* Posts by Charles 9

7445 posts • joined 10 Jun 2009

Video service Binge On 'broke the internet' but 99pc of users love it

Charles 9
Silver badge

Re: Mr O still doesn't understand net neutrality

"It doesn't matter that, in the short term, consumers like the product. In the long term it's against their interests."

But as the comedian once said, you can't fix stupid.

2
0
Charles 9
Silver badge

Re: Politically correct

Ever heard of the Offhand Backhand? PC just means haters couch their language and listeners pick up on it. That which we call an N-word by any other name would sting as bad and so on...

1
1
Charles 9
Silver badge

Re: Statistical FAIL

I thought critics were MORE likely to complain and answer these things with 1's.

3
1

Half! a! billion! Yahoo! email! accounts! raided! by! 'state! hackers!'

Charles 9
Silver badge

Re: Another posthumous compliment for yahoo

Thing is, the deal wasn't CLOSED yet (the deal been declared but not tendered), so by doing this now they've practically torpedoed the deal, as Verizon IINM is still in a position to back out. Because both companies are public, the deal also has to be cleared by the SEC as well. Indeed, withholding the breach for as long as this could run afoul of disclosure and fiduciary duty laws.

0
0
Charles 9
Silver badge

Re: Dilemma

But then you just pwn the GATE. Or just end-run around it and find a way to attack a kernel-level process, if not the kernel itself.

0
0
Charles 9
Silver badge

Re: Dilemma

The trouble is that it's a dilemma. With the first, you MAY have a crack team running the place...or you could have a bunch of idiots who couldn't be asked to fix a breach on a weekend. With the second, when something happens, you can nip on down yourself and work on it...if you have the time and wherewithal to do it.

As for limiting scope, guess what's one of the hottest things in the exploit trade? Privilege escalation. With them, it doesn't matter how limited the entry point is, it becomes like the proverbial foot in the door: all they need to bust the pinata wide open no matter how hard you set things up. Use a VM? Red Pill. Separated machines? Gather credentials then traverse the intranet. Quite simply, if there's a door, someone can kick it down, and because physical presence is not required unlike your front door, everyone's going to come knocking eventually.

I frankly think this'll come to a head and start asking existential questions about the Internet: questions about whether or not we need to start over using a whole different model of statefulness and (dis)trust. Kinda like how open season eventually gives way to necessary regulation.

4
0

IPv4 apocalypse means we just can't measure the internet any more

Charles 9
Silver badge

Re: NAT and firewalling and stuff

"What about carrier-grade NAT? It's trivial to STUN through it. I've done it regularly. And both ends are frequently NATted when you're using STUN. This is an everyday occurrence. Your objection makes as much sense as someone saying "Oh? And what about if someone's using 110V to power their PC?"; it's a total irrelevance."

Not as trivial as you think (especially if one end is multiple-NATted such would be the case with a CGN), plus there's performance penalties. It's all noted in RFC 7021: "Assessing the Impact of Carrier-Grade NAT on Network Applications".

0
0
Charles 9
Silver badge

Re: NAT and firewalling and stuff

"Perhaps you'd like to provide a reference for that statement, since it's never been true to my recollection."

OK.

"Despite its origination in the IETF, many in the Internet's standard-setting community have criticized increased NAT usage because it violates the end-to-end architectural philosophy which has underpinned the Internet (and precursor networks) since its inception. Internet engineers first articulated this philosophy in the mid-1980s and later formalized this Internet principle in the IAB's "Architectural Principles of the Internet" document."

Protocol Politics: The Globalization of Internet Governance, Laura DeNardis, p157-8

So like I said, end-to-end accessibility is part of the fundamental nature of the Internet, which NAT violates in one-to-many mode. NAT66 and other one-to-one NATs are fine, however, because they still allow endpoints the ability to be accessed at their discretion (and perhaps that's the thing we need to consider--granting the ability but expecting the responsibility to say no, much like allowing people the vote even if they (like dumb Internet devices) may be too stupid to use it properly).

0
0
Charles 9
Silver badge

Re: NAT and firewalling and stuff

"Well, if their games were to want to support it, they could also STUN their way through, just the same as we telephony types do. But that would mean that the gamers wouldn't need the games comany's services, and that means a reduction in revenue. Guess why those games don't support it..."

