avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Wednesday May 25, 2022, 5:15 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - SeraphimLabs [ switch to compact view ]

Pages: prev1 [2] 3 4 5 6 7 ... 13next
Living Room / Re: Does anyone here use Bitcoins?
« on: April 20, 2015, 08:12 PM »
Not sure if anyone has heard about this one, or even if it's legit ... But I'm giving it a shot in the name of insane curiosity. (Yes that is a referral link)

Welcome to Ponzi Scheme.

if you're early enough getting onto one of these, they actually do pay out from time to time.

Usually though, by the time you hear about it the scheme is already on the verge of bankruptcy and you won't ever see your money again.

Better to get some btc via coinbase, and send it to the btc/cny futures exchange bitvc. Then you have quite the list of options for how to trade it, but trade with care- if you take a bad position you'll get margin called and lose it.

Well that would be one way to fix a failing economy.

Make contact with a parallel universe, and sell them technology from this one.

Alternately, steal technology from a more advanced universe to sell in this one.

Ramps are positively dangerous because if the car slips out of gear or your chocks are not large enough it can very quickly roll right back down them.

Better to get the floor jack and a set of jackstands to go with it. The jack raises the car, then a jackstand is raised to be snug against the car's frame and latched at that height. If the jack fails or bleeds down, the car will land on the stand instead of on you.

And yes, better to go under it from time to time to make sure. You can spot fluid leaks, keep track of what is rusting where, and make sure there aren't any dangling pieces while under it.

Are Your Computer Devices Hardwired for Betrayal?
"How Do We Fix It?
1. Firmware must be properly audited.....
2. Firmware updates must be signed......
3. We need a mechanism for verifying the integrity of installed firmware......."

Or simply making it so that you don't update the firmware in the field. Build it right the first time, and stop shipping software with serious defects in it.

The jumper idea works though because it prevents firmware from being changed with someone doing so intentionally, any more restrictive than that and you might as well not allow firmware updates at all.

Living Room / Re: online design program
« on: March 02, 2015, 07:52 AM »
Whats your budget, and does it have to be online?

Really simple stuff there are solutions like Sketchup to handle, but anything complex or precise and you'd better shell out the cash for a real CAD solution.

Living Room / Re: Pick a number between 1 and 10
« on: February 27, 2015, 11:57 AM »
IIRC who you ask is irrelevant, you ask one guard what the other would say and then do the opposite. Because the liar would give the wrong answer (by nature), and the truth teller would give the liars lie.

Its easier to just kick them in the shin and ask if it hurt. Then you know which one is telling the truth and which one isn't.

Of course your solution is less likely to piss them off.

Plus assuming they are guarding something of great value implies they have weapons at the ready to prevent entry and/or dispatch intruders.  But now that you mention it, a simpler solution might be asking either "If I try to kick you in the nuts will you kill me?"  If the guard answers "no" he's the liar.

Not necessarially. For that to be reliable you would have to know in advance how the guards would respond to your provocation. Some guards would chop off your head right away, others would simply remain at their posts and shrug it off.

Actually kicking them gives you an undisputed fact from which you can judge their responses.

Working along these lines a little more, it would really work with any well known or easily observed fact. Kicking them with its associated risk of death is not required.

Also relevant:

Living Room / Re: Pick a number between 1 and 10
« on: February 27, 2015, 07:42 AM »
IIRC who you ask is irrelevant, you ask one guard what the other would say and then do the opposite. Because the liar would give the wrong answer (by nature), and the truth teller would give the liars lie.

Its easier to just kick them in the shin and ask if it hurt. Then you know which one is telling the truth and which one isn't.

Of course your solution is less likely to piss them off.

A hardware jumper to enable any firmware flashing seems like a great idea for all devices.

hey!  I like that!

I did too initially, but I don't think it will scale well for data centers that have (SAN) racks full of drives that would then need to be physically touched.

The way I learned IT stuff, you don't upgrade any sort of firmware unless you either have issues to be corrected or are trying to add new features.

A data center would probably not be upgrading hard drive firmware in the first place unless they had a bad batch of drives that came through bugged, and such machines would likely already have had their drives exchanged for bug-free versions to maintain uptime.

