* Posts by Charles 9

4467 posts • joined 10 Jun 2009

City of birth? Why password questions are a terrible idea

Charles 9
Silver badge

Re: collective inability to distinguish categories

"So get over yourself, guy who sells condiments to restaurant chains. You don't need authentication tech in order to protect your data from your potential customers."

Sure you do; it's called "trade secrets". Negotiations between companies are almost always secret because the prices involves tend to differ each time, and negotiations are things you do not want the competition to know since they can use that to undercut you and steal your business.

0
0
Charles 9
Silver badge

So tell me, how DO you provide sufficient security to a site full of people with truly awful memories? And you can forget 2FA because these people don't have cell phones and the password they forget most is the one for their e-mail.

0
0

Singapore to trial 10Gbps home broadband

Charles 9
Silver badge

I think porn hits its practicality limit when HD came along. Porn is nice, but up-close HD details starts to get countered by the Too Much Information factor.

1
0
Charles 9
Silver badge

Re: 10Gbs Fiber to the home.

You might want to reconsider. Singapore isn't exactly a wide-open paradise. In fact, probably the only reason a place like Singapore can pull this off is it's SIZE. We're talking a tiny little SPECK off the south tip of Malaysia. Japan's a slightly better example with its many islands, but it's still only about the size of California and much denser. Color me impressed when a large, sparse country can guarantee something like 1Gbps throughout its territory.

1
0

UK data watchdog: Massive fines won't keep data safe

Charles 9
Silver badge

Re: Fine is a contract employing someone

They're trying that with Apple in the US, and it's still rather messy over there. How do you deal with that without trampling on the rights of the customers?

0
0
Charles 9
Silver badge

Re: I agree fines are not

Thing is, the executives remove themselves from the nitty-gritty so they can claim plausible deniability. As for consent decrees, what if they decide to take their ball and leave instead? Plus there's the risk of collateral damage to innocent customers.

0
0

WHOOPSIE! Vast US health insurer CareFirst plundered of 1.1 MEELLION records

Charles 9
Silver badge

Re: Here we go again

"The way you work it - indeed the only way you can work it - is that you specify how certain types of customer data must be kept and secured and audited."

And I think the problem lies in that, while it's all well and good to demand this and that, what happens when "this and that" interferes with your operations, sometimes to the extent that your future as a going concern is in jeopardy? Data demands can change, often overlap, and can have deadlines. This is especially true in the medical profession where you are simultaneously pulled by time, money, and regulatory demands with lives on the line. Trying to impose conditions on something as complicated as, say, a major hospital, tends to result in entanglement.

Going back to your examples, a health claim person WOULD need access to the social security number if the insurance being claimed is GOVERNMENT-RUN (Medicare, Tricare, etc.) and WOULD need access to financial records if a claim of DESTITUTION is being filed (they're claiming they can't pay the bill). As for the billing department, they WOULD need to see many claims details because the insurance companies can impose charge limits and write-off requirements as a condition of the claim, and these minutiae all affect the final bill sent to the patient/family. Then there's the legal department, who would probably need access to nigh everything in order to make sure everything's on the level and ESPECIALLY if a malpractice suit is filed against them.

1
0
Charles 9
Silver badge

Re: Here we go again

And how are you going to make a penalty big enough to make big medical companies actually pay attention without the risk of collateral damage? And since the medical profession is about saving lives, that collateral damage can turn deadly.

The way I see it, it's a no-win position. If it's not strong enough, they'll just pay the penalty and carry on. If it IS, then the moment that penalty is applied, things are going to get ugly.

0
1
Charles 9
Silver badge
FAIL

Re: Once again.......

And the only agent with the capability to do that would be a benevolent autocrat. As for the executives, they'll probably hide their assets and go to ground before complying. As for direct distribution, that's too much of a gray area. After all, some damage will be worse than others and some may be impossible to conclusively determine due to murky knock-on effects.

0
0

'Logjam' crypto bug could be how the NSA cracked VPNs

Charles 9
Silver badge

Re: Not that many primes

But according to mathematicians, there are a ton of numbers out there in the 1024-2048-bit range. Even if just a small percentage of them are primes, the end count is supposedly somewhere beyond the atom count of the known universe.

0
0
Charles 9
Silver badge

Re: Why?

"What is needed is a way to upgrade the encryption mechanisms in products without obsoleting everything else. But that's easier said than done when certain vulnerabilities depend on the way in which data is handled or prepared before encryption."

Plus consider computational limitations. Computing power may be approaching a plateau point but not 10 years ago a 1 or 2GHz Intel CPU was pretty novel. You really can't future-proof a device for more than the short term because the pace of technology means eventually a leap will come along that makes everything before it obsolete...rapidly if not instantly.

Trying to make an embedded secure device is essentially a siege or last stand. You can only configure it once against all threats present and future, fixed and flexible. Given enough time, the outcome is universal.

