* Posts by Charles 9

5021 posts • joined 10 Jun 2009

Infosec bods demo GPU keylogger. Don't tell the NS... oh, wait

Charles 9
Silver badge
FAIL

Re: Remember

There's more than one way to pwn a system (and BTW, recall where the term "rooting" comes from). Does the name "Slapper" ring any bells? How about "Windingo," which is still in the wild today? And let's not forget about "Heartbleed" and "Shellshock".

0
0

That DRM support in Firefox you never asked for? It's here

Charles 9
Silver badge

Re: Barriers to purchase

"Youtube does it now."

EXCEPT, like I said earlier, Internet watchers are more ad-averse. More of them see the ads as a deal-breaker and install ad blockers. That's why things like AdBlock and NoScript are so popular.

As for regional deals, that's because economic models break down when you go international, and for the content providers it means less money in the long run. And since it's their content, it's their rules. If the money doesn't match up, they can always lock it up so no one gets to see it.

0
1
Charles 9
Silver badge

Re: 32-bit first?

There are plenty of other plugins out there besides those three, and many of them are 32-bit-only. So that leaves little choice in the matter.

0
0
Charles 9
Silver badge

Re: Barriers to purchase

The free-to-air stations are paid for by the advertisers (one problem Internet TV has is that its customers are more ad-averse than others). If a show doesn't draw people, it gets cancelled. Many cable networks take a cut from the providers, who in turn charge their subscribers. And the BBC has their television tax. Pirates, as the name imply, simply don't care.

As for the content creators, they're the ones stumping down. Their natural first question will thus be, "Where's the money, sonny?"

5
0

What the BLEEP? BitTorrent's secure messaging app arrives

Charles 9
Silver badge

Indeed, there's a driver called DFMirage which works as a low-level display hook. It can be used in combination with the TightVNC fork to improve host performance. And of course there's always cameras. How does BLEEP intend to defeat stuff like that?

1
0

Mozilla to whack HTTP sites with feature-ban stick

Charles 9
Silver badge

Re: When I can self sign and provide the public key by DNSSEC...

No, it can't be sniffed or they'd be able to break or alter the hash to make it look legitimate. Like with SSH, you need the whole conversation to be sniff-resistant or someone can find a way to inject into the session. IOW, an authenticated connection can't easily stay authenticated if stuff is transmitted in the clear.

0
0
Charles 9
Silver badge

Re: re: bigtimehustler

"I'd rather see an extension to http/https that just provided signed digests of such blobs. The problem is the browser knowing two things:"

I made such a proposal earlier. I say make this an extension of HTTPS itself to request a hash/hashes of a page using current best practice algorithms (and allowing for better ones down the road). For static content, these hashes can be computed when they're uploaded (dynamic content by nature can't be cached anyway). Existing caches can be hashed client-side for a quick transition. Anyway, make the request by HTTPS itself to ensure at least a channel mostly safe from MITM (if this can be intercepted, so can the page itself, meaning you're screwed anyway). If the hash provided by HTTPS matches an existing hash, use the cached copy; otherwise, serve it and update the local copy. Simple enough to implement, I think, and it wouldn't have to interfere with the existing spec since it can work on top of it.

1
0
Charles 9
Silver badge

Re: When I can self sign and provide the public key by DNSSEC...

Dynamically-served data by nature can't be cached anyway. As for static data, perhaps a new convention will be to request a page's hash first (which can be done by a server as a page is uploaded--only needs to be done once per update) to compare against the local copy. If the hashes match, you don't need to get the whole page. If no match or no hash, you just proceed as you normally would.

1
1
Charles 9
Silver badge

Re: Backing the wrong horse

Got any better ideas, then? Guaranteed any other method you can think up can be subverted just as easily by a resourceful adversary. That includes the Web of Trust.

Anyway, we're not thinking in terms of state adversaries but protecting against alteration mid-transmission, as Verizon and the Chinese Cannon have demonstrated.

2
0
Charles 9
Silver badge

Re: why, why, why... what is the point?

"Too bad you could only give reasons why a website that you're handing over sensitive data should possibly use HTTPS. Too bad you didn't give any compelling reason why ALL websites should be forced to use HTTPS."