Having a jumper setting to enable/disable firmware updates would provide containment for such malware and would prevent fully automated malware from installing exploits at that level because the typical user would not ever open the case let alone move the jumper to install the update.

It would not protect against intentional sabotage or a technician unknowingly installing a bugged update.

the task of delivering it to the target to infect the new hard drive without the OS noticing

like... packaging it as a critical update from the drive manufacturer... which we regularly install on customer equipment...

The best defense I've come up with so far is for the vendors to put a jumper on the drive that must be toggled to allow firmware writes.

Unfortunately this scenario defeats that type of defense, because the technician would move the jumper to install what is perceived to be a legitimate update and then unknowingly install the malicious version.

Having such a jumper would be a good first-line defense though to prevent automated deployment. The drive is wired such that with the jumper open the drive acts as hard drives currently do, but cannot install firmware. You would then shut the jumper to install a firmware update- but with the jumper shorted for firmware updates the drive would be prohibited from normal operation.

Once it gets into the drive its too late. You would have to access the drive's firmware without using the standard interface or letting the controller boot up, and compare the contents to a known-good version. If it starts running the infected firmware it could easily jump the gap and infect the known-good media as well, and would definitely attempt to hide itself.

Living Room / Re: Does anyone here use Bitcoins?
« on: February 21, 2015, 12:30 PM »
Coming to this discussion late.  Only read the first few pages and this one, so far.

With Bitcoin being used primarily in internet gambling and involving a wasteful set-up application by a geek oligarchy (mining bitcoins) I find it rather an absurd and funky-wrong attempt to have an alternate medium of exchange. With a bit of a ponzi investment element and dubious internals. (There is no there there.)   The early attendees can do good financially if they can find ways to cash out, which is the nature of ponzi.  If they hold everything, they risk everything.

And thus we had the late 2013 bubble, which has now crashed. A lot of the early adopters already got out, while people who held are alongside later arrivals in building and maintaining bitcoin. It has been steadily creeping up again for a while now, demonstrating a nice slow growth that translates to lasting value instead of the get rich quick bubble mentality.

While it is true that it is used a fair amount for gambling and contraband, it isn't as anonymous as you think. Law enforcement seizing your bitcoin wallet means that they can now follow all of the transactions you made through the public record that is the blockchain. Like so, it is possible to keep your privacy without compromising law enforcement's ability to collect evidence. Even DPR of silkroad got busted pretty hard by that- they were able to positively identify his bitcoin addresses, and use his transaction history as evidence against him. Anonymous? Not really.

These days the marketplace is dominated by Forex-like strategies, and many people who got into daytrading through bitcoin are actually moving back towards Forex using their bitcoin profits as starting investment. Though it remains unregulated and you can easily lose it all if you are careless or leave large sums of money on a vulnerable exchange, its losing its new frontier impression and settling down to be more business-like.

If you want to speculate at this point, it is a bit like day trading, with far less possibility of a sensible strategy. Except, I gather, that you can not afford to make small transactions, due to transaction fees.
The opposite as point of fact. I was not able to turn a profit attempting to daytrade normal stocks or forex, but I am reliably getting profit daytrading bitcoin. The market is actually more predictable than you would expect, and has a high enough volatility to make regular profitable movements if you are positioned to catch them.

For instance a typical trading fee is 0.02% of the total order value, deposits have no fees, and withdrawls usually involve an 0.0001 btc transaction fee to encourage miners to continue as the yield per block decreases by the planned schedule. These fees are so low that I can put $10 on the table and trade it with profit, where a single transaction of NYSE stocks will often have a $10 fee just to place the buy order.

And I am a big fan of bullion and real estate as real money and value.  My view: it is hard to say that gold or silver is overvalued or undervalued.  One ounce of either remains at 1 oz a year later. It is the price, volume and confidence in the fiat currencies that varies.  The bullion remains the same.

If you, or a friend or relative, puts some wallpaper money into bullion, it never changes. If the price goes down, that's ok.  If you lose, you win. Since, up to that time, we have not had an economic collapse and hyperinflation .. yet.  Whatever little stash of green is around is still valuable.

