3710 posts • joined 10 Jun 2009
Re: Much as I appreciate using drones for recognizance...
"Where it will get really interesting is when the solider is removed entirely, and a decent AI is left to control the drones and select or recognise the targets. That will trully reduce the cost of asymmetric warfare, and could be the beginning of the end for the cowardly brand of terrorism currently afflicting the world."
Then what happens when the terrorists get their hands on them?
Re: Some interesting possibilities here...
"5) I'm not sure about this one, but probably millions of people, if the location of the Amazon distribution center nearest to me in Netherlands is any indication."
IINM, the testbed for the concept is going to be New York City. 10 million people alone plus whoever is within reach in the suburbs on Long Island and New Jersey. Not to mention a ground traffic problem that makes aerial courier a more-financially-tempting option.
The term was coined before the advent of electricity. The more proper term these days is "over-unity," which accounts for non-mechanical "perpetual" concepts.
"If someone's search history contains <insert comically-named skin flick here> then it would nice if that wasn't considered embarrassing so much as private and even more so if it wasn't considered perverted so much as normal."
Remember that the very concept of personal privacy is a relatively new thing: probably no older than about a century and a half for the ordinary joe. Basically, the smaller the community or the larger the reach of its people, the less one's privacy can be guaranteed. Privacy increased with the rise of cities that created a screen of other people and such, but with the increase of electronic communications, particularly those of an audio-visual nature, that privacy has dropped drastically. We're rapidly becoming the Global Village, and I don't mean that in a good way.
For the person whose history he or she submits. He's saying if he knows your search history, he can find skeletons in your closet.
Re: Why does Microsoft want people to stop talking about Windows?
Surprised a video ad from a seller of actual (physical) windows didn't get wiped and the company suing Microsoft for harming their business by wiping out their ad hits.
Even if they were past the prototype stages, VASMIR is not launch-capable, so you still need a way to get it up into orbit. Right now, the hope is to fit a VASMIR to the ISS, giving it an easier time with course corrections while putting the engine through some space trials.
Re: Ongoing project already underway to provide a lightweight shield
Nice thought, but cosmic radiation is a whole other kettle of fish. They're the top end of the EM scale for a reason. We already know they've been able to penetrate the Earth's magnetosphere (which is already bigger than anything we'd probably be able to generate), atmosphere, AND a mountain.
Re: Or you could use a small asteroid.
Not gonna do much good. Cosmic rays are SO energetic they've been detected under a gol-dang mountain, with all of Earth's atmosphere in between.
Re: VM for fun and profit?
Until the malware starts packing a redpill exploit...
Re: AdBlocker / NoScript
Careful with the VM. Some malware's smart enough to detect this and use an exploit to redpill its way out to the metal. As for known, trusted sites, the problem is that the malware targets ad networks USED by known, trusted sites. That's the key to a drive-by attack; they target sideloads used by otherwise-popular sites. Ideally, they want to use an ad system that's part and parcel with some key part of the site, making it practically unavoidable.
Re: AdBlocker / NoScript
Only if the ad is not of a domain that's required for the site to run. If the ad's domain happens to coincide with a part of the site that's required for operation (not unheard of), then you're caught between Scylla and Charybdis. The only way to get proper site operation is to open yourself up to that drive-by.
Re: I won't even mention Quiet Comfort...
I've never been partial to overpriced Bose equipment. I find less expensive alternatives. And while they won't completely cancel out background noise, they do make a nice difference in a noisy environment like inside a conveyance. I personally keep a pair for air travel.
Re: The media strikes again!
Perhaps another reason is that identity theft is perceived as a fate worse than death. Shot to death, you're dead, game over. Identity is stolen, all that belongs to you is at risk, yet you're still alive to suffer all the consequences. Many would see living in helplessness as being worse than death.
Re: The rest of the story
The problem with the scenario is that, in spite of all the safeguards in place, a Trent is still needed. Thing is, as we've seen, Gene and Mallory have gotten smart and are now starting to target Trent in an attempt to subvert or impersonate Trent (think dodgy CAs). The bigger he is, the bigger the target is on his back.
But it's also essential to a safe Internet. Without Trent, how can Alice and Bob prove their identities if they've never met before?
Re: ipv6-literal.net not reserved.
Ever thought that it's both? That Microsoft is the cyber-squatter in question and that they did this so they can't be accused of breaking Internet conventions by internally routing an otherwise-fair-game domain (it's quite all right if they own it)?
Re: It's happening, get over it
"My phone is on carrier grade NAT when it is on the telco network. Everything I have done over phone (tether) works fine whether it is the likes of SSL or IPSec VPNs, skype, and everything else. No issues."
