3689 posts • joined 10 Jun 2009
Re: RE: nitroglycerine.
"Metalic Lithium contains both an oxidiser and an oxidant? Allowing it to release energy without using an external oxidiser like 'air'?"
Actually, yes. It is capable of producing what's called a self-oxidizing fire. Certain other metals like magnesium have the same properties, as does thermite by design. Plainly put, asphyxiants don't work on them which is why they can burn even in oxygen-poor environments like underwater or even in vacuum.
Re: It's happening, get over it
"My phone is on carrier grade NAT when it is on the telco network. Everything I have done over phone (tether) works fine whether it is the likes of SSL or IPSec VPNs, skype, and everything else. No issues."
Sounds like you're MAKING the connections in this case, plus Skype has a Trent to help it. But what about if you have to operate a deamon behind a carrier-grade NAT. Even worse, what if both you and the target party are behind a NAT (or worse, carrier-grade NAT, meaning neither you nor your destination have a uniquely-addressable point to refer to. There's physically no way to achieve that without a third party (a Trent) that both of you can reach, which has safety implications of its own (Is Trent really Trent?).
Re: Except that the article has got it entirely wrong
I would be more inclined to accept a SIM-less device if the switching mechanism was outside the control of the manufacturer. If what you say is true and the "soft SIM" is really a programmable SIM, then this might inspire third parties if they can ink MVNO deals with the primary carriers and so on.
Re: Inevitable Convergence
I'll be worried when these phones start penetrating Faraday cages. If people are paranoid about always-listening phones, they'll throw them into Faraday bags at night.
For the person whose history he or she submits. He's saying if he knows your search history, he can find skeletons in your closet.
Re: Why does Microsoft want people to stop talking about Windows?
Surprised a video ad from a seller of actual (physical) windows didn't get wiped and the company suing Microsoft for harming their business by wiping out their ad hits.
"And clothes - people can use them to conceal weapons."
Forget clothes. At this stage, we'll have to ban the human body. Recall that a few years ago someone managed to hide and detonate a bomb concealed...let's just say where the sun don't shine.
Let's face it. We're almost to the point where one person can ruin the world. Which means no government will trust its citizens since just one could be the one that destroys them. The operative phrase is rapidly becoming, "Don't trust anyone."
Re: Founding fathers?
Four words: Ink On A Page...
Re: The law suits...
Because you can't trust the PIN pad not being switched out or otherwise tampered with?
"USB OTG and a memory stick?"
Not an option since using OTG blocks charging, and since using OTG puts additional load on the battery, this is one place where it's NICE to be plugged in, only you can't.
I also insist on removable batteries. Not only is it a safety feature in case the battery becomes faulty or a pull is needed to reset a device, but it allows for aftermarket upgrading if you don't care about bulk like I do.
Compared to an iPhone 6, especially one fully loaded, yes.
Re: Where is Binder?
Binder is part of the base OS. It's the thing that handles what Android calls Intents. The Intents are IPC messages that say you want to do such and such. They're also what prompt you to pick a program to handle things like Market links, SMS messages, and so on unless you set a default. What the article is claiming is that something can hijack the intent chain so as to call up system-level functions and use them to hack the device.
Honest question: Can this hijack occur with just a URI or does it require some kind of app installation to perform?
PS. It may interest you to know that Binder is an inherited thing. It comes from OpenBinder which was in turn originally developed for BeOS (now that brings back memories).
American, given Comcast has no UK presence. The merger is also of American firms.
Point is the camera can detect things not normally visible to the naked eye, and these camera CAN and DO capture infrared since they can see the infrared emitted from remote controls and the like. Removing the IR either takes a filter layer or software post-processing.
The point being that while one biometric can be fooled, if the system can simultaneously check for several different biometrics (check for a pulse, moving eyes in the right color, breath, voiceprinting, et al) as well as create dynamic tests that thwart preimaging (asking for a blink, an answer to a simple generated question, etc), then it should be possible to take "faking it" past the practical limit for most adversaries. And you might be able to deal with the gun-to-the-head scenario (which will exist regardless) with a duress sequence: one that not only alerts authorities but also releases traceable dummy data, making it seem you're letting them in.
That's one reason I suggested checking both for image and for infrared pulse (something phone cams can already do). Two simultaneous checks which when combined can be trickier to defeat. Since humans can't see infrared naturally, you can make it so that it's difficult to fake a face pulse, especially if it's taking a full infrared image that wouldn't be readily fooled by LEDs (which would emit hot spots). Combine this with a motion-based match (make the subject randomly wink or blink or open the mouth--this would stop the photograph--as well as check for the actual pulse to thwart steady-state infrared emitters) and you can get something that has a decent expectation of an actual, live face.
