All posts by mfeilner

Keylength.com: Which Key length/cipher to use for a certain period of time

Reality update: Keylength – Compare all Methods … :

This web site implements mathematical formulas and summarizes reports from well-known organizations allowing you to quickly evaluate the minimum security requirements for your system. You can also easily compare all these techniques and find the appropriate key length for your desired level of protection. The lengths provided here are designed to resist mathematic attacks; they do not take algorithmic attacks, hardware flaws, etc. into account.

Quick PDF conversion with convert blocked? [Solved]

Very recently I had to convert a PDF (i.e. concatenate three PDFs into one file) and I was blocked for security reasons. 

convert *pdf complete.pdf usually adds the files it finds in alphanumerical order to complete.pdf.

But not this time: 

“convert: attempt to perform an operation not allowed by the security policy `PDF’ @ error/constitute.c/IsCoderAuthorized/408.”

Googling helped, as it often does, and I found this hint at [Imagemagick security policy ‘PDF’ blocking conversion – Stack Overflow] … :

Well, I added

  <policy domain=”coder” rights=”read | write” pattern=”PDF” />

I added just before in /etc/ImageMagick-7/policy.xml and that makes it work again, but not sure about the security implications of that.”

A comment says that was a Ghostscript vulnerability, but new gs-versions are fine. Let’s hope that’s true…:-)

Update: 

Since the convert process resulted in bad quality (after I applied the changes above), I had to do some more homework and play with the values of this convert command: 

convert -density 200 -trim [Input_PDF_Files]* -quality 50 output.pdf

In my setup, that ends up with decent quality but 2.5 MByte per page. 

 

Studie zu Digitalem Stress in Deutschland

https://www.boeckler.de/pdf/p_fofoe_WP_101_2018.pdf

“Digitaler Stress in Deutschland – Eine Befragung von Erwerbstätigen zu Belastung und Beanspruchung durch Arbeit mit digitalen Technologien.”

Digitaler Stress: “Stresserleben, welches aus dem Unvermögen eines Individuums resultiert, mit neuer Technologie in einer gesunden Art umzugehen (Brod 1982).”

“Kernergebnis 6:

Frauen arbeiten an digitalisierteren Arbeitsplätzen, sehen sich als kompetenter an und haben ein höheres Level an digitalem Stress als Männer. Frauen nutzen im Durchschnitt 14 unterschiedliche Technologien am Arbeitsplatz, während Männer nur von durchschnittlich 12 digitalen Technologien am Arbeitsplatz umgeben sind.” 

“Kernergebnis 8:

Die mit Verunsicherung im Umgang mit digitalen Technologien wird als größter Stressor wahrgenommen, aber auch Unzuverlässigkeit, Überflutung, Verunsicherung, Komplexität, Omni- und Dauerpräsenz. Mehr als ein Drittel der befragten Arbeit nehmer (37,5 %) empfinden ein hohes Maß an Unsicherheit. Demgegenüber empfinden nur 12,7 % ein hohes Maß an Omni- und Dauerpräsenz der Technologien, die somit unter allen sechs Faktoren von digitalem Stress am schwächsten eingeschätzt wird.”

Stichworte:

25% häufiger Kopfschmerzen hat, wer hohen digitalen Stress hat (im Vergleich zu Arbeitnehmern mit normalem Stress)

Digitaler Stress geht mit starkem Konflikt bezüglich der Work-Life-Balance einher (i.e. er wirkt sich auch stark auf das Privatleben aus)

Über 64jährige haben am wenigsten Digitalen Stress, am meisten haben die 35-44 jährigen und die darauf folgenden Jahrgänge. 

22% ist der Anteil der Varianz in emotionaler Erschöpfung, der durch digitalen Stress erklärt werden kann.

The Evolution of the Concept of Semantic Web in Wikipedia

… : Publications | Free Full-Text | The Evolution of the Concept of Semantic Web in the Context of Wikipedia: An Exploratory Approach to Study the Collective Conceptualization in a Digital Collaborative Environment | HTML … :

Based on Dahlberg’s theory of concept, and anchored in the pragmatism of Hjørland—in which the concepts are socially negotiated meanings—the evolution of the concept of semantic web (SW) was analyzed in the English version of Wikipedia. An exploratory, descriptive, and qualitative study was designed and we identified 26 different definitions (between 12 July 2001 and 31 December 2017), of which eight are of particular relevance for their duration, with the latter being the two recorded at the end of the analyzed period.

ECCploit … nice…

… : ecc-rh-paper-eccploit-press-preprint.pdf … :

To address the second challenge, we present ECCploit, a new Rowhammer attack based on composable, data-controlled bit flips and a novel side channel in the ECC memory controller. We show that, while ECC memory does reduce the attack surface for Rowhammer, ECCploit still allows an attacker to mount reliable Rowhammer attacks against vulnerable ECC memory on a variety of systems and configurations.

Thx to Fefe. 

Krypto-pr – Do you Legally “own” with Bitcoin?

Things I read…: ” Short introduction to krypto-property by Preston Byrne”

https://prestonbyrne.com/2018/11/23/krypto_property/

Wrapping up, the reason that the matter of Bitcoin’s ultimate classification as property hasn’t come up yet is because, in common practice, ownership  disputes are resolved at a higher conceptual level than inquiring about the “nature of a bitcoin itself” – when I deposit coins at an exchange, e.g., it ought to be pretty clear from the exchange’s TOS that if I have a balance on the exchange, I can ask the exchange to spend an amount equal to that balance back to me on request and, if they fail to do so, I can ask a court to force the exchange to render specific performance or pay damages. A dispute of that kind, of which there have been many, doesn’t ask at what point title transferred and what the fundamental nature of that title is, because it doesn’t have to. It looks instead at the contractual obligations between the counterparties and whether those obligations were satisfactorily performed.

One could write chapter and verse comparing these two jurisdictions and their treatment of Bitcoin as an asset. That said, it’s a Friday night and I have places to be, so for now it will have to suffice to say only that the question has no answer and at some point, probably sooner rather than later, there is going to be a case that explores these fundamental issues (I am frankly shocked that Oxford v. Moss hasn’t been raised yet in any of the UK-based Bitcoin fraud prosecutions).

I look forward to reading those decisions.”

“The Decline and Fall of the Zuckerberg Empire”

http://nymag.com/intelligencer/2018/11/the-decline-and-fall-of-the-zuckerberg-empire.html

A 6,000-word report published in the New York Times last week disclosed in humiliating detailthe lengths to which Facebook has gone to protect its dominance and attack its critics. As various interlocking crises concerning hate speech, misinformation, and data privacy widened, top executives ignored, and then kept secret, evidence that the platform had become a vector for misinformation campaigns

(…)
Over the past year, I’ve spent time trying to wean myself off tech mega-platforms, generally with little success. Google’s search, for all my complaints, is still the best way for me to navigate the internet; Amazon is still so unbelievably convenient that the thought of quitting it exhausts me. But I logged out of Facebook more than a year ago and have logged back in fewer than a dozen times since. Checking Facebook had been a daily habit, but it also hadn’t improved my life or made itself necessary. Not many Roman plebes would have said that about the Pax Romana. Some empires fall because they’re invaded from the outside or rot from within. Zuckerberg’s could be the first in history to collapse simply because its citizens logged out.