Guess why many PC games DO support it? Because many PC gamers are savvy and know company support disappears after a while but user support lasts as long as there are fans for the game, which is why they insist on systems that allow for user-run dedicated servers. Otherwise, players don't buy the game at all, leaving the sellers in a quandry: 50% of something or 100% of nothing?

"No, I don't think that's true. Any internet is a "network of networks"; the interaction between those networks is at the discretion of the network owners, not the endpoints."

Not AN internet. THE Internet (proper noun), and yes that was one of the basic goals: to be able to connect anyone to anyone. NAT (especially at the carrier level) breaks that promise. If you don't feel this is the case, perhaps one should produce a new Internet (proper noun again) based o DIStrust instead.

"We all know that IPv6 doesn't require NAT in the way that IPv4 now does; but the opposition to people using it if they want to is simply irrational. It solves a problem for some people, and doesn't impinge upon anyone else except those that believe they have a right to unfettered access to everyone else's devices."

Oh? What about carrier-grade NAT? That's definitely NOT the user's choice and prevents the user from choosing to be visible because it's hard to STUN or otherwise route through a carrier-grade NAT, and doubly so if BOTH ends are NAT-ed.

0
0

I want to remotely disable Londoners' cars, says Met's top cop

Charles 9
Silver badge

Re: Plod Technique ... Open Mouth First, Then Think

"His type is why I carry a small squeezy bottle of Chinese chilli oil - the darker the better! Works wonders in focusing people's attentions."

Oh? What if the person you're talking to is accustomed to chili oil...or so plastered as to no longer feel pain?

0
0
Charles 9
Silver badge

Re: Helicopter & Electromagnet

One word: UNDERPASSES.

0
1

Windows 10 backlash: Which? demands compo for forced upgrades

Charles 9
Silver badge

Re: Damage is done

"I would say Valve *is* convincing developers to support Linux, they recommend and support Vulkan ahead of DX12, put funds into the Khronos group and sponsor tools such as Lunar, present a lot of info at GDC and the like."

And they've been at it for years, and what have they to show for it? Most games coming out, be they indie, small-studio, or big-name, are Windows-ONLY. They've had plenty of time to push SteamOS, and they could've always provided migration tools, WINE layers for older games, and discount incentives, and so on. Why haven't they have anything really significant to show for it despite all that time?

0
0
Charles 9
Silver badge

Re: Damage is done

I've taken a look at the gamingonlinux.com, and as I suspected, almost all of them are made by indies with little to hold them back. And while most engines these days are multiplat, developers still don't put forth the effort to make the actual games (which are more than just those engines) multiplat. Why is it that not even Valve can convince the major developers or publishers to support Linux? Take EA, for instance. Sure, the Frostbite engine is multiplat, but where's the latest Madden or FIFA or whatever for Linux? It would have to take something serious to make gaming devs take Linux seriously, and so far not even the backlash of Windows 10 is doing that (probably because Win10 is practically a two-fer: developing for Win10 makes developing for the Xbox One a lot easier). And Valve won't help with that since they know which platform has the most Steam installs (not to mention the largest supported library--compare them for yourself). So it's not like we're going to see a major title come to PC but only to Linux; it would be fiscal suicide.

0
1
Charles 9
Silver badge

Re: Damage is done

Assuming they're not already on razor-thin margins or in razor-margin industries where there's no room to spare for testing...

0
1
Charles 9
Silver badge

Re: Damage is done

"Maybe not an "appreciable migration", but there is a continuous trickle, and a slow bleed in the right place can be as bad as an open wound."

You're lucky. Many other businesses are locked in to Windows, not because of Microsoft itself but because their critical, irreplaceable, custom application was built exclusively for Windows by a company that probably went out of business and has no direct replacement; either that or getting a new version would kill the business faster than a crash would.

0
3
Charles 9
Silver badge

Re: Damage is done

"I certainly hope Linux will take some serious market share away from MS and if some serious AAA Vulkan games in Linux could be released then who knows !"

