| ▲ | cesarb 3 hours ago |
| > Any power users who prefer their own key management should follow the steps to enable Bitlocker without uploading keys to a connected Microsoft account. Once the feature exists, it's much easier to use it by accident. A finger slip, a bug in a Windows update, or even a cosmic ray flipping the "do not upload" bit in memory, could all lead to the key being accidentally uploaded. And it's a silent failure: the security properties of the system have changed without any visible indication that it happened. |
|
| ▲ | jollyllama 2 hours ago | parent | next [-] |
| There's a lot of sibling comments to mine here that are reading this literally, but instead, I would suggest the following reading: "I never selected that option!" "Huh, must have been a cosmic ray that uploaded your keys ;) Modern OS updates never obliterate user-chosen configurations" |
| |
|
| ▲ | bobbob1921 2 hours ago | parent | prev | next [-] |
| This is correct, I also discovered while preparing several ThinkPads for a customer based on a Windows 11 image i made, that even if you have bitlocker disabled you may also need to check that hardware disk encryption is disabled as well (was enabled by default in my case). Although this is different from bitlocker in that the encryption key is stored in the TPM, it is something to be aware of as it may be unexpected. |
|
| ▲ | Aurornis 3 hours ago | parent | prev | next [-] |
| If users are so paranoid that they worry about a cosmic ray bit flipping their computer into betraying them, they're probably not using a Microsoft account at all with their Windows PC. |
| |
| ▲ | SoftTalker 2 hours ago | parent | next [-] | | If your security requirements are such that you need to worry about legally-issued search warrants, you should not connect your computer to the internet. Especially if it's running Windows. | | |
| ▲ | direwolf20 2 hours ago | parent | next [-] | | In the modern political environment, everyone should be worried about that. | | |
| ▲ | fc417fc802 an hour ago | parent [-] | | In all political environments everyone should be worried about that. The social temperature can change rapidly and you generally can't force a third party to destroy copies of your things in a reliable manner. |
| |
| ▲ | zhengyi13 an hour ago | parent | prev | next [-] | | Right, this is just a variation on "If you have nothing to hide..." ETA: You're not wrong; folk who have specific, legitimate opsec concerns shouldn't be using certain tools. I just initially read your post a certain way. Apologies if it feels like I put words in your mouth. | |
| ▲ | oskarw85 2 hours ago | parent | prev | next [-] | | Because all cops are honest, all warrants are lawful and nothing worrying happens in the land of freedom right now. | |
| ▲ | qmr 2 hours ago | parent | prev [-] | | Appeal to the law fallacy. |
| |
| ▲ | spixy an hour ago | parent | prev [-] | | and use ECC memory |
|
|
| ▲ | tokyobreakfast 3 hours ago | parent | prev | next [-] |
| >even a cosmic ray flipping the "do not upload" bit in memory Stats on this very likely scenario? |
| |
| ▲ | strbean 3 hours ago | parent | next [-] | | > IBM estimated in 1996 that one error per month per 256 MiB of RAM was expected for a desktop computer. From the wikipedia article on "Soft error", if anyone wants to extrapolate. | | |
| ▲ | d1sxeyes 2 hours ago | parent [-] | | That makes it vanishingly unlikely. On a 16GB RAM computer with that rate, you can expect 64 random bit flips per month. So roughly you could expect this happen roughly once every two hundred million years. Assuming there are about 2 billion Windows computers in use, that’s about 10 computers a year that experience this bit flip. | | |
| ▲ | eszed 2 hours ago | parent [-] | | > 10 computers a year experience this bit flip That's wildly more than I would have naively expected to experience a specific bit-flip. Wow! | | |
| ▲ | mapontosevenths an hour ago | parent [-] | | Scale makes the uncommon common. Remember kids, if she's one in a million that means there are 11 of her in Ohio alone. |
|
|
| |
| ▲ | homebrewer 3 hours ago | parent | prev | next [-] | | Given enough computers, anything will happen. Apparently enough bit flips happen in domains (or their DNS resolution) that registering domains one bit away from the most popular ones (e.g. something like gnogle.com for google.com) might be worth it for bad actors. There was a story a few years ago, but I can't find it right now; perhaps someone will link it. | | |
| ▲ | pixl97 3 hours ago | parent | next [-] | | https://www.youtube.com/watch?v=aT7mnSstKGs Was in DEFCON19. | | | |
