* Posts by Charles 9

8570 posts • joined 10 Jun 2009

PGP Zimmermann: 'You want privacy? Well privacy costs MONEY'

Charles 9
Silver badge

Re: Privacy doesn't cost money

And guess what? Effort and comfort have a price, too: either in money or time (then again, time is money, too).

0
0
Charles 9
Silver badge

Re: I dont mind...

Only nVidia cards do doubles at quarter speed. For a while now, AMD cards can do it at only half the speed of single, which at least makes sense.

0
0

Just give up: 123456 is still the world's most popular password

Charles 9
Silver badge

Re: 18atcskd2w

"So a mnemonic for a password could be a date at the top or bottom of a page followed by a numeric reference to some of the words. e.g. 170116-010608 for "StartSmileEvery" or 170118-050208 for "RightTimeWhat". As long as you don't write down the codes in the book or reference which book you are using it's strong enough."

Unless someone else gets THE SAME BOOK and figures it out. It's not like those diaries are one-of-a-kind. And as they say, one slip and it's Game Over...

0
2
Charles 9
Silver badge

Re: Just get a password manager..

Also, KeePass is GPL, so the source is openly available. Like with TrueCrypt, if the developer decides to abandon it, someone else will probably take it up.

0
0
Charles 9
Silver badge

Re: 18atcskd2w

It's got to be some kind of mnemonic, probably from a TV show or a piece of pulp fiction. That's why it escapes me at the moment.

But serious, this article tells me that the status quo is unacceptable. What it doesn't tell us is there's any practical solution in sight. If you can't fix Stupid, you have to work around it, but if Stupid demands unicorns, then what options are left apart from taking down the Internet or turning it into a Police State?

Sorta like how Churchill stated Democracy is the worst thing out there...barring everything else. Only thing he didn't answer was whether or Democracy was acceptable, because if it isn't...

0
0
Charles 9
Silver badge

Re: Any site just relying on passwords should be blamed instead

Plus people easily LOSE them. After all, they lose their PHYSICAL keys; what hope does a fob have?

1
0
Charles 9
Silver badge

Re: Don't Just Blame Users

"Teach them to use a password safe. That will allocate high entropy passwords and store them. You need never even have to read and type the password.

It means you always have to use your own PC? Even better."

That's assuming they OWN a PC? What if the ONLY PCs they use are communal?

1
0
Charles 9
Silver badge

Re: Don't Just Blame Users

"I understand that, my point was that if too-often password changes are mandated, the temptation is to use weaker passwords which are therefore more likely to be guessable. A slow password change policy, maybe even with auto-generated passwords, makes it more likely that the user will be willing to commit a strong password to memory, and make it less likely that that password is compromised between changes. I'm talking about someone trying to guess John Smith's passwords without any inside information."

But you assume people are guessing passwords instead of gleaning them. Mass guessing can usually be detected and noted as an attempt at an account (and handled accordingly), but an insider picking up on someone's password (reading the Post-It, for example) is much more insidious and the reason for change policy: because there usually won't be missed guesses in the latter, and since it's already internal, it's virtually indistinguishable from real attempts.

0
0
Charles 9
Silver badge

Re: what this tells me

Can't those STILL be used to glean information for social engineering? Not all sites will take fake info (plenty verify).

0
0
Charles 9
Silver badge

Re: Don't ask for a password, assign one

And if people keep forgetting their wallets? Or have trouble remembering even simple stuff like BIRTHDAYS?

0
2
Charles 9
Silver badge

Re: Any site just relying on passwords should be blamed instead

What about people WITH NO SECOND FACTORS?

2
0
Charles 9
Silver badge

Re: Just get a password manager..

But it's a point that ideally should never go online. Meaning breaking it would involve either pwning you local machine or cracking the algorithm. If they get your local machine, to throw a quote, "You're already dead." If they cracking the algorithm, there are bigger fish they'll be frying.

3
0
Charles 9
Silver badge

Re: Don't Just Blame Users

Because it limits the damage if the password is leaked but NOT KNOWN to be leaked. When the change comes, you either close the leak or you find out about it. Either outcome helps.

1
0

Father of Android II: A Hardware Comeback

Charles 9
Silver badge

Re: connector

But if the SD cards starts breaking, I can at least replace it. If the internal memory of a device breaks, the device is essentially bricked. That's why I ALWAYS insist storage and battery (the two least durable parts of the device from my experience) be user-replaceable.