I thought we pointed out that ANY unencrypted communications can be MITM'd and altered to whatever ends (like Verizon's customer tags or the Chinese Cannon). At least with an encrypted channel like SSL/TLS (which HTTPS uses) it's a lot harder to achieve this.

8
3
Charles 9
Silver badge

Re: Bye, bye, Mozilla

WHAT vice? It's not like "There ain't room enough in this computer for the two of us," is it?

0
2
Charles 9
Silver badge

Re: why, why, why... what is the point?

"Why the hell does any of that need to be secure?"

It's WAY TOO EASY for someone in the chain to perform a Man-In-The-Middle attack on you, and before you say the information you serve isn't important, that wouldn't matter if it's the CONNECTION they want to hijack (which they would for something like a malware injection).

Then think about ISPs like Verizon that (whether you want them to or not) inject unique session cookies into all your web traffic that ad agencies can use to identify you. You'd have to think the practice will eventually become universal, leaving the only alternative to bail out of the 'Net altogether.

Put it this way. Do you leave your doors unlocked? That's what the HTTPS Everywhere approach represents.

10
4

SHOCK! Robot cars do CRASH. Because other cars have human drivers

Charles 9
Silver badge

Re: caused by human error and inattention

"Driving is more than yaw computations. Sorry, was that a packet of crisps that can be safely run over or a rock that must be avoided by an aggressive manoeuvre. No time to get a response from Watson in this crappy 4G zone."

A packet of crisps would probably return a different infrared signature than a rock, Plus there's the matter of motion (a packets of crisps will react to the wind differently than a rock due to weight and aerodynamics). And if it's a rock IN a packet of crisps, that's pretty much sabotage at this point.

Put it this way. A LOT of thought has gone into the various scenarios that the average driver faces as well as how we as drivers identify and react to these. The bulk of that knowledge is probably in the prototype cars, already at hand no Internet necessary. Same for the maps.

0
0
Charles 9
Silver badge

Re: Evidence == "Invasion of Privacy!"

"Why haven't I seen any mention of this?"

Because the same thing happens when a photographer takes a picture of the street. Unless you specifically were the focus, the courts have previously ruled you are under no expectation of privacy on a public street.

2
0

Boffins set to reveal state of play on fully duplex comms - on the same FREQ

Charles 9
Silver badge

Re: This concept is not new.

Sidetone is most definitely not intentional and in fact has been a natural artifact of the telephone system from its inception...because of the single pair of communication lines involved. Two lines limits you to one conversation line due to the limits of electricity. Put it this way: without sidetone, you couldn't properly record a telephone conversation using an acoustic coupler.

There are two things which are intentional concerning sidetone. One is the attenuation of sidetone in traditional phones. This was because raw sidetone (at least since the introduction of the Edison carbon microphone) was too loud and made people speak too softly. The other is the introduction of sidetone in cell phones (which normally don't feature this because they can normally separate the two parties of the conversation) because otherwise people thought the signal was too soft and started to talk too loudly.

0
0
Charles 9
Silver badge

Re: orbital angular momentum proposals ...

I've read about the OAM business but had been sitting on the fence looking for more concrete proof. Seems this report will provide the basis for a counter-example to slam the door on OAM. All I'm saying at this point is, "Let's see the proof, sonny."

1
0

Gaze upon the desirable Son of Alpha: Samsung Galaxy A5

Charles 9
Silver badge

Re: USB port does not support hosting?

But if that were true, they'd have never implemented it in the first place, rather than implement it one time then drop it the next.

Anyway, a non-replaceable battery is a deal-breaker for me. I actually take care of my phones so they stand a passing fair chance of outlasting the battery, plus I've had incidences of batteries wearing out prematurely.

1
1

Windows 10 bombshell: Microsoft to KILL OFF Patch Tuesday

Charles 9
Silver badge

"Well, don't look at the majority of Linux distros if you decide to jump ship. With the advent of systemd, they'll all be rebooting at the drop of a hat."

Given that you can supposedly stop and restart init (which systemd is supposed to replace) without rebooting, how does systemd make things any different, unless you're saying systemd ties itself to the kernel, which I've yet to see. Why don't you PROVE that systemd forces more reboots.

