* Posts by Charles 9

6591 posts • joined 10 Jun 2009

This is how the EU's supreme court is stripping EU citizens of copyright protections

Charles 9
Silver badge

"No, the point is that a library catalogue enables access to the content. As does a hyperlink. To replicate the situation physically, let's do a thought experiment: it would be possible these days to build a library with a robot to fetch a book off its shelf and put it on a desk for you to read (there are modern warehouses that fetch stock and load trucks this way). Would that breach copyright?"

No, because we do not have a matter replicator yet. Following the hyperlink produces a COPY of the target in question. Since COPYing is involved, copyright is automatically invoked.

"Libraries do have exemptions, but only for educational or non-commercial use. You breach copyright when you photocopy the book to avoid buying it."

That's YOU, though, not the library. They're exempt from the redistribution restriction, for example, because (a) they're usually public, as in government-run, facilities, and (b) that's their purpose for existing: a middle ground between full lock-and-key and full public domain, a way to allow some additional exchange of information as mandated in the Constitution while still respecting copyright that helps to encourage new works being made. Rental houses an Redboxes have to buy special rental copies of movies at higher rates from publishers (so that publishers recoup lost sales), but libraries don't always have to, especially if some of their stocks are donated.

0
0
Charles 9
Silver badge

"If a hyperlink is (or is deemed to facilitate) a breach of copyright, where does that leave a public library catalogue?"

Bad example as libraries typically possess legal exemptions from copyright enforcement because of their specific function. Meanwhile, a card catalog does not possess inline information that can retrieve the actual content as you retrieve the card. An online catalog might do this, though, via inline data that's retrieved by the computer and then displayed for you.

0
0
Charles 9
Silver badge

Re: INtelectual property IS theft!

Of course it's a right. That's why it's called "COPY-RIGHT".

0
0

Apple pollutes data about you to protect your privacy. But it might not be enough

Charles 9
Silver badge

Kind of hard to do that over the Internet, and most places either don't take C.O.D. or place a hefty surcharge on it.

0
0
Charles 9
Silver badge

Re: Sick and tired

Nope. 2D only. Doesn't work well in a car. Tried all the others (even Here); they don't compare to Google, especially if you're going to be driving in traffic.

0
0
Charles 9
Silver badge

Re: So what happens....

Thing is, theory tends to have problems when you try to apply them in the real world. Such as the one time pad. It's the strongest form of encryption theoretically, but there's still the matter of passing the PAD along without it being intercepted. Here, the only way to guarantee the metadata is no good is to mangle it so much it's no longer metadata. But then, it's nothing useful anymore. It's a part-and-parcel problem. The very thing that makes it worth selling is ALSO the very thing that can be used to identify you.

0
0

Linux on PS3 white flag

Charles 9
Silver badge

White flag?

If it really was a white flag, they'd be allowing Linux again, with full hardware support. This is nothing but an attempted bribe. Why hasn't Sony been criminally charged with fraud for the bait-and-switch?

3
0

Why Oracle will win its Java copyright case – and why you'll be glad when it does

Charles 9
Silver badge

Re: Hmmm

"Also, I can certainly create audio CDs without ever purchasing the Red Book. Copyright only protects the book itself, not the knowledge it contains. That knowledge can be gotten legally in any number of ways, including simply reading the source of a program which implements CD audio creation."

Except those programs are copyrighted, too, as was Compaq's clone BIOS. They made a CLONE of IBM's BIOS that happened to be feature-exact. That was the basis for the "clean room" defense. But note that Google apparently copied Sun/Oracle's Java header code down to the errata, which in a proper clean-room effort wouldn't have been encountered or copied in.

0
0

Microsoft releases open source bug-bomb in the rambling house of C

Charles 9
Silver badge

Re: >handling pointers directly makes for efficient, “close to the hardware” programming>

All well and good when your data is well-structured. But what happens when you have to deal with UNstructured data, like a live stream? This is an example of the kind of stuff where you can't know ahead of time how much data you're gonna get, because often the other side doesn't know, either (usually because it's being generated on the fly, a la stream compression/encryption).