You can also do leveraged trades now too if you go to the right places. Just this morning I closed some short positions that were made with 50x leverage. Such a capability is doing wonders for taking the volatility out of bitcoin by making it so traders can profit happily from smaller movements, keeping the value stable so people can actually use it as a currency.

Bitcoin's volatility is decreasing, and as it does leverage rates will continue to increase to allow traders to profit more efficiently. But its a nice feedback loop that in time will consolidate the unpredictable and fast paced market of bitcoin to behave like any other forex transaction would. It will always move a little, even normal currency forex like USD/CAD moves from time to time. But that movement can be reduced to tenths of a cent per day, allowing bitcoin to retain a value close enough to constant for people to use it as currency without fear of a market crash.

If there is a time when Bitcoin has the same amount of convertibility as decent credit card points (transferable gift cards for Target, Bed Bath and Beyond and Barnes and Noble) let me know and I will rethink the above.


A big part of the holdup is updating infrastructure to support it. For an online store this is quite easy- connect the store to a payment gateway or directly to a self-hosted bitcoin wallet (lower fees this way).

Physical stores have to purchase additional equipment to interface a bitcoin processor or wallet with their existing point of sale systems, but in theory it should be able to interact the same way a credit card terminal does with the key exception that at some point it needs to present a code for the buyer to scan and send bitcoin to.

Time is solving this issue, if bitcoin can stay clear of attracting the wrong kind of attentions it should survive long enough to see this become largely solved. It is attractive for small businesses because the per transaction fee is so tiny- at the time of this writing it works out to $0.024 for any size transaction. Compare this to the $3 or more often charged by credit providers and the difference will add up quickly.

Living Room / Re: problem with microusb cable
« on: February 20, 2015, 02:29 PM »
Silly putty. Wrap a blob of it around where the cable comes into the plug to reinforce this area and prevent it from breaking so easily.

People are actually making all kinds of patent putty products that solve this problem.

There is no defense against this.

Its like a rootkit- that once it gets into your hard drive the only way out is to replace the drive controller with a known-good version and then very carefully salvage data without letting the virus be reactivated.

Hackers may have gone too far with this.

Fortunately its not something a casual hacker could do. You would have to use a special operating system or embedded system debugging tools to access the drive at the lowest possible levels to create the malware, and then have the task of delivering it to the target to infect the new hard drive without the OS noticing.

Cast it into the fire!
Destroy it!


Yeah I can see this going horribly wrong within a few years. Its like antibiotic resistance, suddenly the standard treatments for common problems no longer apply.

People are probably going to die because of this

Even if not directly, if extreme care is not taken in programming the payload selection it could disturbingly easily case serious damage to critical infrastructure and lead to widespread public utility failures and panic.

Living Room / Re: Show us a picture of your.. CAR!!!
« on: February 08, 2015, 10:23 PM »
New York State would classify the Elio as a motorcycle, not a car.

Anything with less than 4 wheels is treated by the NYSDMV as a motorcycle and operates using a Class M license, while 4 wheels up to 25,000 lbs gross weight uses a Class D license.

I do like the idea though, and if it wasn't for the class M license requirement instead of the class D I have would look into getting one. I'd be one of the clunker owners that he's hoping buys it.

The fact that major ISPs are whining about the looming possibility that they might actually have regulations to comply with limiting how badly they can molest the american consumer means the FCC absolutely should reclassify ISPs as a Title II utility.

Purely on the basis that it is a natural monopoly, is repeatably and highly abusive to consumers because of that natural monopoly, and because they are turning immense profits off of an aging network that is in dire need of capacity upgrades. Also because I am no longer believing the whole customers per mile line they give when asked about why they don't extend deeper into the countryside after hearing about Time Warner Cable making more than 90% profit.

What about kiddie pr0n?

But does that actually fall under the umbrella of "free speech" ?

Free speech + freedom of expression.

In fact the only thing really wrong about it is the fact that it is produced by the victimization of another person who either is not old enough to give consent, or simply has chosen not to. That fact alone is the one solid handle you can get on it to make it illegal in the way it is. Its illegal because it violates somebody else's rights.

That's just how it works. When you start assigning guaranteed rights to people, people almost always find usage cases that the majority will not ever agree is acceptable and will seek to do something about even if it means that the expected rights are no longer inalienable.