And no manufacturer will be interested in an open standard because they KNOW they'll lose control of it, and this is ALL about control (they want to create the next walled garden; otherwise, why give a soaring screw?).

2
0

Google floats prototype Key Transparency to tackle secure swap woes

Charles 9
Silver badge

Re: Fuck this.

Simple. Use a THIRD Klingon-speaking pissed-up Cornish geezer.

0
0
Charles 9
Silver badge

Re: paranoid...not too much!

No, what we need to do is find a way to do things on the average person's level. That is, bad memories, often without second factors, and looking for turnkey solutions that involve little more than "click here once or twice". We have to make security no more difficult than finding and using the front door key. Otherwise, people won't bother, as experience demonstrates.

2
0

Mr Angry pays taxman with five wheelbarrows worth of loose change

Charles 9
Silver badge

Re: Common Sense Lobotomy

"Well yes, mainly because if you work for a government department and apply common sense rather than the letter of the rules sooner or later some idiot and his a******e lawyer will start a lawsuit and your neck will be on the block."

What happens when the lawyer simply sues on the grounds of interference BY playing by the book (IOW, using the letter to defeat the spirit)? Sounds like they can get you either way.

0
0
Charles 9
Silver badge

Re: El Reg, missed the point...

"They called it a "personal property tax", and you pay it if your parked in the state for more than 10 days (or some other arbitrary limit), EVEN ON PRIVATE LAND."

That's because PRIVATE LAND is still COMMONWEALTH land (Virginia is legally defined a Commonwealth). Their territory, their rules. It's sort of like why you have to pay Virginia sales tax when in Virginia even when you don't live there (that's why tourtist-heavy states like Florida and Nevada rely on these instead of income taxes).

2
0
Charles 9
Silver badge

Re: Is it legal?

There's no law preventing it; then again, there's no law forcing it, either. And since this is a live transaction, not a payment of debt, it's between the buyer and seller to determine what's acceptable and what's not.

Legal Tender laws ONLY apply to DEBTS. And while there are no limitations in the US (most likely due to First Amendment grounds--just like burning the flag, a protest payment can be construed as speech, so any law that attempts to do this could be challenged), the UK does impose limits on what denominations you can use to pay a debt.

4
0
Charles 9
Silver badge

Re: Weigh the coins

Legal Tender laws ONLY apply if there is a DEBT involved. Stores and ticket counters are allowed to refuse service, meaning no debt gets involved. Bills, OTOH, usually represent a debt UNLESS it is for services TO BE rendered (a PREpay versus POSTpay).

2
0

It's not just your browser: Your machine can be fingerprinted easily

Charles 9
Silver badge

Because a web page is no longer just a page. That bus left LONG ago and won't be coming back even if someone were to draft an HTML6 spec with all the stuff taken out. It's what the users want (and to most users, the WWW == The Internet and they refuse to see anything else), and that's what the users will get (they outvote you). We could've done remote graphical terminals a long time ago, but now it's way too late.

0
0
Charles 9
Silver badge

The TL;DR version: websites and network people have already mastered the art of de-anonymizing you in ways that cannot be easily disguised, such as by location narrowing, click habits (which can be timed and are based on instinctive habits that are hard to break), and assorted Turing Tests to filter out chaff clickers. IOW, if they REALLY want to find you out (and there's a financial motivation to do so), they'll find ways that can't be stopped without breaking the Internet. After all, a letter normally needs a return address, and that's crucial information on its own.

2
1
Charles 9
Silver badge

Re: Mine doesn't give that data.

But the IP would still be the same because it would go through YOUR router. I'm sure they'd catch on to those tricks and just lump them together by IP and behavioral patterns.

1
1
Charles 9
Silver badge

Re: Mine doesn't give that data.

"No we don't."

YOU don't, but you're outvoted.

5
13

TV anchor says live on-air 'Alexa, order me a dollhouse' – guess what happens next

Charles 9
Silver badge

Re: Alexa?

NO, so please enlighten us.

0
0
Charles 9
Silver badge

Re: Changing the name

If SRAM doesn't need refreshing, why does it need a battery backup? A ROM doesn't need electricity at all until you access it.