0
0
Charles 9
Silver badge

Re: Bounds checking for C and C++

"Or what if the memory doesn't store the bits correctly, or the CPU executes the instruction badly !!!"

Guess what? Those are real-life concerns. It's one reason why you can't make the processor pathways much smaller (because of quantum tunneling, electrons could "jump the tracks"). As I recall, high-uptime systems have redundancies for that reason.

In any event, if Pascal and Fortran really could build more efficient code than C, then they would be the languages of choice for highly-constrained applications like embedded systems, and last I checked, they either used C or (like for aircraft systems) specialized languages for the specific field. Fortran and Pascal may have been better in the past (because they were more restricted), but the real world intrudes.

0
0
Charles 9
Silver badge

Re: >handling pointers directly makes for efficient, “close to the hardware” programming>

"It was an inefficient, slow, bloated, language compared to languages designed for efficiency like FORTRAN and Pascal."

HOW can a language be more efficient that one that's close to the metal like C. Close to the metal means more like Assembler which is more like machine code, and raw machine code is about as efficient as you can get as you're talking the CPU's language, NOT yours.

0
0
Charles 9
Silver badge

Re: Bounds checking for C and C++

I'm saying what if the malware finds a different way into the bounds data to alter it out of band? That's the thing: for the most part, data is data, and you can perhaps perform something like a Confused Deputy (aka "Barney Fife") attack to mangle the bounds data with another routine. Or mangle the descriptor in transit between programs and/or libraries.

PS. Not all languages are like C, but in the end, CPUs run on machine code, and most CPUs, for reasons of speed, don't tag their memory very clearly.

0
0
Charles 9
Silver badge

The same reason C doesn't do it in software: there's a price to pay, and particularly in hardware, speed trumps security. What good is a secure job if it doesn't make the deadline?

1
0
Charles 9
Silver badge

Re: ASN.1 and PADS

What about the necessary drawback of speed, especially when you get to higher network speeds with less time to get things done?

1
0
Charles 9
Silver badge

Re: C is not an applications programming language

That only works for STATIC bounds-checking, but a lot of the overruns come from DYNAMIC buffers with bounds only known at runtime (if at all, if the buffer comes from elsewhere). Only a runtime bounds-checker can detect these, and these come with performance penalties: not desirable if you have a speed demand.

3
0
Charles 9
Silver badge

Re: C is not an applications programming language

I don't think it was that persay. One thing people were clamoring for, especially in the 80s when things were a lot slower, was raw performance. Speed sold, and since C ran "close to the metal", it produced FAST code. That's the big problem with bounds-checking: it necessarily draws a performance penalty in a world where speed mattered. Even now programs are expected to do more, so speed still matters. Who cares about security if you can't make the deadline?

As for all the other languages, your only solution is to ban them, but given so much relies on them (just like with Flash), getting them out of the ecosystem is going to be a slog, especially since it's in an official spec AND there's little in the way of a substitute, especially for pages that need to be updated for current events quickly.

8
0

Ransomware scum build weapon from JavaScript

Charles 9
Silver badge

Re: One tiny step, MS... one tiny step and you blow it.

"If this had been done decades ago, users might be educated just a tad and not click on this crap."

You ever thought that maybe the average user is simply too stupid and is more likely to erase or change the extension, break the file, and cry for help? That's the kind of clientele Microsoft has to cater, remember: the kind incapable of learning. Yet they'll use their computers anyway, so yeah, the baby treatment is necessary; otherwise we're going to need to figure out a way to establish a licensing system for computers the way we do cars.

0
0
Charles 9
Silver badge

Re: Trusting files

And I think the real real problem is that Users Are Stupid, and because You Can't Fix Stupid, it's going to be hard to fix that problem (apart from requiring a license to use a computer, but that would kill anonymity).

