* Posts by Charles 9

5704 posts • joined 10 Jun 2009

The Onion Router is being cut up and making security pros cry

Charles 9
Silver badge

Re: Am I reading this wrong?

It's 180K in the USA alone, with an additional 150K in the Netherlands and so on.

So. putting them all together, you get 180,000 + 150,000 + 4 * (50,000) = 530,000 between all six countries listed.

1
0

How much of ONE YEAR's Californian energy use would WIPE OUT the DROUGHT?

Charles 9
Silver badge

I don't have any concrete numbers at present, but design considerations alone can present challenges. For example, what is the world's largest greenhouse in terms of floor area and in terms of overall volume (a solar still essentially needs a design similar to a greenhouse, especially on the ceiling)? Second, how well will a batch process with labor-intensive between-batch cleanup (a solar still needs to be periodically cleared of its deposited minerals, which don't just include salt) work against a more-or-less-continuous demand for clean water (not just among farmers, but also among a sprawling metropolis like Los Angeles which basically never sleeps)? Third, just how much sunlight will you need to evaporate X gallons of water? For a frame of reference, near Los Angeles is the world's largest solar-thermal energy plant in the world, the Ivanpah Solar Power Facility. It generates 392MW (e or t, no one says) over a span of some 1400+ ha. Sounds like a lot until you realize they say this'll power about 100,000 homes. Los Angeles County alone has over ten million homes according to the 2010 US Census. Oh, and BTW, what about the energy needed to move all this water and waste to and from the desert (and please note, most of California's desert is actually elevated several hundred feet—in comparison Death Valley and the Salton Sea are pretty small areas—which means you'll be pumping seawater uphill)?

0
0
Charles 9
Silver badge

They only work during the day when there's sun out, they'll probably interfere with local fauna, and the infrastructure needed to pump the seawater and brine is bound to be prohibitive. Not to mention there's still the issue of what do with the concentrate, which is basically toxic at this point and has to be disposed carefully to prevent ecological issues. And no, you can't dessicate it completely as there's more than salt in that brine.

And oh yeah, there's that BIG big problem...of SCALE. You think solar stills can provide millions of gallons a day to Los Angeles County?

0
0
Charles 9
Silver badge

Re: Big dam.

Except some lifeforms rely on the brackish water you get at estuaries (the borderline zone between the river and the ocean), making them some pretty important and pretty sensitive environmental areas. Anyway, you forget the Colorado River, which is already overtapped to the point it usually doesn't make it to the Gulf of California.

0
0
Charles 9
Silver badge

Re: Hogwash

But it won't return to the ocean in the same way. Some of it will come in fresh, lower local salinity while the rest of it (the waste from the desal plants) will come in too concentrated. And note that most marine life is very sensitive to local salinity.

0
0
Charles 9
Silver badge

I think solar stills suffer two issues versus other desalination methods: they don't scale well where volume is needed, and they're inconsistent which can be a problem when you need a steadier flow.

0
0

Snowden, NSA spying, hard drive malware ... what we need is a UN privacy watchdog!

Charles 9
Silver badge

Re: EFF has turned a corner

"What's really needed is a private non-profit with the technical expertise to do serious computer security research and open source distribution, that would include counter-surveillance technologies."

To pull something like this off, the non-profit would likely have to be a transnational on the level of, say, the Red Cross, to be able to stand up to pressure from state agents. Thing is, the states are the incumbents and would be likely to either nip something like this in the bud or infiltrate and subvert it.

0
1
Charles 9
Silver badge

"The only solution is the electorate to make their feelings known to the government in one voice, "If you support mass spying on individuals you will not be reelected."

The politicians will simply respond by removing ANY AND ALL candidates who would be against mass spying so that your only choices are him and someone else who's all for spying. So you're left with the choices of a spymonger, a worse spymonger, or (maybe) going unrepresented, which amounts to the same thing.

0
1

Spotify now officially even worse than the NSA

Charles 9
Silver badge

Re: Good reason to use an iPhone

Then Android M can't come soon enough, as M is supposed to finally introduce ubiquitous user-controllable permissions.