Sounds like you're MAKING the connections in this case, plus Skype has a Trent to help it. But what about if you have to operate a deamon behind a carrier-grade NAT. Even worse, what if both you and the target party are behind a NAT (or worse, carrier-grade NAT, meaning neither you nor your destination have a uniquely-addressable point to refer to. There's physically no way to achieve that without a third party (a Trent) that both of you can reach, which has safety implications of its own (Is Trent really Trent?).
Re: From the banks of the Thames River in (New) London
I suspect there will always be debate on both sides of the Atlantic when it comes to pronunciation. The best way to note it is that British English is more traditional but rather inconsistent whereas American English is generally more structured but as result things change.
I came to realize this when I had to pause for a moment to realize what was being described in a "gaol" and why I didn't recognize the pronunciations of words like Cheswick and Worcestershire, among other things (I describe it best as a lot of contraction, so much that it can confuse Americans).
American, given Comcast has no UK presence. The merger is also of American firms.
Re: Anybody here use Google Wallet before?
Uptake's been a touch slow for two reasons:
1) Supported phones were pretty low at first. Due to card company recalcitrance, you not only needed the right phone but the right network, too, which kinda sucked. When the S4 came out, card companies allowed it because of the Secure Element, but Google managed to leverage more leeway bit by bit. When Android 4.4 came out and Host Card Emulation, the number of supported devices jumped since the implementation was now independent of network or the Secure Element. More or less, if a device had a compatible NFC unit and could run 4.4, it could now support Wallet (shame it can't be backported; there are more NFC-enabled Android devices you could support if you could).
2) Retailers have started getting a touch wary about contactless payments. Fears of data skimming and hacking have them wondering if they should be covering their butts. Combined with the slow uptake, some places that once accepted contactless are now dropping it.
Re: I'm baffled...
"A genuine question; does anyone know if 'drive by' skimming is possible with credit/debit card based NFC? As in scammer with handheld NFC reader walks down a crowded street fishing for close proximity with a card in a wallet or handbag. Or is conventional skimming merely limited to lifting the data on the mag stripe for later use in a country that still uses them - i.e. the scammer isn't actually processing payments, so the same would apply to 'NFC skimming'?"
NFC's a bit more complicated than that. There has to be an exchange between the originator and the device. The originator has to send a signal that indicates it's a point of sale in order for a transaction to take place (if it's a tag type instead, something else happens). From what I understand, the card number used for this system is strictly for contactless and can't be used for other purposes. Furthermore, there's supposed to be some kind of nonce that's sent to the clearinghose to prevent replay attacks.
As a further safety measure, the NFC unit of most phones is inactive when the phone's asleep or locked, meaning the user has to wake up and/or unlock the phone for a transaction to take place.
Re: I'm baffled...
"Don't forget that, as far as I'm aware, the US doesn't have chip and pin, so it's miles above what they have over there."
Not YET. Transition is in progress and will probably take about a year or two.
Re: POS upgrades?
"Apple Pay uses a Secure Element to store the card details, not Host Card Emulation (which is, essentially, a software only version of Secure Element)."
Do we have confirmation of this? From past experience using the Galaxy S4 and so on, Secure Elements can be finicky and more trouble than they're worth (if the transaction chain breaks due to a reset or whatever, the Secure Element can't be reset easily). That's one reason Android 4.4 added Host Card Emulation so that it (1) wouldn't be necessary and (2) would be easier to fix should something go wrong. Since HCE is now the norm on Android, why would Apple stick to the SE?
Re: POS upgrades?
If Apple Pay is using Host Card Emulation, then it shouldn't be an issue. Google Wallet for Android versions 4.4 and up uses Host Card Emulation and will work fine at any terminal set up to accept the contactless card systems of the big boys (Visa, MasterCard, Discover, and American Express all have their own names for it but they're essentially the same). A Secure Element is not required on the phone to use Host Card Emulation, reducing the hardware requirements, and this may have been what's tipped Apple over the edge regarding NFC support.
I will concur that the number of places that accept contactless payments shrank recently as some places saw it as either a fading fad or a liability. Walmart as I understand has been steadfastly against the idea because they want more control over payment data. Neither Walmart, K-Mart, nor Target support contactless. Best Buy does but only to a limited extent. 7-Eleven, Wawa, and Burger King have all withdrawn support. So basically, Your Mileage May Vary.
Re: RE: nitroglycerine.
"Metalic Lithium contains both an oxidiser and an oxidant? Allowing it to release energy without using an external oxidiser like 'air'?"