Pretty simple to fake an infrared face pulse while still fooling a selfie cam lock? Kindly demonstrate...
Those same cameras can also detect infrared, which is why camera heart rate monitors work (perhaps not too accurately, but interesting nonetheless). If the face checker also checks for a facial pulse (which a paper mask would likely obstruct), then it would be more difficult to fake.
Re: Not for Fanbois.
"Europe is not so bad if you consider it a nation."
It's still considerably denser than the US. Key cities in Europe tend to be more evenly distributed. The geopolitical structure of Europe not only helps this but also affects the economics of wiring up, since each country only has to deal with its respective areas and don't necessarily have to agree with the neighbors.
I'd be very interested in an Internet distribution map of countries like Canada, China, and Russia (these are single countries comparable to the US in land mass). Based on what I've read so far, though, they too have their faults: particularly lopsidedness.
Re: Not for Fanbois.
"Looking at that the other way around: I live is a city-(non)state far smaller than Illinois though with a goodly fraction of the same population. (It's called London). Why can't I have gigabit networking to my house for UD$20/month?"
Simple. You live in an OLD city. South Korea's infrastructure is pretty modern: its age measured in decades, while good old London has infrastructure dating back centuries (yes, some of it got bombed and subject to fires, but a lot of the stuff, especially underground, survived). And if there's one thing New York and London have in common, it's that it's hard putting up new infrastructure when old stuff's in the way.
Put simply. Infrastructure is much easier to install in a new city (or one forced to rebuild due to war or disaster) than in an old city.
Re: Not for Fanbois.
"Probably relevant: broadband in South Korea is way ahead of the rest of the world."
Probably also relevant: South Korea is SMALL, about the size of the US state of Illinois. Meanwhile, Japan's about the size of California. Geography matters when it comes to wiring up: the smaller, the easier. Not to mention the US has tons of rural area between its two coasts. Between that, the mountains, big rivers, etc. I'd call it a small miracle we can do high-speed links from coast to coast. Know any other nation comparable in size to the US that's doing better across the board?
As a number of exploits recently have shown, this trust issue is not limited to proprietary software, since we as humans lack the ability to be eternally vigilant in everything we do; otherwise, we'd never trust anyone and nothing would get done. Makes you wonder if you wake up tomorrow and realize you and everyone else in the world is essentially living under the Sword of Damocles.
Re: What would happen if
It's probably also SSL/TLS encrypted and uses the same channels as the update system, meaning breaking the spyware also breaks your update system, leaving you open to malware attack.
Kinda like the only way to keep your home safe from intruders is to keep a vicious human-aggressive dog on the premises. Keeps the intruders away, yes, but also likely to bite you, and it's not like you have much in the way of alternatives. The ruffians are already notorious for kicking doors and bashing windows, and the ones that still resist, they torch.
Re: What Freaks Me Out...
Using them for everything won't work. The state has the resources to keep a quantum computer in a black project, store everything since the advent of the PC, and probably even be working on a way to break lattice and other post-quantum encryption. And you can't stop them OR convince them to stop since EVERY state and state leader behaves like Damocles: as if under perpetual existential threat. Under such an environment, NOTHING is taboo since the one that can destroy you can come from ANYWHERE at ANYTIME.
Re: 2-part security?
How does remote wipe work if the phone is kept in a Faraday bag and only removed when in a Faraday cage?
Re: Almost did to me...
Maybe not Red Bull, but in the US there have been some cases where a caffeine/alcohol combination was at least partially to blame for a number of deaths: mostly from the consumption of Jagerbombs or those tall cans of alcohol+caffeine like Four Loko. They knew it was a factor because the conflicting buzzes meant the body couldn't warn the drinker they were overdoing it. Hard to deal with the Jagerbombs since they're mixed on site, but they basically told the Four Loko and the like to ease up on the caffeine so that drinkers can at least get some kind of warning buzz.
"Reg I was expecting better. Stop emulating the daily mail and consider presenting facts sometimes."
Hey, it pulled you to the article. Tabloid headlines are like that for a purpose: human nature draws us to extremes. It's called "sensationalism." The mundane "Red Bull Sued for False Advertising" simply wouldn't draw as many clicks.
It goes to the whole "Truth in Advertising" business. The thing is, what one would perceive as ridiculous, another would consider factual (like the time someone managed to amass enough Pepsi Points coupons to afford, according to the promotional ad, a Harrier jet—the case was thrown out, BTW). That's why I don't like ad laws as they are and would prefer them to be restricted to absolute truth, or as close to it as possible (I would equate it as a case before the public and subject to the same restrictions as a court witness: the truth, the whole truth, and nothing but the truth). For example, absolutely no hyperbole or unverifiable claims and all advertised effects listed in their most conservative. Preferably, all testimonials should be voluntary and unpaid, and though I cannot think of the exact means, some way should be made to force professional endorsements to have serious backing.