0
0

Six charged for 'hacking' lottery terminals to spew only winning tickets

Charles 9
Silver badge

Re: Picking winners and losers

Also, a print queue is never shown: only a running total of what's BEEN printed. Plus it NEVER reprints a ticket (at least, not one that's legal for turning in) unless it's a Remainder Ticket (turning in a winning multi-draw ticket with draws still to play; a Remainder Ticket is only good for the draws still to play). Jams, rare as they are, have to be resolved with the Lottery. Also, Fast Play games are never displayed: only printed, and each one is accompanied by a "cha-ching" sound effect so you can HEAR when the ticket is printed (a similar sound is played when a winner is scanned so you don't get scammed out of a winning ticket). As you can see, they go to great lengths to prevent cheating and scamming.

0
0
Charles 9
Silver badge

Re: Do the math ...

In the United States, gambling winnings are classed as income (definitely federal, state depends on which). Any winnings over $600 MUST be reported to the IRS (that's where Form 1099-G comes in); that's why those tickets have to be taken to regional offices. Amounts $5,000 and up are subject to withholding. And for jackpot games, you ARE allowed to take a "cash option". Think is, jackpot values are always based on annuities. You only get the listed value (minus taxes) if you take the jackpot as an annuity. Most winners, however, don't bother with it and take the immediate payout of about half the stated value (what would've gone into the annuity originally) because that gives them legal control over the money. Not only can they invest it as they see fit (usually in ways that beat the annuity rate), but it also allows for inheritance (jackpot annuities are almost universally listed as non-transferable; if you die before the annuity is up, it's void).

0
0

Oh, for F...acebook: Critics bash WhatsApp encryption 'backdoor'

Charles 9
Silver badge

"We've caught (you/your family member) doing something illegal (like hacking / not paying their taxes / hurting someone in a drink driving incident / drugs / being gay in a country where it's illegal). If you help us, we can make it go away. We'd hate for it to end in a 20 year jail sentence. Bad things can happen to people in jail."

And if the reply is, "I never liked my family anyway!" Because it turns out you're talking to a Black Sheep?

0
0

Anti-smut law dubs PCs, phones 'pornographic vendor machines', demands internet filters

Charles 9
Silver badge

Re: Hahahahahahaha

And yet they get voted in time and time again. What does that tell you?

0
0
Charles 9
Silver badge

Re: won't pass constitutional exam

Point is, it's neither universal nor guaranteed, and since this is state law, it would have to go before that state's court system first, THEN if they still disagree take it up before SCOTUS, and ONLY if they agree to look at it.

0
0
Charles 9
Silver badge

North Dakota is not a populous state. For many, driving out of state could be an all-day affair and involve filling up the tank a couple times. That alone would be more than the $20 removal fee.

1
0
Charles 9
Silver badge

Re: North Dakota is a very low population state

Forget the next state. I-29 is in North Dakota which goes through to Canada.

3
0

Backpage.com kills adult section, claims government censorship

Charles 9
Silver badge

Re: Many of you really missed this one

"Child prostitution or not, it is still illegal as hell to advertise prostitution anywhere in the US."

Under which law, and why doesn't Freedom of the Press apply for business agreements between consenting adults?

0
0
Charles 9
Silver badge

Re: Letter of the law

No because they tend to act in a cartel. Plus the companies you're talking about tend to be like utilities: requiring huge upfront infrastructure investments, so they heavily favor incumbents. Anyone else who tries to come in will either demand the same or won't touch it. There CAN be times when NO ONE will come in because the barrier of entry is too high.

0
0
Charles 9
Silver badge

Re: Letter of the law

The problem is that big companies keep a stick. If countries pressure them they can threaten to leave, denying them ALL tax revenues. Which would you rather have: 10% of something or 100% if nothing?

0
0
Charles 9
Silver badge

Re: Who on earth?

"How do these people look in a mirror in the morning? Do they tell their mothers what they do for a living?"

One, you're not familiar with sociopaths (they could look in the mirror AND SMIRK at what they're doing--the luzahs...). Two, who's to say their mothers weren't doing this to their own kids?

PS. Be careful about shooting on sight. Sociopaths are also the kind to take hostages and keep dead man's plans.

2
0

Peace-sign selfie fools menaced by fingerprint-harvesting tech

Charles 9
Silver badge

Re: Repeat after me...

A fingerprint is always on you unlike anything else you can think of.

A fingerprint is always on you unlike anything else you can think of.

A fingerprint is always on you unlike anything else you can think of.

What do you do when it's the ONLY thing you have to work with?