0
0

Computerised stock management? Nah, let’s use walkie-talkies

Charles 9
Silver badge

Re: Do you have any tea?

"Certain American versions seem to contain exceptional quantities of the second."

And many Americans WANT it that way because they want to quench their thirst first WITHOUT drinking water, get buzzed second. It tells you something when the #1 beer in America is a LIGHT beer.

0
0
Charles 9
Silver badge

Re: Shoes are now drive thru commodities

"It used to be that outside of large discount stores, shoes were sold with service."

Yeah, and it used to be that shoes were also handmade, one at a time, by a skilled shoemaker IINM. That's where the service came from. Also the price IIRC. But the thing about inefficiency is that it's very difficult to scale, especially as the population rises. Overpopulation meant economies of scale won out.

0
0

Tor torpedoed! Tesco Bank app won't run with privacy tool installed

Charles 9
Silver badge

Re: Who are these narcissists who think they are the only ones entitled to freedom of choice?

"What I'd really like to see is merchants being stricter on insecure browsers and allowing us to impose geographic limits on the us of our own accounts. We need more security on the web, not less."

The only way to achieve that is with a Stateful Internet, meaning no anonymity. Otherwise, miscreants can use the anonymity inherent in today's Internet to masquerade and get around things like ID and geo-blocks.

0
0
Charles 9
Silver badge

Re: Web is still best

"Of course the web is full of cancer too, but at least the very strict sand-boxing and script-blocker plugins can keep it in check."

You haven't run into the ad-blocker-blockers have you? Or those sites that don't show anything unless the ad stuff gets loaded? Or the sites that are trying to find ways around your ad blocking such as through local caching?

0
0
Charles 9
Silver badge

Re: Missing the point again

"There IS an up to date exit node list."

They're probably clueless. They probably also don't trust the exit node list.

0
0
Charles 9
Silver badge

Re: So for someone who still has a non-smart-phone...

TrueCrypt/VeraCrypt doesn't have to rely on a single standard algorithm. What if a banking app was like that and could use algorithms like Blowfish that aren't standard but still useful, especially when used in addition to the standard-bearers?

0
0
Charles 9
Silver badge

Re: "when your customers only have ONE factor to them?"

"Disadvantage - it is something annoying to carry with you if you really want banking on the move."

Not to mention easy to lose AND easy to get swapped for a pwned model. That's why there are plenty of people who don't even take their phones with them: they keep leaving them at home, which creates a problem. How can you use a second factor when there is no second factor available?

0
0
Charles 9
Silver badge

Re: Security risk?

"This is but one small step away from the Tesco App not running unless you have a Tesco SIM in your handset."

This is a real thing, actually. Many apps are published by cell phone providers. Number 1 requirement? They only work with their SIMs.

0
0
Charles 9
Silver badge

Re: So for someone who still has a non-smart-phone...

The App is not restricted to security measures featured in a browser beyond their control and can go above and beyond if desired.

0
0
Charles 9
Silver badge

Re: Missing the point again

Unless they can't tell the difference. Once Tor is in use, the source IP can easily be masked without a way for the banking app to know it's turned on. If the only clue you have to TOR is whether or not such a gateway is present (not whether it's on or off, only present), then it's a case of having nothing but a hammer to work with and financial regulators on your back.

2
5

Top boffins detail how to save the open internet from breaking itself

Charles 9
Silver badge
Mushroom

Re: Late report or time travel?

The $64T question, however, is if it's possible to AVOID #3 and #2? Or does the human condition pretty much preclude this happening?