PS. What's to stop an app balking when it detects you've blocked access to something, along the lines of, "We need this permission to function properly. Please enable the function to continue using this app"?

0
0
Charles 9
Silver badge

Re: @AC

"The landlord (and tenant) can only do what the contract (and, in my case, English law) allows."

The key aspect is that it's usually the landlord that presents the contract, usually on "take it or leave it" terms.

1
0
Charles 9
Silver badge

In a world full of obedient sheep, what's a few rebellious goats to them? The only way you'll make them pay attention is to become a WOLF...and take the sheep away.

2
0
Charles 9
Silver badge

If not for car CD players and other people disconnected from the Net, I would've thought music labels would've abandoned physical media long ago and gone strictly to rental and subscription models so they can keep their music under control.

0
0
Charles 9
Silver badge

Re: New T&Cs

"It is time to oblige companies to respect the contractual obligations of Commercial Law. If payment is required for a service, then it is a contract. If it is a contract, then one side cannot change the conditions without consent from the other side."

Most contracts contain a "subject to change at any time" clause, sometimes including a "without notice" disclaimer. Since it's part of the contract, it's enforceable unless there is a specific law which forbids the practice (and last I checked, no such law exists). It's like with laws themselves. Laws can be changed to make things illegal and so on. It's just that (in some jurisdictions like the US), the law cannot be retroactive and must only apply to anything going forward.

1
3

Nvidia's GTX 900 cards lock out open-source Linux devs yet again

Charles 9
Silver badge

Re: Freedom...

I guess it boils down to the classic open-source fear of being Borged by a proprietary code that in turn shifts development away from the open code. So the demand is to keep the code as open as possible, and when it comes to key systems like video, the bar is set higher. The only problem is that the two remaining big GPU manufacturers, nVidia and AMD, possess enough oomph that they can push back and answer with "Take It Or Leave It. You need us, we don't need you."

That's also concern for what happens if a company liquidates and no longer exists to support a device that may still be in active use. And open code base at least keeps options open.

0
0

Hyundai ix35 Fuel Cell: El Reg on the hydrogen highway

Charles 9
Silver badge

Re: Internal generation

1. Put Water in Tank

2. ????

3. Profit

Where's step two? HOW do you turn the water into hydrogen suitable for a fuel cell?

1
0
Charles 9
Silver badge

Re: Fuel tank rated to 10,000psi

"The primary problem with pressurising H2 is metal embrittlement and there's a secondary issue that pressurised Hydrogen has a nasty tendency to simply waft through the walls of most containment vessels due to its tiny molecular size - I wouldn't be at all surprised to find that the tank would lose 10-25% of its capacity if left sitting for a week."

And just to demonstrate how difficult the containment situation is, recent advances in hard drives are attempting to hermetically seal hard drives so they can be filled with helium (monatomic noble gas He, weight 4) which is already known for being so tiny it can leak through practically anything (especially balloons). Hydrogen gas, despite being diatomic (H2), its molecular weight is even smaller (just 2), so the problem here is only exacerbated.

And while I can see that hydrogen isn't as likely to react chemically in the event of an accident, there's still that high-pressure tank to consider in a crash. Strong as it may be, it may take the wrong kind of it for it to fail catastrophically, and my imagination has a little trouble visualizing the full impact a 700bar tank about the size of a car boot suddenly bursting within.

1
0

Want security? Next-gen startups show how old practices don't cut it

Charles 9
Silver badge

Re: People "trained in IT security" are a lot of the problem

"They spend a lot of time doing things that are visible, but don't really help much, so they can be seen as doing "something". But they're afraid to step on toes to effect changes in policy that will truly make a difference, like banning the use of USB sticks that can not only be a vector for infection they can provide an easy conduit for IP theft on a massive scale as well as too often data loss to the outside through carelessness or negligence."