0
3
Charles 9
Silver badge

Re: Fingerprint readers don't read fingerprints

But what do you use when that's the ONLY thing you have to work with? The big thing about biometrics is that, barring an injury severe enough to basically put you out of work, they'll ALWAYS be there unlike anything else you can propose. People have TERRIBLE memories so WILL forget passwords no matter what the length (heck, people forget their own names and dates of birth--I speak firsthand). Plus people frequently have to wear clothes with no pockets or lanyards so have no way to store external credentials (plus if the security is high they may not be allowed to for sake of blocking hidden recording devices).

As for recording the impulses, I thought ATMs found a way out of this by black-boxing the scanners and only emitting encrypted streams that include timestamps or other nonces so no two reads produce the same signals, defeating replay attacks.

1
4
Charles 9
Silver badge

Thing is, they never verified if the photographed fingerprint was good enough to pass a scanner, and they weren't in a position to find out.

2
0

Tell us about that $1m horse, Mr Samsung: Bribery probe slips deep into South Korean giant

Charles 9
Silver badge

Re: Hmmm

And note it's spelled "oah" instead of "aoh". They didn't realize the mistake until it was too late.

1
0
Charles 9
Silver badge

Are you also forgoing LG and Hyundai as well, given they were also listed in this current scandal? You'll also have to wonder if other chaebols like Lotte are also involved but haven't been caught this time.

2
0

Raspberry Pi Foundation releases operating system for PCs, Macs

Charles 9
Silver badge

Re: content still needs to be CREATED

"People used to say that kind of thing about UNIX workstations once upon a time too - "I need a proper workstation and a proper workstation application" (games are a different arena). Fine, if that's what people need, someone is going to have to pick up the bill for their hardware design and build costs, and maybe software development costs, and if it's no longer cross-subsidised from the volume market, the PHBs won't like the bill."

Thing is, the costs are pretty much already sunk with the incumbent x86 (solutions already exist), so ARM is already handicapped. And once you factor in power-chomping things like memory bandwidth which you need to feed true high-performance applications, ARM really loses its efficiency edge versus x86, leaving x86 with its incumbency advantage. In short, in order to unseat x86, ARM has to leapfrog x86 in just about all its remaining application, including things like video encoding (which is too generalized for GPU work while still memory- and FPU-intensive). They're not up there yet and will probably need a few technological leaps to catch up, and meanwhile x86 isn't sitting idle, either.

0
0
Charles 9
Silver badge

Re: So lightweight...

A MODERN HTML5 browser, though? I don't think so. This was before stuff like Java script took off.

0
0
Charles 9
Silver badge

Re: Obligatory Dumbass Question

Here's a different hint: content still needs to be CREATED. Video and audio still need to be edited, and pro gamers still need an edge. Plus, for them, money isn't necessarily an object as they're in positions to pass costs along.

0
0

Too much landfill, too little purpose: CES 2017

Charles 9
Silver badge

Re: Some products show promise

The problem with trying to get robots to turn away unwanted people for us is that the miscreants just start making smarter approaches to make sure they get the human, not the robot. Eventually, you get into Turing Test territory with potential knock-on effects (if you can make a robot that can fool any cold caller into thinking you're human, they can just turn around and use the same trick on you).

Frankly, without a way to verify the identity of ANY caller (and even then, what about pay phones?), there's no real way to effectively screen them out (because any loophole you're forced to leave will be abused).

0
0
Charles 9
Silver badge

Re: Lack of imagination

Except many of them are to fill a demand. SOMEONE had to have asked for it for them to not only make it but SELL it, too.

0
0
Charles 9
Silver badge

Re: All the gadgets and IoS stuff...

And if they SURVIVE like roaches?

0
0
Charles 9
Silver badge

Re: I must be way out of step..

It's not just that systems are expensive. It's also that systems people actually WANT are difficult because they (especially now) tend to involve things that are, for lack of a better word, "fuzzy". Take the examples above: cooking dinner and doing the laundry. How does a robot know if the milk in the fridge is still good, especially if the "best by" date is smudged? How does it know the sock on the floor is really a rag because it's lost its mate? How will your drone army recognize the lost child if the kidnappers immediately ties a wide-brim hat on the child, wraps a towel around her, and keeps her under an umbrella?

0
0

Top cop: Strap Wi-Fi jammers to teen web crims as punishment

Charles 9
Silver badge

Re: Just wondering....

I don't think it works for just any sausage. It takes specific kinds, plus I would think they're not very sturdy or long-lasting, and I wouldn't want that in my pockets.

1
0

Forums