Living Room / Re: Does anyone here use Bitcoins?
« on: January 28, 2015, 09:28 PM »
That was cute.

Coinbase ran a nice moon rocket countdown time that led to several hours of buying and price-pumping in bitcoin, that came to an abrupt trend reversal the moment it reached zero.

And what can I say? I made bank on that selling seconds before the zero expecting the hype bubble to burst.

Today it is very nearly back to where it was last week, with rumors circulating of another major exchange hack.

At the same time the charts suggest that a major upward or downward movement is imminent, but it remains unknown which direction it is going to move.

Pretty much. They know if they keep bringing it up and hammering it over and over, eventually people will get tired of saying no and let it pass.

And when it does, god help us all.

The people sponsoring this thing need to be removed from authority as soon as practical.

Living Room / Re: ideas that will change society
« on: January 16, 2015, 04:13 PM »
Idea: Have devices in emergency vehicles that can change red traffic lights to green... for the direction they are headed or the lane they are in.

Already exists, and gets used more often than not.

While the normal flashing lights do get noticed, in areas with a lot of traffic sometimes there is no way to clear a path for oncoming emergency vehicles.

Triggering the light to change in advance allows that traffic to get moving again so it can clear the way for the emergency vehicle.

Idea:  Invent a cell-phone-signal-blocker for a sunvisor or dashboard.  Maybe with a 10 yard radius.

This could save some lives, help prevent some road-rage and make people pull off the road to talk.   :)

Been done. It plugs into the car, and interacts with a software feature in the phone to disable most of the phone's functionality. Currently it is being marketted towards parents of teen and young adult drivers, and includes features like speed and location monitoring so that not only does it disallow cellphone use while driving but it also makes sure that a young driver is driving safely.

Check this out. It even comes with an insurance discount.

This doesn't actually jam the signals, it simply uses bluetooth to communicate with app on the phone to disable sections of the phone's functionality.

Pretty much if you can think of it, someone has already made a product of it. And if not, you shouldn't talk about it online. Instead you should quietly develop and market a product and make a fortune from it.

Living Room / Re: home automation
« on: January 14, 2015, 09:28 PM »
The town gets mad if you put goats on your lawn to keep the grass short.

They get just as mad if you don't mow it at all.

Clearly this is a conspiracy to sell more lawn mowers and greatly increase greenhouse emissions between fuel-burning noisy lawnmowers and the fact that freshly cut grass is apparently HORRIBLE about emissions. There's been quite a few studies about that.

I've actually been building a little bit towards home automation though, purely for the sake of convenience.

Everything of course still retains hard mechanical overrides such as the ever reliable off switch that physically interrupts the power supply, but at the same time outside of emergency situations it is really nice to be able to configure household equipment to suit the situation without having to actually adjust each piece of equipment.

And its all energy efficient too, taking advantage of recent improvements in microprocessor technology to push the controller power consumption down to extremely tiny amounts, paired with energy-efficient appliances and lighting because lets face it I'm cheap when it comes to paying companies that I think are trying to screw people.

I see you learned a few things about how websites work Tao.  Lot of people don't realize just how much info you can pick out of someone's web setup just by poking around at information that is already public in order to make everything run smoothly.

There's a good chance that the hack site went down because supporters of the original site are upset about what happened and either attacked it directly to try and kill it, or because you literally saw the transition taking place and they didn't do it right- it resulted in a period where the DNS was pointed to an IP that no longer had a server under it.

This whole situation is downright sad, and just a solid reminder that there are some really bad people out there.

Living Room / Re: Can anyone help break "router block"?
« on: January 05, 2015, 11:56 AM »
I'd recommend the Netgear WNDR3700v4 (Make sure the package identifies it as a v4) or the Netgear WNDR4300.

You reflash these to OpenWRT, and then you have a surprisingly powerful and capable router which offers complete control of what network configuration you wnat to have. I've got one at home for my own use, and 2 of them at work all configured like this solid as a rock.

Changing from the factory firmware to OpenWRT on those two models is only different from a normal firmware upgrade in that you have to do a couple extra power cycle steps afterward.