Good Luck. Bethesda (makers of one of the recent AAA's, Fallout 4) went on record swearing off Linux as too difficult to develop because it doesn't have a united user front (IOW, will be Red Hat or Ubuntu or whatever). Not even Valve's SteamOS is making any headway, and for whatever reason WINE (even a self-contained type a la DOOM using DOSBox) isn't even being considered.

0
3
Charles 9
Silver badge

Re: <gets popcorn>

Cutting edge games are among the most difficult to get through WINE, and you can probably forget about DX12 games working on them. As for a VM, that incurs serious performance penalties, not to mention, again, the newer a game is, the less likely it is to be VM-friendly due to the need to get closer to the GPU's metal.

1
1
Charles 9
Silver badge

Re: <gets popcorn>

But too many apps are Windows ONLY, to say nothing of games...

3
6

Zombie Moore's Law shows hardware is eating software

Charles 9
Silver badge

Re: This is not a new trend...

The argument being that you're starting to see similar kinds of software being used all the time. If you have a particular job being done again and again, it becomes practical to push this function into an ASIC to (a) speed up the turnaround on that process, and (b) to offload work so that the CPU can concentrate on more generalized tasks. That's one reason SIMD/vector computing instructions were introduced: to better deal with common math functions that were used in programs of the day. It's recent Intel CPUs include AES-NI: because an increased need for security has pushed the use of AES so much we end up using it all over the place.

0
0
Charles 9
Silver badge

Re: "we’re seeing a migration away from software and into hardware"

"A transistor in a circuit dedicated to video decompression for example sits doing nothing when you are not decompressing video."

But if the times when it's NOT decompressing video (or compositing a UI or whatever task it is dedicated to perform) are few and far between, then odds are you get a net benefit for it. That's part of what's happening now. They're taking a look at what things CPUs have to do all the time and offloading them so that the CPU has more time for more generalized workloads, much like having a specialist for handling particular jobs that happen to come up quite frequently.

0
0

Game over: IANA power-grab block pulled from Congress funding bill

Charles 9
Silver badge

Re: I don't see how that would work

His mother, apparently. Under the Immigration and Nationality Acts in effect at the time of his birth, you can gain jus sanguinis citizenship if you have at least one US Citizen parent who's lived in the US for at least ten years after turning 14. His mother was a citizen, and (last I read) she met the ten-year requirement because she didn't leave for Canada until she was around 28.

0
0
Charles 9
Silver badge

Re: I'm confused...

"Just because something is bad, it does not mean that something opposed to it is good. The world turns out to be complicated and trying to reduce stuff to simple narratives where 'good guys' take out 'bad guys' usually doesn't work very well. The world would be a considerably better place if the general citizenry of most Western democracies realised that."

But of course, the average human (Western or otherwise) is pretty stupid about stuff like that and simply want to see tomorrow (there have been studies mentioned on El Reg about this). You have to take Stupid into consideration. That also explains how the likes of Cruz get into office in the first place.

0
0
Charles 9
Silver badge

Re: I don't see how that would work

The general understanding (supported by SCOTUS decisions) is that the primary condition is that citizenship was granted upon birth. This also implies that no procedure was taken to affirm this (no oath taken like in Naturalization). This happens to be consistent with English Law prior to the US's independence. Only jus soli is explicitly mentioned in the Constitution via the 14th Amendment (and reinforced in US v. Wong Kim Ark, 1898). Since jus sanguinis is neither allowed nor disallowed, under Article I, Section 8, it's left to Congress to clarify, which is does with the Immigration and Nationality Acts, amended over the years (and no document other than the Constitution itself can make the call for them, as Article VI explicitly states the Constitution stands alone as ultimate authority in the US).

0
0
Charles 9
Silver badge

Re: I'm confused...

"Until you manage to clear out all of the lobbyists, power-brokers, and pork-barrelling that is so prevalent in the US political scene, I think you should avoid calling other institutions "corrupt"."

And that'll never happen.

1) It's impossible to remove lobbyists completely. Even if you take the money angle out, there's still the "nice cushy job after you leave" angle as well as other, non-monetary, post-position influences that are pretty much protected on First Amendment grounds, as well as influence from actual constituents who can't be blocked without interfering with their primary duties. Finally, there's the family angle. How do you block lobbyists if they're spouses, who MUST be able to talk in order to raise their families?