1
1
Charles 9
Silver badge

Re: What is unbelievable..

But as others have noted, proper crypto is HARD, as in too many things can go wrong. And it need not be obvious like a double-XOR or double-Caesar. Just look at the stories of programs that use homebrew schemes that turn out to have more holes than a wheel of Emmentaler. Meanwhile, even the most-vetted systems out there aren't without a few chinks in their armor. I guess you can say good crypto is like an inverted pendulum: inherently easy to break unless you can get everything exactly right. The government has a boatload of experts to draw on, Who do WE have to make sure we don't screw up?

0
0

Verizon: fibre is MUCH cheaper than copper, we're going all-FTTP

Charles 9
Silver badge

Unless it's not so simple and it's a matter of "something breaking" being the turning point. Aging infrastructure tends to have one thing going against it: rising maintenance costs (and let's face it, POTS infrastructure tends to be old). Eventually you reach the point where the continual maintenance costs approach the offset point: the cost of starting fresh which has the benefit of shoving the maintenance costs back down again, giving you savings over time.

0
0

Hi! You've reached TeslaCrypt ransomware customer support. How may we fleece you?

Charles 9
Silver badge

"What is really sad is that nobody has come up with a foolproof way of restoring your computer back to factory settings without losing something."

Because of the Douglas Adams problem. You can't make something foolproof because complete fools don't think (box or no box) so can do things that can defeat anything you can think of. Your bit about the F12 wipe is a prime example: reading something in plain English and interpreting it in something so nonsensical as to defy belief.

0
0

Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know

Charles 9
Silver badge

Re: I wonder...

"IMO the way to win hearts and minds in most places is by piling in aid, trade and education. It's cheaper than dropping bombs, cheaper than cleaning up after dropping bombs and doesn't have the side effect of being the best "terrorist" recruiting tool around that dropping bombs on non-combatants happens to be.

But what happens when the bad guys get smart and steal the airdrops and claim they're theirs to give?

1
0

Zuck can EFF off: Internet.org is SO NOT the INTERNET

Charles 9
Silver badge

Re: What might be a good idea...

But do you trust Opera with your data? It would be better to roll your own, but that's not an exercise for the average Joe.

0
1

South Korea mandates spyware installation on teenagers' smartphones

Charles 9
Silver badge

Re: re: the minute it became obvious you had the capacity to spy

"See if you're "keeping" someone "honest" they aren't actually honest they don't have a choice, honesty requires a freedom to be dishonest."

No it doesn't. In fact, honesty should be pressured upon everyone by everyone else: Eternal Vigilance. Otherwise, people will try to cheat, like our representatives and ministers. People will cheat by instinct; it's the whole "get one up on your neighbour so you succeed and he doesn't" thing, so the only way to counter it is to KEEP them honest. Remember, they'll be doing the same thing to you.

"Also there's nothing dishonest about a child coming to terms with its sexuality, its mistakes or interests."

Whatever happened to "The Talk"?

0
0

Psst. Want a cheap cloud, VM? Google has one. But there's a catch

Charles 9
Silver badge

If you read the article itself, you'll note they put up some use cases: mostly computer-intensive but non-critical operations. If they don't finish, oh well, pick up again later. As for who's usurping your VM, I think in this case it's Google itself.

3
0

Samsung buys LoopPay ... to be better at bonking than Apple

Charles 9
Silver badge

Then they'll work because the phones WON'T have a Chip, meaning it's the stripe or bust.

And since I don't see any smartphone sporting an EMV chip anytime soon, it seems it's either this or contactless going forward.

0
0

Lightbulbs of the future will come with wireless extenders and speakers

Charles 9
Silver badge

Don't be so sure. Soon as something like this happens, someone will create the one-step camera patch to cover them up.

0
0

IN YOUR FACE, Linux and Apple fans! Oculus is Windows-only for now

Charles 9
Silver badge

Re: Windows only? Well that's not Okay Facebook.

And now there's DX12 to consider. Then again, DX12 seems more of a software evolution than a hardware one (from what I've read, DX12 seems more about getting closer to metal to maximize GPU performance because it's now the driving force in gaming graphics), which is why nVidia's claiming to be able to make the last few generations of its GPUs DX12-compatible.

But just on a side, I JUST found out about the port of Bioshock Infinite to Linux (which went beta a couple months back). You would think stuff written on older engines like UE would be easier to port since they're more likely to have the cross-platform support you need, but perhaps all the other stuff besides the engine makes things more difficult.

1
0
Charles 9
Silver badge

Re: Windows only? Well that's not Okay Facebook.

Don't thank them TOO much. I've seen Steam's Mac and Linux catalog. They are PALE imitations of the Windows catalog; even now, plenty of new titles are appearing Windows-only when you'd think Valve would be in a position to push for multiplatform releases.