The reason they're afraid to step on toes is they're afraid one of those toes is someone above them who goes, "Who hired this clown?" IT security doesn't do much if the top brass don't see the point, and part of IT's job is making those same top brass see the point.

0
0
Charles 9
Silver badge

Re: Additional thoughts

Over a whole ecosystem, yes diversity is a plus. But within a clan (that is, within one group of a single species), diversity has to play second fiddle to compatibility (as in, the males and females need to be able to breed). Same in the office: diversity in software has to take second place to network communication; otherwise, things can't get done.

1
1
Charles 9
Silver badge

Unless the purpose of the attack wasn't to exfiltrate data but simply to stymie you during a critical period. Say, take down an e-store website during Black Friday or Boxing Day?

After all, DoS can be a Murphy Moment, too.

1
0
Charles 9
Silver badge

Re: Not fully convinced

But unlike a military, a business needs to be able to, well, do business. At some point, the return on security diminishes because you stifle the business flow. That's why there's a sliding scale of security versus ease of use. Improving one necessarily stifles the other the way a locked door delays you getting into your own house.

Plus one needs to realize that no security measure can be effective even in a practical sense since there's always the threat of the trusted insider turned traitor. I mean, insiders defeated the Great Wall of China.

3
0

Comcast sued for – you guessed it – allegedly SCREWING OVER CUSTOMERS

Charles 9
Silver badge

Re: Scams

"Who would work for such a company and why?"

Anyone starving. For many, it's far preferable to be working for Evil, Inc. and put food on the table than to be starving in the streets. There's a self-preservation instinct, you know?

"Going along with the status quo just because there is no alternative, is never going to solve the problems. Is it?"

Sometimes, one has to admit defeat and declare a problem intractable (or at the least, infeasible given the conditions). For example, hoping for a government that cannot be corrupted is considered infeasible given the human condition (the self-preservation instinct inevitably leads to corruption, which can occur in any form of government). So too may the status quo be an infeasible problem if the only alternative is to go without which in so doing leads to serious disadvantages.

So basically, while one can walk away, it's hard to walk away from the only watering hole within line of sight.

0
0

Intel's Compute Sticks stick it to Windows To Go, Chromecast

Charles 9
Silver badge

For the record, Intel has a spec sheet on the STCK1A32WFC, the higher-end of the ICS's. According to the spec, the CPU is an Atom Z3735F which is one of those with a built-in graphics unit. According to ARK, it's your basic Intel HD Graphics units with a clock range going from 311-646 MHz. According to Kodi, it's enough for H.264 up to 1080p but not H.265.

0
0
Charles 9
Silver badge

Re: Yours will be for movies over ethernet?

Because the Pi is ARM-based, which pretty much requires a blob since ARM implementations differ from setup to setup and there's no standardization concerning these setups: most of which are in fact protected as trade secrets. Furthermore, some of the stuff in the Pi's CPU is actually protected by patents which requires licensing.

5
0
Charles 9
Silver badge

Re: Yours will be for movies over ethernet?

The Pi tends to be underpowered in media playback last I checked, especially at 1080p and/or H.265, and firsthand experience tells me it tends to hang when trying it for extended periods. The article notes the ICS handles 1080p smoothly (albeit probably using H.264).

1
1
Charles 9
Silver badge

Re: pricing?

It's in the article: $110 for the cheaper 1GB model with Ubuntu, $149 for the more expensive 2GB model with 8.1 Bing. Since it supports USB booting, you're free to change the installed OS within reason. Still, for a media playback device, it sounds tempting...but did anyone try this stick out with the new H.265 standard?

0
0

Mozilla testing very private browsing mode

Charles 9
Silver badge

Re: But does it block the java script too?

"If you were interested in something, and found a site, it was always linked to other sites by these to other, similar sites."

But then you had to FIND the one site in the first place, creating a Chicken-and-Egg problem.

0
0
Charles 9
Silver badge

Re: So...

Aren't you afraid you'll block the important security updates that are likely using the same channels?

0
0

Rise up against Oracle class stupidity and join the infosec strike

Charles 9
Silver badge

Re: Ada - the only infrastructure that's reliable & secure by design

"If boards understood the massive risk they face from IT, they'd insist on Ada now, and throw out all the closed-source rubbish."

Thing is, most boards have to answer to the investors, and many investors these days are quite short-sighted.

0
0
Charles 9
Silver badge

Re: Your solidarity is not so solid

"When I read the Reg, I don't need or want the extra overhead of TLS. For that matter, when I post comments, I don't need or want it. I don't care if someone goes through the (not trivial) effort of impersonating me here."

You'll start caring when someone finagles the identity you get here to steal a more significant of your identities elsewhere. Plus there's the prospect of having malware injected through your in-the-clear transmission by someone along the TCP/IP chain.

0
0
Charles 9
Silver badge

Re: I wonder how many people who commented on this article....

He's saying Google and Android are part of the problem. IOW, people using Android mobes to comment on invasions of privacy are basically hypocrites.

1
0

Boffins dump the fluids to build solid state lithium battery

Charles 9
Silver badge

Re: Another week...

"This is a tech NEWS website. If you want to know what is available to buy now, check a retail website like Amazon."

It's just that a lot of these "new technology" announcements turn out to be vapourware, and we get all hyped up over nothing. Much better by far that we hear news of technologies going into actual trials of a decent scale or, even better, preparing for a mass-market rollout, meaning we actually have something to look forward to.

1
0

Boffins nail 2FA with 'ambient sound' login for the lazy

Charles 9
Silver badge

The thing about those tokens is that they're not suitable for the average person, which is the level of paranoia we're reaching, where EVERYTHING needs a second factor but not everyone has that second factor on hand.

Plus, as noted with the RSA incident, CPRNG algos can be stolen.

0
0
Charles 9
Silver badge

"At my employer for example possession of a mobile phone on an operations floor is an instant sacking offence - they are that concerned about any recording devices, whether audio or visual."

Just for the record, why the paranoia? Top Secret workings, concerns of industrial espionage, or confidentiality issues?

0
0
Charles 9
Silver badge

Re: what people say and what people do

"In general, general users are underwhelmed by security measures, nobody cares"

So how do you MAKE them care without risking their lives in the process (about the only thing that FORCES people to care)?

0
0
Charles 9
Silver badge

"Some form is biometric device is far preferable."

But what happens when someone copies your biometrics and steals your identity?

1
0
Charles 9
Silver badge

Re: @Charles 9 - This from a security team!!?

"I lean towards the 'sack them for undermining security' solution, rather than weakening overall security to make their lives easier."

Which quickly gets reversed when you learn the one demanding the relaxation is ABOVE rather than BELOW you.

2
0
Charles 9
Silver badge

If your reception is so bad even an SMS is hit or miss, you basically don't have a practical second factor to work with, which means you're SOL.

So that leaves a big unanswered question. How do you do 2FA when lots of people don't even have a second factor to work with?

1
0
Charles 9
Silver badge

Re: This from a security team!!?

But you also have to consider the secure-vs-easy scale. If you try to make the second factor too onerous, people will say, "Sod this!" and look for shortcuts; failing that, they'll abandon the whole works. How do you do secure in such an environment?

0
0

Perhaps middle-aged blokes SHOULDN'T try 34-hour-long road trips

Charles 9
Silver badge

"We are all crazy drivers which is why jonny cabs will become the only option."

Until you find out that two Johnny Cabs programmed to two different programs by two different companies don't necessarily get along, especially when their directives (like in your example above) directly conflict.

0
0

Intel left a fascinating security flaw in its chips for 16 years – here's how to exploit it

Charles 9
Silver badge

Re: data treated as code

"So did 8086. Code segment, data segment, stack segment, et al. In practice these pointers were often set at the same address, which kind of defeats the point."

In Real Mode, once memory cleared 16 bits, the code and data segments could and frequently did occupy different 64K segments of memory. About the only time the CS and DS were the same was in Tiny (.COM rather than .EXE) compiles meant to fit completely into a single 64K segment.