Even on the factory firmware those two models are based on some downright powerful hardware among consumer-grade routers, having 128MB of ram in them where most routers only have 16-32MB. Having the extra ram makes it a lot less likely to grind to a crawl under high traffic, and also gives it the capability to run advanced configurations like what you need.

Tomato is also a decent alternative to the factory firmware, but I've heard from quite a few people that it has become weak in development and isn't as reliably supported. There are a number of forks of Tomato that are kept up to date by other groups.

DD-WRT on the other hand has gone quite far downhill, between the move to 'premium features' and poor management practices. I would not recommend it unless you have an older device that can use the older versions of it from when it was progressing well.

Most of the builtin firmware offers very restrictive controls, or even none at all. You'd get a lot better value using OpenWRT on a decent quality hardware.

As for brands, Netgear is usually decent while D-link is quite good when you can find it. Linksys has a handful of good units in a flood of junk, and Belkin has never made a good product outside of USB adapters and cables.

A secret is safe with three, if two are dead. This is the only thing that struck me regarding the Sony/Email fiasco.

The message format/fact that it was an Email is IMO irrelevant. Because... If there exists a document, that contains damning/damaging information - that you have within your power the option of destroying with impunity - what the hell did you save it for?!?

This to me is a people problem.

Its also a legal problem. Strictly speaking you are required by law to keep record somewhere somehow of all company internal written communications as much as is practical. At least in my understanding of business law anyway- I've seen quite a few cases where the courts order a company to present such.

Thus they were legally obligated to keep that information on record becase on the off chance they got investigated, it could be held as evidence in the courtroom and whoever was involved would be effectively screwed by the discovery of its contents.

All that happened here was that a hacker simply did without proper warrants what a courtroom could order if it suspected illegal activity happening under Sony's roof.

Even if it had been a message carried over the bitcoin blockchain, a hacker could have compromised the private key of an endpoint and still leaked that same message.

Just the nature of the beast- if it is connected to the internet, it is with certainty hackable.

Text messaging is just as insecure though, and ultimately no communications of that type is ever going to be secure because you can always compromise the device or compromise the server processing that information in order to see it anyway.

Probably the only thing I've seen out there remotely close to being secure and of similar functionality to email is in fact bitcoin, which allows you to attach a text message to a transaction that is encrypted as it is carried by the blockchain and is only viewable by the intended recipient.

But people are already worried about blockchain bloat, if you attached email's traffic volume to the blockchain the storage requirements would increase exponentially.

German bureaucracy is pragmatic - and ironic, but honest with it:
German Government Refuses FOI Request By Pointing Out Document Already Leaked | Techdirt
(Copied below sans embedded hyperlinks/images.)
rom the well-played dept

Freedom of information requests are a powerful way of finding out things that governments would rather not reveal. As a result, requests are often refused on a variety of grounds, some more ridiculous than others. The Netzpolitik blog points us to a rather unusual case concerning a request by the politician Malte Spitz for a letter from the Chief of Staff of the German Chancellery to members of a commission investigating intelligence matters. The request was refused on the grounds that the document was already freely available (original in German):
    The information you requested may be obtained free of charge on the Internet by anyone, in a reasonable manner. The letter from the Chief of the Federal Chancellery, Federal Minister Peter Altmaier, to the chairman of the first committee of inquiry of the 18th legislature, Professor Dr. Sensburg, is publicly available and published in full at the following link:


The Netzpolitik link included there leads to an article that a few weeks earlier had not only leaked the document requested by Spitz, but also noted wryly that the letter from Altmaier threatens anyone leaking documents with legal action.
The German bureaucracy should be applauded for taking the adult view that once a document is leaked, it is publicly -- and officially -- available. This contrasts with the childish attempts by the British government to pretend that Snowden's leaks never happened, and its refusal even to pronounce the name of some of the surveillance programs he revealed.

Follow me @glynmoody on Twitter or, and +glynmoody on Google+

I have to disagree with their refusal to comply on the grounds that it already leaked. This becomes a means of defeating freedom of information requests.

To exploit this, they accidentally on purpose leak a fake version of the document that is either censored or contains a different message than the actual message being requested.

Compliance should be required anyway as per the law, and since it already apparently leaked they should have no problems in doing so because people already know what it should say.

Pages: prev1 [2] 3 4 5 6 7 ... 13next