10
10

So why the hell do we bail banks out?

Charles 9
Silver badge

Re: Longer Term Impact

Your math's off.

A population of 300 million (3.0x10^8) drawing $100K each (1.0x10^5) would result in a debt load of 30 TRILLION (3.0x10^13). In case this doesn't sink in, that's greater than the US Sovereign debt to date and well over 1/3 of all unfunded US obligations for the forseeable future.

2
2

Next-gen Freeview telly won't be another disruptive 4Ker

Charles 9
Silver badge

Re: Why not a unified catch-up service?

There are a fair share of independent production companies in the US, too. Some of them can be quite big like Fremantle Media, a familiar name with ALL the networks. Many of these can make pilots and go fishing with the networks to get a contract. Such as it goes, but that also means they work under contract until released, so any stuff that goes to a network stays with a network (it's the rule--the publisher takes precedence over the producer regarding ownership). But at the same time, the big networks make sure to maintain their own cadre of studios to produce what might best be called their "core lineup". CBS's Television City, NBC's Rockefeller Center. Even the BBC maintains its own studios, as I doubt they'd trust anyplace else to produce Doctor Who and so on. When it comes to private networks and producers, there can be give and take, and each situation can be different. A network can frequently contract one of their productions out to one of the producers on the condition they do it in their studios.

Going back to your argument of producers going it solo, the money usually isn't there. Television production isn't cheap. That's why the pilot system and the studios and contracts and so on. Even the second tier of television, the syndication system, involves contracts with the syndicate. Only a wholly-homegrown program can be put online with no strings attached.

1
1
Charles 9
Silver badge

Re: Why not a unified catch-up service?

"If the day ever comes (please!) when we can stream direct from the studio channels will become irrelevant."

Many of the studios are owned by the networks themselves. The networks make plenty of their own content, so they aren't going away anytime soon.

1
0

Why Joe Hockey's Oz tax proposals only get five out of 10

Charles 9
Silver badge

Re: A rethink is overdue

The trouble with those kinds of taxes is that they can just move the business under the table. With no records and so on, how will the taxes be enforced properly?

0
0
Charles 9
Silver badge

Re: Abolishing a treaty is easy

Can't they just lock American business out instead? Americans may be the bully, but Ireland and Lichtenstein are sovereign within their own borders, meaning they get to make the rules.

0
0
Charles 9
Silver badge

Re: Not to mention

Here's the rub. How do you carry through without threatening another country's sovereign power? That's always been the big problem with tax havens. Short of war, how do you make the tax havens stop being tax havens?

0
0
Charles 9
Silver badge

Re: Sales tax

Because the sellers have the ability to re-home in tax havens, meaning everyone loses.

0
0

4K refresh sees Blu-ray climb to 100GB, again

Charles 9
Silver badge

Re: How long until 100GB M-DISC is available?

At least 2TB, and yes considering tropical climate and potential loosey-goosey radio and electrical regulations. And like I said, budget is tight. And with low data rates and data caps, the cloud is out, too.

0
0
Charles 9
Silver badge

Re: Neil Barnes

BEEN interested. They were among the FIRST into HD (where widescreen became the norm).

As for 4K, now things get ugly. HD raised the level of detail to the point things occasionally get TOO detailed to enjoy the experience. For this reason, pr0n likely won't jump to 4K that quickly, as this will only raise the Ick Factor.

0
0
Charles 9
Silver badge

Re: How long until 100GB M-DISC is available?

What about for a large amount of precious data? And price IS an issue?

0
0
Charles 9
Silver badge

Re: How long until 100GB M-DISC is available?

I think they're already here, but quantities are limited and the price is too steep. Plus 100GB is a bit small for me now.

0
0
Charles 9
Silver badge

I've thought about it, but with my archival demands already in the terabyte range, I need something a bit more capacious. The Archival Disc is a possible solution but the price point will take time to reach consumer affordability.

0
0
Charles 9
Silver badge

Re: It hinges on...

BD+ showed a way to keep the target moving. If the authentication program is different for each disc (meaning they can be updated quickly), then the pirates have to keep cracking the programs.

0
0

Polygraph.com owner pleads guilty to helping others beat lie detector

Charles 9
Silver badge

Re: The issue is not that people lie

Pathological liar who lies about everything - Include obvious questions. If the person lies about those, put him aside as such and investigate further.

Sociopath - Use questions that may trigger alternate responses. Sociopaths rarely are perpetually calm; they merely react differently and can be tested for such.

Delusion - Test for delusion using contextual questions. If subject is deluded enough to believe his own lie, set aside for psychiatric evaluation.

Random/erratic pulse/breating for other reasons - Check for these before the polygraph. If they're like this before the test, you can predict inconsistency and try another way.