Actually, yes. It is capable of producing what's called a self-oxidizing fire. Certain other metals like magnesium have the same properties, as does thermite by design. Plainly put, asphyxiants don't work on them which is why they can burn even in oxygen-poor environments like underwater or even in vacuum.
Re: Except that the article has got it entirely wrong
I would be more inclined to accept a SIM-less device if the switching mechanism was outside the control of the manufacturer. If what you say is true and the "soft SIM" is really a programmable SIM, then this might inspire third parties if they can ink MVNO deals with the primary carriers and so on.
Re: Inevitable Convergence
I'll be worried when these phones start penetrating Faraday cages. If people are paranoid about always-listening phones, they'll throw them into Faraday bags at night.
"And clothes - people can use them to conceal weapons."
Forget clothes. At this stage, we'll have to ban the human body. Recall that a few years ago someone managed to hide and detonate a bomb concealed...let's just say where the sun don't shine.
Let's face it. We're almost to the point where one person can ruin the world. Which means no government will trust its citizens since just one could be the one that destroys them. The operative phrase is rapidly becoming, "Don't trust anyone."
Re: Founding fathers?
Four words: Ink On A Page...
Re: The law suits...
Because you can't trust the PIN pad not being switched out or otherwise tampered with?
"USB OTG and a memory stick?"
Not an option since using OTG blocks charging, and since using OTG puts additional load on the battery, this is one place where it's NICE to be plugged in, only you can't.
I also insist on removable batteries. Not only is it a safety feature in case the battery becomes faulty or a pull is needed to reset a device, but it allows for aftermarket upgrading if you don't care about bulk like I do.
Compared to an iPhone 6, especially one fully loaded, yes.
Re: Where is Binder?
Binder is part of the base OS. It's the thing that handles what Android calls Intents. The Intents are IPC messages that say you want to do such and such. They're also what prompt you to pick a program to handle things like Market links, SMS messages, and so on unless you set a default. What the article is claiming is that something can hijack the intent chain so as to call up system-level functions and use them to hack the device.
Honest question: Can this hijack occur with just a URI or does it require some kind of app installation to perform?
PS. It may interest you to know that Binder is an inherited thing. It comes from OpenBinder which was in turn originally developed for BeOS (now that brings back memories).
Point is the camera can detect things not normally visible to the naked eye, and these camera CAN and DO capture infrared since they can see the infrared emitted from remote controls and the like. Removing the IR either takes a filter layer or software post-processing.
The point being that while one biometric can be fooled, if the system can simultaneously check for several different biometrics (check for a pulse, moving eyes in the right color, breath, voiceprinting, et al) as well as create dynamic tests that thwart preimaging (asking for a blink, an answer to a simple generated question, etc), then it should be possible to take "faking it" past the practical limit for most adversaries. And you might be able to deal with the gun-to-the-head scenario (which will exist regardless) with a duress sequence: one that not only alerts authorities but also releases traceable dummy data, making it seem you're letting them in.
That's one reason I suggested checking both for image and for infrared pulse (something phone cams can already do). Two simultaneous checks which when combined can be trickier to defeat. Since humans can't see infrared naturally, you can make it so that it's difficult to fake a face pulse, especially if it's taking a full infrared image that wouldn't be readily fooled by LEDs (which would emit hot spots). Combine this with a motion-based match (make the subject randomly wink or blink or open the mouth--this would stop the photograph--as well as check for the actual pulse to thwart steady-state infrared emitters) and you can get something that has a decent expectation of an actual, live face.
Pretty simple to fake an infrared face pulse while still fooling a selfie cam lock? Kindly demonstrate...
Those same cameras can also detect infrared, which is why camera heart rate monitors work (perhaps not too accurately, but interesting nonetheless). If the face checker also checks for a facial pulse (which a paper mask would likely obstruct), then it would be more difficult to fake.
Re: Not for Fanbois.
"Europe is not so bad if you consider it a nation."
It's still considerably denser than the US. Key cities in Europe tend to be more evenly distributed. The geopolitical structure of Europe not only helps this but also affects the economics of wiring up, since each country only has to deal with its respective areas and don't necessarily have to agree with the neighbors.
I'd be very interested in an Internet distribution map of countries like Canada, China, and Russia (these are single countries comparable to the US in land mass). Based on what I've read so far, though, they too have their faults: particularly lopsidedness.
Re: Not for Fanbois.
"Looking at that the other way around: I live is a city-(non)state far smaller than Illinois though with a goodly fraction of the same population. (It's called London). Why can't I have gigabit networking to my house for UD$20/month?"