2) Politics is a power magnet; it simply comes with the territory. And as long as there's power, there WILL be power brokers due to the human condition.

3) As for pork-barrelling, recent Congressional experience has demonstrated it to be a necessary evil. Part of the reason for the "Do Nothing" Congress' reputation is that they voluntarily limited themselves in the name of ethics but found their hands tied when it came to big bills. Smaller representatives basically have nothing to lose with voting against the grain because the communities they represent are too insular for greater politics to affect them. You need something close to home to sway them, and that means give-and-take, and the only things that will influence them enough is pork-barrel projects. In other words, pork is pretty much the only thing that can "grease" smaller representatives into getting on board broader projects that need their vote to pass.

So in the end, if you want a better government, you're going to need a better HUMAN first.

0
0
Charles 9
Silver badge

Re: The irony

"I've commented in the other thread about the fact that those most critical of ICANN have vested interests. Most people who've actually dealt with ICANN are perfectly happy, except for people whose particular get-rich-quick-with-DNS scheme was knocked back."

ORLY?

0
0
Charles 9
Silver badge

But the incumbent can influence things to squelch challengers. Plus, the idea is that it shouldn't come to re-election. Politicians should be held to extremely high standards of ethics and conduct. For example, not being allowed to lie would be a nice start.

3
0

Not enough personality: Google Now becomes Google Not Anymore

Charles 9
Silver badge

Re: A childhood? WTF!

I don't think it was ever sold. I had it for years until it was disabled: the function being integrated into the Google Search app instead (with a couple widgets available to take their place). Problem is unlike the old widget, I can't find a Music Search history, so I endup up back at SoundHound.

0
0
Charles 9
Silver badge

Re: Somebody will teach it to be racist

Sure it can, if its subject matter is racist. An opinion can be racist even after the speaker changes his/her mind (or dies).

0
0
Charles 9
Silver badge

Re: being able to programatically shut it off

You'd be better of legally contracting for a customized phone so you can disable that kind of stuff at low level. Otherwise, Google Play Services will always hold the final call, which can be problematic in the face of Doctor/Patient Confidentiality laws.

0
0
Charles 9
Silver badge

Re: A childhood? WTF!

Except SHAZAM has an interest in limiting access to its services to human eyeballs. And since neither Siri nor Cortana have comprehensively passed a Turing Test, there WILL be ways to tell them apart, meaning it will NOT have access to everything willy-nilly to answer the question transparently for you. An assistant can't well do its job if the sign on the door clearly reads "NO PROXIES."

0
0

Malware figures out it's running on VMs and refuses to execute

Charles 9
Silver badge

That would be something if malware will only infect if it detects another malware in the system, at the risk of missing pristine systems.

0
0
Charles 9
Silver badge

Re: So..

Lower risk, yes, but higher reward as well, so there will be blokes out there trying to escape the honeypots.

0
0
Charles 9
Silver badge

Re: So..

But each program you're forced to add in raises the threat envelope, because each app could itself become a vector, raising the chance the VM can jump the tracks and get pwned in a way the researcher doesn't detect, even to the point of possible hyperjacking (Red Pill attack).

0
0
Charles 9
Silver badge

Re: Hide, hide, hide ...

And that's only because the malware doesn't have a Red Pill payload: one specifically designed to be run in a VM to break out and attack the hypervisor...

3
0

Valid logins to your workplace are on the net, right now

Charles 9
Silver badge

Re: The IT Security counterpart of the Central Banking mentality.

"Once the penalties for leaking PII are reset to sane (ie,. expensive) levels, and a few companies have gone down in flames after a BEC or other financial fraud, the calculation will shift and more orgs will be motivated to do it properly - or at least try to."

It'll probably prove cheaper to bribe the governments that set the regulations when that happens...

1
0

Self-stocking internet fridge faces a delivery come down

Charles 9
Silver badge

Re: Self what!!

Oh? What about war casualties or those born with bad legs?