Protected Mode meant 32-bit programming which meant access of up to 4GB of memory in an age where even 8 and eventually 256MB was considered high. This meant a flat memory model and that deprecated segments.

1
0

You've been Drudged! Malware-squirting ads appear on websites with 100+ million visitors

Charles 9
Silver badge

Re: Isn't it about time...

Many malware are now VM-aware and are likely AV-aware (or worse, AV-sabotaging) to avoid honeypots, so they won't react to such a scan. And the give and take has an unintended consequence as well. Soon, malware researchers will eventually have to develop honeypots that mimic humans to the point they can pass a Turing Test. Once that happens, the malware writers will usurp the research and create malware attacks indistinguishable at the endpoints from humans...

0
0
Charles 9
Silver badge

Then you're not working from the inside of an enterprise. Many enterprise units contain control sites that require Flash or other compromising features just to operate. And since these frontends are attached to highly-expensive, usually-still-being-amortized hardware, you're never gonna get the bean counters to put up for replacements.

2
0
Charles 9
Silver badge
FAIL

Not without losing access to sites that require Flash to operate, and some of them are either hosts to exclusive content or are business control sites that can't be ignored or replaced.

8
0

Imation ejects its removable disk biz, hands it to Sphere 3D

Charles 9
Silver badge

Re: I'm puzzled..

RDX drives are rated better for cold (long-term) storage. Most hard drives on the market are only warrantied for 3, 5 years, maybe 7 on the outside. RDX drives are supposed to maintain their data cold for up to 30 years. They're also shock-resistant by design, as the spec requires them to maintain integrity even after a 1m drop, something that could occur if Murphy strikes during a changeout.

0
0

Samsung phablet phrenzy brings mobile payments into the age of WIRELESS TAPE

Charles 9
Silver badge

And given (1) no one's apparently tried to overload a cassette head's magnet to produce a similar item in the past and (2) the device is performing something nontrivial given no one else has tried to do it and (3) this also involves the carefully-timed emulation of a magstripe swipe which involves digital-analog conversion that does not exist in the all-analog cassette adapter, this makes it a nontrivial derivative of an existing invention, which DOES qualify for a patent.

0
0
Charles 9
Silver badge

Re: I wonder what the commentariat of this site are going to do

Just search "exploding iPhones" (all of which are sealed) and you'll get a laundry list. I recently swapped out the battery of my S4 after over two years because it was starting to bulge dangerously, so I can speak of the dangers firsthand.

5
0

Sane people, I BEG you: Stop the software defined moronocalypse

Charles 9
Silver badge

Re: A better analogy

" A better system would be to garnish 50% - 75% of the killer's wages for 10 years or whatever and give it all to the victims. That creates a far higher incentive to not drive drunk,"

Or it creates a far higher incentive not to have a decent job and instead just turn to crime and the black market where everything goes under the table. The fines won't mean much if it's 75% of $0.

0
0

Sick of politicians robo-calling you? Bin your landline, says the FCC

Charles 9
Silver badge

Re: What about VOIP?

And what happens when the telemarketers use techniques to get around the blockers such as by using disguised numbers?

0
0
Charles 9
Silver badge

Re: I'm thankful I don't live in the US

You ever thought the callers are actually kinky enough to get off on their own drivel?

0
0

Patching a fragmented, Stagefrightened Android isn't easy

Charles 9
Silver badge

Re: What a shoddily designed OS.

"Meanwhile, Windows runs on millions if not billions of disparate configurations, and users can pretty much upgrade the day the new OS is released."

Those millions of PCs happen to run on standardized hardware pushed due to need to have a common clone design back in the 80's which grew from there. The phone market matured differently, with multiple highly-competitive firms delivering proprietary, often Trade-Secret- and Patent-protected all-in-one designs that ticked the major box of power efficiency. Such an ecosystem prevents a one-size-fits-all design and because Trade Secrets and Patents are involved (many of them being linchpins), not even Google could force the manufacturers to toe the line.

0
0

Forums