatest piece of software ever written. Green did find some flaws that need to be fixed. As far as we know, right now Truecrypt is better than nothing, but the most important part of Green’s work isn’t finished yet. Green has said he is going to finish his audit of the code. He probably won’t find perfection. He may find a fatal flaw that makes it all come crashing down. More likely, he’ll find something in between. But until those findings come out, it’s all speculation.
Gibson’s page on Truecrypt is a good reference page, but his cheerleading is premature. Gibson is a talented software developer in his own right, but cryptography isn’t his specialty. At the company where I work, we use Truecrypt for some things, and until we know otherwise we are going to continue to use it, but we haven’t made any final decisions on it yet.
Update: Here’s an analysis by Mark Piper, a penetration tester by trade, who explains the history and the issues today.
It seems like a good way to look at it. Every model railroad is a compromise. By my rough estimations, it’s 4.1 miles from Dupo, Illinois to Cahokia, but even if you model in Z scale, you’ll need 97 linear feet to model that line. I would think it would be very difficult to build a Z scale layout of that size–it would take a huge basement–and only put two towns on it. So, at the very least, people put their towns closer together and use a fast clock to make up for the compression. Some people compromise a lot more than that. Read more
Thanks to Dan Bowman for reminding me of this: Due to a bug in the compression engine in some Xerox photocopiers, copies aren’t necessarily identical from generation to generation. For example, it’s very easy for a “6” to become an “8.” Not good.
There was a Dilbert cartoon where the pointy-haired boss, to Wally’s chagrin, proofread photocopies. Suddenly that joke doesn’t seem quite so funny.
As cheap as storage is, I have a hard time understanding why copiers use lossy compression. There are good lossless compression algorithms out there that ensure each copy will be as close to identical as the scanning hardware permits. And I understand the desirability of image enhancement technology–it would make fuzzy documents easier to read–but such a feature should be optional, so as to avoid situations like this.
If you use Xerox equipment, be sure to bug your rep for a fix. Early and often.
This comes courtesy of Dan Bowman: If you’re an Evernote user (I’m not, at least not yet), it now has three new security features, including the all-important two-factor authentication. Those of you who rely on Evernote would do well to look into enabling two-factor authentication, at the very least.
Courtesy of Dan Bowman: You may have seen the brief writeup on Slashdot about how to set printers on fire by messing with the fuser, but in Germany next month there’s going to be a security engineer’s nightmare unleashed, courtesy of the HP printer that’s probably sitting a few feet outside your cubicle and mine.
And there’s a whole lot more to it than just messing with the fuser in hopes of killing a printer or (perhaps) starting a fire. There’s a lot more to a printer than toner and a fuser. As the link above says, a printer contains an embedded Linux or Vxworks system that’s trivially easy to install a rootkit on and that nobody’s paying attention to. Seriously, who watches traffic coming from the printer?
Dan Bowman sent over this ongoing series at Forbes. I’d seen the first couple of parts of it, but didn’t realize it was still ongoing. In light of new Amazon tablet rumors, it takes on new relevance.
It’s a thought-provoking look at the state of U.S. manufacturing today, and the state of management. I don’t know if the author thinks it’s too late to reverse this decline, but presumably no. Otherwise he wouldn’t be writing it, probably. Read more