0
0

Google doesn’t care who makes Android phones. Or who it pisses off

Charles 9
Silver badge

Re: The big handset makers will fall divided

I don't think so. I think the two spheres will remain divided: x86 on the bigger stuff, ARM on the smaller stuff. Institutional momentum and a lot of legacy stuff will keep the desktop firmly on x86, plus there's little need for crossover: the desktop world and the mobile world are different enough that it's extremely difficult to picture an all-in-one, particularly if you run into the conflicting demands of performance and power savings.

0
1

Dad of student slain in Paris terror massacre sues Google, Twitter, Facebook for their 'material support' of ISIS

Charles 9
Silver badge

Re: Bah!

"According to a few reports it took the Orlando PD 3 hours to get the courage to storm the club."

No, it took the Orlando PD 3 hours to come to the conclusion he was just stalling for time and was pretty much in Kill Until Killed mode, meaning it was pointless to negotiate further. It's not uncommon for hostage situations to run on for hours if not days, the idea being the police want to wait out the perp and make him (a) chicken out, (b) come to his senses, or (c) if it comes to it, open himself to a sniper. But as here, the police are also careful to see if the perp has no intention to negotiate in good faith.

1
0
Charles 9
Silver badge

Re: People plus technology

Yes, because what you described require A LOT more logistics to pull off. 9/11 basically involved some 20 nutcases and—compared to the above—chump change. This is raising hell on the cheap.

The cost to raise hell is dropping considerably, and that's a destabilizing influence on civilization as we know it because sooner or later someone will have a justification to raise as much hell as possible. But if one man can do it without a lot of external input (shivers)...

0
1
Charles 9
Silver badge

Re: Won't happen

In America, you pay for the use of the cell network, not for the call itself. Most don't charge if you call in-network. Moot point these days, anyway, thanks to generous allowances and flat-rate calling plans. Haven't paid for an individual call in at least seven years.

0
0
Charles 9
Silver badge

Re: Some points to consider.

Tell me. how can people police terrorism when the bad guys can simply use innocuous code words, like talking about a birthday party? There's no way you're going to be able to distinguish talk of a terrorist act disguised as a birthday party from talk of a real birthday party.

9
0
Charles 9
Silver badge

Re: This is why...

Many times, one or the other side has no money. That's why contingency lawyers are rampant.

1
0

Man dies after UK police Taser shooting

Charles 9
Silver badge
Stop

Re: Pedantic Filth

If we can use laser in lowercase (which is an acronym, too, for Light Amplification by Stimulated Emission of Radiation), or maser (switch Light for Microwave), then we're within our rights to use taser in lowercase, too.

0
0
Charles 9
Silver badge

Re: Taser cartridges ...

"These things have a shelf-life?"

Possibly if they use chemicals. Not all of them are shelf-stable beyond a certain point.

0
0
Charles 9
Silver badge

Re: Although Tasers were introduced as non-lethal weapons.....

"What happened to those nets that yo can fire out of a hand cannon? They pretty much stop people from doing anything."

I don't think anyone's tried it in real life on people. They're developing a version for riot control, but I don't know. They're good enough for animals, but humans can usually get enough of their act together to seek out the edge of the net and escape. Plus since they're slower, they're easier to dodge.

0
0
Charles 9
Silver badge

Re: From The Independent newspaper:

Still, it does pose a dilemma for an ambulance crew when faced with nutcase who's both lashing out and bleeding out. It's sort of a no-win scenario. Waiting for the police will likely mean he bleeds out before then, yet going in now will mean extra casualties...

0
0
Charles 9
Silver badge

Re: Although Tasers were introduced as non-lethal weapons.....

"For pepper spray you've got to get close, and I believe people have died after inhaling that as well."

There's also the matter of the target being susceptible to pain (capsaicin feels "hot" because it stimulates pain nerves on contact), but as testimonials have noted, people in a "rush" (be it adrenaline or drugs) can "defer" the sensation of pain for some time (there have been accounts of angry drunks wiping off pepper spray like it was water). So when police believe they're up against someone hopped up, I think they're advised to try something other than pepper spray or physical coercion (because drunks and druggies may not feel pain or act with the due restraint one would instinctively harbor when sober). At least tasers have a better chance of subduing someone hopped up since they act on a more physical level.