0
0
Charles 9
Silver badge

Re: Just like Windows Phone

But now with Android the dominant phone platform, you'd think Google would have the muscle to push back and INSIST on them being able to update Android themselves, regardless of manufacturer, as a matter of security. Make it a condition of carrying the Play Store and all of Google's special Android sauce. What manufacturer (apart from those like Amazon who have their own infrastructure) would refuse to carry that and hamstring their phones? Why wasn't this forced with Lollipop?

6
3

Microsoft discontinues Media Center with Windows 10

Charles 9
Silver badge

Re: Anyone remember...

The WMC logo was primarily centered around PlaysForSure, the means by which a portable device can be given the capability to play otherwise-DRM-restricted WMV files. When .wmv fell by the wayside (mostly because Apple won that round of the portable player wars, meaning MP4 became the dominant format), so did PlaysForSure and the logo program.

0
0
Charles 9
Silver badge

Re: take up was also poor due to...

Things like CableCARD receivers are the reason for the .wtv format. It allowed for the CableCARD to encrypt the recordings, enforcing DRM. If you use a FTA antenna (meaning no DRM), then the recordings are not significantly encrypted and can be converted (say to .dvr-ms) or used with a video editor like avidemux with only moderate effort.

I personally like the layout of Windows Media Center, but after the cable companies encrypted all the FTA channels (on the basis that satellite companies do it to enforce locality restriction), it just wasn't really fun anymore. I now record with a USB-based Happauge box that can accept HD component inputs that allow me to record HDTV footage. It's a bit clunky to use, but I can't knock the results.

2
0

Lies, damn lies and election polls: Why GE2015 pundits fluffed the numbers so badly

Charles 9
Silver badge

Re: We don't vote for parties...

The trouble is, as BOTH sides of the water proved hundreds of years ago, is that people NATURALLY form cliques or blocs. George Washington himself expressed it AND was right about the whole thing (he was against parties, too). BUT the behaviour is basically human nature and practically inevitable because parties represent strength in numbers: gangs for lack of a better term. George ended up being labeled a Federalist against his wishes.

10
0

OECD nations gang up on internet retailers, tax dodgers

Charles 9
Silver badge

Re: This will not work

"The check should stop at the first half of step 3. Any company with global revenue above XBn should be taxed locally in all countries it operates unconditionally. "Case closed". A number between 1 and 5 Bn is about right for that. Any bitching and moaning about the "adverse effects" is baseless as the entry cost of taxation at standard rate in a country is the cost of employing one measly account clerk. As you are no longer avoiding tax, you do not need to contract KPMG for 50mil to do your tax bill in all but a handful of countries."

Ever heard of "Smurfing"? The company will just splinter off into multiple smaller ones, each apparently independent and keeping their revenues under the trigger value. Plus they can argue what constitutes "doing business" until the sun stops.

4
0

ACLU files new lawsuits in hunt for police 'Stingray' mobe-trackers

Charles 9
Silver badge

Re: Interesting concept...

"At least one LEO has been sanctioned for this and another came perilously close to being jailed for contempt late last year - in the latter case the entire body of evidence relating to the Stingray intercepts was withdrawn from the prosecution case with the judge's assent.

In other cases, the prosecution has withdrawn cases entirely rather than face being compelled to explain how the devices work."

Makes me wonder what happens when Stingray is used and they discover that they've cuffed a high-profile criminal like a serial killer. The high profile will mean they'll be under tremendous public pressure to get a conviction unless they're prepared for a riot (and recent riots have shown things aren't getting much better there with public relations).

0
0

Smart grid security WORSE than we thought

Charles 9
Silver badge

Except that's very inefficient and power-hungry. Look at Freenet. How can you achieve something like this in a world where power may not be readily available and efficiency is a critical metric?

1
0

Hordes spaff cash on Chip titchyputer to rival Pi (maybe)

Charles 9
Silver badge

Re: MK802

For the record, there are different models of MK802, and the earlier ones used the infamous Allwinner A10 (newer models use Rockchips, which appear to be more open). The model IV looks pretty potent with a quad-core CPU and Android 4.2 onboard (there's a variant model IIRC that can run Ubuntu or a variant thereof).