How well do dictionary attacks do against passphrases containing more than 2 words? Each one multiplies the potential complexity by the size of the dictionary. Six words and a million-word dictionary, assuming no semantics, results in (10^9)^6, or 10^54 possible phrases, and if even one of those words is intentionally misspelled...
Re: password hashing
If you have to go that far, why not just use a password keeper and let it generate completely random passwords for each site, taking into account each site's eccentricities? That way you only have to recall one passphrase to open this keep (which you can store locally) which you can make as long and convoluted as you please.
I recall it once termed "memory theater". The problem is that it's meant to recall things in a particular order. That's why you "walk through" your loci mnemonic. Trouble is that, in modern life, things are much more random. You may be asked to recall the 57th password you memorized one day and the 124th one the next, with the 89th demanded after dinner for good measure. So having to walk through your mnemonic to recall something out of order can be time-consuming and prone to mistakes.
Plus, consider the NUMBER of passwords we have to go through each day. I'm pretty sure these phrases run into the point where you have to wonder which mnemonic you used for which site. "Now did I use Mary Had a Little Lamb or Little Jack Horner? Or was it actually Simple Simon?" I'd like to see an effective mnemonic for remembering the credentials for hundreds of arbitrary websites.
Re: Be careful what you wish for...
Which would you rather have? The corrupt King Cobras or the relentless Army Ants? You're dead either way. Even if we tried to make our own mesh, that would take electricity, which means we're beholden to the power companies.
Re: Time to reinvent the wheel...
But cash CAN be stolen...or counterfeited...
Re: "...a skilled hacker will alway get in..."
"1) Fire the employees?
2) Reassign them to non-driving jobs?
3) Train them to drive better?
4) Put bigger bumpers on the vehicles?"
You can't do (1) because they're probably in positions of trust. Fire them and you run the very real risk of retaliatory sabotage, and their position of trust means they can leave secret backdoors in their wake. (2)'s out because they're not stupid. ANY kind of relegation may as well equate to a firing. And they may not be willing to undergo (3). So what happens when you're caught between Scylla and Charybdis: caught with an employee already in a position of trust but now found to not be trustworthy?
"Yes, I'm saying Schneier is wrong on this, and that puts me on the wrong side of a lot of people. But I feel he is. Can we make something 100% "secure"? Probably not. But we always need to try. And we can't take the totally full-a**ed attempts we've been making at something pathetically called "security" and say, "See? It doesn't work!"."
But what happens when the openings come from UP TOP? Plus how do we convince people to care when they'd rather put their effort into deflecting the damage, a la a professional slacker?
I'd hate to be the one to enforce a no-Apple policy when the board uses iPads...
Re: Simple solution @Psyx
"Can they publish a story about not being able to publish a story about not being able to publish a story about X, or is the law recursive?"
I think the law is rather all-encompassing. It prohibits MENTIONING that you can't mention the banned item, meaning any form of recursion is already covered because you have to mention that you can't mention the banned item in order to mention that you can't mention that you can't mention the banned item.
Re: "Court orders received - even if that number is zero."
The requirement ALSO states it must be broad enough that no reasonable conclusion can be drawn from the range. IOW, your range is too specific. They're looking for something more like "between zero and ten million" on the grounds that the mere disclosure of that exact number can tip off criminals.
Re: If you're reading this....
What if they compel you to lie and order you to "not adjust your 'If you're reading this...' in any way"?
Re: Both correct
But as Tim noted, security is computationally-intensive, and recall what the top of the line was in 1990: the 80486, about as big a leap FROM the 6502 as it is TO today's tech. And if this was top end, imagine what else was still in use. Now imagine always-on security in such a world...
As for secure communications, you hit a snag when you have the competing needs of secure communications and efficient communications. Efficiency necessarily leaves telltale trails that can be analyzed (so it's easy to trace something like a video stream since it's time-sensitive) while secure communications necessarily introduces false trails or "chaff" that cost bandwidth and in turn electricity (that's one reason why Freenet's so slow). Plus there's still the matter of subverting endpoints outside the secure network, a practically-intractable problem as long as computers are available to the public. Furthermore, the average user can't be trusted to be perfectly vigilant, which leaves plenty of other openings and instances of being locked out.
Bet the next step will be making alarms too inconvenient by finding ways to "invisibly" trip repeated false alarms all over the place. Alarms won't be able to do much when they cry wolf all the time.
Then how do you UPDATE them when exploits appear, which they ALWAYS will no matter which OS you use (remember, some of the nastiest bugs have been on UNIX-based systems)? Being forced to replace the hardware can be too costly, for example, and perhaps too labor-intensive depending on how it's built.
