You are hereFeed aggregator
XKCDblog - 2014, May 30 - 11:17
Back in early March, I posted comic #1337, Hack, about a wayward spacecraft. ISEE-3/ICE was returning to fly past Earth after many decades of wandering through space. It was still operational, and could potentially be sent on a new mission, but NASA no longer had the equipment to talk to it—and announced that reconstructing the equipment would be too difficult and expensive.
ISEE-3 is just a machine, but it’s a machine we sent on an incredible journey; to have it return home to find our door closed seemed sad to me. In my comic, I imagined a group of internet space enthusiasts banding together to find a way to take control of the probe—although I figured this was just a hopeful fantasy.
I wasn’t the only one who liked the idea of “rescuing” ISEE-3. In April, Dennis Wingo and Keith Cowing put up a crowdfunding project on RocketHub to try to learn how the lost communications systems worked, reconstruct working versions of them, obtain use of a powerful enough antenna, and commandeer the spacecraft. It seemed like an awfully long shot, but I contributed anyway.
Well, yesterday, Cowing and his team announced, from the Arecibo radio telescope in Puerto Rico, that they are now in command of the ISEE-3 spacecraft.
Congratulations to the team, and good luck with your new spaceship! Watch out for hackers.
Cory Doctorow - 2014, May 30 - 08:45
Once again, it's time for the Clarion Writers Workshop writeathon - we need writers and sponsors to help fund the Clarion Workshop, the respected, long-running science fiction writers' bootcamp. A writeathon is just what is sounds like: a fundraiser where writers ask their friends to sponsor their writing. I'm writing 1,000 words a day, five days a week, on UTOPIA (working tile), a novel for adults: you can sponsor me here. (Disclosure: I'm proud to volunteer as a board member for the 501(c)3 nonprofit Clarion Foundation)
Steve Gibson - 2014, May 29 - 07:51
As I wrote yesterday, we know virtually nothing about the developer(s) behind TrueCrypt. So any speculation we entertain about their feelings, motives, or thought processes can only be a reflection of our own. With that acknowledgement, I’ll share the letter I think they might have written:
TrueCrypt is software. Frankly, it’s incredibly great software. It’s large, complex and multi-platform. It has been painstakingly designed and implemented to provide the best security available anywhere. And it does. It is the best and most secure software modern computer science has been able to create. It is a miracle, and a gift, and it has been a labor of love we have toiled away, thanklessly for a decade, to provide to the world… for free.
TrueCrypt is open source. Anyone could verify it, trust it, give back, contribute time, talent or money and help it to flourish. But no one has helped. Most just use it, question it and criticize it, while requiring it to be free, and complaining when it doesn’t work with this or that new system.
After ten years of this mostly thankless and anonymous work, we’re tired. We’ve done our part. We have what we want. And we feel good about what we have created and freely given. Do we use it? Hell yes. As far as we know, TrueCrypt is utterly uncrackable, and plenty of real world experience, and ruthlessly still-protected drives, back up that belief.
But hard drives have finally exceeded the traditional MBR partition table’s 32-bit sector count. 2.2 terabytes is not enough. So the world is moving to the GPT. But we’re not. We’re done. You’re on your own now. No more free lunch.
We’re not bitter. Mostly we’re just tired and done with TrueCrypt. Like we wrote above, as far as we know today, it is a flawless expression of cryptographic software art. And we’re very proud of it. But TrueCrypt, which we love, has been an obligation hanging over our heads for so long that we’ve decided to not only shut it down, but to shoot it in the head. If you believe we’re not shooting blanks you may want to switch to something else. Our point is, now, finally, it’s on you, not us.
Good luck with your NSA, CIA, and FBI.Please also see Brad Kovach’s blog posting about this topic. Very useful.
Steve Gibson - 2014, May 28 - 16:15
My guess is that the TrueCrypt self-takedown
is going to turn out to be legitimate.
We know NOTHING about the developers behind TrueCrypt.
Research Professor Matthew Green, Johns Hopkins Cryptographer who recently helped to launch the TrueCrypt Audit, is currently as clueless as anyone. But his recent tweets indicate that he has come to the same conclusion that I have:
- I have no idea what’s up with the Truecrypt site, or what ‘security issues’ they’re talking about.
- I sent an email to our contact at Truecrypt. I’m not holding my breath though.
- The sad thing is that after all this time I was just starting to like Truecrypt. I hope someone forks it if this is for real.
- The audit did not find anything — or rather, nothing that we haven’t already published.
- The anonymous Truecrypt dev team, from their submarine hideout. I emailed. No response. Takes a while for email to reach the sub.
- I think it unlikely that an unknown hacker (a) identified the Truecrypt devs, (b) stole their signing key, (c) hacked their site.