0
2

Jeb Bush: Repeal Obamacare and replace it with APPLE WATCHES

Charles 9
Silver badge

Re: Aye

So why doesn't someone approach it from the viewpoint of sick and dead people don't pay taxes?

2
0
Charles 9
Silver badge

Re: Aye

Why can't your friend apply for a subsidy on the grounds of unaffordability?

7
0

That DRM support in Firefox you never asked for? It's here

Charles 9
Silver badge

Re: Product returns galore!

a) Lots of Southeast Asia aren't even to the Blu-Ray level yet, so Sony may just keep China out of the loop, or put them under much tighter guard.

b) Like I said, I think they'll tolerate the returns for accidental suicides if it means their tech doesn't leak. After all, their secret carries a price tag much higher than the rest of the device's development. Meanwhile, with the caveat of "opening of device voids warranty" combined with tamper-evident stickers, I think they'll be able to make more cases that the "returns" were actually intrusions.

0
2
Charles 9
Silver badge

And when the viewers are ad-averse, meaning ads turn the viewers AWAY?

0
0
Charles 9
Silver badge

Re: @h4rm0ny

The movies companies are finding their C) solution, however. They'll tolerate some piracy, just not beyond a certain level of quality. Their DRM is mainly meant to block High-Definition piracy up to a point (usually the home-video point, at which point most of the revenue's already been extracted). They see cams and such as the realm of the desperate: people who wouldn't see the movie unless it was a penny. These are essentially unconvertible and can be ignored. As for the bad press, given they still get plenty of customers, the press can't be THAT bad for them. With the exception of franchises (and you wonder why so many sequels), movie fans just aren't as loyal as music fans (who tend to have their favorites).

0
0
Charles 9
Silver badge

Re: DRM in open source couldn't work?

And that's why 4K will NEVER be run on systems controllable by the user, they made that abundantly clear. They'll insist on end-to-end encrypted streams (that includes the link to the TV which will be an improved HDCP). Players will be locked-down tamper-detecting black boxes that require Internet connections for extra verification. And they'll probably deny home/hobby users access to 4K recording equipment for years (and keep the professional stuff too expensive for all but the big boys to afford) so the analog gap can't be exploited.

0
0
Charles 9
Silver badge

Re: More reasons to go to PaleMoon or other alternatives

"It's in a sandbox, it can't check that much."

Then how do these things check against screen scrapers, a well-known bypass technique.

0
0
Charles 9
Silver badge

Re: Barriers to purchase

"Youtube does it now."

EXCEPT, like I said earlier, Internet watchers are more ad-averse. More of them see the ads as a deal-breaker and install ad blockers. That's why things like AdBlock and NoScript are so popular.

As for regional deals, that's because economic models break down when you go international, and for the content providers it means less money in the long run. And since it's their content, it's their rules. If the money doesn't match up, they can always lock it up so no one gets to see it.

0
1
Charles 9
Silver badge

Re: 32-bit first?

There are plenty of other plugins out there besides those three, and many of them are 32-bit-only. So that leaves little choice in the matter.

0
0

Australia cracks tech giants' tax dodge code

Charles 9
Silver badge

Re: Still Seems simple

"Then it doesn't enter the country."

Does the word "bootlegger" mean anything to you? If someone wants something badly enough, they'll get it in spite of God, Queen, and the Government. Economic tourism would boom for any nearby country willing to sell the phones, and even if Customs stops their entry, they'll just get smuggled in.

0
0
Charles 9
Silver badge

Re: And their small competitors?

But take one tiny country that's not interested in the treaty, they become a tax haven, and the whole system falls apart since they hold sovereign power and can determine their own fate.

0
0

Home routers co-opted into self-sustaining DDoS botnet

Charles 9
Silver badge

Re: Countermeasures

Well, most aftermarket routers I know have three different reset conditions. One is the standard reset, which just warm boots the router in case it gets stuck or something. The second is as you say, Reset to Defaults, which is used in case a configuration change you made bricks the router or locks you out. The third one is the one you want, Reset to Stock, which should reflash the firmware with a baseline version out of ROM. I know the last two routers I bought had all three options, and since the last one is hardware-based, it's immune to malware.

0
0

Infosec bods demo GPU keylogger. Don't tell the NS... oh, wait

Charles 9
Silver badge
FAIL

Re: Remember

There's more than one way to pwn a system (and BTW, recall where the term "rooting" comes from). Does the name "Slapper" ring any bells? How about "Windingo," which is still in the wild today? And let's not forget about "Heartbleed" and "Shellshock".

0
0

What the BLEEP? BitTorrent's secure messaging app arrives

Charles 9
Silver badge

Indeed, there's a driver called DFMirage which works as a low-level display hook. It can be used in combination with the TightVNC fork to improve host performance. And of course there's always cameras. How does BLEEP intend to defeat stuff like that?

1
0

Forums