| ▲ | lanyard-textile 2 hours ago | parent | prev [-] | | A very old game speedrun -- of the era that speedruns weren't really a "thing" like they are today -- apparently greatly benefited from a hardware bit flip, and it was only recently discovered. Can't find an explanatory video though :( | | |
| ▲ | direwolf20 2 hours ago | parent [-] | | The Tick Tock Clock upwarp in Super Mario 64. All evidence that exists of it happening is a video recording. The most similar recording was generated by flipping a single bit in Mario's Y position, compared to other possibilities that were tested, such as warping Mario up to the closest ceiling directly above him. | | |
| ▲ | tavavex an hour ago | parent [-] | | I'm pretty sure that while no one knows the cause definitively, many people agreed that the far more likely explanation for the bit change was a hardware fault (memory error, bad cartridge connection or something similar) or other, more powerful sources of interference. The player that recorded the upwarp had stated that they often needed to tilt the cartridge to get the game to run, showing that the connection had already degraded. The odds of it being caused by a cosmic ray single-event upset seem to be vanishingly low, especially since similar (but not identical) errors have already been recorded on the N64. |
|
|
| |
| ▲ | drysine 2 hours ago | parent | prev | next [-] | | At google "more than 8% of DIMM memory modules were affected by errors per year" [0] More on the topic: Single-event upset[1] [0] https://en.wikipedia.org/wiki/ECC_memory [1] https://en.wikipedia.org/wiki/Single-event_upset | |
| ▲ | halfmatthalfcat 3 hours ago | parent | prev [-] | | It's "HN-likely" which translates to "almost never" in reality. | | |
| ▲ | Supermancho an hour ago | parent | next [-] | | Happens all the time, in reality (even on the darkside). When the atmosphere fails (again, happening all the time), error correction usually handles the errant bits. | |
| ▲ | patja 3 hours ago | parent | prev | next [-] | | Especially since HN readers are more likely to be using ECC memory | |
| ▲ | smegger001 3 hours ago | parent | prev [-] | | if cosmic ray bit flips were so rare then ecc ram wouldn't be a thing. | | |
| ▲ | Sayrus 3 hours ago | parent [-] | | ECC protects against more events than cosmic rays. Those events are much more likely, for instance magnetic/electric interferences or chip issues. | | |
| ▲ | direwolf20 2 hours ago | parent | next [-] | | Those random unexplainable events are also referred to casually as "cosmic rays" | |
| ▲ | wang_li 2 hours ago | parent | prev [-] | | In the 2010 era of RAM density, random bit flips were really uncommon. I worked with over a thousand systems which would report ECC errors when they happen and the only memorable events at all were actual DIMM failures. Also, around 1999-2000, Sun blamed cosmic rays for bit flips for random crashes with their UltraSPARC II CPU modules. | | |
| ▲ | mapontosevenths an hour ago | parent [-] | | > actual DIMM failures. Yep, hardware failures, electrical glitches, EM interference... All things that actually happen to actual people every single day in truly enormous numbers. It ain't cosmic rays, but the consequences are still flipped bits. |
|
|
|
|
|
|
| ▲ | egorfine 2 hours ago | parent | prev | next [-] |
| Oh, no accidents needed. Microsoft will soon forcibly extract and upload keys to their servers. Before you downvote, please entertain this one question: have you been able to predict that mandatory identification of online users under the guise of protecting children would literally be implemented in leading western countries in such a quick fashion? If you were, then upvote my comment instead because you know that will happen. If you couldn't even imagine this say in 2023 - then upvote my comment instead because neither you can imagine mandatory key extraction. |
| |
| ▲ | zdragnar 2 hours ago | parent [-] | | I can't believe it took this long. We have mandatory identification for all kinds of things that are illegal to purchase or engage in under a certain age. Nobody wants to prosecute 12 year old kids for lying when the clicked the "I am at least 13 years old" checkbox when registering an account. The only alternative is to do what we do with R-rated movies, alcohol, tobacco, firearms, risky physical activities (i.e. bungee jumping liability waiver) etc... we put the onus of verifying identification on the suppliers. I've always imagined this was inevitable. | | |
