Posts by Duane Griffin
-
Hard News: Interesting Britain!, in reply to
We got ours about three weeks ago, I think it was. Hopefully they made it back in time, not that Labour needed an extra couple of votes in Hammersmith.
-
Up Front: Oh, God, in reply to
I don't believe "ritualized invocations" of any creed are appropriate in Parliament.
Point of order! Ritualized invocations are exactly how Parliament operates.
I agree we could do with fewer religious themed ones. I wouldn't mind if they were more diverse: the speaker leading the chamber in a quick "Nammo tassa..." would be quite the thing.
-
OnPoint: The Big Guns: Truecrypt and Tails, in reply to
And this addresses Duane’s concern from one of the opening comments. The outer truecrypt volume is viewed by the OS as one big file, so the innards of it (which contain the hidden volume) it would never be used for spare sectors.
Not really.
The scenario is that you've provided the adversary with the outer key and they are forensically examining the outer volume's decrypted filesystem image. Depending on various things, they may be able to look at the low-level pattern of activity and determine there is a space that it is avoiding, for no apparent reason. Given they know you are using TrueCrypt, and thus are aware of the possibility of hidden inner volumes, that anomalous behaviour is basically giving away the game.
Now, this is a very narrow objection, and all very theoretical. In practice whether it is possible will depend on the size of the inner volume, how old and heavily used the outer filesystem is, how full it has ever got, and the precise implementation details of the filesystem in question.
It would also need attention from very specialised and expensive experts (at least until those experts write software to automate the process). So, you know, probably not a real practical concern for most people. But then, most people won't be using this sort of technology in the first place.
This brings us back to the more fundamental issue, that Jarno van der Linden raises, too: who is this technology actually useful for?
It doesn't help if you are under continuous surveillance, as the adversary will just capture your keystrokes.
It doesn't help against adversaries willing to use violence. They'll just break out the thumbscrews as soon as they see the encrypted partition, and you're in an even worse position if you don't actually have a secret to give them.
It also wont help if they suspect it is being used, and care enough/have sufficient resources to convincingly argue that case.
Actually Keith's case of a journalist protecting sources from the NZ government is possibly one of the very few times it might be useful. Just make sure the inner volume isn't too big, keep the outer volume mostly empty and, whatever you do, don't say anything to suggest you might use it!
-
If you have access you can read the crypto keys out of memory (along with the decrypted data itself, of course). So installing that cool screensaver is still dangerous with Tails/TrueCrypt. Whatever nastiness it installs will be gone next time you boot, true, but if it has already sent your keys and/or other sensitive data home then it's too late.
Hidden volumes are great, up to a point, but... The interrogating officer may well ask pointed questions when forensic examination reveals parts of the device have never been touched, even though the filesystem would normally be expected to allocate space from there.
The only way to defeat a sufficiently advanced, resourced & motivated adversary is to avoid their attention in the first place.
-
OnPoint: Other People's Wars, in reply to
If even the prospect of having an army going to war, without the permission of Parliament, without the knowledge of the Prime Minister, and hidden from Cabinet does not overly concern the PM or Leader of the Opposition, then they don’t deserve their fucking jobs.
It seems more likely to me that Key, Goff, the Cabinet and pretty much anyone else who cared knew at least roughly what was going on. If they were mislead then it was because they wanted to be. Their crimes are willful blindness and complicity in misleading the public rather than incompetence and gullibility. The response so far is in keeping with that.
Use of the NZ military and intelligence services seems to me to be one area where both major parties are in substantial agreement and largely at odds with the wider public.
-
Hey Craig, delurking briefly to say it is cool to see you on the PA front-page, and I'm looking forward to reading your stuff.
-
I live in the UK and got my ILR (equivalent to permanent residency in NZ) about a year ago. Going through UK border control is usually an unpleasant and slightly anxious experience.
The first time I went through after getting my ILR it was late, and I was tired and more nervous than usual. The immigration officer asked a couple of questions about my new status, then she gave back my passport and said, "welcome home, sir". I nearly cried.
-
I'll miss your stuff here, man. You've done good, in all senses.
I hope that you're moving on to something interesting, challenging and well-remunerated. And that you pop up with public comment again before too long.
If you ever need advice or assistance from a friendly linux geek, you've only to ask; also if you happen to visit London the drinks are on me.
-
I think drm is workable, and a viable solution, its just in draft stage at present. seems it can stop piracy for some, maybe not all
I think you miss the point. Once again, it isn't the downloader DRM needs to be effective against, it is the uploader.
Yes, DRM can make it slightly harder to rip music the first time you come across it. You have to go and hunt for the right piece of software to remove it. The sort of person who uploads their music to p2p sites is going to be fine with that, and will have the software installed already. Then everyone else just downloads the pre-ripped, DRM-stripped version.
I'm a professional software user with nasty copy protection on it. I'm reasonably good at computer noodling and some of the stuff I use seems impossible to work around illegally.
I'm a professional software developer who has used and implemented that nasty copy protection. While it makes it hard for regular users to crack the software it still doesn't prevent piracy. They just go and download a version someone else has cracked.
Anyway, we have hijacked this thread enough, so this will be my last post on this topic. If you would like to discuss the technical aspects of DRM and why it does not and cannot work feel free to drop me an email.
-
Accepting that trait in ourselves and doing the best to change our attitude then effective drm removes that last edge of temptation.
I agree 100%. Trouble is that little word, "effective". If you accept the simple fact that there is no such thing as "effective DRM" then this whole argument is just a waste of time. Remember, DRM is irrelevant to the person downloading the pirated tracks -- they are DRM free at that point. It is the person who uploads them that DRM needs to be effective against.
which would be a fine example of the attitude that needs to change.
Hang on. I go to a gig. I buy a t-shirt and a couple of CDs because I had a great time and want to support the artist. I get home and find that £12 has been wasted as the bloody CD has deliberate errors added explicitly to prevent me listening to it the only way I can. I can't access the music I just paid for. And I'm the one with the attitude problem?
Brother, tell me you're not in any sort of customer-facing role, because you aren't doing a good sales job here! ;)
why didn't you suggest that DRM on cd is fine so long as it is accompanied by access to downloadable versions of the tracks free of charge to a legitimate buyer.
Suggest to who? I've advocated that for a long time, but it doesn't seem like many industry types are listening.
If the CD liner had said, "go here to download the tracks" then I would have been happy. Or at least not angry; it still would have been stupid and pointless to cripple the CD. But, of course, it didn't. Ironically, the easiest way for me to get the music would have been to download it from a dodgy warez site.
All these hissy fit from consumers showing no understanding of the problems music makers face and focusing purely on their own personal inconvenience. That's no way to mediate a mutually agreeable solution.
I accept music makers are hurting. I'm sympathetic, honestly. But the solution you are advocating doesn't solve the problem! If DRM worked then sure, I'd be cool with it. But it doesn't. And not in a "buggy software" kinda way, but in a "perpetual motion machine" kinda way.
I'm going to keep on going to gigs, keep on buying the merchandise there, keep on seeking out and buying new music. Because I love it and I want to support the artists that make it.
Shouldn't that be enough?