1
4

Kill Flash now. Or patch these 36 vulnerabilities. Your choice

Charles 9
Silver badge

Re: i say we take off and nuke the site from orbit....

Even then it's not guaranteed. Something may survive a nuke, you don't know...

0
0
Charles 9
Silver badge

Re: >> giving the update the "Priority 1" ranking

Trouble is, controlling critical enterprise equipment, the ONLY way possible is by Flash, tends to get a Priority -1, as in "Do This Or You'll Never Work in This Town Again."

0
0
Charles 9
Silver badge

Re: ¡Ay, caramba!

There IS one excuse, a very CRITICAL one: amortization. The highly expensive piece of kit has already been bought. The costs are sunk and can never be retrieved. They're a big strain on the business, trying to obtain another so soon will literally kill it. So basically, you MUST live with it. And leaving the company may not be an option as (a) no one else is hiring or (b) they're in the same boat, saddled with expensive kit they MUST use.

Put it this way. If you're out in the middle of the shark-filled ocean and the only possession to your name apart from your clothes is a leaky raft...well, all you can do is start bailing.

0
0
Charles 9
Silver badge

Re: ¡Ay, caramba!

Yes, and often not by choice. What do you do when the one and only way to control your expensive piece of kit REQUIRES Flash?

1
0
Charles 9
Silver badge

Still Gonna Be Rough

For all those enterprises that have very expensive gear that REQUIRES Flash to control. If only there was a way to pressure those manufacturers to replace the interfaces on their dime...

1
0

Forget black helicopters, FBI flying surveillance Cessnas over US cities. Warrant? What's that?

Charles 9
Silver badge

Re: @I've forgotten what I wanted to say...

Perhaps, but "ink on a page" doesn't mean much when the rules get thrown out the window and you're staring down raw, overwhelming force.

0
0

Get ready for Google's proprietary Android. It's coming – analyst

Charles 9
Silver badge

"Device drivers will never ever go through Google. Even if they did it would not help because they wouldn't be getting the source code."

They wouldn't need the source code. Just the blobs and the interface will do. With that level of control, they can do their darndest to work around recalcitrance.

"How would Google be responsible for exploits in other vendor's drivers?"

What if the exploit is in Android itself? Stagefright is an exploit in Android itself, for example. And some of the exploits are in the kernel, meaning it CAN'T be taken out of the system partition (because PID 0 essentially IS the system). If something worse than Stagefright comes along and pwns a million phones and is traced to the Android baseline, that stuff belongs solely to Google, meaning they're now liable (because no one else controls the code). That's the dilemma Google faces. They MUST gain control or they're going to face civil and probably even CRIMINAL liability (because something worse than Stagefright is a matter of WHEN, not IF).

0
0

Chinese loan sharks seek salacious selfies as collateral

Charles 9
Silver badge

Re: Shurely

Point is the Far East has probably the highest suicide rate in the civilized world. Death Before Dishonor has a lot to do with that.

0
0

Net neutrality victory: DC court backs full rules

Charles 9
Silver badge

"While that's all true, if Trump wins he gets to make an appointment to the FCC panel, which swings it from 3-2 democrat to 3-2 republican."

Except given the composition of the Senate, anyone trying to nominate someone will have a recalcitrant Senate who lacks the votes either way to confirm anyone. That's why SCOTUS is minus a Justice for the time being.

0
1

Comcast now touts unlimited gigabit service (that you can't get)

Charles 9
Silver badge

Re: 'Cape Breton if Trump wins', now featuring unlimited Gb FTTH

Except I have to imagine that if you have to ASK about housing prices there, you wouldn't be able to afford it, especially if the market gets driven up by a rush of people wanting to move there.

0
0

Forums