- Unlikely is not the same as impossible. So it’s *possible* that this whole thing is a hoax. I just doubt it.
- But more to the point, if the Truecrypt signing key was stolen & and the TC devs can’t let us know — that’s reason enough to be cautious.
- Last I heard from Truecrypt: “We are looking forward to results of phase 2 of your audit. Thank you very much for all your efforts again!”
I checked out the cryptographic (Authenticode) certificate used to sign the last known authentic version (v7.1a) of TrueCrypt, signed on Feb. 7th, 2012:
You’ll notice that nine months after being used to sign the v7.1a Windows executable the signing certificate expired (on November 9th of 2012.)
The just-created Windows executable version of TrueCrypt, v7.2, was signed on May 27th, 2014 with THIS certificate:
You’ll notice that the certificate which signed it was minted on August 24th of 2012, a few months before the previous certificate was due to expire, just like we’d expect, and also by the same CA (GlobalSign), though having a longer public key (4096 bits). This all exactly passes the smell test.
In a comment below, Taylor Hornby of Defuse Security noted that “The GPG signatures of the files also check out. The key used to sign them is the same as the one that was used to sign the 7.1a files I downloaded months ago.” So, again, this speaks of either a willful and deliberate act by the developers, or a rather stunning compromise of their own security. While, yes, the latter is possible, it seems much more likely, if also much less welcome, that TrueCrypt has been completely abandoned by its creators.
So, given the scant evidence, I think it’s much more likely that the TrueCrypt team – whomever they are – legitimately created this updated Windows executable and other files which would imply that they also took down their long-running TrueCrypt site.
Which, of course, leaves us asking why? We don’t know because we don’t know anything about them or their motives. They might be in Russia or China where Windows XP is still a big deal (with a more than 50% share) and personally annoyed with Microsoft for cutting off support for Windows XP. Or anything else.
What’s creepy is that we may never know.
Cory Doctorow - 2014, May 27 - 23:53
I was on American Public Media’s Marketplace yesterday talking (MP3) about our posting of a rarer-than-rare Disney treasure, the never-before-seen original prospectus for Disneyland, scanned before it was sold to noted jerkface Glenn Beck, who has squirreled it away in his private Scrooge McDuck vault.
Another Chance to See - 2014, March 2 - 18:12
Sirocco Kakapo (@Spokesbird) tweeted at 1:31 PM on Sun, Mar 02, 2014: Boom! Cheeping can be heard from inside Lisa's crushed-but-taped-up egg! Claws crossed for some good news today: (https://twitter.com/Spokesbird/status/440192597105971201)
--- Originally published at http://www.anotherchancetosee.com
Another Chance to See - 2014, March 2 - 18:09
Sirocco Kakapo (@Spokesbird) tweeted at 7:43 PM on Sun, Mar 02, 2014:Skraaarrrk! I'm so very pleased to introduce you to the very first kākāpō chick of 2014: (https://twitter.com/Spokesbird/status/440286273073201152)
--- Originally published at http://www.anotherchancetosee.com
Another Chance to See - 2014, February 26 - 10:18
This year's lecture is March 11th at 7:30pm. For more information please visit this page at Save The Rhino: The Science of Harry Potter and the Mathematics of The SimpsonsThis year's lecture will explore a theme close to the hearts of many of Douglas' fans. We will be exploring science in fiction, taking a closer look at two popular fictional worlds - Harry Potter and the Simpsons - and exploring the science within.--- Originally published at http://www.anotherchancetosee.com
NMR blog - 2014, February 10 - 17:00
Review of an important new NMR technique requiring special data evaluation.
NMR blog - 2014, February 7 - 17:00
Slides of a Talk presented at a GIDRM Workshop in Bari (Italy).
Another Chance to See - 2014, February 4 - 14:27
Exciting news from the DOC blog. The first kakapo eggs in three years have been discovered by rangers on Codfish Island/Whenua Hou. The two nests that have been found so far belong to Lisa, an experienced kākāpō mum, and Tumeke who has bred before but had infertile eggs.--- Originally published at http://www.anotherchancetosee.com
NMR blog - 2014, January 24 - 17:00
Slides of a Talk presented at a Spanish NMR Discussion Group meeting.
NMR blog - 2014, January 21 - 17:00
A poster analyzing the milestones met and the challenges looming ahead.
NMR blog - 2014, January 20 - 17:00
A new approach to Magnetic Resonance Spectroscopy in medicine.
NMR blog - 2014, January 18 - 17:00
A 2012 ENC poster+talk about a physical conjecture is available online.
NMR blog - 2014, January 16 - 17:00
A nice and novel application of NMR in clinical medicine (2012 poster).
NMR blog - 2014, January 15 - 17:00
A 2012 ENC poster about quality-control using Mnova software goes online.