0
0

JavaScript CPU cache snooper tells crooks EVERYTHING you do online

Charles 9
Silver badge

Re: no software issue

Trouble is, there are "Average Joe" jobs that ALSO require high performance. Such as video encoding (home movies) or gaming.

0
0
Charles 9
Silver badge

Re: Solution

They can achieve the former with a drive-by attack, usually by means of an ad network (and more sites are incorporating ad-blocker-blockers so that you have to take the ad in order to view the exclusive, not- available-anywhere-else content).

0
0

Infusion pump is hackable … but rumours of death are exaggerated

Charles 9
Silver badge

Re: Network accessibility

"A well setup network will presumably use mac address checking and the like to prevent rouge devices connecting but I don't know how easy those are to be defeated."

And what's to stop a bad boy from pretending to be (or hiding itself in) a new device being sent in to replace an old one? Since it's coming in at the critical "first contact" phase, it's more likely to slip in unnoticed as it's thought to just be a new member of the team.

0
0
Charles 9
Silver badge

Re: So an exploit can be delivered over WiFi. What about a harmful agent?

Then consider humble little potassium. We NEED small doses of it regularly because it helps regulate the heart, but one quick injection of KCl and your heart (and you) is not waking up (that's why it's usually the coup de grace of lethal injection).

1
0

High-speed powerline: Home connectivity without the cables

Charles 9
Silver badge

Re: The time has come, the Walrus said ...

Depends on where you go. Places like the Philippines tend to have shoddy electrical work. Slapdash and impromptu repairs, not to mention lots of screwed-on replacement plugs and jury-rigs, are distressingly common.

0
0
Charles 9
Silver badge

Re: The time has come, the Walrus said ...

Not to mention the average plugs take the better part of a decade to start wearing down and they're designed to not be that difficult to replace if you need to. I replaced all the sockets in the house I moved into (some 25 sockets, including three bathroom ones that required GFCIs) in a day and a half (would've been a day but some rooms couldn't be done right away due to being in use).

0
0
Charles 9
Silver badge

Re: The Devil's Own

"I was in a rented flat for a few years with a landlord who would not allow me to put in any network cables or even put picture hooks up etc and with the amount of wifi networks in the area (counted 12 networks one day) i literally had zero signal in half the flat even with a buffalo airstation g54 high power."

No network cables at all, not even run along the floors and ceilings (which can be held in place with nondestructive hooks)?

2
0

iPhone case uses phone's OWN SIGNAL to charge it (forever, presumably)

Charles 9
Silver badge

Re: And for their next trick...

They have. Been considered for over a century. Thing is, the case charger has one key advantage: point-blank range (your idea falls flat because the charging capability falls off quadratically over distance--twice the distance, one-fourth the power).

0
0
Charles 9
Silver badge

Re: Remember Zeno?

"Q: If Achilles covers half the distance to his destination every day, when does he arrive?"

Question needs to be qualified. If "half the distance" is measured as of the start of his journey (which would make sense since most people travel relatively uniform distances), then the answer is obviously "two days". Your answer assumes "half the distance" is measured as of the start of each day.

0
0
Charles 9
Silver badge

Re: Wind turbine idea

Given how much of a pain hand crank chargers are when they're actually under load (read: charging), I don't know if wind has enough oomph to defeat the resistance.

0
0

Australia cracks tech giants' tax dodge code

Charles 9
Silver badge

Re: Seems simple

And if a cartel exists such that no objective third party is at hand? Suppose the actual cost to manufacture varies wildly between regions due to resource costs, transportation, and so on, and they can't be objectively determined due to sovereign secrecy?

0
0
Charles 9
Silver badge

Re: What the call "Overs" are extra costs added

True, but that requires the cooperation of other sovereign nations. And if the tax haven has sovereign power as well and doesn't want to play? Short of complete isolation (unlikely due to natural competing interests between nations), companies WILL find a way to funnel through the tax haven.

1
0
Charles 9
Silver badge

Re: Use the initial pricing

And if Apple lies and the building country swears by it and protects its secrets with sovereignty?

0
0
Charles 9
Silver badge

Re: The TAX Domino Theory

"Governments CAN BRICK GREY IMPORT PHONES if they chose so Electronically"

The gray phones can be made indistinguishable from white phones, meaning trying to brick them will risk collateral damage. Remember, besiegers always have an advantage over the besieged.

2
0
Charles 9
Silver badge

Re: The TAX Domino Theory

But if it's a company like Apple who produces products your citizens crave (nay, DEMAND), then you're in a bind. If you don't let them in, they'll probably start engaging in economic tourism to get it outside your borders (and your tax rolls).

So as the saying goes, what do you take: 10% of something or 100% of nothing?

1
2
Charles 9
Silver badge

Re: Alternative Minimum Tax

The corporations have found ways to skirt even that. Furthermore, taxing corporations has always been a problem because they're middlemen in the grand chain of things. Any hikes in taxes you make, they just necessarily pass on to their customers.

5
0

'Just follow the damn Constitution!' FBI, DoJ skewered over demands for crypto backdoors

Charles 9
Silver badge

"Despite what you may have been led to believe by the nearly unending presidential election cycle, there won't be any major US elections for another year and a half."

Doesn't matter. ANY politician sees 18 months as the beginning of the campaign season. They don't consider the next election "far enough" off until around 24 months or so. And that's why Representatives NEVER stop campaigning.

1
0

WHY can't Silicon Valley create breakable non-breakable encryption, cry US politicians

Charles 9
Silver badge

Re: Imagine a world without the Interthingy

One-time pads are impractical, even today, and especially in areas where computers are unavailable. There's just too much upkeep involved, and that upkeep raises the possibility of the pad being intercepted.

As for how they found bin Laden, I recall the method was sleuthing and a bit of luck (they got a lead on a trusted lieutenant and carefully tracked him).

0
0
Charles 9
Silver badge

Re: Remember when the DVD encryption key got leaked?

"Given the undeniable skills available to agencies like the NSA and in the private sector, it is quite likely that they could produce a system that would be secure far longer than the lifetime of any device that exists or is contemplated."

I don't think you can. This becomes similar to the Siege Problem. Basically, ANY system you come up with becomes a moving target much like a castle is. In a siege situation, time dictates that the besiegers will win out over the besieged because the besiegers are more flexible. And given that many of the NSA's adversaries are states themselves who would be even more motivated than the NSA to break through, and given that in most security, the intruder only has to be lucky ONCE...

0
0

Why OH WHY is economics so bleedin' awful, then?

Charles 9
Silver badge

Re: A good question

Probably because of psychology. No one likes a party pooped, and politicians face the risk of raining on their constituents' parade. How do you think they'll react? There's a reason representative government ducks when it comes to necessary evils outside of a crisis.

3
0

Your new car will dob you in to the cops if you crash, decrees EU

Charles 9
Silver badge

Re: A 'dormant' GPS and telephone device in every car

The government would fire back that you would than have no business driving on roads THEY operate. Their roads, their rules. Take it or leave it.

0
0
Charles 9
Silver badge

Just because of edge cases like yours doesn't mean the idea doesn't have merit in general: especially when time and especially lives are of the essence (otherwise people complain and ministers get voted out).

1
0

FLASH! Aaa-aaah. 3D NAND will save every one of us

Charles 9
Silver badge

Re: More storage, faster storage where the hell is Reliable longterm storage?!?!!

"20 years? I already have 20 year old data that has survived the test of time by being always online."

How can you be SURE your online storage solution will remain viable 20 years down the road? Not just against an accident at the storage site but also a situation where the storage firm may no longer be in business?

That's one thing about local storage. At least you KNOW where to look to find the stuff, and if something starts happening you can take steps because you know where it located.

As for degredation, you take that into consideration with a planned level of redundancy as well as a rigorous rotation and inspection cycle to make sure your data stays fresh and to make any corrections should corruption be detected.

0
0

US Congress promises death to patent trolls in bipartisan law scribbling

Charles 9
Silver badge

No, it would bring political pressure to prevent it ever happening. Recall that most politicians ARE lawyers. The LAST thing any high-paying private business will want is takeover by the state. You'll be hearing "SOCIALISM!" for years if you tried.

0
0

Forums