Kal Zekdor’s Techdirt Profile


About Kal Zekdor

Kal Zekdor’s Comments comment rss

  • Mar 23rd, 2015 @ 1:35pm

    Re: Cloudflare Certificates

    Techdirt should really know better. This is tabloid (or cable news) level bullshit. The only revelation here is that the campaign website uses Cloudflare. Good for them, Cloudflare knows what they're doing. The SSL certs used by CF often serve multiple websites. That's all that's going on here. It has nothing to do with Ted Cruz, and little to do with Cloudflare.

    I'm disappointed.

  • Mar 20th, 2015 @ 9:11pm

    Mitigation, not Prevention

    Cisco's plan makes a lot of assumptions about the NSA's capabilities, most of which aren't particularly sound...

    I don't agree. Cisco is well aware of NSA capabilities, and they know that this plan isn't enough to prevent tampering en route. With enough tracking/surveillance/infiltration of Cisco operations/personnel, the NSA can and likely will still find, intercept, and tamper with intended targets.

    In that case, why did Cisco bother? Two reasons. First, which was touched on in the article, is to simply make a statement. They are proclaiming to the world and to the NSA that they're not willing to sit idly by while the surveillance state drives their reputation (and their bottom line) into the ground. This is a symbolic protest as much as an actual mitigation.

    Second, yes, this is a mitigation. These precautions won't make it impossible for resourceful (in both meanings) third parties to intercept equipment, but they will make it more difficult, and thus costlier. Even the NSA only has so many man-hours it can direct. If it now takes twice as many man-hours (an over-estimation, I'm sure, but no matter) in order to backdoor a router en route, then they are only able to do so half as often.

    Cisco, or any US based company, can only do so much to thwart the surveillance state. Any pushback, however minor or symbolic, is to be applauded. On the same note, any willful collusion should be considered a betrayal of their customers, and the public at large.

  • Mar 4th, 2015 @ 3:50pm

    Re: Re: grammar bugaboo

    Though, I'd like to point out that the first parenthetical in his post follows a full stop, and encapsulates a discrete sentence. In informal grammar, this indicates an aside, a thought tangentially related to the current topic, but not fitting in the paragraph flow. (Yes, in case you were wondering, I am enjoying myself.) It is perfectly valid, though, again, less than formal.

  • Mar 4th, 2015 @ 3:34pm

    Re: Re: grammar bugaboo

    Over a century, in fact.

  • Mar 4th, 2015 @ 3:32pm

    Re: grammar bugaboo

    It's acceptable semi-formal grammar, though "So" should most correctly be followed by a comma, as it is being used as an opening interjection.

    "So" as a magnifier is what annoys me: "This is so annoying."

    So, it appears that the logomachists are out in force today.

  • Mar 4th, 2015 @ 12:38am

    Re: Nothing "disappointing" here

    I don't know where you've been living, but cars that lock themselves automatically are most certainly a thing.

  • Mar 3rd, 2015 @ 4:13pm

    Disappointing is the word.

    The main performance bottleneck on encrypting these devices is caused be the lack of a dedicated hardware encryption chip. That costs money, and necessitates a major hardware redesign. So they tried software FDE, which has performance costs. The performance drag was too great, so they complained to Google.

    Google quietly backpedaled their encryption requirement. Not permanently (at least according to them), but just an extension to give the manufacturers more time to meet the requirement.

    So... disappointing is the word. Especially how Google loudly boasted about always on encryption, but was nearly silent about pushing back the requirement.

  • Feb 23rd, 2015 @ 6:40am

    Re: hmmm

    Don't forget ftp://*.*/*

    Hell,just go with ip://*.*.*.*:* and shut down the entire internet! That'll surely cause sales to pick up!

  • Feb 23rd, 2015 @ 6:24am

    40 out of 95

    Wow... Of the 95 "infringing" urls in that link, I have been to at least 40. My day to day job as a software developer has me using at least a dozen of those just to get anything done.

    Utterly absurd.

  • Feb 19th, 2015 @ 2:54pm

    Hard Drive Firmware

    It is certainly feasible that the NSA did not need access to the firmware source code in order to pull off these kind of attacks. Ars Technica has an article explaining. These drives use standard debugging interfaces, and, with a bit of work, anybody with the right skill set can reverse engineer the firmware.

    That's not to say that the NSA didn't have access to the firmware source. They certainly could get at it if they wanted. Just that they did not necessarily need the source in order to write this kind of malware.

  • Feb 19th, 2015 @ 7:47am

    Re: Re: Re: Re: Re: Re: Domino Theory Isn't Right

    Since competition doesn't exist, and because they're trying to charge me and everyone else for imaginary resources, I believe they are engaged in anti-consumer, monopolistic, behavior that is not required for the health of the network or for their own business requirements and therefore should be regulated.

    Yeah, that's the crux of the matter right there. If there were real competition in the sector this sort of activity would be fine. Arbitrary limits on usage can reduce network saturation. The result for the end consumer is a less useful and more expensive service, but that would be fine, if there were alternatives.

    However, ISPs (both wired and wireless) have spent the last two decades or more deeply entrenching themselves. The networks they operate were often subsidized, at Federal, State, and Local levels. They have spent millions of dollars lobbying (successfully) for anti-competitive laws of their own design. They have either natural or government (Local or State) granted monopolies in most of the regions they operate in. They collaborate with their so-called competitors, dividing territory and colluding on prices and practices. All while providing what few would disagree is a basic necessity of modern life.

