Commodore 16 and Commodore Plus/4

Commodore 16 and Commodore Plus/4

Dan Bowman kindly pointed out to me that former Commodore engineer Bil Herd wrapped up his discussion of the ill-fated Commodore TED machines on Hackaday this week. Here in the States, few remember the TED specifically, but some people may remember that oddball Commodore Plus/4 that closeout companies sold for $79 in 1985 and 1986. The Plus/4 was one of those TED machines. So was the Commodore 16.

What went wrong with those machines? Commodore miscalculated what the market was doing. The TED was a solution to too many problems, and ended up not solving any of them all that well. Read more

Steve Gibson on Truecrypt

Dan Bowman sent me this link to Steve Gibson’s analysis of Truecrypt, a suddenly dear departed piece of full disk encryption software.

The important thing to remember right now is that we still don’t know what’s going on.

Johns Hopkins cryptography professor Matthew Green is heading up an effort to audit the Truecrypt code. Last month he said the code could be of higher quality, but at that point he hadn’t found anything truly horrible in there either.

That said, his analysis of the cryptography itself is phase 2. Cryptography is notoriously difficult to do–even when cryptography is your specialty, you can get it wrong.

So it’s premature to declare Truecrypt 7.1 as the greatest piece of software ever written. Green did find some flaws that need to be fixed. As far as we know, right now Truecrypt is better than nothing, but the most important part of Green’s work isn’t finished yet. Green has said he is going to finish his audit of the code. He probably won’t find perfection. He may find a fatal flaw that makes it all come crashing down. More likely, he’ll find something in between. But until those findings come out, it’s all speculation.

Truecrypt’s license allowed someone else to come along, take the existing code, act on Green’s findings, and make it better. It’s called Veracrypt. But going open source doesn’t guarantee people will work on it.

Gibson’s page on Truecrypt is a good reference page, but his cheerleading is premature. Gibson is a talented software developer in his own right, but cryptography isn’t his specialty. At the company where I work, we use Truecrypt for some things, and until we know otherwise we are going to continue to use it, but we haven’t made any final decisions on it yet.

Update: Here’s an analysis by Mark Piper, a penetration tester by trade, who explains the history and the issues today.

Model railroading as fan fiction

Dan Bowman sent me this a couple of weeks ago, and I found myself agreeing with it: Model railroading is a form of fan fiction.

It seems like a good way to look at it. Every model railroad is a compromise. By my rough estimations, it’s 4.1 miles from Dupo, Illinois to Cahokia, but even if you model in Z scale, you’ll need 97 linear feet to model that line. I would think it would be very difficult to build a Z scale layout of that size–it would take a huge basement–and only put two towns on it. So, at the very least, people put their towns closer together and use a fast clock to make up for the compression. Some people compromise a lot more than that. Read more

When a photocopy isn’t

Thanks to Dan Bowman for reminding me of this: Due to a bug in the compression engine in some Xerox photocopiers, copies aren’t necessarily identical from generation to generation. For example, it’s very easy for a “6” to become an “8.” Not good.

There was a Dilbert cartoon where the pointy-haired boss, to Wally’s chagrin, proofread photocopies. Suddenly that joke doesn’t seem quite so funny.

As cheap as storage is, I have a hard time understanding why copiers use lossy compression. There are good lossless compression algorithms out there that ensure each copy will be as close to identical as the scanning hardware permits. And I understand the desirability of image enhancement technology–it would make fuzzy documents easier to read–but such a feature should be optional, so as to avoid situations like this.

If you use Xerox equipment, be sure to bug your rep for a fix. Early and often.

An SSD data loss issue–and how to prevent it

An SSD data loss issue–and how to prevent it

Longtime reader Dan Bowman–probably my very first reader, come to think of it–sent in this article from Infoworld regarding SSDs and data loss in power failure.

It’s not theoretical. I’ve seen it. I also know how to prevent it.

Read more

Expect your HP printer to get 0wnz0r3d shortly

Courtesy of Dan Bowman: You may have seen the brief writeup on Slashdot about how to set printers on fire by messing with the fuser, but in Germany next month there’s going to be a security engineer’s nightmare unleashed, courtesy of the HP printer that’s probably sitting a few feet outside your cubicle and mine.

And there’s a whole lot more to it than just messing with the fuser in hopes of killing a printer or (perhaps) starting a fire. There’s a lot more to a printer than toner and a fuser. As the link above says, a printer contains an embedded Linux or Vxworks system that’s trivially easy to install a rootkit on and that nobody’s paying attention to. Seriously, who watches traffic coming from the printer?

The possibilities are endless.
Read more

Google guts.

Dan Bowman tossed a very interesting rant my direction. Basically, it’s an inside view on what Google is doing wrong and other companies do right.

I admire Google for allowing what could be embarrassing to remain out on the light.

Read more

Why Amazon can’t make a Kindle in the USA

Dan Bowman sent over this ongoing series at Forbes. I’d seen the first couple of parts of it, but didn’t realize it was still ongoing. In light of new Amazon tablet rumors, it takes on new relevance.

It’s a thought-provoking look at the state of U.S. manufacturing today, and the state of management. I don’t know if the author thinks it’s too late to reverse this decline, but presumably no. Otherwise he wouldn’t be writing it, probably.
Read more