0
0
Charles 9
Silver badge

Re: Wait.. What?!

Hmm, considering that these pipes would have to accommodate some 350 million people, then these look about right.

0
0

Samsung’s consumer IoT vision – stupid, desperate, creepy

Charles 9
Silver badge

Re: Brainstorming here....

What about people with FAULTY eyeballs? Or bad memories? AND no help? Just because YOU have a fully-functioning human system doesn't mean everyone else does. Or are you saying we should take the Spartan route with them?

0
0

New Gnome emerges blinking into the sunlight

Charles 9
Silver badge

"No, my point is that you must always make sure you don't run software from untrustworthy sources."

And MY point is, "I'm with stupid." As long as you have to deal with stupid, you WILL have to deal with people running things from untrustworthy sources. Make people jump through hoops and people start finding ways around the hoops; it's human nature.

If you don't take stupid into consideration (because as the comedian said, you can't fix stupid), you're doing it wrong.

5
0
Charles 9
Silver badge

"They even believe unlogical things, like that you can trust on sandboxes and therefore run malware inside of them."

I thought the idea behind sandboxes WAS that if malware tried to run it would be contained. Or are you saying as long as malware exists, SOME malware will ALWAYS find a way to escape the sandbox?

1
0

Samsung intros super-speedy consumer SSDs, 'fastest M.2s ever'

Charles 9
Silver badge

Re: Lovely for a micro server

M.2 supports NVMe. The article IIRC notes they use the four-lane PCIe v.3 configuration.

0
0
Charles 9
Silver badge

Re: I want to get WORMs when my spinning disks die.

High bit-per-cell drives are meant for WORM-like usage: call it WIRE usage: write infrequently, read extensively. You still need to worry about bit rot (provision error codes or similar) and controller failure (sudden catastrophic filure, have a duplicate)

2
0

EyePhones packing Iris-scanning authentication to go mainstream

Charles 9
Silver badge

My question is how it will be able to tell the difference between a real iris and a duplicate designed to fool it (even fiction has done this).

0
0

Victoria Police warn of malware-laden USB sticks in letterboxes

Charles 9
Silver badge

Re: If something is free...

"The Church is one of the wealthiest organisations, that has a massive property portfolio and pays no tax."

I said SMALL churches. These usually don't have much of the backing of Rome and have to operate out of THEIR OWN pockets.

And explain people like the late Saint Theresa.

4
1
Charles 9
Silver badge

Re: Live Linux?

"Raspberry Pi running from write-protected SD-card."

Known hardware. Would probably find a way to pwn the SoC and find firmware to overwrite from there. Plus there's no guarantee the evil device doesn't include an internal whispernet adapter that means it can link up simply by plugging in.

1
2
Charles 9
Silver badge

Re: What size?

"A really malicious device subverts the BIOS. So do the initial usb wipe on a machine you can afford to lose. And then wipe your BIOS."

Unless, of course, BadUSB prevents you from doing so. Plus if it manages to get onto a system and find a way to root it or whatever, it may go on to silently infect other firmware it could find (like drive controllers) and infect them one-way, to the point not even nuking from orbit can be sure.

4
1
Charles 9
Silver badge

Re: The urge to execute arbitrary code is growing stronger...

So what are you going to do? Go back to the Sears catalog? Oh, that's right. The State is now savvy enough to pose as Sears. Back to horse and manure piles and life expectancies under 60?

1
1

AT&T tries broadband over power lines again

Charles 9
Silver badge

Re: And another thing...

They'll do it at the transformer points, then, which you've admitted are ABOVE ground.

0
0
Charles 9
Silver badge

Re: Missed by this much!

Still, you have to wonder if trying this surface wave thing at the GHz range can cause resonance or other interference to filter back down into the MHz range. El Reg, after all, is full of complaints by amateur radio operators after earlier BPL attempts were introduced, and many of them weren't even that close to the units in use.

0
0

Lethal 4-hour-erection-causing spiders spill out of bunch of ASDA bananas

Charles 9
Silver badge

Re: Typical Asda

Oh? I thought the Brazilian wandering spider WAS the most venomous spider out there, with the Australian funnel web at #2.

0
0

Forums