Simple. You live in an OLD city. South Korea's infrastructure is pretty modern: its age measured in decades, while good old London has infrastructure dating back centuries (yes, some of it got bombed and subject to fires, but a lot of the stuff, especially underground, survived). And if there's one thing New York and London have in common, it's that it's hard putting up new infrastructure when old stuff's in the way.
Put simply. Infrastructure is much easier to install in a new city (or one forced to rebuild due to war or disaster) than in an old city.
Re: Not for Fanbois.
"Probably relevant: broadband in South Korea is way ahead of the rest of the world."
Probably also relevant: South Korea is SMALL, about the size of the US state of Illinois. Meanwhile, Japan's about the size of California. Geography matters when it comes to wiring up: the smaller, the easier. Not to mention the US has tons of rural area between its two coasts. Between that, the mountains, big rivers, etc. I'd call it a small miracle we can do high-speed links from coast to coast. Know any other nation comparable in size to the US that's doing better across the board?
As a number of exploits recently have shown, this trust issue is not limited to proprietary software, since we as humans lack the ability to be eternally vigilant in everything we do; otherwise, we'd never trust anyone and nothing would get done. Makes you wonder if you wake up tomorrow and realize you and everyone else in the world is essentially living under the Sword of Damocles.
Re: What would happen if
It's probably also SSL/TLS encrypted and uses the same channels as the update system, meaning breaking the spyware also breaks your update system, leaving you open to malware attack.
Kinda like the only way to keep your home safe from intruders is to keep a vicious human-aggressive dog on the premises. Keeps the intruders away, yes, but also likely to bite you, and it's not like you have much in the way of alternatives. The ruffians are already notorious for kicking doors and bashing windows, and the ones that still resist, they torch.
Re: What Freaks Me Out...
Using them for everything won't work. The state has the resources to keep a quantum computer in a black project, store everything since the advent of the PC, and probably even be working on a way to break lattice and other post-quantum encryption. And you can't stop them OR convince them to stop since EVERY state and state leader behaves like Damocles: as if under perpetual existential threat. Under such an environment, NOTHING is taboo since the one that can destroy you can come from ANYWHERE at ANYTIME.
Re: 2-part security?
How does remote wipe work if the phone is kept in a Faraday bag and only removed when in a Faraday cage?
Re: Almost did to me...
Maybe not Red Bull, but in the US there have been some cases where a caffeine/alcohol combination was at least partially to blame for a number of deaths: mostly from the consumption of Jagerbombs or those tall cans of alcohol+caffeine like Four Loko. They knew it was a factor because the conflicting buzzes meant the body couldn't warn the drinker they were overdoing it. Hard to deal with the Jagerbombs since they're mixed on site, but they basically told the Four Loko and the like to ease up on the caffeine so that drinkers can at least get some kind of warning buzz.
"Reg I was expecting better. Stop emulating the daily mail and consider presenting facts sometimes."
Hey, it pulled you to the article. Tabloid headlines are like that for a purpose: human nature draws us to extremes. It's called "sensationalism." The mundane "Red Bull Sued for False Advertising" simply wouldn't draw as many clicks.
It goes to the whole "Truth in Advertising" business. The thing is, what one would perceive as ridiculous, another would consider factual (like the time someone managed to amass enough Pepsi Points coupons to afford, according to the promotional ad, a Harrier jet—the case was thrown out, BTW). That's why I don't like ad laws as they are and would prefer them to be restricted to absolute truth, or as close to it as possible (I would equate it as a case before the public and subject to the same restrictions as a court witness: the truth, the whole truth, and nothing but the truth). For example, absolutely no hyperbole or unverifiable claims and all advertised effects listed in their most conservative. Preferably, all testimonials should be voluntary and unpaid, and though I cannot think of the exact means, some way should be made to force professional endorsements to have serious backing.
How well do dictionary attacks do against passphrases containing more than 2 words? Each one multiplies the potential complexity by the size of the dictionary. Six words and a million-word dictionary, assuming no semantics, results in (10^9)^6, or 10^54 possible phrases, and if even one of those words is intentionally misspelled...
Re: Be careful what you wish for...
Which would you rather have? The corrupt King Cobras or the relentless Army Ants? You're dead either way. Even if we tried to make our own mesh, that would take electricity, which means we're beholden to the power companies.
- +Comment Trips to Mars may be OFF: The SUN has changed in a way we've NEVER SEEN
- Vid Google opens Inbox – email for those too stupid to use email
- Pic Forget the $2499 5K iMac – today we reveal Apple's most expensive computer to date
- RUMPY PUMPY: Bone says humans BONED Neanderthals 50,000 years B.C.
- Is your home or office internet gateway one of '1.2 MILLION' wide open to hijacking?