Re: "32-bit Windows-powered ATM"
"I think I'd rather have no network connection and out of date AV signatures. One less way in for thieves."
Unfortunately, ATMs REQUIRE some form of callback access; otherwise, they can't link back to the banks to verify transactions. That's why ALL ATM's require at least a telephone line.
Re: Epic misunderstanding of email there...
To a point, you are correct. However, the recipient's credentials can be sniffed since POP3 is normally a cleartext connection that requires a login. That's why most ISPs are adding in the STARTTLS extension which allows for transitioning to a secured connection before authentication occurs.
No, more like the flu. You can try to wipe it out but it adapts too quickly. You say UNIX and Win7 are pretty secure...until someone combines a toehold exploit with a privilege escalation and BOOM, you're dead meat again. The thing about this security business is you have to be lucky all the time, they only have to be lucky once. And they have millions of targets (and growing) to choose from.
Perhaps, but by most accounts that better describes a Trojan Horse (a malicious payload disguised as a legit program but not a legit program in and of itself). For it to be a virus, it has to piggyback on a legitimate third-party program or medium the way the flu does.
Re: Spotting the problem is easy.
"So what other solutions are there? Altruistic approaches don't scale beyond small communities as they violate the basics of human nature, communism is far too prone to mismanagement and corruption. Labor-driven free-market economics may be an ultimately self-destructive approach, and require the unhealthy habits of consumerism to function in an age of automation, but it seems to be the only one we have."
What about the unspeakable admission that there are simply too many people for the system to maintain itself and that what's needed is some degree of population reduction?
Re: It's TPTB fault, including the Banksters and the Vatican cult(s).
"This stinking vile mess needs to be demolish ASAP and replaced by something simpler without gangster middlemens' 'help', based on genuine value."
We once did, but the middlemen are like roaches: they keep coming back. No matter how much you try to remove or outlaw them, they'll weasel their way back in. It's part of the human condition; somewhere along the line, someone's gonna cheat...AND get away with it.
Re: Excellent article
"Once a way of producing cheap (relatively) safe energy is discovered, we really won't have any reasonable excuses for consumerism."
Not quite. We'll also need better ways to harness that energy. Converting it to compact and portable petrochemical fuel is a start, but what's needed beyond ubiquitous energy is, as another commenter put it, something approaching the Star Trek replicator: a means of converting energy into arbitrary forms of matter. Or perhaps a lesser stretch, through the use of energy, transforming ubiquitous but not-so-useful matter into not-so-ubiquitous but more-useful matter.
"So far as I can tell - and im in no way a communist, certainly left of center but no ones brother, comrade - the USSR collapsed due to corruption more than anything else, corruption of the founding ideas and global petty corruption on a day to day level."
But that corruption points to a fundamental human condition which makes the Utopia unachievable. Quite simply, humans are animals, and at our basest level, animals will seek to find a way to get a leg up on our fellow man. Why? The ones at the top get to spread the most genes; IOW, it's reproductive and survival instinct so ingrained as to be nigh impossible to root out. I think Karl Marx and Friedrich Engels underestimated our ability to control instinct. We'll band together against threat, as we should which is why you see tremendous organization in war, and threat is what led to the Bolshevik Revolution, not to mention the French and American Revolutions, but in peacetime, it's back to me vs. you at some level. And this conflict will reach across the spectrum, from sibling rivalry to neighborhood spats to community disagreements all the way up to backroom deals, backstabbing, wheeling and dealing at the highest levels of government.
Re: No Solution
"I agree completely with your article but the bit at the end is missing; the solution to the woes that you have pointed out."
Perhaps the lack of a solution points to the real problem behind the problem: the average human seems to lack that critical ability to think beyond tomorrow, either due to stress or due to gross stupidity. Either way, the point becomes, "Why worry about five years when we won't see past tomorrow?"
And that manifests in our growing inability to trust outsiders. It's rapidly becoming a race to full DTA mode. We can't trust private enterprise and the capitalistic model because there's disincentive to think long-term (as I noted earlier, no business can survive on a one-and-done). But the only other institute capable of a long-term solution, the state, isn't trusted either since its very existence (and the stability it provides) rapidly results in cronyism and corruption, undermining the very goals we seek from them. So if you can't trust others, you can't trust the state, and you lack the means to do it yourself, who's left?
- Crawling from the Wreckage Want a more fuel efficient car? Then redesign it – here's how
- Apple SILENCES Bose, YANKS headphones from stores
- Flesh-flapping, image-zapping app Snapchat NOW ad-wrapped
- Vid NASA eyeballs SOLAR HEAT BOMBS, MINI-TORNADOES and NANOFLARES on Sun
- TV Review Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots