* Posts by Charles 9

8256 posts • joined 10 Jun 2009

Thanks, IoT vendors: your slack attitude will get regulators moving

Charles 9
Silver badge

Re: National regulation won't do a damned thing.

"If just a few big, rich states move, the other will be forced to follow. It the US or the EU set regulations, they are too rich markets to stay away from with non-compliant products."

But China has pressure it can apply, too, and it's on the OTHER side of the line. Think Prohibition when smuggling became such a lucrative game. What's to stop China finding ways to go AROUND any regulation you can whip up, hiding behind their own sovereignty (and their nukes)?

0
1

Basic income after automation? That’s not how capitalism works

Charles 9
Silver badge

Re: Retirement of boomers in economy

"Contrary to what most of the press has been spouting, we won't need millions of more workers to take care of the consumption habits of the retirees."

Not saying you do. In fact, the problem behind the problem is that it's difficult to correct a severe population imbalance without consequences. First world populations waxing elderly (which also puts political pressure: seniors are consistently the most active voters). China heavily male, and so on. Best I see it, this can't help but get ugly at some point because, in spite of imbalance, none of the imbalanced side are going to be willing to step aside.

"What Japan needs to do is implement a UBI so that employers can't threaten peoples survival with 80hr workweeks or no job and no money."

Only one problem. Who PAYS for it that isn't going to just up and leave the moment you try?

"What has actually happened is that China has finally taken most of the manufacturing jobs, and if they haven't then automation probably has. Governments are afraid of increasing the debt. The whole cycle has started breaking down because the people that actually want to buy what is being produced don't have a job to pay for it."

Which then raises a real specter. What happens when NO ONE is able to pay for the stuff and the people with all the money, realizing the game is up, have gone into their walled gardens to cater exclusively to each other?

0
0
Charles 9
Silver badge

Re: Negative interest rates? That's not how capitalism works.

Either storage or spoilage, as now you have a surplus.

0
0
Charles 9
Silver badge

Re: Slight problem

"the logical conclusion of this is two very rich people owning half the factories each and only having each other to sell to."

You say that as if it's a bad thing, but perhaps these two (or say, four or five) may well be content with the walled garden if the proles are kept out. Or they could just fight winner takes all, after which no competition means the winner no longer has to share or divvy.

0
2
Charles 9
Silver badge

Re: automation has always been difficult

"When lots of jobs go and there is not enough to go around society will have decide how to progress, it is helpful to have looked at possible choices ahead of time and discussed how they could be implemented rather than sticking your head in the sand and saying that the current capitalist system is perfect and nothing will change is at best a waste of time at worst a distraction."

The reason everyone's sticking their heads in the sand is because all the analyses point to an unpleasant fact (unpleasant because it will involve people dying, which automatically means it could be THEM): the planet is overpopulated, and the problem will only get worse as more people get hopelessly idled. Soon you're going to have a Cold Equations situation where, no matter how you slice it, there won't be enough to go around; people will have to go, and that never sits well, especially when they're voters.

Or to put it another way: Ten people stranded in the middle of an arid, barren desert, and there's only one bottle of water. Solve.

1
1
Charles 9
Silver badge

Re: Errrm

"Shirley you're joking. "Electrolux is the fourth largest household appliance company worldwide based on its sales in 2013.""

No, because I'm speaking from an American perspective, and over here the dominant names in vacuum cleaning are Hoover, Eureka, and Oreck. Except for the last who tends to cater to the hospitality industry (who can in turn pay the money and apply the pressure), those names aren't really associated with machines that last for generations. Finding either Kirby or Electrolux anywhere in America tends to call for specialty shops that can be difficult to locate. Trust me; I looked.

0
0

Today the web was broken by countless hacked devices – your 60-second summary

Charles 9
Silver badge

Won't work. Many of them are either shameless ("And Proud of It!") or ephemeral ("Are you taking about that company that disappeared last week?").

1
1
Charles 9
Silver badge

Re: Education

You're talking people who wouldn't know how to program a VTR back in the day. Five words: Good Luck...You'll Need It.

0
0
Charles 9
Silver badge

And ways around them, too, like false flagging and knocking off.

0
0
Charles 9
Silver badge

Re: persuading

Or they could retaliate with sanctions or suits at the trade court.

0
0
Charles 9
Silver badge

Re: A few points

But Joe Stupid can't tell the difference between one legally offered for sale and one ILlegally offered. They don't know enough to beware and never will. Remember car boot laptop sales?

0
0
Charles 9
Silver badge

You Can't REQUIRE a sovereign nation like China to do anything without a treaty. That's part of the definition of sovereignty.

0
0
Charles 9
Silver badge

Re: Home Router Traffic

China ships directly to you, AROUND standards. How do you stop that without a bureaucratic nightmare?

0
0
Charles 9
Silver badge

"If you want an alternative analogy, consider a contagious disease - of humans or animals. If the disease is sufficiently dangerous TPTB usually have sufficient powers to ensure that humans are isolated and animals destroyed. It's draconian but essential for the wider community."

But what if the disease is encouraged by a foreign power because it (a) helps to cull their own excesses or (b) some of them are immune, and they don't care about the rest? If everyone but them dies, THEY WIN.

That's the situation now. Most of this stuff is made in China, and China is noted to be competitive if not hostile to the west, at least economically. In this light, they could care less if the devices are being pwned. Indeed, THEY may be doing the pwning as covert warfare. Meanwhile, they're using channels that are hard to control (alibaba and the rest), AND they can be testy. Not to mention they have nukes AND an Eastern mentality (more accepting of MAD). As the saying goes, it's complicated, and Darwin favors THEM right now. Your move.

1
1
Charles 9
Silver badge

Re: Too simple solution?

"Stupid is the problem. If the punter is too stupid it has to be their problem rather someone else's. I'm a biologist by training. I see no problem in applying Darwinian selection to the IoT.

How about "Here's your device, there's the password. We have no copy of it. Looking after it is your responsibility.""

Problem is, Darwinism doesn't jive well with civilized society since it smacks of throwing people to the wolves. Thus attitudes about capital punishment, eugenics, and unwilling euthanasia in its various forms (illness, population, age limits, whatever). There's a reason "Social Darwinism" is considered a dirty word.

0
1
Charles 9
Silver badge

Re: no internet

But then what happens when the reply is, "But that's not my house. Ask the police." and shows them a picture of THEIR interior, which doesn't match?

1
0
Charles 9
Silver badge

Re: Education

"Then, once you've sold a few million to grateful end-users who have been frustrated by the quality of routers mandated by bottom-feeding ISPs, cash in the company and move house."

And WHEN (not IF) your Kickstarter fails because all you're hearing are "squeaky wheels" and the average Internet-goer really doesn't give a soaring screw about what their stuff does, they just wanna go online, thank you, and many of them don't own or drive cars so won't get the driver's license analogy, either?

2
1
Charles 9
Silver badge

Re: Capt. Hindsight

"If it isn't, heard of a reset button?"

Uh...no.

What now?

1
0
Charles 9
Silver badge

Re: Too simple solution?

Yes, too simple. People will lock themselves out and your help desk gets hammered. You have to take Stupid into consideration.

2
0
Charles 9
Silver badge

Re: no internet

"Well I'M sorry, but if do not remove this false claim immediately, I'll assume you're denying me service under illegal pretense, in which case you'll NEXT be hearing from my attorney."

THAT'S why they don't do it now. They risk getting thrown in court if they're wrong.

1
0
Charles 9
Silver badge

Re: ISP - do they have the tools...

Not really. Each individual contribution is not that big, so it's a form of "smurfing." It's only when taken as a whole that they're formidable. Like army ants and killer bees.

1
0
Charles 9
Silver badge

Re: Maybe a sledgehammer approach is needed?

There's also the matter of the manufacturer disappearing in the night, making it impossible to seek compensation.

2
0
Charles 9
Silver badge

Re: Education

"Your router definitely should have these features. If you can't find the controls for them, get a new router. If you can't get a new router, get a new ISP. If you can't get a new ISP, move house."

And if you can't move house?

2
0
Charles 9
Silver badge

"All IoT devices MUST have open source software, must be update-able over the network, and perform the update from secure servers, look for updates on a weekly basis. All above and future problems solved. Don't adhere to this, don't get a license from FCC, EU etc"

The devices come from China and are imported direct. Who gives a damn? As for the update mechanism, they'll just hijack it and pwn it THAT way.

2
1
Charles 9
Silver badge

Re: The blacklist of things

Then what happens when innocent users SUE for the collateral damage of them not being able to go on the Internet for no fault of their own? And no, many of them can't switch ISPs, or those ISPs are blocked, too.

3
0
Charles 9
Silver badge

Re: Doomed to fail

"However, it's a problem that needs solving. There has to be a back-pressure mechanism that sends a "stop" to the ingress point since there is no practical means of ensuring that every piece of equipment in private hands is well behaved. That of itself is not a panacea - and is potentially a new route to DDoS by spoofing the back pressure - and, if you look at the IPv6 gestation period, unlikely to be with us any time soon. It's also not the only issue that needs attention - more privacy, anyone?"

Intractable problem. The ONLY reliable way to manage a network is to introduce ironclad attestation. But that instantly eliminates privacy. What's happening is that the wired world is reaching the "wishbone" point: a point in which the third option is disappearing from the strain exerted from both extremes (in this case, the Anarchy of the current Internet and the Police State of a Stateful Internet). The pressures mean ANY third option quickly slides into one or the other extreme, rapidly NOT becoming a third option. Eventually, the wishbone will break, meaning no third option is possible anymore because it'll IMMEDIATELY gravitate towards one or the other extreme (the "winner"). In which case, only three options will be left: Anarchy, Police State, or Walk Out?

2
0
Charles 9
Silver badge

Except there would be collateral damage. Those targets also have LEGITIMATE business via the web. You'd be doing the DDoS's job for them using that, and the way the IoT botnet works, they use the same legitimate requests we do, so they're camouflaged as well. As for the ISPs, they don't see a lot of traffic individually, and the amount they emit wouldn't probably surpass traffic from a home server running, say, a home camera feed.

3
0
Charles 9
Silver badge

Re: Standards Bodies need notice

""We can't stop them all so we might as well do nothing"."

In this case, it's accurate. It's not worth swatting one angry bee because there are a million more after you. You really DO need an "all or nothing" solution to it or the ones that slip by kill you.

Problem is, sovereignty gets in the way. How can you regulate devices when they can just be shipped direct from companies who don't care?

3
1

What will happen when I'm too old to push? (buttons, that is)

Charles 9
Silver badge

"An Amazon gift card is sufficient. So I can buy paperback novels. Nope, no electronic gizmo needed. When the mega-EMP strike occurs I'll have plenty to read while I starve to death, thank you."

What if it's a FIRE, though? Lot easier to take your library when it's one little device instead of a bookshelf full. And a fire is MUCH more likely than any EMP holocaust (which can BTW be mitigated to a good degree, ask your military).

1
0

Location boffins demo satellite-free navigation

Charles 9
Silver badge

Re: Better to have accurate dead reckoning

"Building devices into the road would also fix the "Australia problem", since as the continent moves, so do the roads and everything built into them :)"

But what about the "New Zealand Problem" where their islands move inconsistently (as in not at the same rates at all points, meaning some masses extend while others contract)?

0
0

Dirty COW explained: Get a moooo-ve on and patch Linux root hole

Charles 9
Silver badge

Re: Routers etc. e tc.

Until you can pwn a million of them all at once and then sic the whole mess army-ant-style at your target, which is precisely what's happening now. An army ant may be tiny, but anyone or anyTHING who disregards a mass of them doesn't live for long.

0
1
Charles 9
Silver badge

Re: There will always be another bug..

"However, for the stuff that's actually in operations and exposed to the net the users are likely to be the only ones who can actually take action, especially if the only possible action is to disconnect it."

Which means it's NOT an option because the average user won't care. And if their ISP cuts them off, they'll say they're being denied service they paid for and the lawyers will get involved.

0
1
Charles 9
Silver badge

Re: There will always be another bug..

"The solution is obvious. Avoid unnecesary complexity, like UEFI."

And if the complexity is NECESSARY? Say for legal reasons (say, being REQUIRED to be able to upgrade the system in case the baseline has an exploit in it)?

2
0
Charles 9
Silver badge

Re: There will always be another bug..

"We need to make manufacturers responsible for any actions of their devices that were not explicitly advertised to the users. Then the manufacturers will start paying attention!"

But what happens when the manufacturers hide behind sovereignty? And lots of things are imported direct to the buyer these days? How will you stem that without seriously hurting the economy?

0
0
Charles 9
Silver badge

Re: There will always be another bug..

"This is why IMO the constant warnings about the "Internet of Things" are spot on. If you want to be secure, only an air gap will truly prevent us ingenious, morally-questionable humans from finding another way around the next patch."

Which is next to useless for something you HAVE to network. So how do you secure something that MUST be networked? And no, Joe Public WILL NOT accept, "You can't" for an answer. They want an answer, toot sweet.

1
5
Charles 9
Silver badge

Re: Root all the android things

And then all the root-aware apps stop functioning, or have you forgotten that's a rising concern in Android apps these days?

0
3
Charles 9
Silver badge

"How can you get the job done when someone has robbed all your tools ?"

With your hands. At least the shed means you can stay out of the rain, which means you can STILL get the job done. Besides, in the digital world, you can't rip silicon out of its housing without taking the entire CPU away, so bad analogy.

Interesting you bring up the 8080 because that clearly demonstrates the mindset back then, and the mindset today (because no one's been able to create something secure-first that can still do the job): the job comes first, security second. If you're in a situation where security is so critical that the world can depend on it (like the US military), then a whole other mindset is needed which is generally incompatible with deadlines.

0
3
Charles 9
Silver badge

"Truth is no software will be relatively secure until processors and hardware subsystems are re-designed from the ground up with security coming first in the mind of the architects. It's an afterthought to performance and convenience."

For good reason. What good is security if you don't get the bloody job done? A fortress is no good without a way in or out, for example.

11
2
Charles 9
Silver badge

Re: The very definition of technical debt

The problem with formal proofs is that they can ONLY apply in a very narrow set of circumstances. seL4, for example, is ONLY formally proven when no DMA is allowed. But the real world intrudes, and secure code is next to useless if it doesn't let you get the bloody job done, and in the real world, performance matters.

IOW, the worlds where Linux is used are too mercurial for a set of formal parameters to be constructed. Thus, formally proving Linux under all its real-world use cases is likely infeasible.

17
3

Flash reaches the enterprise tipping point

Charles 9
Silver badge

You're missing the point in 2014 when the graph turns downward. That's about the tipping point.

0
0

NSA, GCHQ and even Donald Trump are all after your data

Charles 9
Silver badge

How do you get stuff delivered to you if you lie about your credit card info OR your delivery address? And don't say you buy exclusively brick-and-mortar because more and more things can ONLY be shipped these days.

0
0
Charles 9
Silver badge

"Agreed - but you don't have to make it easy for them on day one. If they have to start initiating the surveillance when they get power then they don't have any prior accumulated data. People then also have a chance to try to avoid the new surveillance."

Problem is they're patient. Whether it's on day one or day one million, they can get to you eventually. Since they can play the long game (or cheat), you have to wonder if it's really worth it in the end.

0
0
Charles 9
Silver badge

"Then embiggen it: write a script which scrapes random texts off the internet, and sends them (via email/Facebook/Twitter/whatever) to random accounts which you have set up for this purpose. The spooks will be drowning in so much noise that they'll never be able to figure out which messages are real."

Or they learn how to sift out the chaff and figure out from other clues which messages are real and which are not (say, only pay attention to messages with common typos or ones that get germane replies). Don't underestimate the power of a State with a lot of resources and the motivation to de-anonymize you.

0
2
Charles 9
Silver badge

Problem is, human ingenuity ensures ANYTHING can be abused, meaning there's no escape.

0
1
Charles 9
Silver badge

Re: No hiding place

Anyplace remote enough to have no connections, wired or not, would still be within view of a satellite or spy plane.

0
1
Charles 9
Silver badge

Re: Minimise your exposure

But what if you're BUYING something? By law, that requires real details to verify your transaction and/or get your delivery.

2
0

Puppet shows its hand: All your software is belong to us

Charles 9
Silver badge

Re: In the future code is going to be managed and deployed by other code

And as I recall, true AI, as in software that can manage and improve itself unprompted, is one of those "it's always 20 years in the future" things.

2
0
Charles 9
Silver badge
Joke

Re: In the future code is going to be managed and deployed by other code

Pardon me, but if their goal is to develop code that manages code, then who develops the code that manages their code that manages the original code, and so on down? And if you develop code that can manage itself (which I don't think you can because of limitations of scope), then you can collapse the whole system back down to the original system and simply let it manage itself with none of the middlemen.

3
0

IoT botnet swells

Charles 9
Silver badge

Re: Govts needs to get a grip on it and now

"Amazon and eBay can be fined if they don't do something about it as they have offices in the UK,"

And how soon would those office CLOSE if the law gets too close?

That's the thing with international companies; they can play sovereignty against you.

0
0
Charles 9
Silver badge

Re: Great. Just great.

"Who owns Amazon, Facebook, Google, eBay, Maplin etc?"

People who could easily end up in someplace like Antigua with no extradition agreements.

"Where are the regulatory offices?"

Where could the corporate headquarters be moved so that these offices can't reach them?

0
0

Forums