    When all the significant providers of a necessary service engage in collusion and anti-consumer behavior, it is, and rightfully should be, time to regulate that industry. I don't lightly suggest regulation. Careless or unnecessary regulation can have enormous costs and serious repercussions. However, ISPs have shown time and again that, like the banking industry, they will engage in anti-consumer behavior for so long as they are permitted to do so. It's time to tell them otherwise.

  • Jan 29th, 2015 @ 10:57pm


    Really MPAA? Really...? I mean, they've done some stupid shit... but... really? Just... facepalm...

  • Jan 28th, 2015 @ 10:43pm

    Insert Noodling Pun Here

    Add to that the fact that Fat Noodle has come back and demonstrated that they had come up with the concept for their restaurant in 2008, trademarked the name in 2012, and failed to hear a word from Chubby Noodle's lawyers for months, suggests the Fat Noodle lawyers might need to get their heads straight.

    Maybe that sentence has too many Noodles to be sure, but I think you meant to reference Chubby Noodle's lawyers as needing a good head straightening.

  • Jan 28th, 2015 @ 5:57pm

    Brain Games

    Just as IQ is really only a measure of how good you are at taking IQ tests, the only thing those brain games improve is your ability in that specific game. You might improve over time in that game, but that won't carry over into anything else.

  • Jan 24th, 2015 @ 8:16am

    Re: Re: Re: Re:

    That fuzziness or stretching sometimes makes it hard to make out fine details. E.g., when a character looks at phone. With lower quality video, all that you'll see is blurred letters.

    Higher quality video won't make a bad movie good, but it does enhance my enjoyment of a good movie.

    If you already have a movie in DVD format, there's no need to go out and buy a Blu-ray version. The increased quality is probably only worth ~$1-$3 (depending on how good the movie is), not the $20 you'll pay for a replacement.

  • Jan 24th, 2015 @ 6:00am

    Re: Re:

    It really all depends on the size of the screen you're viewing on, how far away it is, and how good your eyes are.

    In my experience (which will vary from person to person), at a viewing distance of 10-20 feet, I can't discern the differences between anything above 60ppi.

    Some data on various resolutions and minimum screen sizes (diagonal sizes of viewing area) to get >=60ppi (Assumes 16:9 monitor aspect ratio) :

    720x480 (DVD) - 15"
    1280x720 - 24.5"
    1920x1080 (HD) - 36.8"
    3840x2160 (UHD) - 73.6"

    I certainly don't get 4k, unless your TV takes up a wall. 1080p makes sense in some scenarios, but I usually go with 720p where available. My monitor is only 24", so I can't tell the difference between 1080p and 720p. Might as well save the bandwidth/space.

    If you're curious, here's the equation I use:

    sqrt( (vidHorRes * vidVertRes) / (0.425 * minPPI^2) ) = minReqMonitorSize

    Alternatively, with a fixed monitor size (useful for determining what quality video to use):

    0.425 * minPPI^2 * diagMonitorSize^2 = vidHorRes * vidVertRes

    These equations assume a monitor aspect ratio of 16:9. If anyone wants them for a different aspect ratio (or a generalized form) ask for it.

  • Jan 13th, 2015 @ 12:41am

    Re: Re:

    "(Source: 14 years of research into domain registration patterns and what's likely the largest database of abusive domains.)"

    Oh yeah, the old "I won't provide my sources or credentials but I *know* and you just have to believe me". That's always a good argument. /s

    Eh... I think I'll take him at his word on that. I've worked for a registrar before, and a common pattern of domains that show up in the abuse department is that most used the private registration service.

    The problem is, there's a huge selection bias in his sample. He's seeing only those domains that cause problems, not the copious quantities of private domains registered for legitimate privacy / anti-spam (digital and physical) reasons.

  • Jan 12th, 2015 @ 7:52pm

    Re: Re:

    I get what you're trying to say, but it's not exactly accurate.

    Registering a domain requires registering a valid point of contact with ICANN. A "privately registered domain" is really another entity (usually the registrar, such as Go Daddy) putting themselves as the point of contact, and then forwarding you any correspondence (digital or otherwise) associated with that domain.

    What you're paying for is the cost of that forwarding. Some companies may tack some profit on there, which is a bit reprehensible, but it's not as if it's a zero-cost thing.

  • Jan 5th, 2015 @ 8:24am

    Re: A fundemental misunderstaning of the subject.

    There is no such thing as absolute security. Period, full stop. It doesn't matter how big or how small the target is.

    That said, why should NDT know better? He's not a security expert, he isn't even in the IT field. He's a frakking astrophysicist. Because he's a celebrity, suddenly that means he has to be absolutely accurate 100% of the time, without leaving any room in his statements for misinterpretation? Just as the only unhackable system is one that doesn't exist, the only person who hasn't made a mistake in his statements is one that has never spoken. Why are people surprised that he's human? Why attack him just because he isn't infallible, when he never claimed to be?

    The basic premise of NDT's statement is sound, even if he screwed up in the delivery.

  • Jan 5th, 2015 @ 6:42am


    Just add Dihydrogen Monoxide, it's a universal solvent.

More comments from Kal Zekdor >>