| ▲ | thewebguyd 2 hours ago | parent | next [-] | | The problem is the implementation is hasty. When I go buy a beer at the gas station, all I do is show my ID to the cashier. They look at it to verify DOB and then that's it. No information is stored permanently in some database that's going to get hacked and leaked. We can't trust every private company that now has to verify age to not store that information with whatever questionable security. If we aren't going to do a national registry that services can query to get back only a "yes or no" on whether a user is of age or not, then we need regulation to prevent the storage of ID information. We should still be able to verify age while remaining psuedo-anonymous. | | |
| ▲ | dragonwriter 7 minutes ago | parent | next [-] | | > If we aren't going to do a national registry that services can query to get back only a "yes or no" on whether a user is of age or not And note that if we are, the records of the request to that database are an even bigger privacy timebomb than those of any given provider, just waiting for malicious actors with access to government records. | |
| ▲ | criddell 43 minutes ago | parent | prev | next [-] | | > When I go buy a beer at the gas station, all I do is show my ID to the cashier. They look at it to verify DOB and then that's it. No information is stored permanently in some database that's going to get hacked and leaked. Beer, sure. But if you buy certain decongestants, they do log your ID. At least that's the case in Texas. | | |
| ▲ | dragonwriter 6 minutes ago | parent [-] | | > But if you buy certain decongestants, they do log your ID. Yeah, but many people don't actually think War on Drugs policies are a model for civil liberties that should be extended beyond that domain (or, in many cases, even tolerated in that domain.) That policy has been effective, I guess, in promoting the sales of alternative “decongestants” (that don't actually work), though it did little to curb use and harms from the drugs it was supposed to control by attacking supply. |
| |
| ▲ | xp84 an hour ago | parent | prev [-] | | We should easily be able to, but the problem of tech illiteracy is probably our main barrier. To build such a system you’d need to issue those credentials to the end users. Those users in turn would eagerly believe conspiracy theories that the digital ID system was actually stealing their data or making it available to MORE parties instead of fewer (compared to using those ID verification services we have today). |
| |
| ▲ | tavavex an hour ago | parent | prev [-] | | I don't think that's quite right. The age-gating of the internet is part of a brand new push, it's not just patching up a hole in an existing framework. At least in my Western country, all age-verified activities were things that could've put someone in direct, obvious danger - drugs, guns, licensing for something that could be dangerous, and so on. In the past, the 'control' of things that were just information was illusory. Movie theaters have policies not to let kids see high-rated movies, but they're not strictly legally required to do so. Video game stores may be bound by agreements or policy not to sell certain games to children, but these barriers were self-imposed, not driven by law. Pornography has really been the only exception I can think of. So, demanding age verification to be able to access large swaths of the internet (in some cases including things as broad as social media, and similar) is a huge expansion on what was in the past, instead of just them closing up some loopholes. |
|
|
|
| ▲ | gruez 3 hours ago | parent | prev [-] |
| >A finger slip, a bug in a Windows update, or even a cosmic ray flipping the "do not upload" bit in memory, could all lead to the key being accidentally uploaded. This is absurd, because it's basically a generic argument about any sort of feature that vaguely reduces privacy. Sorry guys, we can't have automated backups in windows (even opt in!), because if the feature exists, a random bitflip can cause everything to be uploaded to microsoft against the user's will. |
| |
| ▲ | redox99 2 hours ago | parent | next [-] | | Uploading your encryption keys is not just "any sort of feature". | | |
| ▲ | gruez 2 hours ago | parent [-] | | You're right, it's less intrusive than uploading your files directly, like a backup does. |
| |
| ▲ | salawat 2 hours ago | parent | prev [-] | | What part of "We can't have nice things" do you not understand? | | |
| ▲ | gruez 2 hours ago | parent [-] | | The part where you're asking me about the phrase when it's not been used anywhere in this thread prior to your comment. |
|
|
